Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 19, 2004 (Vol. 9, #28 - Issue #484)
WUS and MUS Pushed Back A Year!
This issue of W2Knews contains:
- EDITORS CORNER
- TECH BRIEFING
- Demo of New Windows Media Connect
- HIPAA Compliance Deadline Is 9 Months Away
- Identity Theft Penalty Enhancement Act Signed Into Law
- NT/2000 RELATED NEWS
- WUS and MUS Pushed Back A Year
- MS To Link Enterprise IM Server With Public IM Networks
- Here Are The July Redmond Patches
- New Networking Features in WinXP Service Pack 2
- NT/2000 THIRD PARTY NEWS
- Change Management: More Needed Than Ever
- Spam Top 10
- SNSI V1.5: Scan Machines, IP's, Ports & Services!
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- BOOK: Zero-Day Exploit: Countdown to Darkness
SPONSOR: Panda's Hassle-Free Corporate Antivirus
The powerful management functionalities incorporated in WebAdmin
Antivirus allows companies to protect their IT infrastructure
with the latest antivirus technology within minutes. Users of
this Panda Software product can install and update the antivirus
protection even on computers that are not connected to the
corporate network or those without an internet connection. You
can test drive and evaluate WebAdmin free if you click here.
Visit Panda's Hassle-Free Corporate Antivirus
for more information.
Your Fave Print Mags
The recent SunPoll asked you: "As a system manager, which Print
Magazine do you feel is the most important and helpful to get your
job done? You answered:
Well, THAT was clear! The next SunPoll we'll look at online
resources, but I'd like some more input from you about which
online resource you think help you the most! Send me an email
with your fave online resource?
- Network World: 15.63%
- MCP Magazine (Soon Redmond Magazine) 19.43%
- Certification Magazine 1.42%
- SC Magazine 3.31%
- Windows & .Net Mag (Soon Windows IT Pro) 60.18%
Remember that we have this special webinar occurring, attend it
and get your Free "Spam Sucks" T-Shirt. Presented by Microsoft
Office Live Meeting and Sunbelt Software:
Register now, attend and receive your "Spam Sucks" t-shirt.
- How spam is affecting business productivity
- Available spam filtering solutions for the enterprise
- The pros and cons of spam filtering technology
- How to best secure your technology environment against spam
July 22, 2004
9:00AM - 10:00AM PST
12:00PM - 1:00PM EST
(All times US & Canada)
Quotes this week:
Last week's quote: "The days pass by so quickly now, the nights
are seldom long", many people told me this was a line from a John
Denver song on the Poems, Prayers & Promises Album. Thanks!
- "A word to the wise ainīt necessary -- itīs the stupid ones that
need the advice." --Bill Cosby
- After eating an entire bull, a mountain lion felt so good he started
roaring. He kept it up until a hunter came along and shot him. The
moral: When you're full of bull, keep your mouth shut. -- Will Rogers.
(email me with feedback: [email protected])
SPONSOR: Disaster Recovery Is Now A Must-Have
But there are still a lot of questions about DR, here are a few:
- What is the difference between synchronization and replication?
- Does Double-Take replicate the entire file when it is changed?
- Are changes applied to the target server immediately?
- Can replicated data on the target be accessed by users?
- Will Double-Take replicate encrypted files?
And many more. We have an FAQ for you here (no registration needed!)
Visit Disaster Recovery Is Now A Must-Have for more information.
Demo of New Windows Media Connect
You might not have heard of Windows Media Connect technology. Jason
Flaks, program manager on the Media Connects team, shows a neat demo
of how CD and DVD players and other devices use this technology
to do media transfers between Windows XP based PCs and consumer
electronics devices. Looks like this functionality will be added
to the Media Center Edition but also likely included in WinXP SP2.
And while we are on the (somewhat off) topic of media, download
this file and let it run while you are streaming online radio
stations and it will automatically find the lyrics to the song
that is currently playing.
HIPAA Compliance Deadline Is 9 Months Away
The compliance deadline for HIPAA's Security Rule is April 21, 2005.
There are many tasks involved in bringing your organization into
compliance, and it is important to start now if you haven't done
so already. Michelle DeBarge gives you tips on how to ensure that
compliance over at the Mondaq's Article Service Site (you do need
to register to get in but it's worth it)
Identity Theft Penalty Enhancement Act Signed Into Law
Identity theft has become the fastest-growing crime in the U.S.
Depending on who you ask, it is estimated that between 7 million
to 10 million Americans are victims of identity fraud. The cost
is more than a billion dollars a year, and costs the average
victim about 170 hours in lost time and headaches trying to
recover monetary losses and repair their credit. The bad guys
up to now only got probation with restitution. Today's new law
changes that. The Identity Theft Penalty Enhancement Act [ITPEA]
says that anyone who, while engaged in any of a long list of
crimes, knowingly "transfers, possesses, or uses, without lawful
authority" someone else's identification will be sentenced to an
extra prison term of two years with no possibility of probation.
Committing identity fraud while engaged in certain major crimes
sometimes associated with terrorism--such as aircraft destruction,
arson, airport violence or kidnapping top government officials--
gets an automatic extra five years. More at the Arstechnica site:
NT/2000 RELATED NEWS
WUS and MUS Pushed Back A Year
Did you expect Redmond's new patch management tool this summer?
You'll have to wait a year for it. Bummer. They said last Tuesday
that Windows Update Services, (the new tool designed to let you
keep PCs and servers up to date with the latest patches), won't
ship until sometime in the first half of next year. Knowing them,
this will be likely latish, making it a year from now. MS said
the delay was caused by beta feedback, and by them still working
on their automatic updates agent that will a part of WinXP SP2,
which won't ship until next month.
The new Microsoft Update (MU) Service, a planned patching tool
that Redmond is building to provide hotfixes to not only the OS,
but also other core MS products like Office, SQL, and Exchange
is now due out by mid-2005, a year later than anticipated.
All the news (good for some, bad for others) was delivered to
MS partners by Mike Nash. He's the boss of MS's security business
and technology unit. Nash explained that both WUS and MU have
dependencies on Windows Update, the existing MS updating system.
The latest version of Windows Update is Version 5 and expected
to go live at the same time as WinXP SP2.
If I have to summarize what patching systems will be available
from Redmond by mid-to-end of 2005, it would look like this, and
these will be in existence for quite a while:
In the mean time, third party tools like UpdateExpert provide all
of 1 through 3 above already, and will still be very popular.
- Windows Update, by that time probably version 6.0; the solution
to get Windows patches to consumers and small business.
- WUS; Update system for the Windows OS geared to Medium/Large Biz.
- MU; a 'wider scope' patching tool for more MS products, focused
on mid-size and large bizz.
- Systems Management Server: Big-Time, Heavy Duty, Top-Down systems
management tool with which you can distribute all kinds of software,
patches and fixes throughout your domains.
MS To Link Enterprise IM Server With Public IM Networks
Well, well, well. Who would have expected that. Microsoft plans to
open up communication between its enterprise IM server and consumer-
oriented IM networks run by its MSN division and by rivals Yahoo and
America Online. It was the number one thing that customers asked for,
and here in Sunbelt we needed it too.
Remember all the years of bickering about interoperability? Looks like
the former enemies have buried the hatchet and finally have reached an
agreement. The Live Communications Server 2005 is in Beta at the moment
and allows you to extend secure IM to your customers and partners. Guess
why all the quarreling has ended? Here is a hint: Yahoo and AOL will
get unspecified royalties for connecting to Live Communication Server.
[grin] Story in ComputerWorld:
Here Are The July Redmond Patches
From their page (link below): The Microsoft Windows security updates
for July 2004 address newly discovered issues in Windows, including
Microsoft Internet Explorer and Microsoft Outlook Express, both
components of Windows. If you have any of the software listed on
this page installed on your computer, you should visit the Windows
Update Web site to install related updates. Some are critical.
New Networking Features in WinXP Service Pack 2
I found a good page on the MS website about all the new stuff
relating to networking that sits in SP2. This is something you
want to have a look at for sure. There is another interim beta
that was released mid-stream by the way. Microsoft observers
said it went to Microsoft employees, some independent software
vendors, OEMs and a select group of partners. The latest build
(2162) focused on wireless enhancements. Everyone expects it to
RTM (Release to Manufacturing) in August now.
Windows update will have a new "smart downloading" that will allow
you to interrupt the large SP2 download and resume it later. As I
said before, this is more than a Service Pack, think upgrade. SP2
contains fixes but also gives you new features and of course
makes significant changes in four main areas: network protection,
memory protection, e-mail security and browsing security.
SP2's latest test version was a whopping 264Megs. I expect the final
version to be smaller but still around 200 Meg. Dang. Redmond warns
people that it may break existing apps. It most assuredly will.
Test, test, test!!! Check the new networking features here:
THIRD PARTY NEWS
Change Management: More Needed Than Ever
I know that many of you have been implementing a much tighter
change management process in your organizations. We all have
learned a painful lesson when some admin changed something in
server configs (and never admits it :) and oops the change causes
problems. Today, when configuration errors can cause not only
downtime but also expose server misconfigurations as a path for
hackers to exploit, strict configuration management process is
a must have -- not a nice to have. That's one of the reason
ITIL is getting very popular.
Ecora Enterprise Auditor is a mature tool that can help you
identify and report on precise config settings change in your
servers, routers, even workstations. It collects thousands of
configuration settings from Windows OS, AD, IIS, SQL, Exchange
and Citrix Metaframe XP. It can do the same for Linux, HP-UX,
Solaris, AIX, Oracle, Lotus Notes, Novell and even Cisco
router settings. It collects all this configuration data
into an SQL or MSDE database and provides cool out of the
box reports to identify changes, baseline server configs,
create reports that show key security settings. In addition,
the latest release (v3.5) includes a WMI Browser that lets
you quickly and easily define and collect custom WMI data
specific to your organization. Great tool to use if you want
to standardize server configs.
With the recent onslaught of regulations and audits: Sarbanes
Oxley, GLBA, HIPAA, Part 11, etc many of us don?t have a
choice but to maintain detailed configuration and change
reports to pass the audits. Ecora Enterprise Auditor is great
help in that regard. For more information:
Spam Top 10
Here are the most recent Spam Top 10. The iHateSpam Learning
Network has hundreds of thousands of participants. Porn reigns
supreme on the Net, and this month it does in spam as well.
Phising emails also increased this month for the 2nd straight
iHateSpam Server released a new build with improved spam traps
- SPORN - Graphic Pornographic Emails - Hazardous
- Online Diplomas - Degrees overnighted without even taking
a test - Annoyance
- Virus - emails with attachments to get you to run them.
NetSky variants were highest - Very Hazardous
- Computer Software - Why pay retail... - Annoyance
- Online Pharmacy - promoting all kinds of drugs - Annoyance
- Mortgage offers - Annoyance
- Drugs and Enhancer - increase body part size, any body part - Annoyance
- Phishing & Fraud - Email scams to get your personal data increased
again last month - Annoyance/Hazardous
- Making income from home. Spam/Scam Annoyance/Hazardous
- Weight Loss - Annoyance
SNSI V1.5: Scan Machines, IP's, Ports & Services!
Are Your Yearly Security Scanner Renewal Fees Causing Sticker Shock?
You should definitely prepare to have a serious look at the new
SNSI V1.5, it is now multi-platform and you are able to scan by IP-
range, Windows machine, Port and Service. Sunbelt Network Security
Inspector (SNSI), is a low-cost, quick-install, fast-result
vulnerability scanner. It uses a top-quality, commercial-grade
vulnerability database with well over 3,000 ranked vulnerabilities.
SNSI is licensed per Admin. Now you can finally afford a world-class
scanner and be proactive without compromises. Release: Late July 2004
We will send you an email when it is available, expect one before
the end of the month.
This Week's Links We Like. Tips, Hints And Fun Stuff
Live a real StarTrek life. Now for sale at ebay for a cool mil
Yup! He's finally here. Your ultimate system admin action figure: Geekman!!
Have a website? Punch in your URL for a GRAPHICAL view of the sites
linked to you. Cool.
Almost twenty animations of things that happen inside your body--
tiny things, like Staph infections getting attacked or a coronary
stent being inserted:
A whole church made out of legos. The detail is amazing.
A great site, does "fact checks" of political ads, etc. Non-partisan.
Hotels in space: inflatable technology being developed in Vegas:
Jeff Harrow was the Chief Technologist at Compaq and writes a monthly
article on cutting-edge/future technology. Recommended!
These things are getting popular: another race car/boat in-one!
Normally no geopolitics in this section, but this is the best article on
terrorism, Israel and the Middle East I have read in a long, long time.
Here is a site that takes a critical look at movies and their mistakes
PRODUCT OF THE WEEK
BOOK: Zero-Day Exploit: Countdown to Darkness
I was sent a review copy and started reading almost at once. It's
written by security experts and reads like a novel. Not exactly
a John Le Carre, but fun to read and at the same time gives you
a tremendous insight in 'security-land'. A techie page-turner that
I warmly recommend. About the book:
There exists a 0-day vulnerability in a particular line of SCADA
Master products that are widely used in petrochemical facilities.
Furthermore, since the telemetry between the Master and the RTUs
(the units located at valves, gauges, etc.) is particularly fragile
under attack, the attackers are able to take a two-tiered approach
to the damage they cause. Disaster can only be prevented by Reuben,
an elite cyber-security researcher who stumbles across the plot
while contracting for the federal government. Get it at Amazon: