- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jan 31, 2005 (Vol. 10, #5 - Issue #510)
Redmond: Legit Windows Or No Updates!
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Update Your Filters!
    • 100 Fave Tools In One Go
  2. ADMIN TOOLBOX
    • Admin Tools We Think You Shouldn't Be Without
  3. TECH BRIEFING
    • Register For Your Free InfoSec World
    • Hackers Eavesdrop On Phone Networks To Steal Data
    • As Expected Firefox Has Holes Too
    • WiFi Has 'Evil Twin' Hot Spots
    • Introducing SearchWinSystems.com
    • MySQL Sites Targeted By Worm
  4. NT/2000 RELATED NEWS
    • Redmond: Legit Windows Or No Updates!
    • Windows Products of the Year
    • Checklist: Control Joe User's Actions
  5. NT/2000 THIRD PARTY NEWS
    • No-Charge PC Remote Control With WebEx
    • Sunbelt Shines Light on Vulnerability Assessment
    • Inside Look: Antispyware Definition Update
    • NSI Software Announces $7M Funding
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  7. PRODUCT OF THE WEEK
    • CounterSpy SysAdmin Success Story
  SPONSOR: Reduce Help Desk Calls Now!
Illegal phishing and malware sites that can disrupt productivity
and increase help desk calls are on the rise. The iPrism Internet
filtering appliance from St. Bernard Software blocks phishing,
malware and a host of other harmful URLs at the perimeter before
they can reach your internal servers. With its superior
interoperability, secure connection and unique 100% human-
reviewed database, you get the accurate and reliable protection
you need. Act now to receive your free evaluation unit!

Visit Reduce Help Desk Calls Now! for more information.
  EDITORS CORNER

Update Your Filters!

Make sure your copy of W2Knews doesn't get mistakenly blocked by antispam software. Be sure to add [email protected] to your list of allowed senders and contacts, and/or please send this to the administrator that is in charge of your antispam software to prevent W2Knews from getting sent to your junk folder.

100 Fave Tools In One Go

Bill Boswell (an editor for MCPmag.com) asked admins to submit their fave tools. He received nearly 40 replies, and most of them included product descriptions and reasons why the tool was handy and/or nifty. Over 100 tools were submitted! They have collected all of them into a Web page that you can view here:
http://www.w2knews.com/rd/rd.cfm?id=050131ED-Fave_Tools

Quotes Of The Week:
"Lettin' the cat outta the bag is a whole lot easier'n puttin' it back." -- Unknown, Internet.
"You can get much farther with a kind word and a gun than you can with a kind word alone." -- Al Capone

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  ADMIN TOOLBOX

Admin Tools We Think You Shouldn't Be Without

  TECH BRIEFING

Register For Your Free InfoSec World

Register today for your FREE InfoSec World Expo-Plus Pass. It's your ticket to all the exhibits, demos, and excitement as you meet with over 150 vendors of information security products and services. Plus, you will also be able to attend many of InfoSec World's exciting conference events. After March 28, Expo-Plus admission will be $25.00, so don't wait. Register online at:
http://www.w2knews.com/rd/rd.cfm?id=050131TB-Info_World

Hackers Eavesdrop On Phone Networks To Steal Data

ComputerWorld has a story that was interesting enough to mention to all of 'ya. It shows the approach that hackers are taking to get hold of data and your confidential information. Here's the link:
http://www.w2knews.com/rd/rd.cfm?id=050131TB-Eavesdrop

As Expected Firefox Has Holes Too

I just heard that Firefox was found to be vulnerable to having security dialogs spoofed. Well, not much news there. IE had the same problem. When Firefox will get enough market share, the bad guys will go after it just like IE. It's just not as noisy yet when holes get found in Firefox. I use it right beside IE and I like it. It's fast! They garnered more than 20 Million downloads in just 76 days, and that means they now have about 5% of the browser market. So, expect Firefox vulnerabilities to be exposed on a regular basis from now on. Another bit of news is that Google just hired the Lead Firefox Developer!

WiFi Has 'Evil Twin' Hot Spots

A warning came out for WiFi's 'Evil Twin'. Researchers recently announced an interesting wireless exploit. These 'evil twins are access points that are set up to overwhelm the original spot, and lure the users to a sub-network. On this bogus network, the user sees the same login screen, and this makes it possible for hackers to get the real userid/password. As a matter of fact, ISS already talked about this possibility in October 2002, but now it's actually being done. It can be protected against, but you need to flip the right switches.

Introducing SearchWinSystems.com

Take a tour of SearchWinSystems.com, the newest TechTarget site focused exclusively on the Windows systems admin professionals. On SearchWinSystems you'll find the popular Windows admin tip and tip contest, plus new technical content about backup, storage, hardware, Windows system administration, management and performance tuning.
http://www.w2knews.com/rd/rd.cfm?id=050131TB-SearchWinSystems

MySQL Sites Targeted By Worm

If you have a weak password in your MySQL machine, watch it. There is a new worm doing the rounds called "MySQL bot" and it infects Windows systems running the open-source database known as MySQL. The Internet Storm Center last Thursday made a guarded guess that about 8,000 machines are infected. It's a brute force password hack, and then uses a flaw in MySQL to run bot software, which takes full control. Systems that are now zombies try to connect to IRC servers to get new targets and updates. Here is the graph over at the SANS institute:
http://www.w2knews.com/rd/rd.cfm?id=050131TB-MySQL_Worm

  NT/2000 RELATED NEWS

Redmond: Legit Windows Or No Updates!

ZDNet reported some pretty interesting news! Practically all IT press ran it, but I liked the ZDNet story the best. A link to the whole article is at the bottom, but they started out with:

"Aiming to crack down on counterfeit software, Microsoft plans later this year to require customers to verify that their copy of Windows is genuine before downloading security patches and other add-ons to the operating system.

"Since last fall the company has been testing a tool that can check whether a particular version of Windows is legitimate, but until now the checks have been voluntary. Starting Feb. 7, the verification will be mandatory for many downloads for people in three countries: China, Norway and the Czech Republic.

"In those countries, people whose copies are found not to be legitimate can get a discount on a genuine copy of Windows, though the price varies from $10 to $150 depending on the country.

"By the middle of this year, Microsoft will make the verification mandatory in all countries for both add-on features to Windows as well as for all OS updates, including security patches. Microsoft will continue to allow all people to get Windows updates by turning on the Automatic Update feature within Windows. By doing so, Microsoft hopes it has struck a balance between promoting security and ensuring that people buy genuine versions of Windows. Read more at:
http://www.w2knews.com/rd/rd.cfm?id=050131RN-MS_Updates

Windows Products of the Year

The editors of SearchWin2000.com recently assessed the 2004 crop of enterprise Windows products, with an eye toward helping users choose must-have tools to keep their desktops, servers and Exchange applications up and running. Find out which products made the grade, and which ones you are already using...
http://www.w2knews.com/rd/rd.cfm?id=050131RN-Products

Checklist: Control Joe User's Actions

The only true way to prevent users from abusing their rights is to take those rights away. How can you do that without hindering their work? Find out in this checklist from SearchWindowsSecurity expert Roberta Bragg. Free registration maybe required.
http://www.w2knews.com/rd/rd.cfm?id=050131RN-Joe_User

  THIRD PARTY NEWS

No-Charge PC Remote Control With WebEx

Yup, it's true! Looks like WebEx got mad at GoToMyPC for trying to steal their market. May 2004, Citrix (The new owner of GoToMyPC) moved into the meeting space with GoToMeeting. WebEx apparently got bent out of shape and decided to counterattack and now gives away something very similar to GoToMyPC's bread-and- butter product. In other words, the fur is flying!

WebEx asks you to identify yourself, pick up an agent, install it on your PC and then that PC becomes available via any browser. They do offer a 'Pro' version for $9.95 which allows you to print remotely, transfer files, and has additional security features. They are giving away the pro version until April 4th of this year.

I tried it out and ditched GoTOMyPC. I'm running the webex stuff now. Logging on takes just a little longer than GoToMyPC but once you are connected the screen refresh is just as fast. Get it at:
http://www.w2knews.com/rd/rd.cfm?id=050131TP-WebEx

Sunbelt Shines Light on Vulnerability Assessment

The Sunbelt Network Security Inspector got the Silver Product of the Year award for Security tools. This is B-I-G news. You can see it here. One of the major strengths of SNSI is its incredibly strong database of vulnerabilities. You cannot really afford to not run this tool as it's less than 2 grand and licensed by ADMIN! See the award:

http://www.w2knews.com/rd/rd.cfm?id=050131TP-SNSI_Award

New vulnerability updates for the latest release include:
8 new Windows checks, bringing the total Windows checks to 2389
11 new Linux checks, bringing the total to 707
4 new Solaris checks, bringing the total to 269
3 new HP-UX checks, bringing the total to 110

ID   Name
H0108Tomcat Webserver Vulnerabilities - HP-UX
H0109Syslogd NOT Running - HP-UX
H0110Oracle Version Unsupported - HP-UX
L0697HP Insight Management Agent vulnerabilities
L0698Libtiff Tiffdump integer overflow - FC
L0699Mozilla - NNTP url handling - RHE
L0700Kernel uselib binary format loader - FC, RHE
L0701Hylafax hosts.hfaxd matching code - MDK
L0702Pine - IMAP client library - RHE
L0703Kernel - SMP page fault handler - FC
L0704Oracle - Multiple vulnerabilities
L0705Xpdf/Gpdf/CUPS makeFileKey2 Stack Overflow - FC
L0706Mpg123 frame header parse error - MDK
L0708Xine-lib multiple client side vulnerabilities - MDK
S0266SMC Creates Unprotected Accounts - Solaris 8 - 9
S0267Syslogd NOT Running - Solaris
S0268Oracle Version Unsupported - Solaris
S0269Dhcp Server Utils Surrender of Root Privilege - Solaris 8
W2382Veritas Backup Exec Vulnerability
W2383Cellery Worm Detected
W2384Wurmark Worm Detected
W2385AOL Instant Messenger URI Handler Vulnerability
W2386Apple iTunes Playlist Parsing Vulnerability
W2387Dloader Trojan Detected
W2388Java Plug-in Applet Vulnerabilities
W2389Ethereal Dissector Vulnerabilities

In addition, there were improvements in the following vulnerability checks:

H30,H39,H98 - Vendor superseded patch
S251,S260,S261 - Vendor updates and refined logic W1983, W2360,
W2361 - spyware, adware checks
W1142, W1986, W199, W2067 - anti-virus updates

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

To purchase now, or get a 30-day eval, click:
http://www.w2knews.com/rd/rd.cfm?id=050131TP-SNSI

Inside Look: Antispyware Definition Update

Just as an FYI, this is how the internal email looks when we get CounterSpy updates, they come almost every day now. It's similar to antivirus updates, but as you know, getting rid of spyware can be a LOT harder. These definitions were both tested, added and updated on Client and Enterprise versions.

"Everyone,

New CounterSpy Definition Version 80 includes the following:

ADDED - From Microsoft:
Desk Ad Service
CoolWebSearch.Snnpapi
Agobot.smsss
Trojan.Taskopen
Agobot.winini32
Tubby
Unclassified.Trojan.Startup.A
Unclassified.Trojan.Startup.B
Unclassified.Trojan.Startup.C
Unclassified.Trojan.Startup.D
Trojan.BHO.McSoft
Trojan.WindowsService.A
Unclassified.Trojan.Startup.E
Agobot.spoolsrv32
AdManager
Unclassified.Spyware.BHO.C
Unclassified.Spyware.BHO.D
Unclassified.Spyware.BHO.E
Unclassified.Trojan.Startup.F
Unclassified.Trojan.Startup.G
Unclassified.Spyware.BHO.F
Trojan.BHO.TMP
20x2p
Unclassified.Spyware.BHO.H
Unclassified.Spyware.BHO.I
Unclassified.Spyware.BHO.J
Unclassified.Spyware.BHO.K
Unclassified.Spyware.BHO.L
Unclassified.Spyware.BHO.N

UPDATED:

None this time around

FALSE POSITIVES FIXED

IST.IST bar
Mini Spy
Stealth Web Page Recorder v. 1.1
Kolosoft SE
winsniffer v1.22
Omniquad Instant Remote Control 2.2.9
Spyex

They were all tested in Win98, WinME, W2K and 2003 Server, WinXP Home & XP Pro. The new definition version 80 will be available sometime today for downloading."

Get a 30-day eval here:
http://www.w2knews.com/rd/rd.cfm?id=050131TP-CSE

NSI Software Announces $7M Funding

On Friday, January 21st NSI Software announced that it has raised $7 million in Series C funding, bringing the total amount of capital raised by the company to more than $60 million. Provided by existing investors ABS Capital Partners, a leading private equity firm focused on investing in established and profitable growth companies, the funds will primarily be used for rapid growth and expansion of product development and its international sales channel. NSI is the developer of best-selling HA/DR Double-Take:
http://www.w2knews.com/rd/rd.cfm?id=050131TP-Double-Take

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

CounterSpy SysAdmin Success Story

Stu, I am in the trenches fighting spyware everyday. For the past 36 months, my home-based business has been active cleaning infected PC's from spyware and viruses, trojans and worms.

We regularly use many antispyware programs, including Ad-Aware, Spybot S&D, Spysweeper, CWShredder, HiJackThis and a few others from time to time. I also use several antivirus utilities: Stinger, Sysclean, Avast, eScan, and on-line scans. I have joined several forums, regularly read spyware articles, and submitted a comment to the FTC regarding proposed legislation (SpyBlock) in 2004.

My licensed copy of Counterspy is the most effective spyware removal tool in our toolbox. Counterspy provides regular definition updates, threat rankings, reports with detailed findings, and removal options. During the diagnosis stage, I explain these features to my customers.

Now thanks to Counterspy and other anti-malware programs, a severely infected PC can now be cleaned without reformatting the hard drive. When we restore a PC to good health with Counterspy's active protection, we make our customers happy. -- Zonny Jerrems, SysAdmin.

Check out the enterprise version (30 days, 5 machines) at:
http://www.w2knews.com/rd/rd.cfm?id=050131PW-CSE