- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 22, 2005 (Vol. 10, #34 - Issue #539)
VoIP Security Threats: Fact Or Fiction?
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • SunPoll Results: Who is your fave AV-vendor?
    • New SunPoll: Are You Scanning Your External IP's?
    • SANS Webcast: What Works In Stopping Spyware
  2. ADMIN TOOLBOX
    • Admin Tools We Think You Shouldn't Be Without
  3. TECH BRIEFING
    • Florida Man Guilty of Stealing 1.5 Billion Data Files
    • VoIP Security Threats: Fact Or Fiction?
    • Video Downloads Make Up 61% Of All File Sharing Traffic
    • Fast Guide: Solving SQL Server Errors
    • DNS Primer: Understanding AD Integrated Zone Design and configuration
    • IT's Seven Dirty Words
    • The Two New Flavors Of Xbox 360
  4. NT/2000 RELATED NEWS
    • Exchange Update To Push E-mail To Mobile Devices
    • Crash Course: A Tour Of Exchange System Manager
    • Testing Group Policy Security
    • New Software Assurance Benefits Detailed
  5. NT/2000 THIRD PARTY NEWS
    • Zotob Is NOT The Third Bastard Child Of Haruk The Klingon
    • Adobe Acrobat / Reader Plug-in Buffer Overflow
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  7. PRODUCT OF THE WEEK
    • iHateSpam For Exchange with Maintenance "2 for 1"
  SPONSOR: Is Your Antivirus Not Effective In Detecting Spyware?
If you have found your AV vendor to be less than effective at
detecting and quarantining spyware, you are not the only one. The
leading AV companies now claim they catch spyware but in reality,
their results are not even close to the dedicated stand-alone tools.
You cannot afford to have a false sense of security when your
organization's security and compliance is at stake! eWEEK said this
about Symantec: "Unfortunately, deficiencies with the anti-spyware
cleaning and blocking routines make it difficult to recommend this
solution for companies battling the spyware scourge." 30-day eval
CounterSpy with the best antispyware database in the industry:
Visit Is Your Antivirus Not Effective In Detecting Spyware? for more information.
  EDITORS CORNER

SunPoll Results: Who is your fave AV-vendor?

This was one of the most-voted-on SunPolls in a long time! After taking out the obvious ballot-box stuffing IP addresses, these were the results: "Which AV Company is your fave at the moment for enterprise-wide antivirus protection? This poll was visible from 08/08/2005 to 08/17/2005. Despite the fact this Poll is far from scientific, I would say it gives a good indication of the market share of each AV-company:

  • Symantec 35.3% 924 votes
  • McAfee 14.7% 386 votes
  • Trend 13.9% 365 votes
  • CA eTrust 6.2% 163 votes
  • Panda 5.6% 147 votes
  • Sophos 2.5% 66 votes
  • Bitdefender 2.2% 60 votes
  • Clam AV 1% 28 votes
  • Other 18.2% 476 votes

Total: 2615 votes

New SunPoll: Are You Scanning Your External IP's?

Windows IT Pro recently ran this same poll, but apparently they only got 14 votes and this is a very interesting question. So, I'm repeating it here and let's see how many of you really do this!! Here is the question: "Do you regularly scan your external network IP addresses for open ports on your network and compare the results against a known good baseline?" Vote here:
http://www.w2knews.com/rd/rd.cfm?id=050822ED-SunPoll

SANS Webcast: What Works In Stopping Spyware

SANS is happy to bring you the latest in their complimentary series of Webcasts. Join them on Tuesday, August 23 at 1:00 PM as SANS presents:

What Works in Stopping Spyware
Tuesday, August 23 at 1:00 PM EDT (1700 UTC)
Featuring: Tom White

When the Vermont Department of Human Resources discovered spyware distributed all over State systems, they knew they needed an enterprise solution. The tool they found decreased bandwidth waste, improved performance, and ultimately gave them a way to force spyware off of their systems. Sign up here:
http://www.w2knews.com/rd/rd.cfm?id=050822ED-Webcast

Quotes Of The Week:
"People call me a perfectionist, but I'm not. I'm a rightist. I do something until it's right, and then I move on to the next thing." -- James Cameron
"An inconvenience is only an adventure wrongly considered." -- Anonymous

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  ADMIN TOOLBOX

Admin Tools We Think You Shouldn't Be Without

  TECH BRIEFING

Florida Man Guilty of Stealing 1.5 Billion Data Files

A Florida man who ran a bulk e-mail company was convicted on Friday of stealing more than 1.5 billion data files from Acxiom in what federal officials said was one of the largest recorded cases of data theft.
http://www.w2knews.com/rd/rd.cfm?id=050822TB-Data_Theft

VoIP Security Threats: Fact Or Fiction?

Although it's difficult to find a company that has suffered at the hands of VoIP abusers, viruses, spam and phishing have run rampant on other IP-based communications systems. Will similar threats find their way to VoIP? Find out what the experts say and how should prepare your network against such potential abuses.
http://www.w2knews.com/rd/rd.cfm?id=050822TB-VoIP_Threat

Video Downloads Make Up 61% Of All File Sharing Traffic

A recent survey shows that only 11% of file-sharing traffic is music, and eDonkey is the most popular network. Mia Gralla from the Networking Pipeline site posted this message:

"Video downloads make up 61% of file-sharing traffic and audio downloads make up 11% of the four leading peer-sharing networks, according to a new market study by CacheLogic. The company claims this is the first time such a study has been done on peer-sharing networks. It was based on actual packet data and traffic levels analyzed at Tier-ONE ISPs worldwide. CacheLogic analyzed terabytes of data in compiling the survey.

The study found that BitTorrent is increasingly being used for the distribution of legitimate content, although eDonkey is now the network of choice for video file trading. The study also found that:

  • Microsoft video formats represent 46% of aggregate worldwide peer-to-peer traffic
  • 65% of all audio files by volume of traffic are MP3 format

A surprising 12.3% of audio files are in the open-source OGG file format. Soooo, what traffic is moving in your pipes? This site is actually interesting. It's got a lot of good stuff:
http://www.w2knews.com/rd/rd.cfm?id=050822TB-Sharing

Fast Guide: Solving SQL Server Errors

Stumped by a SQL Server error? Troubleshoot the problem right away with this ever-growing list of expert responses and best practices compiled by the editors at SearchSQLServer.com.
http://www.w2knews.com/rd/rd.cfm?id=050822TB-SQL_Errors

DNS Primer: Understanding AD Integrated Zone Design and configuration

Microsoft's development of the Active Directory integrated (ADI) primary DNS zone has some useful benefits for administrators. This article by Gary Olsen defines ADI and tells you how to maximize its benefits. Over at SearchWin2000.com)
http://www.w2knews.com/rd/rd.cfm?id=050822TB-AD_DNS

IT's Seven Dirty Words

Seemingly innocent phrases that simply won't cut it in polite IT society. Really cute lil' article by InfoWorld columnist Steve Fox that I'm sure you are going to like...
http://www.w2knews.com/rd/rd.cfm?id=050822TB-Dirty_Words

The Two New Flavors Of Xbox 360

According to Microsoft PressPass, Microsoft will be releasing two versions of the new Xbox console. The Xbox 360 and the Xbox 360 'Core System'.

The Xbox 360 will come fully featured with:
Xbox 360 console.
Xbox 360 Hard Drive (20 GB).
Xbox 360 Wireless Controller.
Xbox 360 (removable) Faceplate.
Xbox 360 Headset.
Xbox 360 Component HD-AV Cable. Xbox Live Silver membership.
A bonus Media Remote.

The Xbox 360 Core System will come with:
Xbox 360 console.
Xbox 360 Controller.
Xbox 360 (Removeable) Faceplate.
Xbox 360 Standard AV Cable.

Note that the cut-down Xbox will not have an internal hard drive unlike its predecessor. That makes it impossible for it to play older Xbox games without purchasing the add-on hard drive.

  NT/2000 RELATED NEWS

Exchange Update To Push E-mail To Mobile Devices

Redmond has released a preview of the next version of Exchange that will push e-mail directly from the e-mail server onto Windows Mobile devices. That makes it a direct Blackberry threat. This new technology is called "Direct Push" and it will be in SP2, which we can expect before the end of 2005 and which will have some additional security features.

This new technology does not use SMS. It sends e-mail straight from Exchange to Windows Mobile devices. That obviates the need for a 'middleware' blackberry server, a thing that RIM will not be happy with.

But, you have to have Windows Mobile 5.0 Messaging plus the Security Feature Pack on the devices you want to push mail to, think end of this year for these... Until I see this thing actually work correctly, I'm christening it with the code name 'raspberry'! [grin]

Crash Course: A Tour Of Exchange System Manager

Exchange MVP Brien Posey walks you through the finer points of Exchange Server 2003's primary management tool -- Exchange System Manager. You'll learn how to navigate through ESM's various containers and sub-containers, what those containers do, and how to modify their settings and functionality to meet your organization's specific needs. At SearchExchange:
http://www.w2knews.com/rd/rd.cfm?id=050822RN-ESM

Testing Group Policy Security

So you've hardened Group Policy settings to protect Windows from attacks -- but are you sure all of those settings are working? Independent information security advisor Kevin Beaver offers several methods for testing Group Policy at the SearchWindowsSecurity.com site:
http://www.w2knews.com/rd/rd.cfm?id=050822RN-GP_Security

New Software Assurance Benefits Detailed

The ENTmag site has an exclusive about how Microsoft plans to bolster the Software Assurance component of its volume licensing program next month with several additional benefits covering deployment services, enhanced support, training and exclusive software, according to a source familiar with Redmond's plans. Read more at the ENTmag site:
http://www.w2knews.com/rd/rd.cfm?id=050822RN-Assurance

  THIRD PARTY NEWS

Zotob Is NOT The Third Bastard Child Of Haruk The Klingon

Contrary to your probable first impression, it isn't. In fact, it's a nasty new worm that uses a vulnerability in Plug and Pray, allowing a remote attacker to control a Windows system remotely. W2K systems are particularly at risk, although XP and 2003 Servers have a risk of infection. According to SANS:

"The worm will download the main payload from the infecting machine. Once a machine is infected, it will become an ftp server itself. It will scan for open port 445/tcp. Once it finds a system with port 445 listening, it will try to use the PnP exploit to download and execute the main payload via ftp."

"Important facts so far:

  • Patch MS05-039 will protect you
  • Windows XP SP2 and Windows 2003 can not be exploited by this worm, as the worm does not use a valid logon.
  • Blocking port 445 will protect you (but watch for internal infected systems)
  • The FTP server does not run on port 21. It appears to pick a random high port."

Note that in certain rare cases, Zotob can infect a Windows XP and Windows Server 2003 systems, if the computers were set up to enable Null sessions. See the PC World article:
http://www.w2knews.com/rd/rd.cfm?id=050822TP-Zotob

(Tip o' the hat to Alex's Blog)

The latest SNSI update contains the check to detect the recent vulnerability that allows the Zotob and Sdbot worms that exploit the Plug and Play service of Windows 2000 systems. The hole was originally addressed by Redmond's Security Bulletin MS05-039. You can use ID W2575 to scan Windows-based systems to detect the MS05-039 vulnerability in your network. SNSI is here:
http://www.w2knews.com/rd/rd.cfm?id=050822TP-SNSI

Adobe Acrobat / Reader Plug-in Buffer Overflow

Adobe Acrobat 5.x, 6.x, 7.x and Adobe Acrobat Reader 5.x, 6.x and 7.x. have a buffer overflow that allows miscreants to take over a whole system using an especially created file. Solve it by installing a new version! Here is the Adobe KB item:
http://www.w2knews.com/rd/rd.cfm?id=050822TP-Acrobat

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

iHateSpam For Exchange with Maintenance "2 for 1"

The new IHATESPAM for Exchange V1.7 is being very well received. Its efficiency is close to 100% with low false positives. Sunbelt wants to give all customers the opportunity to get this award-winning tool during the third quarter of 2005 with 2 years worth of maintenance, but only pay ONE year! That also will make you eligible for the awesome NINJA product which is the successor of IHATESPAM for Exchange. Talk to your Reseller or Rep, and make sure your purchase order is received before midnight Sept 30, 2005

http://www.w2knews.com/rd/rd.cfm?id=050822PW-iHSE