- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 19, 2004 (Vol. 9, #28 - Issue #484)
WUS and MUS Pushed Back A Year!
  This issue of W2Knews™ contains:
    • Your Fave Print Mags
    • Demo of New Windows Media Connect
    • HIPAA Compliance Deadline Is 9 Months Away
    • Identity Theft Penalty Enhancement Act Signed Into Law
    • WUS and MUS Pushed Back A Year
    • MS To Link Enterprise IM Server With Public IM Networks
    • Here Are The July Redmond Patches
    • New Networking Features in WinXP Service Pack 2
    • Change Management: More Needed Than Ever
    • Spam Top 10
    • SNSI V1.5: Scan Machines, IP's, Ports & Services!
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • BOOK: Zero-Day Exploit: Countdown to Darkness
  SPONSOR: Panda's Hassle-Free Corporate Antivirus
The powerful management functionalities incorporated in WebAdmin
Antivirus allows companies to protect their IT infrastructure
with the latest antivirus technology within minutes
. Users of
this Panda Software product can install and update the antivirus
protection even on computers that are not connected to the
corporate network or those without an internet connection. You
can test drive and evaluate WebAdmin free if you click here.
Visit Panda's Hassle-Free Corporate Antivirus for more information.

Your Fave Print Mags

The recent SunPoll asked you: "As a system manager, which Print Magazine do you feel is the most important and helpful to get your job done? You answered:

  • Network World: 15.63%
  • MCP Magazine (Soon Redmond Magazine) 19.43%
  • Certification Magazine 1.42%
  • SC Magazine 3.31%
  • Windows & .Net Mag (Soon Windows IT Pro) 60.18%
Well, THAT was clear! The next SunPoll we'll look at online resources, but I'd like some more input from you about which online resource you think help you the most! Send me an email with your fave online resource?

Remember that we have this special webinar occurring, attend it and get your Free "Spam Sucks" T-Shirt. Presented by Microsoft Office Live Meeting and Sunbelt Software:

  • How spam is affecting business productivity
  • Available spam filtering solutions for the enterprise
  • The pros and cons of spam filtering technology
  • How to best secure your technology environment against spam
Register now, attend and receive your "Spam Sucks" t-shirt.

July 22, 2004
9:00AM - 10:00AM PST
12:00PM - 1:00PM EST
(All times US & Canada)

Quotes this week:
Last week's quote: "The days pass by so quickly now, the nights are seldom long", many people told me this was a line from a John Denver song on the Poems, Prayers & Promises Album. Thanks!
- "A word to the wise ainīt necessary -- itīs the stupid ones that need the advice." --Bill Cosby
- After eating an entire bull, a mountain lion felt so good he started roaring. He kept it up until a hunter came along and shot him. The moral: When you're full of bull, keep your mouth shut. -- Will Rogers.

Warm regards,

Stu Sjouwerman
(email me with feedback: [email protected])

  SPONSOR: Disaster Recovery Is Now A Must-Have
But there are still a lot of questions about DR, here are a few:
- What is the difference between synchronization and replication?
- Does Double-Take replicate the entire file when it is changed?
- Are changes applied to the target server immediately?
- Can replicated data on the target be accessed by users?
- Will Double-Take replicate encrypted files?
And many more. We have an FAQ for you here (no registration needed!)
Visit Disaster Recovery Is Now A Must-Have for more information.

Demo of New Windows Media Connect

You might not have heard of Windows Media Connect technology. Jason Flaks, program manager on the Media Connects team, shows a neat demo of how CD and DVD players and other devices use this technology to do media transfers between Windows XP based PCs and consumer electronics devices. Looks like this functionality will be added to the Media Center Edition but also likely included in WinXP SP2.

And while we are on the (somewhat off) topic of media, download this file and let it run while you are streaming online radio stations and it will automatically find the lyrics to the song that is currently playing.

HIPAA Compliance Deadline Is 9 Months Away

The compliance deadline for HIPAA's Security Rule is April 21, 2005. There are many tasks involved in bringing your organization into compliance, and it is important to start now if you haven't done so already. Michelle DeBarge gives you tips on how to ensure that compliance over at the Mondaq's Article Service Site (you do need to register to get in but it's worth it)

Identity Theft Penalty Enhancement Act Signed Into Law

Identity theft has become the fastest-growing crime in the U.S. Depending on who you ask, it is estimated that between 7 million to 10 million Americans are victims of identity fraud. The cost is more than a billion dollars a year, and costs the average victim about 170 hours in lost time and headaches trying to recover monetary losses and repair their credit. The bad guys up to now only got probation with restitution. Today's new law changes that. The Identity Theft Penalty Enhancement Act [ITPEA] says that anyone who, while engaged in any of a long list of crimes, knowingly "transfers, possesses, or uses, without lawful authority" someone else's identification will be sentenced to an extra prison term of two years with no possibility of probation. Committing identity fraud while engaged in certain major crimes sometimes associated with terrorism--such as aircraft destruction, arson, airport violence or kidnapping top government officials-- gets an automatic extra five years. More at the Arstechnica site:


WUS and MUS Pushed Back A Year

Did you expect Redmond's new patch management tool this summer? You'll have to wait a year for it. Bummer. They said last Tuesday that Windows Update Services, (the new tool designed to let you keep PCs and servers up to date with the latest patches), won't ship until sometime in the first half of next year. Knowing them, this will be likely latish, making it a year from now. MS said the delay was caused by beta feedback, and by them still working on their automatic updates agent that will a part of WinXP SP2, which won't ship until next month.

The new Microsoft Update (MU) Service, a planned patching tool that Redmond is building to provide hotfixes to not only the OS, but also other core MS products like Office, SQL, and Exchange is now due out by mid-2005, a year later than anticipated.

All the news (good for some, bad for others) was delivered to MS partners by Mike Nash. He's the boss of MS's security business and technology unit. Nash explained that both WUS and MU have dependencies on Windows Update, the existing MS updating system. The latest version of Windows Update is Version 5 and expected to go live at the same time as WinXP SP2.

If I have to summarize what patching systems will be available from Redmond by mid-to-end of 2005, it would look like this, and these will be in existence for quite a while:

  1. Windows Update, by that time probably version 6.0; the solution to get Windows patches to consumers and small business.
  2. WUS; Update system for the Windows OS geared to Medium/Large Biz.
  3. MU; a 'wider scope' patching tool for more MS products, focused on mid-size and large bizz.
  4. Systems Management Server: Big-Time, Heavy Duty, Top-Down systems management tool with which you can distribute all kinds of software, patches and fixes throughout your domains.
In the mean time, third party tools like UpdateExpert provide all of 1 through 3 above already, and will still be very popular.

MS To Link Enterprise IM Server With Public IM Networks

Well, well, well. Who would have expected that. Microsoft plans to open up communication between its enterprise IM server and consumer- oriented IM networks run by its MSN division and by rivals Yahoo and America Online. It was the number one thing that customers asked for, and here in Sunbelt we needed it too.

Remember all the years of bickering about interoperability? Looks like the former enemies have buried the hatchet and finally have reached an agreement. The Live Communications Server 2005 is in Beta at the moment and allows you to extend secure IM to your customers and partners. Guess why all the quarreling has ended? Here is a hint: Yahoo and AOL will get unspecified royalties for connecting to Live Communication Server. [grin] Story in ComputerWorld:

Here Are The July Redmond Patches

From their page (link below): The Microsoft Windows security updates for July 2004 address newly discovered issues in Windows, including Microsoft Internet Explorer and Microsoft Outlook Express, both components of Windows. If you have any of the software listed on this page installed on your computer, you should visit the Windows Update Web site to install related updates. Some are critical.

New Networking Features in WinXP Service Pack 2

I found a good page on the MS website about all the new stuff relating to networking that sits in SP2. This is something you want to have a look at for sure. There is another interim beta that was released mid-stream by the way. Microsoft observers said it went to Microsoft employees, some independent software vendors, OEMs and a select group of partners. The latest build (2162) focused on wireless enhancements. Everyone expects it to RTM (Release to Manufacturing) in August now.

Windows update will have a new "smart downloading" that will allow you to interrupt the large SP2 download and resume it later. As I said before, this is more than a Service Pack, think upgrade. SP2 contains fixes but also gives you new features and of course makes significant changes in four main areas: network protection, memory protection, e-mail security and browsing security.

SP2's latest test version was a whopping 264Megs. I expect the final version to be smaller but still around 200 Meg. Dang. Redmond warns people that it may break existing apps. It most assuredly will. Test, test, test!!! Check the new networking features here:


Change Management: More Needed Than Ever

I know that many of you have been implementing a much tighter change management process in your organizations. We all have learned a painful lesson when some admin changed something in server configs (and never admits it :) and oops the change causes problems. Today, when configuration errors can cause not only downtime but also expose server misconfigurations as a path for hackers to exploit, strict configuration management process is a must have -- not a nice to have. That's one of the reason ITIL is getting very popular.

Ecora Enterprise Auditor is a mature tool that can help you identify and report on precise config settings change in your servers, routers, even workstations. It collects thousands of configuration settings from Windows OS, AD, IIS, SQL, Exchange and Citrix Metaframe XP. It can do the same for Linux, HP-UX, Solaris, AIX, Oracle, Lotus Notes, Novell and even Cisco router settings. It collects all this configuration data into an SQL or MSDE database and provides cool out of the box reports to identify changes, baseline server configs, create reports that show key security settings. In addition, the latest release (v3.5) includes a WMI Browser that lets you quickly and easily define and collect custom WMI data specific to your organization. Great tool to use if you want to standardize server configs.

With the recent onslaught of regulations and audits: Sarbanes Oxley, GLBA, HIPAA, Part 11, etc many of us don?t have a choice but to maintain detailed configuration and change reports to pass the audits. Ecora Enterprise Auditor is great help in that regard. For more information:

Spam Top 10

Here are the most recent Spam Top 10. The iHateSpam Learning Network has hundreds of thousands of participants. Porn reigns supreme on the Net, and this month it does in spam as well. Phising emails also increased this month for the 2nd straight month.

  1. SPORN - Graphic Pornographic Emails - Hazardous
  2. Online Diplomas - Degrees overnighted without even taking a test - Annoyance
  3. Virus - emails with attachments to get you to run them. NetSky variants were highest - Very Hazardous
  4. Computer Software - Why pay retail... - Annoyance
  5. Online Pharmacy - promoting all kinds of drugs - Annoyance
  6. Mortgage offers - Annoyance
  7. Drugs and Enhancer - increase body part size, any body part - Annoyance
  8. Phishing & Fraud - Email scams to get your personal data increased again last month - Annoyance/Hazardous
  9. Making income from home. Spam/Scam Annoyance/Hazardous
  10. Weight Loss - Annoyance
iHateSpam Server released a new build with improved spam traps

SNSI V1.5: Scan Machines, IP's, Ports & Services!

Are Your Yearly Security Scanner Renewal Fees Causing Sticker Shock? You should definitely prepare to have a serious look at the new SNSI V1.5, it is now multi-platform and you are able to scan by IP- range, Windows machine, Port and Service. Sunbelt Network Security Inspector (SNSI), is a low-cost, quick-install, fast-result vulnerability scanner. It uses a top-quality, commercial-grade vulnerability database with well over 3,000 ranked vulnerabilities. SNSI is licensed per Admin. Now you can finally afford a world-class scanner and be proactive without compromises. Release: Late July 2004 We will send you an email when it is available, expect one before the end of the month.


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Live a real StarTrek life. Now for sale at ebay for a cool mil
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-StarTrek
  • Yup! He's finally here. Your ultimate system admin action figure: Geekman!!
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-Geekman
  • Have a website? Punch in your URL for a GRAPHICAL view of the sites linked to you. Cool.
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-Graphic_URL
  • Almost twenty animations of things that happen inside your body-- tiny things, like Staph infections getting attacked or a coronary stent being inserted:
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-Body_animations
  • A whole church made out of legos. The detail is amazing.
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-Lego_church
  • A great site, does "fact checks" of political ads, etc. Non-partisan.
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-Fact_Check
  • Hotels in space: inflatable technology being developed in Vegas:
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-Space_Hotels
  • Jeff Harrow was the Chief Technologist at Compaq and writes a monthly article on cutting-edge/future technology. Recommended!
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-Cutting_Edge
  • These things are getting popular: another race car/boat in-one!
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-car_boat
  • Normally no geopolitics in this section, but this is the best article on terrorism, Israel and the Middle East I have read in a long, long time.
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-Geopolitics
  • Here is a site that takes a critical look at movies and their mistakes
  • http://www.w2knews.com/rd/rd.cfm?id=040719FA-Movie_mistakes

    BOOK: Zero-Day Exploit: Countdown to Darkness

    I was sent a review copy and started reading almost at once. It's written by security experts and reads like a novel. Not exactly a John Le Carre, but fun to read and at the same time gives you a tremendous insight in 'security-land'. A techie page-turner that I warmly recommend. About the book:

    There exists a 0-day vulnerability in a particular line of SCADA Master products that are widely used in petrochemical facilities. Furthermore, since the telemetry between the Master and the RTUs (the units located at valves, gauges, etc.) is particularly fragile under attack, the attackers are able to take a two-tiered approach to the damage they cause. Disaster can only be prevented by Reuben, an elite cyber-security researcher who stumbles across the plot while contracting for the federal government. Get it at Amazon: