- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 8, 2005 (Vol. 10, #32 - Issue #537)
How To Hack Your Hotel Room
  This issue of W2Knews™ contains:
    • How To Hack Your Hotel Room
    • More On "Some one in Microsoft does not like Apple"
    • SANS WebCast: "What Works in Stopping Spyware"
    • Next Batch Of 6 Fixes: Get Ready For Reboots
    • Admin Tools We Think You Shouldn't Be Without
    • Gartner: Business Spends 60% of IT Budget on Infrastructure
    • If You Need To Write An Antispyware RFP
    • SQL Server Marketing presents 'Escape from Yesterworld'
    • 8 Steps To Prevent Malware Outbreaks
    • Hacker For Hire...WOW
    • Anti-Phishing Working Group Quote
    • WindowsXP SP3 Has Its Own Website
    • Microsoft Speech Technologies Coming to Exchange
    • Paul Thurrott Has A Further Look at Windows Vista
    • Next Month: Next Generation of Software Assurance
    • Microsoft Aims To Host Regular Hacker Meetings
    • Can You Trust Active Directory's Trust Relationships?
    • Ballmer Outlines Microsoft Growth Areas
    • What Really IS The State Of Adware Detections?
    • New SNSI Security Vulnerability Update
    • White Paper: Combining Microsoft DPM and Double-Take
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • iHateSpam for Exchange: The Best Made Better
  SPONSOR: iPrism by St. Bernard
New Internet Filtering for IM, P2P, Plus Real-Time Monitoring
iPrism's lets you take control of your network and block all
threats including IM, P2P, malware and viruses at the perimeter.
With a 2x improvement in performance plus zero impact filtering,
iPrism delivers a true appliance solution. Drill-Down reporting
and Real-Time monitoring provide a clear view of all your Internet
traffic at any given moment. Qualify for a free evaluation unit
Visit iPrism by St. Bernard for more information.

How To Hack Your Hotel Room

Wired Magazine has an interesting scoop. A vulnerability in many hotel television infrared systems can allow a hacker to obtain guests' names and their room numbers from the billing system. It can also let someone read the e-mail of guests who use web mail through the TV, putting business travelers at risk of corporate espionage. And it can allow an intruder to add or delete charges on a hotel guest's bill or watch pornographic films and other premium content on their hotel TV without paying. Dang! You just wonder about other systems that have gaping security holes like that. Don't let it happen to you. Here is the link to the full article:

More On "Some one in Microsoft does not like Apple"

The Fave link last week had a link to an article on The Register site, with two 'geographic coordinate' links, both to the Apple HQ. When I first clicked on the MSN link, there was a clearly blocked out section with buildings underneath. A few days later, that had disappeared and a section was visible that was just graded earth. What MS has done, was replace this section with an older version where the Apple building had not been put there yet. A smart move, but I caught it anyway!

SANS WebCast: "What Works in Stopping Spyware"

There's an upcoming FREE SANS Webcasts in August, featuring top SANS honcho's Tom White and Alan Paller.

Tuesday, August 23 at 1:00 PM EDT (1700 UTC)

Sponsored by: Sunbelt Software. Reminder: In order to register, you do need to sign up for a gratis SANS Portal account.

Next Batch Of 6 Fixes: Get Ready For Reboots

Nobody likes reboots. Especially on servers. But now and then you 'gotta' if you like it or not. The next batch of vulnerabilities that will be announced next Tuesday will have at least one "critical- requires restart" in it. Let's plan ahead:

Quotes Of The Week:
"With computers, the answer is always yes or no. My job is to figure out how to ask the question." -Andy Shook, Dir. of IT
"There is one thing stronger than all the armies in the world, and that is an idea whose time has come." -- Victor Hugo, 1802-1885

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


Gartner: Business Spends 60% of IT Budget on Infrastructure

A new Gartner study finds that small and midsized organizations (under $1 billion in revenue) are spending 53 percent to 60 percent of their total information technology (IT) budget on infrastructure, including data center, voice and data networks, desktop and help desk, according to Gartner Consulting's Worldwide IT Benchmark Service. For organizations over $1 billion in revenue, the average spent on IT infrastructure is just under 50 percent.

"For many small and medium sized businesses, particularly those that compete in highly competitive marketplaces, IT can be a key component of competitive strategy," said Howard Rubin, an associate with Gartner Consulting. "However, in more mature markets, some small organizations still treat IT as just another cost of doing business. Those organizations continue to focus on keeping IT costs down."

For companies with less than $1 billion in revenue, media companies and IT firms were among the leaders in terms of IT spending as a percentage of revenue in the 2005 rankings, at 8.16 percent and 6.85 percent, respectively (see Table). Banking and financial services organizations typically spend at the highest rates, but they ranked sixth and fourth, respectively, in the 2005 results. Energy and consumer products organizations under $1 billion in revenue are among the lowest spenders on average.

Company Segment Percentage of Revenue Spent on IT:
Media: 8.2%
Professional Services: 6.9%
Information Technology: 6.9%
Financial Services: 5.9%
Electronics: 5.6%
Banking: 5.6%
Pharmaceuticals: 5.5%
Health Care: 4.6%
Construction & Engineering: 4.4%
Transportation: 3.9%
Cross Industry: 4.5%

If You Need To Write An Antispyware RFP

In the event you need a series of questions to write an RFP when choosing an anti-spyware solution - these questions from eWeek are a good starting point. They start their list with:

"Enterprise-class anti-spyware systems are an emerging and rapidly evolving product class. Solutions fall into three main categories at this time: dedicated anti-spyware systems, defenses integrated into anti-virus applications and gateway defenses for HTTP and other protocols. eWEEK Labs has put together a series of questions to help administrators begin developing an RFP (request for proposal) and gauge the severity and source of spyware infections throughout the enterprise." Here is the list:

SQL Server Marketing presents 'Escape from Yesterworld'

The US marketing people for the Visual Studio and SQL Server product teams are pleased to announce the "Escape from Yesterworld" site has launched. In their own words: "Through the fun and interesting links below, people can learn about the benefits of Visual Studio 2005 and SQL Server 2005 in a humorous way. The website is admittedly pretty snazzy.

8 Steps To Prevent Malware Outbreaks

Remember that it's impossible to prevent a type of malware attack that's never occurred. However, if you focus on putting the following security measures in place now, you'll be your organization's saving grace the next time your Windows-based network is attacked in this way.

1. Document your action steps

Use an incident response plan. Such a plan doesn't have to be that fancy, especially when you're getting started. At least document steps for detection, investigation, containment, eradication and recovery. A great place to start with such a plan is NIST's Computer Security Incident Handling Guide. You can find the rest of this article with steps 2 through 8 at the SearchWinSecurity Site:

Hacker For Hire...WOW

"Tell me the things you most want to keep secret," Mr. Seiden challenged a top executive at the bank a few years back. The executive listed two. One involved the true identities of clients negotiating deals so hush-hush that even people inside the bank referred to them by using a code name. The other was the financial details of those mergers and acquisitions.

A week later, Mr. Seiden again sat in this man's office in Manhattan, in possession of both supposedly guarded secrets. As a bonus, he also had in hand a pilfered batch of keys that would give him entry into this company's offices scattered around the globe, photocopies of the floor plans for each office and a suitcase stuffed with backup tapes that would have allowed him to replicate all the files on the bank's computer system. MP3 interview also available, here.

Anti-Phishing Working Group Quote

"The APWG's belief is that conventional phishing via social engineering schemes will be eclipsed by advanced, automated crimeware based on keyloggers, redirectors and session hijacking technologies" Quote by Anti-Phishing Working Group Chairman David Jevans.


WindowsXP SP3 Has Its Own Website

Ethan Allen has created a "rumor' site dedicated to just WinXP Service Pack 3. He calls it: Service Pack 3 Fixes and Features Unofficial Preview and it can be found here:

Microsoft Speech Technologies Coming to Exchange

The speech recognition technologies Microsoft is developing around Microsoft Speech Server will be integrated into a future version of Microsoft Exchange Server, the company announced Tuesday at a speech technology conference in New York. Read more:

Paul Thurrott Has A Further Look at Windows Vista

Paul is one of the Windows Industry's most respected reporters. His perspective on Vista is: "Although my Vista Beta 1 review is available on the SuperSite for Windows (see the URL below), let me summarize the features I think will be important to you. Vista Beta 1 includes three key improvements for IT pros. First, the image-based deployment and setup tools will make rolling out the OS much simpler. Second, the new security infrastructure, which includes User Account Protection (UAP), new Microsoft Internet Explorer (IE) 7.0 security features, and other functionality, will make Vista more secure than XP can ever be. And third, new document searching and organization features in the shell will make your employees more efficient." Link to article:

Next Month: Next Generation of Software Assurance

Microsoft has scheduled four Webcasts starting at midnight on Sept. 15 to unveil the "Next Generation of Software Assurance." You can read the whole story at ENTMag, and I suggest you do follow this closely. You can save megabucks in budget if you do this right! Read more:

Microsoft Aims To Host Regular Hacker Meetings

Microsoft is looking to make its Blue Hat hacker sessions a twice-yearly event, with another session tentatively planned for sometime this fall at its Redmond, Wash., headquarters. Story at ComputerWorld:

Can You Trust Active Directory's Trust Relationships?

Learn how the trust relationships differ in Windows 2003 as compared to Windows 2000. Author and Microsoft MVP Laura Hunter says the changes are a worthwhile improvement. (SearchWin2000)

Ballmer Outlines Microsoft Growth Areas

At Microsoft's annual meeting for financial analysts, CEO Steve Ballmer spoke of premium client access licenses, an Office server product and a professional version of Windows Vista. At the SearchWin2000.com site:


What Really IS The State Of Adware Detections?

There's been plenty of press over the last many months on some antispyware companies delisting or reducing the threat level of various adware programs. So what is the state of detections? Who lists what, who doesn't? Whom can you trust? Sunbelt consultant and SpywareWarrior contributor Eric Howes has come up with the definitive test of the state of adware detections in the industry. Six adware vendors were tested:

  • 180 Solutions
  • AskJeeves
  • Claria
  • Hotbar
  • WeatherBug
  • WhenU

The tests were run against twelve antispyware apps:

  • CA Pest Patrol
  • FBM ZeroSpyware
  • Lavasoft Ad-aware SE
  • McAfee AntiSpyware
  • Microsoft AntiSpyware
  • PC Tools Spyware Doctor
  • Spybot Search & Destroy
  • Sunbelt CounterSpy
  • Tenebril SpyCatcher
  • TrendMicro AntiSpyware (formerly Spy Subtract)
  • Webroot Spy Sweeper
  • XBlock X-Cleaner

You can see the non-biased, objective results here:

New SNSI Security Vulnerability Update

You are receiving this notification to make you aware of the latest update of the Sunbelt Network Security Inspector (SNSI) version (released July 29, 2005).

To update from within the SNSI console, select Settings, enter your full registration key and click on Check Now button.

New vulnerability updates for this release include:

ID     Name
L891   Krb5 - Multiple vulnerabilities- RHE, FC
L892   Net-SNMP - TCP Stream and insecure Temp File - FC
L893   Quagga - Message spoofing - RHE
L894   Cups - Unauthorized printing - RHE
L895   Pam_krb5 - improved stability - SuSE
L896   Firefox - Shared Functions Objects - RHE
M53    Mozilla Suite Multiple Vulnerabilities - Mac OS X
M54    FireFox Multiple Vulnerabilities - Mac OS X
M55    Crafted TCP/IP packet Vulnerability - Mac OS X
M56    Dashboard Widget Override Vulnerability - Mac OS X
S318   Ld.so.1 privileged code handling - Solaris 8 - 10
W2559  Firefox Shared Functions Objects Vulnerability
W2560  Oracle Database Server SQL Injection Vulnerabilities
W2561  Microsoft Baseline Security Analyzer Not Updated
W2562  Winamp Tag Vulnerability

Updated Checks
W1142,W1986,W1999,W2067 - Anti-Virus
W0878, W2553 - revised logic

Vendor Superseded / Obsoleted Patches
H18 Libxti - socket implementation - HP-UX 10,11
H75 X Font Server - HP-UX 11
H98 ServiceGuard Grant of Privileges - HP-UX 11
H114 OpenView NNM Vulnerability HP-UX 11

Revised Logic
H18 Libxti - socket implementation -
HP-UX 10,11 H40 NLSPATH May contain arbitrary path -
H61 Directory Permissions Allow Elevated Privileges - HP-UX 11
S13 Rpc.yppasswdd - Buffer Overrun - Solaris 2.6 - 8
S81 SEAM - Susceptibility to Kerberos 4 Flaws - Solaris 2.6 - 8
M52 Multiple Vulnerabilities in Mac OS X 10.4

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories. To get the latest SNSI version, visit:

White Paper: Combining Microsoft DPM and Double-Take

By Q4 of 2005, Microsoft will have released version 1.0 of their Data Protection Manager. It extends the snapshot capabilities provided by VSS to centralize previous versions of data and in part facilitate consolidated backups. DPM requires an agent on the local file servers whereby a periodic copy of the flat and closed user files is sent to a centralized server. This white paper explains how to combine DPM with Double-Take:


This Week's Links We Like. Tips, Hints And Fun Stuff


iHateSpam for Exchange: The Best Made Better

The U.S. volume of spam messages is now 80+% of all email. But it gets even worse: a much higher percentage carries a malicious payload. iHateSpam for Exchange is still the best selling antispam tool in the US and now comes with TWO antispam engines. One is signature based, the other heuristic: the best of both worlds! Version 1.7 delivers greater detection with nearly 100% spam detection & low false positives using both engines. 30-day Eval: