- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 29, 2004 (Vol. 9, #13 - Issue #469)
Cursing At Windows Code
  This issue of W2Knews™ contains:
    • Kevin Mitnick On "The Big One"
    • Stay Up To Date With The Latest Software Versions
    • Vote For Your Fave Tools
    • Group Policy, Profiles and IntelliMirror for W2K(3) and XP
    • Why Redmond's Delivery of Patch Tools Slips Again
    • Deploying Secure Domain Controllers
    • Crash Course: Certification
    • Improve Mailbox Availability
    • First Release Candidate For Windows XP Service Pack 2
    • Cursing At Windows Code
    • Speech Server 2004 Announced
    • iHateSpam Server Finalist in SC Magazine Poll
    • The Latest Worm Warcraft: Security App Attack
    • Double-Take Reason Dell's New NAS Wins
    • The Buddy List Plague
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • LanHound Gets Silver Award For Network/System Management
  SPONSOR: Microsoft Tech·Ed 2004
Announcing Microsoft Tech·Ed 2004, May 23 - 28, San Diego, CA.
Microsoft?s definitive technical event for building, deploying,
securing and managing connected solutions. Experience
comprehensive technical content for IT professionals. Choose from
nearly 400 sessions in 11 major technology tracks. Preview new
products, network with peers, and view solutions in action. See
what's new, what's hot, and how to put it to work for you.

Visit Microsoft Tech·Ed 2004 for more information.

Kevin Mitnick On "The Big One"

I was over at InfoSec in Orlando this week. Good sessions, and a great little Tradeshow. It was buzzing with people looking for security solutions, and almost a hundred vendors presenting their wares. Attendance was up 20% over last year. I also had a chat with Kevin Mitnick, who is now running his "defensive thinking" consultancy outfit. (I have his business card to prove it. [grin]

When he was asked what the current biggest security hole was that he knew of, there was no hesitation at all with the answer: "802.11b". Often employees plug in a WAP unbeknownst to IT, and haven't got the slightest clue about security or encryption. Kevin said: "People believe WAPs are like cordless phones."

Social engineering is also still an all-time fave to break into companies. Security is a people-issue and needs to be handled with both training and a layered IT defensive posture. He said he was working on his new book called 'Art of Intrusion' and when I asked him what he thought of the possibility of "The Big One" killer virus he said it was possible but he did not know if it would really happen. Not particularly shocking news, but talking to him was cool. He showed us a trick with a cell phone. He called up some one in the room, and was able to make the Caller-ID show exactly the number he wanted to appear. In other words, you cannot trust Caller-ID anymore.

I also have some interesting security related stories in the Third Party Software section.

Stay Up To Date With The Latest Software Versions

Sunbelt has implemented a separate RSS-feed to warn you when new versions come on-line. We strongly recommend that you get an RSS-reader and add the link below, so you get alerted every time a new version of your product gets released:

Other useful Sunbelt RSS-Links:
New Products:
W2Knews via RSS:
WinXPnews via RSS:

Vote For Your Fave Tools

There are a couple of very close races going on! Let your voice be heard for the fave system admin tools in the 2004 W2Knews Target Awards:

Quote of the Week:
"Companies pray to the god of security every Sunday and sin the rest of the week." -- Pete Lindstrom, Research Director of the Spire Security company

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

Need to close the door on hackers? But "no budget and no time" are
your biggest problems? SNSI solves this problem: a world-class
scanner that does not make a hole in your budget. Better yet,
there is a KILLER competitive upgrade price. Compare that to
other high-end scanners out there. It's easy to see why SNSI is
rapidly becoming a Security Best Seller: The exception to "you
get what you pay for."

Group Policy, Profiles and IntelliMirror for W2K(3) and XP

Jeremy Moskowitz's site and book have been overhauled and is a great place to learn about above topics. You can apply 90-95% of the material to Windows 2000 users. Even if you have just one Windows XP machine in your domain, you'll want to take a look.

Why Redmond's Delivery of Patch Tools Slips Again

MS claims customers should not have to pay for patching, and will continue to provide "basic" patch management for free, Windows Server executive Steve Anderson says. In an interview, Anderson describes what customers get gratis, but why it is delayed again. And here is another interesting quote: "Microsoft Baseline Security Analyzer 1.2 will be the scanning engine for WUS. Shavlik is out." Steve Anderson, Windows Server, Marketing director. More at:

Deploying Secure Domain Controllers

There are 84 services that will appear on a Windows 2003 Server system when a new fresh installation is performed. This tip provides a table detailing the default services and what the best settings are for security. Part four of a series.

Crash Course: Certification

Security and messaging credentials are the newest additions to Microsoft's ever-changing world of certifications. Here's a wrap-up of the latest in certification and career advancement.

Improve Mailbox Availability

In the past, admins have had two choices on how to perform restorations in Exchange 2000. You could use an alternate recovery forest and move the store back to a production server. Or you could take the store offline. With Exchange 2003, there is now a recovery storage group. Read how it can save you time and minimize disruption to your users.

First Release Candidate For Windows XP Service Pack 2

RC 1 offers features that weren't part of the December beta such as a Windows Security Center accessible from the Windows Control Panel, a pop-up blocker that's turned on by default and a Windows Update V5 RC 1 for consumers. The Security Center monitors data on firewalls, Automatic Update and third-party anti-virus software. When turned on, the pop-up blocker is supposed to prevent pop-ups from automatically launching in the IE browser but let customers to permit pop-up messages on selected sites. The Windows Update V5 code has been updated to make it easier to install security updates. Redmond plans to ship Windows XP SP2 by the end of first half 2004. Here are some screenshots from Paul Thurrotts's site:

If you'd like to get a copy of SP2 RC1 yourself, or just find out more about it in anticipation of the final release, visit MS's Technical Preview Program site at:


Cursing At Windows Code

Some one looked at the recently leaked Windows 2000 Sources. Looks like MS coders are sometimes unhappy with the code that they produce if you believe their sometimes very embarrassing comments in the code. And the comments appear in realistic places. Reading this web site is safe for programmers since there is no actual code copied, but just the comments.

I'm copying a little bit of the comments the writer made here: "In the struggle to meet deadlines, I think pretty much all programmers have put in comments they might later regret, including swearwords and acerbic comments about other code or requirements. Also, any conscientious coder will put in prominent comments warning others about the trickier parts of the code. Comments like "UGLY TERRIBLE HACK" tend to indicate good code rather than bad: in bad code ugly terrible hacks are considered par for the course. It would therefore be both hypocritical and meaningless to go through the comments looking for embarrassments. But also fun, so let's go".

We cannot repeat the language in this issue, it would be filtered out before you'd see it. The writer ends off with an interesting conclusion. "Microsoft does not steal open-source code. Their older code is flaky, their modern code excellent. Their programmers are skilled and enthusiastic. Problems are generally due to a trade-off of current quality against vast hardware, software and backward compatibility." The whole story is here:

Speech Server 2004 Announced

Redmond claimed "First!" to offer a single platform combining the following technologies: 1) web, 2) speech processing and 3) telephony. It is currently only available for US English, but more natural language support will be added.

Their new Speech Server was built so that you can unify your web and telephony infrastructure, and add to that ASP.NET web apps for speech-enabled access (of course via the phone). The product includes engines for speech recognition (speech input and output), a telephony platform, and a voice browser. Looks to be pretty cool stuff actually.

Speech Server Standard Edition costs $7,999 per processor. The Enterprise Edition is a whopping $17,999 per processor. More at:


iHateSpam Server Finalist in SC Magazine Poll

SC Magazine recently ended their yearly poll that asked IT people for their favorite security tools. In the anti-spam category, there were 29 products people could vote for, including products from leading vendors like Brightmail, FrontBridge, GFI, SurfControl, Symantec and Trend.

Customer votes for iHateSpam Server defeated all these big names, and made it in the last 4 Finalists. The winner will be revealed end of April. Here are the 2004 Finalists in all categories, it is interesting reading to see who made it:

The Latest Worm Warcraft: Security App Attack

Last weekend, the Witty Worm left a trail of destruction behind itself. It was something new as it specifically targeted apps from Internet Security Systems like BlackICE en RealSecure. Experts were surprised by the speed with which Witty replicated, and its destructive power. Its power was also the reason it died relatively fast as it killed the systems it attacked.

It was really only active from Saturday through Monday, and hit about 30,000 systems. Witty sent about 20,000 copies of itself, after which some parts of the hard disk were overwritten. And this pattern repeated itself, until the machine crashed because of this. Other worm writers would call this sloppy design. More:

A related general anti-worm link is how to Configure Outlook to Block Additional Attachment File Name Extensions:

Double-Take Reason Dell's New NAS Wins

The SearchStorage Site has a good article about choosing NAS. They started out with: "It's getting harder and harder to tell network-attached storage (NAS) boxes apart, especially when it comes to systems based on the Windows Storage Server 2003 operating system.

"On Monday, Dell Inc., Round Rock, Texas, tried to differentiate its network-attached storage (NAS) servers with the launch of PowerVault 745N, a 1U rack system with processor speeds of up to 3.2 GHz and storage capacity ranging from 160 GB to 4 TB. The system uses external SCSI-attached storage.

"The 745N, which is designed to help small businesses, workgroups and branch offices meet growing storage demands, will replace Dell's own PowerVault 725N -- not to be confused with a separate line of co-branded storage products sold through a partnership with EMC Corp."

Kouri ultimately decided on Dell because "the Dell solution supported a product from NSI Software called Double-Take. Double-Take gave us tons of flexibility when we defined plans for replication in our overall backup and disaster recovery scheme. IBM also supported Double-Take, but their solution was much more expensive and didn't provide the same storage capacities Dell did."

Full Story:

Here's more about Double-Take and a 30-day eval:

And Double-Take made The SC Mag Judges Awards: 2004 Finalists. Finalists have been selected in each product category based on votes cast by the SC Awards Council, a group of over 100 senior infosecurity professionals around the world, supported by judges deliberations. You can see the Judges List here:

The Buddy List Plague

WIRED Magazine tipped me off about a new kind of virus you need to look out for. It replicates via IM. A small obscure virus called Jitux. It spread through networks in Mexico, Portugal and Spain. The critter did not do any damage, but it certainly was a successful proof of concept: it propagated via Microsoft's Instant Messaging Network instead of email.

Security experts have long warned that IM services will become the next frontier for virus writers. In 2007 there are expected to be almost 900 million IM accounts, and most of these are not running in encrypted mode. IM was developed for ease-of-use and scalability, not security. In 2003, there were more than 20 viruses and worms using IM, compared to just 5 in 2002. These types of worms can be written in a way that no user has to click on anything. That would mean hundreds of millions of machines infected in less than an hour. Yikes!


This Week's Links We Like. Tips, Hints And Fun Stuff


LanHound Gets Silver Award For Network/System Management

TechTarget Wrote: "Our Silver Award winner for Network/Systems Management, Sunbelt Software's LanHound, scored highest of all products in this category for value. The low-priced network monitoring solution also scored well in ease of use and ease of integration.

At practically half the price of comparable products, "LanHound is a good low-cost, low-overhead alternative to other network monitors that doesn't sacrifice much of anything that I could see in the feature set," said one of their judges.

LanHound troubleshoots network problems and monitors network activity through its traffic views, packet capture and packet decoding features. It also supports switched segments through its remote agents. The product supports Windows 98, NT, 2000 and XP. Because total disk space required is less than 10 MB, many customers use LanHound as a convenient "portable" solution for analyzing networks in the field, using their notebook PCs.

Get the Hound. LAN's best friend. US $743 which includes one year full maintenance.