- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 21, 2005 (Vol. 10, #12 - Issue #517)
The System Admin That Waited For Symantec
  This issue of W2Knews™ contains:
    • Identity Theft Prevention and Victim Recovery Act
    • "The System Admin That Waited For Symantec"
    • Sunbelt's New Website
    • Admin Tools We Think You Shouldn't Be Without
    • Collect Machine Data Without Spending Money
    • Check Out Mark Minasi's New Tech Newsletter
    • AT&T To Test WiMax High-speed Wireless Technology
    • Introducing SearchSQLServer.com
    • Checklist: Exchange Server Standard Maintenance
    • Viruses Now Striking Wireless Devices
    • Indigo, Avalon Community Technology Previews Released
    • Microsoft Considering WinFS Support In WinXP
    • How iHateSpam For Exchange And Blackberry Work Together
    • New Security Vulnerability Database Update of SNSI
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Check Out This No-Cost MCSE eReference Library Access
  SPONSOR: iHateSpam For Exchange
Here is some real feedback from the trenches, "warts and all":
"We have been using the IHS SE for the last 2 years and version
1.6 is by far the best one. I have been running it on my work
server for about 3 weeks now. With the old engine I was about to
give up and get a Barracuda hardware unit. With V1.6 I am no
longer considering that option." -- T.H., Network Admin.
Get iHateSpam for Exchange now, and upgrade to the new V2.0
which will have AV, content filtering, disclaimers and more!

Visit iHateSpam For Exchange for more information.

Identity Theft Prevention and Victim Recovery Act

A few days ago on March 10-th, Senator Jon S. Corzine (D-NJ) introduced the Identity Theft Prevention and Victim Recovery Act. This new bill tries to prevent future ID theft incidents and at the same time provide consumer protection to victims of ID theft or any other loss of private financial data. One of the notable points of this legislation is that a company's chief compliance officer (or CEO) would have to attest that security systems are in place to prevent theft of sensitive personal information.

How's this going to pan out? In my humble opinion just like the CAN-SPAM act. It's to a large extent a technology problem and it needs a technology solution. In the mean time, you need tools in place so your CEO will be able to sign off on your initiative for IT security. More on the legislation at the Senator's site:

"The System Admin That Waited For Symantec"

Some people seem to think that the AV companies are getting it. Well, ever heard of vaporware? McAfee continues to make very poor showings in antispyware tests. Symantec is announcing stuff, plasters the world with whitepapers but is shipping nothing. So, for the System Admin who says: "Well, we want to wait until Symantec comes out with their antispyware solution", or "Well, we want to wait to see what Microsoft has", or "We can get by with the free tools".... Well, just click the link below. "Foiled heist highlights spyware. Bank robbers use keyloggers to crack into systems." CounterSpy detects LOTS of keyloggers!

Sunbelt's New Website

Come and take a tour of Sunbelt's New Website. And while you're there, let's wrap up the SunPoll that was interrupted by our recent renovations! You are invited to tour our new premises:

Quotes Of The Week:
"Shoot for the moon. Even if you miss, you'll land among the stars." -- Les Brown
"Experiment constantly. Enlightened trial and error outperforms the planning of flawless intellects" -- John Maloney

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


Collect Machine Data Without Spending Money

W2Knews subscriber Nigel Utting sent me this useful tip: "Any IT admin who needs to collect machine data without spending money should add the following lines to his logon scripts:

ipconfig /all > \\[servername]\userdata\%computername%.txt
regedit /e \\[servername]\userdata\%computername%.ver

It adds just a few seconds to the logon process, but provides the admin with all kinds of useful data. Hunting down a rogue MAC address? Looking for a PC still clinging to the IP address of a retired DNS server? Just run a search in the userdata directory for 'files containing ***' where *** is your MAC or IP address, and up comes the answer.

Check Out Mark Minasi's New Tech Newsletter

This month, he looks in some depth into the many names that you get in Active Directory. If you ever intend to change a user's name, or write an ADSI script to modify names, then you'll find this useful. And of course he reminds everyone about his Seattle seminars. Check out:

AT&T To Test WiMax High-speed Wireless Technology

ComputerWorld reported that AT&T said it would test a high-speed wireless technology later this year to see if it can be used to replace traditional data lines to businesses. If the technology, known as WiMax, lives up to expectations, AT&T Chief Technology Officer Hossein Eslambolchi said, it could be used as early as next year to replace expensive data lines AT&T now leases from local telephone companies to connect to its network. More at:

Introducing SearchSQLServer.com

TechTarget's newest Windows property - www.SearchSQLServer.com -- has a great collection of news and technical advice about Windows-centric database design, development, administration and management. Key coverage areas include backup and recovery, data integrity, performance tuning and security. Check out what's new in "Yukon" security or ask database security expert Steven Andres a specific SQL Server Security question in the link below. Then bookmark the page in your browser for future reference because the content will be refreshed frequently.

Checklist: Exchange Server Standard Maintenance

SearchExchange.com contributor Brien M. Posey provides this standard maintenance checklist to help you keep your Exchange servers running like well-oiled machines. More at:

Viruses Now Striking Wireless Devices

Airborne viruses are gaining momentum since the appearance of Cabir last year. Now is the time for IT to take action. Worms and viruses are increasingly sprouting wings, taking to the air, and nesting in wireless phones, PDAs, and other devices. If none of these assailants have found their way into your users' devices and data, then it's likely no more than a matter of time until they do. But there are steps IT can take now to help protect against this new breed of airborne virus. More at InfoWorld:


Indigo, Avalon Community Technology Previews Released

Microsoft on Wednesday released its first Community Technology Preview (CTP) of "Indigo," the code-name for the company's new communications subsystem for Windows, and a second CTP of "Avalon," a new Windows presentation subsystem. This is good stuff.

Microsoft defines Indigo as a new breed of communications infra-structure built around the Web services architecture. "Advanced Web services support in Indigo provides secure, reliable, and transacted messaging along with interoperability. Indigo's service-oriented programming model is built on the .NET Framework and simplifies development of connected systems," according to a company FAQ. More at:

Microsoft Considering WinFS Support In WinXP

ComputerWorld reported that although Microsoft plans to support key Longhorn technologies in Windows XP and Windows Server 2003, Redmond has said the next Windows release will still be worth the upgrade because of the core operating system technologies.

Microsoft now plans to have a beta-test version of WinFS available when Longhorn ships, probably late next year. While it develops the technology, Microsoft is also evaluating whether to make the storage system available on WinXP.

WinFS is built on top of the current New Technology File System (NTFS) in Windows and uses relational engine technology from Microsoft's forthcoming SQL Server 2005 database as well as XML. XML metadata tags should make it easier to find, for example, documents and e-mail messages on a computer.


How iHateSpam For Exchange And Blackberry Work Together

Our iHateSpam for Exchange product has the ability to be bound to a point in the Exchange server prior to where the Blackberry Enterprise Server picks up the message. By default we put the event sink after this point but it is relatively easy for system admins to move it to an earlier point. The details on moving the event sink around are available in the Sunbelt Knowledge Base:

To get your new iHateSpam for Exchange V1.6 for a 30-day trial:

New Security Vulnerability Database Update of SNSI

New vulnerability updates for this release include:
12 new Windows checks
13 new Linux checks
6 new Solaris checks

ID   Vulnerability
L751UIM libuim suid/sgid linking vulnerability - MDK
L752Squid Proxy DNS FQDN response crash - MDK, FC, SuSE, RHE
L753Gaim SNAC parsing and malformed HTML vulnerabilities - FC
L754Imap - CRAM-MD5 logic error - RHE, SuSE
L755Curl - NTLM Authentication - SuSE
L756X Window System - libxpm patch fix - SuSE
L757CA License package - Buffer overrun vulnerabilities
L758Alsa - Stack execution protection disabled - RHE
L759Thunderbird - Cookie handling - RHE
L760Kernel - Multiple vulnerabilities - RHE
L761Firefox\Mozilla browsers - Multiple vulnerabilities - RHE
L762Realplayer - WAV/SMIL Files - RHE
L763Kdenetwork - file descriptor mis-handling - RHE
S278Kcms_configure() insecure log file creation - Solaris 7 - 9
S279Kerberos 5 Admin Library Password Change Count Reduction Flaw Solaris -9
S280Stfontserverd File Creation Flaw - Solaris 9
S281Pkgrm Erroneously Deletes Files - Solaris 7 - 9
S282Network Hang Susceptibility - Solaris 9
S283AnswerBook2 Documentation Tag Handling - Solaris 7 - 8
W2424BrightStor ARCserve Vulnerabilities
W2425Mozilla Firefox 1.0 Vulnerabilities
W2426CA License Manager Vulnerabilities
W2427Trend Micro VSAPI ARJ Vulnerability
W2428RealPlayer WAV/SMIL File Vulnerability
W2429Restrict Anonymous Set To 1
W2430Symantec UPX Parsing Engine Vulnerability
W2431AOL Instant Messenger Detected With Netscape
W2432SynAttackProtect Not Set For Best Protection - W2K3
W2433EnableDeadGWDetect Not Set for Best Protection - W2K3
W2434EnablePMTUDiscovery Not Set for Best Protection - W2K3
W2435NoNameReleaseOnDemand Not Set for Best Protection - W2K3

In addition, there were improvements in the following vulnerability checks:

W1142,W1986,W999,W2067 - Anti-Virus
W1953, W2404, W2505 - corrections
S273 bind package check added
H2,H34,H78,H106 - Vendor superseded patches

Updated for SuSE Enterprise Linux:


Updated for RedHat Enterprise Linux:

L668,L675,L677,L678,L680,L684,L689,L691,L695,L712,L714,L717,L719, L728,L731,L732,L735,L736,L7 37,L739,L740,L741,L744

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories. Check your network for 30 days with SNSI:


This Week's Links We Like. Tips, Hints And Fun Stuff


Check Out This No-Cost MCSE eReference Library Access

Are you planning to do MCSA first, and then jump over the last few requirements to become a full MCSE? Microsoft is helping out by way of no-cost access to a whopping nine self-study titles in their eReference Library for a full year. Available worldwide, so check it out!