Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Dec 6, 2004 (Vol. 9, #47 - Issue #503)
W2Knews Cool Christmas Tools
This issue of W2Knews contains:
- EDITORS CORNER
- Welcome Back Everyone
- New SunPoll: IE or Firefox?
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- Looking For Updated SMS 2003 Articles?
- Petco Settles With FTC Over Cyber Security Foul-up
- The Three Most-overdue Windows Fixes
- TechNet V2.0 Released: Much Better
- Gvt Uses Color Laser Printer Technology to Track Docs
- NT/2000 RELATED NEWS
- No W2K SP5, Expect Security Rollup Instead
- Redmond Releases Out-of-cycle Patch For IFRAME Hole
- MS Investigates Windows Server Flaw
- Microsoft To Open Research Lab In India
- NT/2000 THIRD PARTY NEWS
- Network World: "SNSI Less Expensive Secondary Scanner"
- So, How Does CounterSpy Do Against The Rest?
- InfoSec World 2005 Conference and Expo
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- The Sunbelt Security Pack Special Is Better Than Ever
SPONSOR: Can You Afford a Lawsuit?
If you think Web filtering is too costly for your IT budget,
wait until you have to defend yourself against a lawsuit due to
pornographic or hostile web content! More and more organizations
are establishing Acceptable Usage Policies, but if you can't
enforce them, what good are they? The answer is iPrism, the easy
and affordable Web filtering appliance from St. Bernard. Download
Five FREE iPrism Tools now and see how easy Web filtering can be.
Visit Can You Afford a Lawsuit? for more information.
Welcome Back Everyone
Hope you all had a good Thanksgiving break. Are you ready for the
holidays? I'm not, there is so much to do before the end of the
year. CounterSpy Enterprise is in beta, 200 sites are running it
and the developers are working day and night to get all the bugs
ironed out. It's exciting! In the mean time, the Security Pack is
flying off the shelves; this is a deal you do not see every day.
You should check it out and see if you can spend 2 grand of your
budget as a special Christmas gift to yourself. This special pack
gives you a tremendous amount of "admin-power" and is a great way
to keep your domains secure and get you sleeping better at night.
And talking about Christmas gifts, over Thanksgiving I scoured dozens of magazines, websites, catalogs and emails to find you the coolest tech gifts for 2004! You will find them in the Fave Links! Have fun.
New SunPoll: IE or Firefox?
And here is the new SunPoll since IE's market share has fallen below
90 percent: "Seen the vulnerabilities in IE, which browser do you
prefer at the moment, Firefox or Internet Explorer?"
Vote here, rightmost column:
- Did not try other browsers and will stick with IE
- Tried Firefox, but will stick with IE
- I use and like both of them
- I moved to Firefox
Quotes of the week: (here's your chance!)
"I´m attracted to guys who are really confident and make conversation."
-- Britney Spears, born December 2, 1981
"After thirty, a body has a mind of its own." -? Bette Midler,
born December 1, 1945
"I've spent most of my money on booze, women and the latest computer
gear I don't need. The rest I've just wasted." -- Bob Jiantonio
UNDO Dept: The spelling of ?Gandhi? was wrong. It should be Ghandi.
(email me with feedback: [email protected])
Admin Tools We Think You Shouldn't Be Without
Looking For Updated SMS 2003 Articles?
I was just sent a newsletter article by Mark Serafine. He is a
Contributor to myITforum.com. Mark wrote the following very useful
article, and there is a link to an even more useful zip file!
"I have compiled a list of Microsoft Knowledge Base articles that
are specifically related to Microsoft's Systems Management Server
(SMS) 2003. As all SMS administrators know, it is extremely difficult
to keep track of every article that Microsoft releases for each
version of its product. After all, a new one is released for a
particular version weekly (if not daily). Also when we run into
an SMS problem that we're not familiar with, we have to search
through Microsoft's Knowledge Base to try and narrow down the
list of possible resolutions.
"That's why I've taken the time to not only centralize these articles,
but also organize them into the following categories: site
administration, software updates, SMS clients and admin console.
This document will be updated as Microsoft releases new articles.
However, this cannot be effectively accomplished without the help
of my fellow SMS brethren. If you become aware of an article that
you think should be added to the list, please send me the info
pertaining to it. This also applies to previously released articles
that I've missed and did not include in the document. Hopefully,
what I've put together will benefit you as it has me."
Here are the articles in a zip file Microsoft SMS 2003 Articles.zip:
This article first appeared in myITforum, the premier online
destination for IT professionals responsible for managing their
corporations' Microsoft Windows systems. The centerpiece of
myITforum.com is a collection of member forums where IT pros
actively exchange technical tips, share their expertise, and
download utilities that help them better manage their Windows
environments, specifically Microsoft Systems Management Server
(SMS). It is part of the TechTarget network of Web sites. To
register for the site and sign up for the myITforum daily
newsletter, click here:
Petco Settles With FTC Over Cyber Security Foul-up
What's the potential cost for your organization of not scanning
your servers for known vulnerabilities? Petco, the giant pet
products retailer, will have the FTC looking over their shoulder
for the next 20 years, apart from the egg on their face and the
lost revenues. This settlement stems from a known SQL injection
vulnerability on Petco's web site that could have exposed 500,000
credits card numbers to hackers. A 20-year old hacker discovered
the fact their servers were not patched. He had previously
discovered and reported a similar vulnerability on Gap's web site.
The irony here is that this information came to light when Petco
pursued a lawsuit against the hacker. This settlement with the FTC
brings to light that any company which discloses that it has been
hacked might end up with very long-term public scrutiny.
Petco had to take their site offline for a few days to fix it.
As part of the settlement, Petco must setup a comprehensive infosec
program, certified by an independent professional every two years
for the 20-year life of the order. Any violation can trigger a
fine of $11,000. Story at The Register.
Want to prevent this kind of 'egg-on-face'? They 'shoulda' used SNSI!
The Three Most-overdue Windows Fixes
Jonathan Hassell, Contributor to SeachWindowsSecurity wrote:
"We're nearing the end of another year and it's time to think
of where we've gone and where we're going in the next 12 months.
I'm sure there's a boardroom somewhere in Redmond where a
conversation about Windows flaws is currently happening. What
are the biggest flaws to fix? Where might we go from here?
Here's my take on the three most-needed fixes for Windows.
Why these three? The story is here:
- A complete overhaul of Internet Explorer
- The reduction or elimination of RPC dependency
- More secure password hash generation
TechNet V2.0 Released: Much Better
Microsoft has rejigged its TechNet support offering. While V2.0
of TechNet Plus 2.0 sees three benefits for users, there is
also a price increase. First, the full-version software will
no longer expire within a set period of time (previously 90 or
180 days). Note, however, that the licensing terms remain that
it is for evaluation use only. Second, users will be entitled
to two 'no-charge support incidents' per year, and a faster
'next business day' turnaround is also promised for the TechNet
Managed Newsgroups (a two-day turn around was previously
promised for the Microsoft- and MVP-monitored support newsgroups).
The PC Pro site has more news about this announcement MS made
in the UK recently:
Gvt Uses Color Laser Printer Technology to Track Docs
Posting on the NTSYSADMIN list: "I saw this on the Full-Disclosure
list today. It is quite interesting. If you were concerned about
digital document tracking, you made need to take a closer look
at your color-printed hard-copies as well. No more printing of
false 20-dollar bills on that color laser, bro."
NT/2000 RELATED NEWS
No W2K SP5, Expect Security Rollup Instead
Microsoft has killed its planned Windows 2000 Service Pack 5.
Instead the company will release an Update Rollup for Windows
2000 Service Pack 4 in the middle of next year. Update rollups
are nothing new. They already released a few of these beasties,
for instance with the WinXP Update Rollup 1, and NT post PS6a
Rollup. But no more service packs for W2K? Gulp...
That sounds like the beginning of the end. I don't like it.
They give a nice PR-spin to the whole thing, but if you read
through the lines, to me it looks like a clear nudge to start
thinking toward 2003 Server, and a bit of an easy way out for
Redmond. The only positive part is that this rollup will take
less testing than a full fledged Service Pack, but still...
Test, test, test! Microsoft plans to end mainstream support,
including free hotfixes, for Windows 2000 on June 30, 2005.
Dang... You can find the official memo at:
Redmond Releases Out-of-cycle Patch For IFRAME Hole
Redmond apparently thought this particular vulnerability was so
critical that it jumped out of the normal monthly routine and
released a fix for the IFRAME problem in IE. The vulnerability
is caused due to a boundary error within the handling of certain
attributes in the IFRAME and FRAME HTML tags. This can be
exploited to cause a buffer overflow via a malicious HTML document
containing overly long strings. Successful exploitation allows
execution of arbitrary code. The hole has been confirmed in both
IE 6.0 on Windows XP SP1, and IE 6.0 on W2K (both fully patched).
MS rated it "Extremely critical" because of the fact that a working
exploit has been published on several public mailing lists. A
variant of the MyDoom virus is already using it. Make sure you
patch your systems quickly. Here is the MS Bulletin:
MS Investigates Windows Server Flaw
ComputerWorld released a story I think you should check out. It's
short but interesting. MS is looking at a security flaw in Windows
server software that could allow an attacker to gain complete
control over systems. The flaw lies in the Windows Internet Name
Service (WINS), a network infrastructure component in Windows NT
Server 4.0, Windows 2000 Server and Windows Server 2003. WINS
provides a distributed database for registering and querying
dynamic computer-name-to-IP-address mapping in a routed network.
Here is the story:
Microsoft To Open Research Lab In India
MS is setting up a research lab in Bangalore, India, that will focus
on areas including computing technologies for emerging markets,
according to a company executive. The new lab, called Microsoft
Research India, goes online in January, and will be part of a
network of five research labs that Microsoft runs worldwide,
said Padmanabhan Anandan, managing director of Microsoft Research
India. Besides research labs in Redmond, Washington, Mountain View,
California, and San Francisco, Microsoft also operates labs in
Cambridge, England, and Beijing. The company employs 700 staff in
its research labs, working in 55 different areas. The Bangalore
lab will have about 24 people to start with, Anandan said. Story
THIRD PARTY NEWS
Network World: "SNSI Less Expensive Secondary Scanner"
Network World's Neil Weinberg had a look at SNSI V1.5. He writes
for system and network admins of the larger, multi-platform sites,
that likely already have an expensive, high-end scanner deployed.
Here are some positive extracts of what he said:
"If you are in the market for a less expensive secondary
vulnerability scanner, you might want to take a look at Sunbelt
Network Security Inspector.
"Sunbelt - which acts as an OEM to the Harris vulnerability
database - sets its price at about $1,500 per administrator, not
licensed by IP address like most of its competitors. Based on
this price, relative scanning speed and ease of use, Sunbelt
could be used as a secondary point scanner for quick scans.
"The Sunbelt GUI is very strong. The product is fast and very
easy to use. Reports are provided through a Crystal Reports
engine, but they are only exportable by printing to PDF."
(note, this will change in Version 1.6 which is in beta)
Some other remarks were: "Because this product is designed to
be a point scanner, scan scheduling and options configuration
are not included. Vulnerability updates are also only performed
And if you see this article in USA Today, it takes four minutes
to go from clean machine fresh hooked up to the Net to being a
zombie. Here is the story:
You cannot afford not to scan your domains regularly. SNSI is
THE solution to get a fast overview where the holes are. It's
now part of a super cheap security pack that you really should
get before the end of the year.
So, How Does CounterSpy Do Against The Rest?
One of the NTSYSADMIN subscribers sent me this:
"Hi Stu, I ran the latest Adaware, Spybot Search and Destroy, NAV
2005, deleted all cookies, temp files and temp Internet files BEFORE
I installed CounterSpy. So how in the heck did CounterSpy find 19
pieces of Spyware, 113 bad cookies and 120 infected registry keys?
"WOW! Totally amazing piece of software. It was blazingly fast. AdAware
usually takes over 1 hour to scan my system. Spybot, about 10 minutes.
NAV 2005, about 1 hour. CounterSpy's QuickScan took less than 3 minutes
and found stuff the "competition" left behind. My system is a dual 2.8G
proc, 2GB RAM and 2 WD 120GB 8MB buffer HDs. It ain't no slacker. But,
CRAP CounterSpy is FAST!!! Then I did a deep scan over 80,000+ files,
it was under 24 minutes and found an additional 3 pieces of Spyware,
6 more infected registry keys and 3 more bad cookies."
-- Carl Webster.
Check it out for yourself at:
InfoSec World 2005 Conference and Expo
Heads-Up! This is a GOOD show to go to, so put it in your schedule,
and register early for April 4-6, 2005. Workshops from April 2-8.
It's at Disney?s Coronado Springs Resort in Orlando, FL. From open
source security tools to Windows protection strategies, from
safeguarding hardware tokens to demystifying wireless hacking
techniques, InfoSec World 2005 tackles the full spectrum of security
challenges and offers real-world, unbiased solutions. Don't miss
your chance to cash in on their money-saving early-bird offer!
Register for InfoSec World by December 17, 2004, and SAVE $100 on
the conference registration fee! Express register online today at:
This Week's Links We Like. Tips, Hints And Fun Stuff
Here are all the W2Knews Cool Christmas Tools:
PRODUCT OF THE WEEK
The Sunbelt Security Pack Special Is Better Than Ever
We had a special in September. Bundled three security tools together
and basically you paid only for one. But a lot of people said that
it was impossible to get a PO through their lines so fast, and
were really disappointed the bundle was no longer available! So,
we decided to bring it back, and make it even better: we threw in
10 copies of the new CounterSpy! So here is the new bundle offer,
valid till Dec 31, 2004 so that you have a bit more time to get it
approved. This is the ideal 'Christmas Present' for the busy admin,
one of the tools is the highly popular SNSI vulnerability scanner!