No Patch For NT To Plug New Hole
MS just this Wednesday warned everyone about an important new
hole involving the Remote Procedure Call (RPC) protocol in NT,
W2K and XP. The hole can allow a denial-of-service attack, and
is Hole #10 this year.
And here comes the 'interesting' bit. They made a patch available
for W2K and XP, but not for NT. They claimed "architectural issues"
and instead, provided a workaround. Hmmmm. This causes one to
pause for a moment and ask oneself, is this the so called "shot
before the bow"? (a warning originating from naval warfare that
worse is going to come if you do not change course or comply).
Could MS be reminding us in a not-so-gentle way we need to upgrade
to W2K, or W2K3 that has just gone gold and was sent to mass
I have included a link to the bulletin below. They said servers
on an intranet were the most likely to be vulnerable to the attack.
Redmond further said that responsible network security practices
should prevent the vulnerability from being open on Internet
servers. "Best practices recommend blocking all TCP/IP ports that
are not actually being used," they said. "For this reason, most
machines attached to the Internet should have port 135 blocked.
RPC over TCP is not intended to be used in hostile environments
such as the Internet." Here is the link:
Lawyers Predict More Lawsuits For Security Breaches
Security Wire Digest is an e-mail newsletter by Information Security
magazine. They came out with an article that I thought you should
share with your managers in the IT department. I'm quoting a short
"Legal experts say a spattering of downstream liability lawsuits are
setting the stage for a wave of cyberattack victims trying to recoup
their losses through litigation.
Few victims have brought legal action against companies that
facilitate --wittingly or not-- worm outbreaks, distributed denial-of-service (DDoS) attacks or security breaches. However, attorney
Marc Zwillinger says such cases are harbingers for a new class of
lawsuits that will seek court remedies for IT security problems.
As regulations, such as the financial industry's Gramm-Leach-Bliley
Act (GLBA) and health care's Health Insurance Portability and
Accountability Act (HIPAA) go into effect, the requirement to have
adequate security could open some currently unregulated industries
"Once those duties come into effect, there will be lawsuits," says
Zwillinger, an attorney with Sonnenschein, Nath and Rosenthal in
Observers say lawsuits will escalate in scope as victims seek
compensation from enterprises used as middlemen in attacks, ISPs
that don't ensure their users' security and software vendors that
market insecure applications.
Finding a liable party may not make a difference, Zwillinger says.
If a victim can identify a few dozen potential contributors to its
security breach, it could file lawsuits against all and exact
settlements based on the negative publicity.
"We'll likely see an increase in court mediation given the expanding
pools of victims and the unwillingness of government to pass laws
or regulations," says Richard Harris, a VP and research director at
Link to the best selling tool to patch your networks and prevent this:
Dell Fires First Printer War Salvo
They said they would do it, and then they did it. The attack on HP
has started. Dell announced the first four models in its long-expected entry into the printer market. They will compete with low
prices, and improved performance. Dell also promoted their Ink and
Toner Management System. It displays ink or toner levels on the
status windows of every print job and prompts users to order
The first four machines include two personal printers and two
workgroup printers. The Dell Personal All-in-One Printer A940, with
a scanner, copier, fax software and color printing will cost $139.
The Dell Personal Laser Printer P1500 costs $289. The Dell Workgroup
Laser Printers are higher volume printers. A non-networked version,
the S2500, costs $499. A networked version, the S2500n, costs $839.
"We plan to improve the customer experience of purchasing printers
and replacement ink or toner by delivering the same value, attention
to service and industry-leading products as Dell has over the past
18 years," Tim Peters, vice president and general manager, Dell
Imaging and Printing, said in a statement.
And if you are looking to handle the last major area of uncontrolled
network expense, check out Print Manager Plus: