- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Dec 6, 2004 (Vol. 9, #47 - Issue #503)
W2Knews Cool Christmas Tools
  This issue of W2Knews™ contains:
    • Welcome Back Everyone
    • New SunPoll: IE or Firefox?
    • Admin Tools We Think You Shouldn't Be Without
    • Looking For Updated SMS 2003 Articles?
    • Petco Settles With FTC Over Cyber Security Foul-up
    • The Three Most-overdue Windows Fixes
    • TechNet V2.0 Released: Much Better
    • Gvt Uses Color Laser Printer Technology to Track Docs
    • No W2K SP5, Expect Security Rollup Instead
    • Redmond Releases Out-of-cycle Patch For IFRAME Hole
    • MS Investigates Windows Server Flaw
    • Microsoft To Open Research Lab In India
    • Network World: "SNSI Less Expensive Secondary Scanner"
    • So, How Does CounterSpy Do Against The Rest?
    • InfoSec World 2005 Conference and Expo
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • The Sunbelt Security Pack Special Is Better Than Ever
  SPONSOR: Can You Afford a Lawsuit?
If you think Web filtering is too costly for your IT budget,
wait until you have to defend yourself against a lawsuit due to
pornographic or hostile web content! More and more organizations
are establishing Acceptable Usage Policies, but if you can't
enforce them, what good are they? The answer is iPrism, the easy
and affordable Web filtering appliance from St. Bernard. Download
Five FREE iPrism Tools now and see how easy Web filtering can be.
Visit Can You Afford a Lawsuit? for more information.

Welcome Back Everyone

Hope you all had a good Thanksgiving break. Are you ready for the holidays? I'm not, there is so much to do before the end of the year. CounterSpy Enterprise is in beta, 200 sites are running it and the developers are working day and night to get all the bugs ironed out. It's exciting! In the mean time, the Security Pack is flying off the shelves; this is a deal you do not see every day. You should check it out and see if you can spend 2 grand of your budget as a special Christmas gift to yourself. This special pack gives you a tremendous amount of "admin-power" and is a great way to keep your domains secure and get you sleeping better at night.

And talking about Christmas gifts, over Thanksgiving I scoured dozens of magazines, websites, catalogs and emails to find you the coolest tech gifts for 2004! You will find them in the Fave Links! Have fun.

New SunPoll: IE or Firefox?

And here is the new SunPoll since IE's market share has fallen below 90 percent: "Seen the vulnerabilities in IE, which browser do you prefer at the moment, Firefox or Internet Explorer?"

  • Did not try other browsers and will stick with IE
  • Tried Firefox, but will stick with IE
  • I use and like both of them
  • I moved to Firefox
  • Dunno/undecided
Vote here, rightmost column:

Quotes of the week: (here's your chance!)
"Im attracted to guys who are really confident and make conversation." -- Britney Spears, born December 2, 1981
"After thirty, a body has a mind of its own." -? Bette Midler, born December 1, 1945
"I've spent most of my money on booze, women and the latest computer gear I don't need. The rest I've just wasted." -- Bob Jiantonio

UNDO Dept: The spelling of ?Gandhi? was wrong. It should be Ghandi.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


Looking For Updated SMS 2003 Articles?

I was just sent a newsletter article by Mark Serafine. He is a Contributor to myITforum.com. Mark wrote the following very useful article, and there is a link to an even more useful zip file!

"I have compiled a list of Microsoft Knowledge Base articles that are specifically related to Microsoft's Systems Management Server (SMS) 2003. As all SMS administrators know, it is extremely difficult to keep track of every article that Microsoft releases for each version of its product. After all, a new one is released for a particular version weekly (if not daily). Also when we run into an SMS problem that we're not familiar with, we have to search through Microsoft's Knowledge Base to try and narrow down the list of possible resolutions.

"That's why I've taken the time to not only centralize these articles, but also organize them into the following categories: site administration, software updates, SMS clients and admin console. This document will be updated as Microsoft releases new articles. However, this cannot be effectively accomplished without the help of my fellow SMS brethren. If you become aware of an article that you think should be added to the list, please send me the info pertaining to it. This also applies to previously released articles that I've missed and did not include in the document. Hopefully, what I've put together will benefit you as it has me."

Here are the articles in a zip file Microsoft SMS 2003 Articles.zip:

This article first appeared in myITforum, the premier online destination for IT professionals responsible for managing their corporations' Microsoft Windows systems. The centerpiece of myITforum.com is a collection of member forums where IT pros actively exchange technical tips, share their expertise, and download utilities that help them better manage their Windows environments, specifically Microsoft Systems Management Server (SMS). It is part of the TechTarget network of Web sites. To register for the site and sign up for the myITforum daily newsletter, click here:

Petco Settles With FTC Over Cyber Security Foul-up

What's the potential cost for your organization of not scanning your servers for known vulnerabilities? Petco, the giant pet products retailer, will have the FTC looking over their shoulder for the next 20 years, apart from the egg on their face and the lost revenues. This settlement stems from a known SQL injection vulnerability on Petco's web site that could have exposed 500,000 credits card numbers to hackers. A 20-year old hacker discovered the fact their servers were not patched. He had previously discovered and reported a similar vulnerability on Gap's web site.

The irony here is that this information came to light when Petco pursued a lawsuit against the hacker. This settlement with the FTC brings to light that any company which discloses that it has been hacked might end up with very long-term public scrutiny.

Petco had to take their site offline for a few days to fix it. As part of the settlement, Petco must setup a comprehensive infosec program, certified by an independent professional every two years for the 20-year life of the order. Any violation can trigger a fine of $11,000. Story at The Register.

Want to prevent this kind of 'egg-on-face'? They 'shoulda' used SNSI!

The Three Most-overdue Windows Fixes

Jonathan Hassell, Contributor to SeachWindowsSecurity wrote: "We're nearing the end of another year and it's time to think of where we've gone and where we're going in the next 12 months. I'm sure there's a boardroom somewhere in Redmond where a conversation about Windows flaws is currently happening. What are the biggest flaws to fix? Where might we go from here? Here's my take on the three most-needed fixes for Windows.

  1. A complete overhaul of Internet Explorer
  2. The reduction or elimination of RPC dependency
  3. More secure password hash generation
Why these three? The story is here:

TechNet V2.0 Released: Much Better

Microsoft has rejigged its TechNet support offering. While V2.0 of TechNet Plus 2.0 sees three benefits for users, there is also a price increase. First, the full-version software will no longer expire within a set period of time (previously 90 or 180 days). Note, however, that the licensing terms remain that it is for evaluation use only. Second, users will be entitled to two 'no-charge support incidents' per year, and a faster 'next business day' turnaround is also promised for the TechNet Managed Newsgroups (a two-day turn around was previously promised for the Microsoft- and MVP-monitored support newsgroups). The PC Pro site has more news about this announcement MS made in the UK recently:

Gvt Uses Color Laser Printer Technology to Track Docs

Posting on the NTSYSADMIN list: "I saw this on the Full-Disclosure list today. It is quite interesting. If you were concerned about digital document tracking, you made need to take a closer look at your color-printed hard-copies as well. No more printing of false 20-dollar bills on that color laser, bro."


No W2K SP5, Expect Security Rollup Instead

Microsoft has killed its planned Windows 2000 Service Pack 5. Instead the company will release an Update Rollup for Windows 2000 Service Pack 4 in the middle of next year. Update rollups are nothing new. They already released a few of these beasties, for instance with the WinXP Update Rollup 1, and NT post PS6a Rollup. But no more service packs for W2K? Gulp...

That sounds like the beginning of the end. I don't like it. They give a nice PR-spin to the whole thing, but if you read through the lines, to me it looks like a clear nudge to start thinking toward 2003 Server, and a bit of an easy way out for Redmond. The only positive part is that this rollup will take less testing than a full fledged Service Pack, but still... Test, test, test! Microsoft plans to end mainstream support, including free hotfixes, for Windows 2000 on June 30, 2005. Dang... You can find the official memo at:

Redmond Releases Out-of-cycle Patch For IFRAME Hole

Redmond apparently thought this particular vulnerability was so critical that it jumped out of the normal monthly routine and released a fix for the IFRAME problem in IE. The vulnerability is caused due to a boundary error within the handling of certain attributes in the IFRAME and FRAME HTML tags. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings. Successful exploitation allows execution of arbitrary code. The hole has been confirmed in both IE 6.0 on Windows XP SP1, and IE 6.0 on W2K (both fully patched). MS rated it "Extremely critical" because of the fact that a working exploit has been published on several public mailing lists. A variant of the MyDoom virus is already using it. Make sure you patch your systems quickly. Here is the MS Bulletin:

MS Investigates Windows Server Flaw

ComputerWorld released a story I think you should check out. It's short but interesting. MS is looking at a security flaw in Windows server software that could allow an attacker to gain complete control over systems. The flaw lies in the Windows Internet Name Service (WINS), a network infrastructure component in Windows NT Server 4.0, Windows 2000 Server and Windows Server 2003. WINS provides a distributed database for registering and querying dynamic computer-name-to-IP-address mapping in a routed network. Here is the story:

Microsoft To Open Research Lab In India

MS is setting up a research lab in Bangalore, India, that will focus on areas including computing technologies for emerging markets, according to a company executive. The new lab, called Microsoft Research India, goes online in January, and will be part of a network of five research labs that Microsoft runs worldwide, said Padmanabhan Anandan, managing director of Microsoft Research India. Besides research labs in Redmond, Washington, Mountain View, California, and San Francisco, Microsoft also operates labs in Cambridge, England, and Beijing. The company employs 700 staff in its research labs, working in 55 different areas. The Bangalore lab will have about 24 people to start with, Anandan said. Story at InfoWorld:


Network World: "SNSI Less Expensive Secondary Scanner"

Network World's Neil Weinberg had a look at SNSI V1.5. He writes for system and network admins of the larger, multi-platform sites, that likely already have an expensive, high-end scanner deployed. Here are some positive extracts of what he said:

"If you are in the market for a less expensive secondary vulnerability scanner, you might want to take a look at Sunbelt Network Security Inspector.

"Sunbelt - which acts as an OEM to the Harris vulnerability database - sets its price at about $1,500 per administrator, not licensed by IP address like most of its competitors. Based on this price, relative scanning speed and ease of use, Sunbelt could be used as a secondary point scanner for quick scans.

"The Sunbelt GUI is very strong. The product is fast and very easy to use. Reports are provided through a Crystal Reports engine, but they are only exportable by printing to PDF." (note, this will change in Version 1.6 which is in beta)

Some other remarks were: "Because this product is designed to be a point scanner, scan scheduling and options configuration are not included. Vulnerability updates are also only performed manually."

And if you see this article in USA Today, it takes four minutes to go from clean machine fresh hooked up to the Net to being a zombie. Here is the story:

You cannot afford not to scan your domains regularly. SNSI is THE solution to get a fast overview where the holes are. It's now part of a super cheap security pack that you really should get before the end of the year.

So, How Does CounterSpy Do Against The Rest?

One of the NTSYSADMIN subscribers sent me this:

"Hi Stu, I ran the latest Adaware, Spybot Search and Destroy, NAV 2005, deleted all cookies, temp files and temp Internet files BEFORE I installed CounterSpy. So how in the heck did CounterSpy find 19 pieces of Spyware, 113 bad cookies and 120 infected registry keys?

"WOW! Totally amazing piece of software. It was blazingly fast. AdAware usually takes over 1 hour to scan my system. Spybot, about 10 minutes. NAV 2005, about 1 hour. CounterSpy's QuickScan took less than 3 minutes and found stuff the "competition" left behind. My system is a dual 2.8G proc, 2GB RAM and 2 WD 120GB 8MB buffer HDs. It ain't no slacker. But, CRAP CounterSpy is FAST!!! Then I did a deep scan over 80,000+ files, it was under 24 minutes and found an additional 3 pieces of Spyware, 6 more infected registry keys and 3 more bad cookies."
-- Carl Webster.

Check it out for yourself at:

InfoSec World 2005 Conference and Expo

Heads-Up! This is a GOOD show to go to, so put it in your schedule, and register early for April 4-6, 2005. Workshops from April 2-8. It's at Disney?s Coronado Springs Resort in Orlando, FL. From open source security tools to Windows protection strategies, from safeguarding hardware tokens to demystifying wireless hacking techniques, InfoSec World 2005 tackles the full spectrum of security challenges and offers real-world, unbiased solutions. Don't miss your chance to cash in on their money-saving early-bird offer! Register for InfoSec World by December 17, 2004, and SAVE $100 on the conference registration fee! Express register online today at:


This Week's Links We Like. Tips, Hints And Fun Stuff

Here are all the W2Knews Cool Christmas Tools:


The Sunbelt Security Pack Special Is Better Than Ever

We had a special in September. Bundled three security tools together and basically you paid only for one. But a lot of people said that it was impossible to get a PO through their lines so fast, and were really disappointed the bundle was no longer available! So, we decided to bring it back, and make it even better: we threw in 10 copies of the new CounterSpy! So here is the new bundle offer, valid till Dec 31, 2004 so that you have a bit more time to get it approved. This is the ideal 'Christmas Present' for the busy admin, one of the tools is the highly popular SNSI vulnerability scanner!