Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 28, 2003 (Vol. 8, #30 - Issue #436)
MS Cries Wolf
This issue of W2Knews contains:
- EDITORS CORNER
- MS Cries Wolf
- Two "InstaPolls"
- TECH BRIEFING
- Windows Security Admin Tip: Easy Firewall Testing
- Some Light Nutritional Humor
- NT/2000 RELATED NEWS
- MS Baseline Security Analyzer V1.1.1
- So, How Does MS Make Their Code Secure?
- NT/2000 THIRD PARTY NEWS
- Survey: Executives Disagree On Disaster Recovery
- SCO Uses Unix Copyrights, Taxes Linux Users
- Going On Vacation? Come Back To Spam-less Inbox
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Extremely Low-Cost Packet Sniffer: LanHound
New surveys show: Disaster Recovery and Security are #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. DOUBLE-TAKE is that tool.
Sold more than all other High-Availability tools combined. It is
even certified for W2K Datacenter. No other HA tool is. How it
works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security:
Visit Double-Take for more information.
MS Cries Wolf
Looks like they REALLY want you to fix this particular bug. See
the email one of our readers received this week from their MS
technical liaison: "Folks, we're setting the highest alert level
possible for the vulnerability and fix MS03-026. PLEASE PLEASE
PLEASE ask your operations folks and end user community to deploy
and install this patch ASAP!!!! We really really really mean it!!!
Additional detail in Knowledge Base Article 823980 is available at:
The vulnerability impacts the way in which RPC is implemented in
the Windows Operating System. The exploit enables remote attackers
to send a specially crafted RPC request to TCP port 135 on machines
that are vulnerable. eEye is offering a tool (at no charge) for
the Internet community which scans network machines and detects
if any are vulnerable to the RPC DCOM exploit. This RPC DCOM
Scanner can be found by visiting:
First, SearchWin2000 has a one-question poll about how bad the
spam problems are in people's companies. Looks rough. You can
check the results here, and also vote, survey is at the right
side, scroll down to see it:
Second, Sunbelt has a new SunPoll: "Are you concerned about the
security and privacy issues in hosted email solutions?"
Vote here, leftmost column:
- We would never ever even think about doing this!
- Yes, I'm very uncomfortable with running this outsourced
- Well, there are pros and cons to something like this
- We're thinking about this seriously
- Already up and running and we're happy
PS: Two thirds of you voted to continue receiving the newsletter
via email, so we will continue doing this normally. But for the
people that have complained these large (30K) ones get filtered
out, we are contemplating sending a one-line warning that W2Knews
is available on the www.w2knews.com site.
PPS: Next month, August 2003, we are going to investigate the
new Windows 2003 server and have four "theme" issues with all
the new stuff, the bad stuff and the pitfalls we have been able
to find, to save you some time when you roll this out.
(email me with feedback: [email protected])
Cut Your Help Desk Support Calls by 50%
"Every once in a while a product comes along that just seems to get
the pieces right, providing both simplicity and power. ScriptLogic
fits the bill on both counts." - MCP Magazine
Fully functional 45 day DOWNLOAD
Logon, logoff and shutdown scripting
Install/update software packages
Create Outlook mail profiles
Enforce security policies
... And Much More
Caffeine-free Desktop Administration T-shirt offer is available to US residents only.
Visit ScriptLogic for more information.
Windows Security Admin Tip: Easy Firewall Testing
You're probably aware that Microsoft's Windows NT/2K/XP all contain
a service called Simple TCP/IP Services which, when enabled, also
enables the Echo, Character Generator, Discard and Quote of the Day
programs. You are also probably aware that these programs were
popular a decade ago, but are now considered a security risk and
almost always disabled, and often not even installed. That doesn't
mean they aren't useful -- one thing you can use them for is to
test a firewall. Interesting little article at SearchWin2000
Some Light Nutritional Humor
Completely Off Topic, but hey, sometimes you have to break your
own rules, otherwise life becomes too boring! This has been floating
around on the Net for a while already, but for techies like us,
sitting behind screens (waay) too much, it's especially applicable.
Here's the final word on nutrition and health. It's a relief to
know the truth after all those conflicting medical studies.
CONCLUSION: Eat and drink what you like. Speaking English is
apparently what kills you.
- The Japanese eat very little fat and suffer fewer heart attacks
than the Americans.
- The Mexicans eat a lot of fat and suffer fewer heart attacks
than the Americans.
- The Japanese drink very little red wine and suffer fewer heart
attacks than the Americans
- The French drink excessive amounts of red wine and suffer fewer
heart attacks than the Americans.
- The Germans drink a lot of beer and eat lots of sausages and
fats and suffer fewer heart attacks than the Americans.
NT/2000 RELATED NEWS
MS Baseline Security Analyzer V1.1.1
As you may know, as part of MS's Strategic Technology Protection
Program, and in response to customers screaming for a streamlined
method of identifying common security misconfigurations, MS came
out with their Baseline Security Analyzer (MBSA). This is really
an improved GUI for the HFNETCHK XML file. It's a freebie so you
get what you pay for, but it's better than nothing. Personally,
I think that you should use this thing, but also a commercial
vulnerability scanner with a much larger database of holes.
From the MS Website: "MBSA Version 1.1.1 includes a graphical and
command line interface that can perform local or remote scans of
Windows systems. MBSA runs on Windows 2000, Windows XP, and Windows
Server 2003 systems and will scan for common system misconfigu-
rations in the following products:" I'm going to abbreviate this,
but the full list of platforms supported is on their page. Here
goes: NT, W2K, XP, W2K3, IIS, SQL, IE, Office, Exchange, WMP.
Check the FAQ and get a download here:
So, How Does MS Make Their Code Secure?
You may wonder why MS is sending out fixes to their software
so frequently, (practically every week). A discussion about
this on the ever popular NTSYSADMIN list got me inspired and
I thought you'd like to know as well.
They way they are trying to solve their security problems is to
fix their code in a way they call a 'rolling blackout'. This takes
a specific part of a product, or a whole product and freezes the
development of it. During the freeze, a code review procedure
is executed. This process is meant to find all vulnerabilities
in the code (like the buffer overruns you hear about all the
time) and fixes these. Some people say that this is a good way
to implement quality control. Other people (a bit more crusty)
put it like this: "An attempt to alleviate further embarrassment
by implementing obvious, and inexplicably lacking, quality
control measures." I guess the truth is somewhere in the middle.
THIRD PARTY NEWS
Survey: Executives Disagree On Disaster Recovery
Very interesting survey in ComputerWorld. It's true what you
have always thought. Your Upper levels execs have no clue
how vulnerable their data really is. I'm talking USA now.
In Europe, the upper level execs are much more savvy about
the real dangers their data is in. The survey was sponsored
by storage vendor EMC, and is the first attempt ever to look
at the differences between business and IT executives' attitudes
toward disaster recovery. You should read this, and send it
over to the "big dawgs" up the flagpole when you ask for more
budget so you can implement Double-Take. [grin]
SCO Uses Unix Copyrights, Taxes Linux Users
Microsoft must be in total glee. They have withheld much comment
on the whole thing, however Ballmer has been stoking the fire
against Linux after hearing this. Keep in mind that both Sun
and MS have taken a license for a considerable amount of money
from SCO. Linux proponents are poo-pooing the whole thing and
claim that SCO is not going to get anywhere with the whole deal.
The upshot is this:
The SCO Group just stated that the US Patent and Trademark Office
registered all the Unix and UnixWare copyrights that AT&T's Unix
System Labs ever owned in SCO's name last week, making it clear
for the world that SCO does in fact own them. With that in their
pocket, the CEO of SCO claimed the copyrights will be used to
bring Linux users to the negotiating table to work out licenses.
You can see how controversial this issue is, as SCO says that
copyright law makes the end user responsible for infringement.
"Recovery comes down to the user," McBride said. "The legal issues
are with the end users." Regarding pricing, SCO said that they
are using their UnixWare costs as their baseline: it starts at
$700 and goes up from there. You can see how SCO is stirring
up worries among the Linux users, and how MS must be having fits
of bellyaching hysterical laughter. But my prediction is that
this thing is going into the courts, so think -years- before
it gets resolved. Never a dull day in IT !!
Going On Vacation? Come Back To Spam-less Inbox
Exchange Admins all over the country are having to log into
users email so they do not have 10,000 spams when they get
back from vacation. One admin we just talked to has to clean
out users mailboxes every few days or they will just delete
their whole inbox when they get back from vacation, because
it would take 5 hours sorting through it. Now, the fun thing
is that you can actually use iHateSpam Server for free 30
days during the vacation to do all this and save yourself
a humongous amount of time. We expect you'll like it so much
that you won't be able to live without it when it expires:
This Week's Links We Like. Tips, Hints And Fun Stuff
AOL fires most of the staff doing the Netscape browser. Now what?
A site with quite exotic and extraordinary foodstuffs. A worthy Fave:
Get your car converted for really off-the-road environments:
People building web servers in all kinds of things. This is a Guitar:
T.W.I.N.K.I.E.S: Tests With Inorganic Noxious Kakes In Extreme Situations
PRODUCT OF THE WEEK
Extremely Low-Cost Packet Sniffer: LanHound
LANHOUND has become very popular very fast. It's a great packet
sniffer at extremely low cost. We asked system- and network admins
who bought it what they are using it for: Slow response times:
See traffic congestion quickly. Broadcast or multicast storms:
Set an alarm for unusually high traffic of these types. Traffic
by station: View traffic generated by each station and server to
see which stations are consuming the most bandwidth. Hanging network
sessions: Find who sent the last packet, and which system failed
to respond. User can't logon: Capture login negotiations, retransmits
and response times to determine where the problem is, and where to
focus your attention. Security Lapses: Find out if users are checking
POP3 email or going to FTP sites using unencrypted passwords.
Duplicate IP numbers: See if there are duplicate IP addresses on
a monitored segment. Try it out for yourself over here: