Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 24, 2003 (Vol. 8, #8 - Issue #414)
MCSE 2003 Shakeup!
This issue of W2Knews contains:
- EDITORS CORNER
- SA Vocabulary (Continued)
- MCSE 2003 Shakeup!
- TECH BRIEFING
- Mega Credit Card Hack: Which Platform Was Broken?
- MCSE 2003 Shakeup!
- Fill Out Survey: Get Free Performance Booster Software
- NT/2000 RELATED NEWS
- Redmond Rolls Out 'Reliability' Programs
- MS Buys Connectix's Virtual PC, Virtual Server Products
- Security Standards Released For HIPAA
- Patching Negligence Can Get You Sued
- [humor] How To Become A MS Licensing Specialist: Free
- NT/2000 THIRD PARTY NEWS
- Survey Data: Disaster Recovery Finds Prominence
- ScriptLogic v4.12 Is Available
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Squeeze The Max Out Of Your WinXP Workstation
Centrally configure desktops by location, department, group,
individual, desktop / portable, OS or connection.
Begin saving time today! Evaluate a fully functional 45 day trial
Logon, logoff and shutdown scripting
Install/update software packages
Create Outlook mail profiles
Deploy Service Packs
Enforce security policies
Make Registry Changes
? And Much More
version of ScriptLogic and get a FREE "Born to Network" T-shirt.
Free Born to Network T-shirt offer is available to US residents only.
Visit ScriptLogic for more information.
SA Vocabulary (Continued)
There seems to be an endless, various and entertaining amount of
words that all seem to indicate the same thing: Clueless Users.
Here are some more that subscribers sent in: [grin]
And then an few other terms that are interesting as well:
- In French, we are often saying about a user mistake "C'est un
code 18!" [it a code 18], like the problem was 18 inches in
front of the screen!
- Here is one that we used for a long time. 'L' Users (sounds
- BIU error. Biological Interface Unit, more commonly known as
- "Fleshware, or Wetware Problems", human behind the keyboard.
- "It's a PUE" - probable user error.
- I/O error - idiot operator
So, here is the NEW SUNPOLL: Let us know: What is your primary
reason for reading W2Knews weekly?
- Prolot (sometimes 'prodlot') - a pilot system that ends up as
a production system
- Beduction - Beta software ending up running a production system
- Chernobylware: Software that "nukes" the Operating System once
Vote here, leftmost column:
- It gets me the really important data first
- It tells me what Microsoft doesn't
- The technical content helps me keep my systems up & running
- It saves me a lot of time scouring the Net for the data I need
- I like the editorials and the fave links
MCSE 2003 Shakeup!
Major waves in the MCSE world. The new 2003 requirements are
very interesting. See the TECH BRIEFING with a brand new Guest
Column by MCSE Guru Ed Tittel for this latest news.
(email me with feedback: [email protected])
Want To Prevent The Next SQL Slammer Worm Hitting You?
A U.K. security firm estimates the economic damage already over
$1 billion. UpdateEXPERT is a powerful service pack and hotfix
manager. You've got to do this to keep your networks secure.
Use UpdateEXPERT as your research, inventory, deployment and
validation tool that enables you to fix security vulnerabilities
and stability problems on your machines. And they TEST the patches
for you too.
Visit UpdateEXPERT for more information.
Mega Credit Card Hack: Which Platform Was Broken?
Told Ya So. See prediction #7 in the Crystal Ball issue this Jan:
No fun though. Hacker(s) have gained access to the accounts of more
than 5 million credit card customers. The theft occurred when the
system of a clearing house (company that processes credit card
transactions for merchants) was broken into. The servers of Visa
and MasterCard themselves were not compromised. Total credit cards
in the US is about 570 Million so this is a small percentage but
Everyone involved has been famously close-mouthed about which banks
were affected by the theft, which systems were broken into, what OS
had been on these machines and who did not patch them. Neither Visa
nor MasterCard was willing to identify the clearinghouse, and they
also did not reveal yet how the theft occurred, citing security
concerns. The FBI's cybercrime division is also investigating the
theft. This is not something regional, it was throughout the nation
and could be any bank. (Both Visa and MasterCard offer zero liability
policies, which absolve cardholders of responsibility for unauthorized
I will keep you up to date on the brand of servers and OS that were
compromised. In the mean time, keep your own systems patched, with:
MCSE 2003 Shakeup!
This is a guest column by Ed Tittel. He is the Series Editor for Que
Certification's best-selling Exam Cram 2 and Training Guide series
of exam preparation tools. Look for titles on these forthcoming MCP
exams in bookstores this fall.
"Once upon a time, Microsoft used a pretty simple formula to map
Windows Server 2000 MCSA/MCSE exams to Windows Server 2003: "add 60."
This explains how 70-210 Windows 2000 Professional maps to 70-270
Windows XP Professional, and how 70-215, 70-216, and 70-217 were all
supposed to map to 70-275, 70-276, 70-277, and so forth. Allow me to
call these exams 70-27x, speaking generically.
As of the week of February 10, all this changed. Some time on Feb.
11 or 12, nearly all mention of as-yet-unreleased 70-27x exams
vanished from Microsoft's Web site. I found this extremely mysterious
and intriguing, and was therefore not terribly surprised when MS
announced a new replacement slate of exams for the MCSA and MCSE
on Windows Server 2003 on Monday, February 17. Here's what's new
as of that date:
Objectives for all of the aforementioned exams except 70-298 are
now available. Easy access through the "Upcoming exams" list:
- Exam 70-290: Managing and Maintaining a Microsoft Windows Server
- Exam 70-291: Implementing, Managing, and Maintaining a Microsoft
Windows Server 2003 Network Infrastructure
- Exam 70-292: Managing and Maintaining a Microsoft Windows Server
2003 Environment for an MCSA Certified on Windows 2000
- Exam 70-293: Planning and Maintaining a Microsoft Windows Server
2003 Network Infrastructure Exam
- 70-294: Planning, Implementing, and Maintaining a Microsoft Windows
Server 2003 Active Directory Infrastructure
- Exam 70-296: Planning, Implementing, and Maintaining a Microsoft
Windows Server 2003 Environment for an MCSE Certified on Windows 2000
- Exam 70-297: Designing a Microsoft Windows Server 2003 Active
Directory and Network Infrastructure
- Exam 70-298: Designing Security for a Microsoft Windows Server
Here's how these exams map into MCSA and MCSE, present and future:
I'm still pondering what all this means, and have come to only
two conclusions so far: first, that upgrading from Windows 2000
to Windows 2003 for MCSAs and MCSEs has become more rational and
reasonable than ever before; and second, that the other new exams
represent a nice job of reworking the preceding group. Of course
we know nothing about the question types, length, and difficulty
ratings for these exams yet. After MCSA exams go beta in June, and
MCSE exams in July/August we'll know more, and I'll report further.
- To upgrade an MCSA on Windows 2000 to Windows Server 2003,
take the 70-292 exam. For MCSEs in the same boat, add exam 70-296.
- New MCSAs who wish to pursue Windows Server 2003 certification
must take 70-290, 70-291, and either 70-270 or 70-210. Valid MCP
electives are now quite a bit more limited, including only 70-086
(SMS 2.0), 70-227 (ISA Server), and 70-228 (SQL Server).
The A+/Network+ or A+/Server+ third-party combinations may still
be used to meet the elective requirements. For details see:
- New MCSEs seeking Windows 2003 certification must take 70-290,
70-291, 70-293, and 70-294 for the core networking exams, either
70-210 or 70-270 for the client O/S core exam, either 70-297 or
70-298 for the core design exam, and one of seven possible electives
for a total of 7 exams. See for details:
Fill Out Survey: Get Free Performance Booster Software
Readers of W2Knews are technology experts, and in many cases
you are early adopters and trend setters as well. In other words,
your viewpoints on technology are extremely interesting and
valuable. Survey.com and SG Cowen have a survey we'd like you
to fill out. Everyone that fills out the survey gets a free
permanent copy of the new AutoPilot for Windows XP. See Product
Of The Week Section below for more info. If you already filled
out the survey last week, you'll get the email with the download
and key information sent automatically.
I just did this myself, It took me less than 10 minutes to complete.
You will be entered into a drawing to win a cash prize of $500,
and EVERYONE will get the no-charge new AutoPilot. But we only
need 500 more people so you have to be f a s t. Also, you will
receive a complimentary summary of the results! That will help
you become an even greater opinion leader in your own organization.
Spend this little bit of time and you'll see that getting that
data in your hot little hands is going to be worth it! (Sorry,
this is USA only.) So, do me a favor and fill out this survey?
Thanks in advance! Stu Sjouwerman
NT/2000 RELATED NEWS
Redmond Rolls Out 'Reliability' Programs
MS announced a bunch of programs and services last week. They
are all aimed at fortifying the reliability of W2K3, to arrive
The programs are meant to complement the reliability enhancements
in W2K3. A few of the key software improvements are application
process isolation, application recycling and memory mirroring for
fast failover of fault-tolerant servers.
Application process isolation assures that one application crash
does not interrupt Web service uptime. Application recycling for
IIS 6.0 prevents application and systems failure because of memory
leaks in poorly written code.
Memory mirroring, which writes memory to two different areas, can
reduce blackout sessions to less than 1 second. MS says that because
of these enhancements, Windows Server 2003 had a 40% reduction in
unplanned system downtime in internal tests.
MS Buys Connectix's Virtual PC, Virtual Server Products
The Virtual Server could be used to help move NT Server 4.0 to
a supportable environment (read server consolidation). The
acquisition is certain to make server virtualization a more
mainstream technology. The current market leader VMWare needs
to now start watching out though.
This type of code allows you to run several instances of one OS
or OS-en on the same computer, so they share processor and memory
resources but each OS thinks it owns the machine. You can choose
to run the technology in two modes:
The Virtual Server will also help MS to compete with data-center
veteran competitors like Sun and IBM, which have virtualization
software on their platforms.
- require a host operating system, or
- run directly on the hardware below all operating systems
The Virtual Server stuff will turn a four-way Intel server into
16 virtual machines - and even perhaps 24 with a light load.
An eight-way can be made into 64 V-machines. Naturally every VM
needs a licensed operating system unless you are running... guess
what: Linux. Interesting!
Security Standards Released For HIPAA
The U.S. Department of Health and Human Services (HHS) announced
the final security standards for protecting electronic health related
data under the Health Insurance Portability and Accountability
Act (HIPAA) of 1996. It has been four years in the making!
These new security standards go into effect April 21, but most
organizations that are covered under this new law will have up to
two full years (sometimes 3 if you are small) to comply with the
standards. They are expected to be costly to implement and could
lead to numerous lawsuits against doctors, hospitals and insurers
if they are violated. It's another argument for layered security.
The news release stated: "These standards work in concert with
privacy regulations approved last year. Health insurers, certain
health care providers and health care clearinghouses must establish
procedures and mechanisms to ensure the confidentiality, integrity
and availability of health information in electronic forms".
The release of this "final rule" got mixed reactions from health-
care IT experts. A few said that the lack of specific requirements
will create confusion. But others said the government's hands-off
approach was jut what the doctor ordered. Here is the actual stuff (PDF):
Patching Negligence Can Get You Sued
Source: SearchSecurity.com. I thought this was definitely worth
mentioning to you.
Downstream liability sounds like a cable TV fishing show gone
awry. But it's something enterprises need to quickly become aware
of, especially in light of recent security incidents like the
outbreak of the SQL Slammer worm and the attack on the Internet's
root DNS servers.
Essentially, downstream liability is all about the liability an
enterprise could incur if its unsecured systems are used as part
of a distributed denial-of-service attack.
The topic came up during this week's CyberCrime Conference &
Exhibition, where former Department of Justice cybercrime prosecutor
Marc J. Zwillinger of Sonnenschein, Nath & Rosenthal declared that,
indeed, enterprises can be liable for damages incurred during a
Zwillinger theorizes that breach of contract is no longer the only
basis for liability; now enterprises will be held accountable if
they are negligent in patching systems, for example. This is the
commission of a tort, Zwillinger said. Negligence is the crux of
downstream liability, according to a paper written by Scott C.
Zimmerman, CISSP, a research associate with the Software Engineering
Institute at Carnegie Mellon University; Ron Plesco, director of
policy for the Pennsylvania state police; and Tim Rosenberg,
president and CEO of White Wolf Security.
Negligence, meanwhile, consists of four parts, according to the law:
duty, breach, causation and harm. Zwillinger and Zimmerman said that
all four are closely linked and, in order to gain damages, a victim
must demonstrate all four.
Duty, for example, is the reasonable expectation that an enterprise
with IT assets linked to the Internet keep its systems secure. "Does
an owner of IT assets on the Internet have a duty to keep his systems
secure and not to be used to hurt another? We believe the answer to
this question is a resounding yes," wrote Zimmerman, et al.
A breach of duty is the failure to live up to that obligation. For
example, leaving unpatched systems exposed to the Internet and ripe
for exploitation would constitute a breach of duty. Next, a victim
must prove this breach caused the damages. Finally, the victim must
demonstrate he suffered harm, like loss of assets, loss of business
opportunities, or damage to reputation, Zwillinger said.
"It's time to recognize that this is a reality," Zwillinger said.
"Enterprises need to determine best practices, adhere to regulation
[HIPAA, Gramm-Leach-Bliley], hire consultants, adopt an incident
response plan and stay current on information security and evolve
with it." The rest of the article is here:
Products to prevent getting hacked:
[humor] How To Become A MS Licensing Specialist: Free
Well here is a way to study and take an exam about MS licensing.
It's mainly meant for sales reps and resellers but it's kinda
interesting for us end-users that need to juggle the budgets.
Having passed this exam you might be able to claim any level of
understanding about MS Licensing. But if you have no time for the
whole thing, having a bash at these online exams should be an
extreme source of amusement. [grin]
The person who sent me this commented darkly: "If any of the MS
Licensing Droids I've spoken to in the past are representative
of the exam, then I might have a bit of insider info - the answer
to all questions is C - Don't Know! I wonder who'll be teaching
this course given no-one inside Microsoft is qualified" Check out:
THIRD PARTY NEWS
Survey Data: Disaster Recovery Finds Prominence
InfoWorld has a great story that I thought you'd like to have
as ammo to get budget for HA solutions. Check out the rest of
the story on their website. Here goes!
"If there's one trend highlighted in the 2003 InfoWorld Storage
Survey that everyone should take to heart, it is this: Business
continuity -- taking adequate measures to recover storage equipment
from a disaster -- has become part of a CTO's daily life. Business
continuity is no longer a mere afterthought or a weak placebo to
pacify questioning auditors.
Even though not all survey respondents are flying the disaster
recovery flag, an overwhelming majority -- an amazing 9 out of
10 -- has already cemented a disaster recovery plan for storage
equipment or will have one in place within the year. These IT
leaders are reacting to the ever-present threat of political
terrorism, which joins the ranks of an already exceedingly long
list of dangers including natural disasters, utility grid failures,
catastrophic accidents, and human errors.
As the centerpiece of any business continuity plan, protecting
storage equipment and company data from disruption, requires a
thoughtful blending of storage administration, risk assessment,
and data protection activities. And survey respondents are tuned
into that nugget of wisdom -- 60 percent of the IT leaders we polled
are involved in both defining disaster recovery procedures and
purchasing storage solutions.
As everyone knows, the most effective way to preserve critical
data is to create copies, either online or on backup media, in
case the original becomes corrupted or unavailable; this implies
a need to stock up on additional storage devices to host those
replicas. As a result, developing proper backup and disaster
recovery strategies is the driving factor for new storage
acquisitions among survey respondents, with backup projects
ranking first at 69 percent of respondents and disaster recovery
third at 57 percent. -By Mario Apicella, InfoWorld senior analyst
For the full story:
The market leader in real-time HA-and-DR-in-one: Double-Take:
ScriptLogic v4.12 Is Available
ScriptLogic version 4.12 is available and we'd appreciate it if
you would update your latest version. The following list is an
excerpt from the version history that accompanies ScriptLogic
version 4.12. It outlines the major differences between v4.01
and ScriptLogic v4.12:
The new version is available at:
- Multiple performance enhancements, including smaller executable
- Service Manager and Replication Manager are now integrated
into a single utility: the ScriptLogic Server Manager.
- Implemented a new Distributed Logging Service, including an
API function for writing to log files using the new DLS.
- Single service consolidation: The functionality from the
ScriptLogic RunAdmin, ScriptLogic RPC, and KiXtart RPC services
found in previous versions of ScriptLogic and the new DLS have
now been combined into a single "ScriptLogic Service."
- The new ScriptLogic Service will now auto-synchronize the
client-side credentials if the account and/or the password
used by the client service is changed.
- Inactive list elements within the Manager are now represented
by an alternate text color.
- Added a new option to the Profile Manager that, if enabled,
will prevent any subsequent profiles from being processed.
- Added support for a more popular graphic file formats to the
customer logo display system. ScriptLogic can now display bmp,
rle, gif (animated/non-animated) and jpg formats.
- Enhanced troubleshooting & debugging with color-coded html
trace log file (now named SLtrace.htm instead of SLtrace.log),
and the trace files can now be consolidated to a central server
for easy viewing and journaling.
- Enhanced TCP/IP Validation Logic to support true subnet
comparisons, using both dotted decimal and single integer
- Ability to enable trace file and/or debug execution must now be
configured using the Manager. You may now type the names (including
wildcards) of a user -or- computer to perform the trace/debug
operation on. The old method of creating a file on each client
called "sldebug" is no longer supported.
- Added a Report Generator that produces reports of the configs
created within ScriptLogic Manager.
- Included KiXtart 4.12 engine: top new features include: floating
point math and multi-dimensional arrays.
- Increased the number of characters that can be placed into the
text area of a ScriptLogic alert using the ScriptLogic Manager.
- Choosing to overwrite a mail profile will no longer create
backup mail profile copies with Outlook XP.
- Fixed various issue related to assigning Logon Script screens,
Log View column headers and fields, slExec() API, Outlook settings,
ScriptLogic service that could produce a "Not enough quota space
is available", logoff / shut down agent, loader, and LPT ports
This Week's Links We Like. Tips, Hints And Fun Stuff
The spread of the SQL worm statistics and graphs. Very Interesting!!
The Opera Baby: Silly, dumb, cute, and for some people just annoying:
The FBI wakes up and tells you to update your anti-virus. DUH!
The "Annoyances" site seems to be a good "by-users-for-users" problem-
How far have we come in CPU speeds: Check this out:
Buy your own 60-foot wide satellite tracking dish complete with
1000-square-foot underground control room:
White House Cyber Security Plan has come out. It's got holes. See
PRODUCT OF THE WEEK
Squeeze The Max Out Of Your WinXP Workstation
Finding your XP System Admin Workstation is getting slow? Things
like video getting jerky and music skipping? Applications getting
"sticky"? Try this brand new solution with a real supercomputer
pedigree. AUTOPILOT XP is a real-time tuning solution that squeezes
the max out of your hardware, and now supports Windows XP. And the
price for the XP flavor is just unbelievable: Only $29.95. Get your
copy from the Sunbelt OnLineShop with a 30-day money back guarantee.
Read the user success story on the product page to begin with: