- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 28, 2003 (Vol. 8, #30 - Issue #436)
MS Cries Wolf
  This issue of W2Knews™ contains:
    • MS Cries Wolf
    • Two "InstaPolls"
    • Windows Security Admin Tip: Easy Firewall Testing
    • Some Light Nutritional Humor
    • MS Baseline Security Analyzer V1.1.1
    • So, How Does MS Make Their Code Secure?
    • Survey: Executives Disagree On Disaster Recovery
    • SCO Uses Unix Copyrights, Taxes Linux Users
    • Going On Vacation? Come Back To Spam-less Inbox
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Extremely Low-Cost Packet Sniffer: LanHound
  SPONSOR: Double-Take
New surveys show: Disaster Recovery and Security are #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. DOUBLE-TAKE is that tool.
Sold more than all other High-Availability tools combined. It is
even certified for W2K Datacenter. No other HA tool is. How it
works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security:
Visit Double-Take for more information.

MS Cries Wolf

Looks like they REALLY want you to fix this particular bug. See the email one of our readers received this week from their MS technical liaison: "Folks, we're setting the highest alert level possible for the vulnerability and fix MS03-026. PLEASE PLEASE PLEASE ask your operations folks and end user community to deploy and install this patch ASAP!!!! We really really really mean it!!! Additional detail in Knowledge Base Article 823980 is available at:

The vulnerability impacts the way in which RPC is implemented in the Windows Operating System. The exploit enables remote attackers to send a specially crafted RPC request to TCP port 135 on machines that are vulnerable. eEye is offering a tool (at no charge) for the Internet community which scans network machines and detects if any are vulnerable to the RPC DCOM exploit. This RPC DCOM Scanner can be found by visiting:

Two "InstaPolls"

First, SearchWin2000 has a one-question poll about how bad the spam problems are in people's companies. Looks rough. You can check the results here, and also vote, survey is at the right side, scroll down to see it:

Second, Sunbelt has a new SunPoll: "Are you concerned about the security and privacy issues in hosted email solutions?"

  • We would never ever even think about doing this!
  • Yes, I'm very uncomfortable with running this outsourced
  • Well, there are pros and cons to something like this
  • We're thinking about this seriously
  • Already up and running and we're happy
Vote here, leftmost column:

PS: Two thirds of you voted to continue receiving the newsletter via email, so we will continue doing this normally. But for the people that have complained these large (30K) ones get filtered out, we are contemplating sending a one-line warning that W2Knews is available on the www.w2knews.com site.

PPS: Next month, August 2003, we are going to investigate the new Windows 2003 server and have four "theme" issues with all the new stuff, the bad stuff and the pitfalls we have been able to find, to save you some time when you roll this out.

Warm regards,
Stu Sjouwerman
(email me with feedback: [email protected])

  SPONSOR: ScriptLogic
Cut Your Help Desk Support Calls by 50%
"Every once in a while a product comes along that just seems to get
the pieces right, providing both simplicity and power. ScriptLogic
fits the bill on both counts." - MCP Magazine
  • Logon, logoff and shutdown scripting
  • Install/update software packages
  • Create Outlook mail profiles
  • Create/remove shortcuts
  • Enforce security policies
    ... And Much More
  • Fully functional 45 day DOWNLOAD
    Caffeine-free Desktop Administration T-shirt offer is available to US residents only.
    Visit ScriptLogic for more information.

    Windows Security Admin Tip: Easy Firewall Testing

    You're probably aware that Microsoft's Windows NT/2K/XP all contain a service called Simple TCP/IP Services which, when enabled, also enables the Echo, Character Generator, Discard and Quote of the Day programs. You are also probably aware that these programs were popular a decade ago, but are now considered a security risk and almost always disabled, and often not even installed. That doesn't mean they aren't useful -- one thing you can use them for is to test a firewall. Interesting little article at SearchWin2000 (registration required):

    Some Light Nutritional Humor

    Completely Off Topic, but hey, sometimes you have to break your own rules, otherwise life becomes too boring! This has been floating around on the Net for a while already, but for techies like us, sitting behind screens (waay) too much, it's especially applicable. Here's the final word on nutrition and health. It's a relief to know the truth after all those conflicting medical studies.

    1. The Japanese eat very little fat and suffer fewer heart attacks than the Americans.
    2. The Mexicans eat a lot of fat and suffer fewer heart attacks than the Americans.
    3. The Japanese drink very little red wine and suffer fewer heart attacks than the Americans
    4. The French drink excessive amounts of red wine and suffer fewer heart attacks than the Americans.
    5. The Germans drink a lot of beer and eat lots of sausages and fats and suffer fewer heart attacks than the Americans.
    CONCLUSION: Eat and drink what you like. Speaking English is apparently what kills you.
      NT/2000 RELATED NEWS

    MS Baseline Security Analyzer V1.1.1

    As you may know, as part of MS's Strategic Technology Protection Program, and in response to customers screaming for a streamlined method of identifying common security misconfigurations, MS came out with their Baseline Security Analyzer (MBSA). This is really an improved GUI for the HFNETCHK XML file. It's a freebie so you get what you pay for, but it's better than nothing. Personally, I think that you should use this thing, but also a commercial vulnerability scanner with a much larger database of holes.

    From the MS Website: "MBSA Version 1.1.1 includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000, Windows XP, and Windows Server 2003 systems and will scan for common system misconfigu- rations in the following products:" I'm going to abbreviate this, but the full list of platforms supported is on their page. Here goes: NT, W2K, XP, W2K3, IIS, SQL, IE, Office, Exchange, WMP. Check the FAQ and get a download here:

    So, How Does MS Make Their Code Secure?

    You may wonder why MS is sending out fixes to their software so frequently, (practically every week). A discussion about this on the ever popular NTSYSADMIN list got me inspired and I thought you'd like to know as well.

    They way they are trying to solve their security problems is to fix their code in a way they call a 'rolling blackout'. This takes a specific part of a product, or a whole product and freezes the development of it. During the freeze, a code review procedure is executed. This process is meant to find all vulnerabilities in the code (like the buffer overruns you hear about all the time) and fixes these. Some people say that this is a good way to implement quality control. Other people (a bit more crusty) put it like this: "An attempt to alleviate further embarrassment by implementing obvious, and inexplicably lacking, quality control measures." I guess the truth is somewhere in the middle. [grin]


    Survey: Executives Disagree On Disaster Recovery

    Very interesting survey in ComputerWorld. It's true what you have always thought. Your Upper levels execs have no clue how vulnerable their data really is. I'm talking USA now. In Europe, the upper level execs are much more savvy about the real dangers their data is in. The survey was sponsored by storage vendor EMC, and is the first attempt ever to look at the differences between business and IT executives' attitudes toward disaster recovery. You should read this, and send it over to the "big dawgs" up the flagpole when you ask for more budget so you can implement Double-Take. [grin]

    SCO Uses Unix Copyrights, Taxes Linux Users

    Microsoft must be in total glee. They have withheld much comment on the whole thing, however Ballmer has been stoking the fire against Linux after hearing this. Keep in mind that both Sun and MS have taken a license for a considerable amount of money from SCO. Linux proponents are poo-pooing the whole thing and claim that SCO is not going to get anywhere with the whole deal. The upshot is this:

    The SCO Group just stated that the US Patent and Trademark Office registered all the Unix and UnixWare copyrights that AT&T's Unix System Labs ever owned in SCO's name last week, making it clear for the world that SCO does in fact own them. With that in their pocket, the CEO of SCO claimed the copyrights will be used to bring Linux users to the negotiating table to work out licenses. You can see how controversial this issue is, as SCO says that copyright law makes the end user responsible for infringement. "Recovery comes down to the user," McBride said. "The legal issues are with the end users." Regarding pricing, SCO said that they are using their UnixWare costs as their baseline: it starts at $700 and goes up from there. You can see how SCO is stirring up worries among the Linux users, and how MS must be having fits of bellyaching hysterical laughter. But my prediction is that this thing is going into the courts, so think -years- before it gets resolved. Never a dull day in IT !!

    Going On Vacation? Come Back To Spam-less Inbox

    Exchange Admins all over the country are having to log into users email so they do not have 10,000 spams when they get back from vacation. One admin we just talked to has to clean out users mailboxes every few days or they will just delete their whole inbox when they get back from vacation, because it would take 5 hours sorting through it. Now, the fun thing is that you can actually use iHateSpam Server for free 30 days during the vacation to do all this and save yourself a humongous amount of time. We expect you'll like it so much that you won't be able to live without it when it expires:


    This Week's Links We Like. Tips, Hints And Fun Stuff

  • AOL fires most of the staff doing the Netscape browser. Now what?
  • A site with quite exotic and extraordinary foodstuffs. A worthy Fave:

  • http://www.w2knews.com/rd/rd.cfm?id=030728FA-Foodstuff
  • Get your car converted for really off-the-road environments:

  • http://www.w2knews.com/rd/rd.cfm?id=030728FA-Mattracks
  • People building web servers in all kinds of things. This is a Guitar:

  • http://www.w2knews.com/rd/rd.cfm?id=030728FA-Guitar_server
  • T.W.I.N.K.I.E.S: Tests With Inorganic Noxious Kakes In Extreme Situations

  • http://www.w2knews.com/rd/rd.cfm?id=030728FA-Twinkies

    Extremely Low-Cost Packet Sniffer: LanHound

    LANHOUND has become very popular very fast. It's a great packet sniffer at extremely low cost. We asked system- and network admins who bought it what they are using it for: Slow response times: See traffic congestion quickly. Broadcast or multicast storms: Set an alarm for unusually high traffic of these types. Traffic by station: View traffic generated by each station and server to see which stations are consuming the most bandwidth. Hanging network sessions: Find who sent the last packet, and which system failed to respond. User can't logon: Capture login negotiations, retransmits and response times to determine where the problem is, and where to focus your attention. Security Lapses: Find out if users are checking POP3 email or going to FTP sites using unencrypted passwords. Duplicate IP numbers: See if there are duplicate IP addresses on a monitored segment. Try it out for yourself over here: