Vol. 11, #34 - Aug 21, 2006 - Issue #590
"Dude, Your Laptop Is On Fire"
- EDITORS CORNER
- Physical Security Alert
- "Dude, Your Laptop Is On Fire"
- Quotes Of The Week
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- Consumer Group Slammed For Creating 'test' Viruses
- Top Ten Active Directory Tips
- FAQ: Exchange Server Non-delivery Reports
- Step-by-Step Guide: Laptop Hacking
- VMware Users Worry About VM Sprawl
- SQL Server 2005 Upgrade Hurdles
- WINDOWS SERVER NEWS
- Gartner: Top 5 Steps to Dramatically Limit Data Loss
- Preventing Users from Disabling a Screen Saver
- WINDOWS SERVER THIRD PARTY NEWS
- Why Are GFI MailEssentials Users Switching To Ninja?
- Protecting Virtual Systems with Double-Take Software
- WServerNews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- WServerNews - PRODUCT OF THE WEEK
- "GFI MES To Ninja" Competitive Upgrade Offer
TechMentor Conference, October 9-13, Las Vegas
Microsoft will be unleashing a new wave of technologies: Will
you be ready? Join IT managers and network administrators
for TechMentor's real-world training by expert instructors.
Tracks include Security, Exchange/SQL Server, Scripting and
Automation, System and Network Troubleshooting, MCSA and MCSE.
Register by September 1 and save $200.
Physical Security Alert
We're often so concerned about IT security we forget to "close
the front door". There is a way to hack cylinder locks with so
called "bump keys" that are becoming more and more available.
Click this link, see the 07:41 minute video (Dutch with English
subtitles) and prepare to be flabbergasted. Next, get yourself
a biometric lock (not key-based) for the actually important real
estate like server rooms that you need to secure. I only heard
about it this week, but the data is from Jan, 2005. All the more
reason to take action. Here is the video:
They also have a PDF where they describe the process (PDF):
"Dude, Your Laptop Is On Fire"
It looks like the Sony battery problems could go beyond Dell laptops.
"Dude, your laptop is on fire" might be not only Dell's problem.
More Laptop vendors have used the Sony batteries. Takashi Uehara,
a spokesman for Sony in Tokyo said: "Under certain rare conditions
there is an elevated risk that the battery may overheat or catch fire
as a result of the presence of metallic particles in a critical area
of the battery cell". The batteries in question were produced between
January 2004 and February 2006. The risk apparently depends on how
the laptop is configured. A short-circuit inside the battery normally
just trashes the battery, but in certain cases it can cause fires.
Dell is doing the right thing and does an expensive recall. I hope
other vendors that may have the same problem soon follow suit. Here
is the dedicated Dell battery program website, with the specifics:
In the mean time, what should you do to protect your laptop users?
Inform these users, but prevent any sensationalizing. If you buy a
lot of these devices, ask your supplier for sufficient heat-testing
data. Last but not least, check with your insurance company to confirm
you are covered for liabilities due to device-overheating causing burns.
Quotes Of The Week
"I handed in a script last year and the studio didn't change one word.
The word they didn't change was on page 87."-- Steve Martin
I've slightly misquoted Edmund Burke last week. He actually said:
"All that is necessary for the triumph of evil is that good men
Consumer Group Slammed For Creating 'test' Viruses
Consumer Reports created 5,500 new virus variants derived from six
categories of known viruses to pit AV software against novel threats
not identified on signature lists. A lot of people in the Industry
have issues with that. Their spyware test was also a bit murky, and
we have asked them to get more data about their testing procedures.
Our Prez Alex blogged about this as well:
Top Ten Active Directory Tips
The inner workings of Active Directory can get so complex, it can drive
an admin crazy. Not to fear, though. No one is more adept at the technical
side of AD than SearchWinIT.com expert, Gary Olsen. Here we have gathered
Gary's ten best tips from the past year, as rated by SearchWinIT readers.
(free registration required)
FAQ: Exchange Server Non-delivery Reports
Exchange Server non-delivery reports (NDRs) indicate e-mail delivery
issues due to non-existent, inactive or expired accounts, misspelled
e-mail addresses, poor spam filter configuration, and other causes. Get
tips on enabling and disabling NDRs, and learn how to decipher and
troubleshoot NDR messages in this collection of expert advice.
(free registration required)
Step-by-Step Guide: Laptop Hacking
It's no longer just an inconvenience to lose a laptop. Being careless in
today's overly governed society now leads to business contracts being
dishonored, laws being broken, and industry regulations being violated.
Above all, it's putting a lot of sensitive information at risk -- both
trade secrets and, more importantly, personal livelihoods. Read this guide
and learn how to keep your laptops secure! At SearchWindowsSecurity.com
(free registration required)
VMware Users Worry About VM Sprawl
Server virtualization makes it easy as pie to deploy a new system --
maybe a little bit too easy, say industry observers.
Can you ever have too much of a good thing? Server virtualization fans are
wildly enthusiastic, but even some true believers are worried about how
quickly scads of virtual machines (VMs) are being added to corporate IT
environments. "We love VMware," said Tom Dugan, director of technical
services at Recovery Networks, an outsourced business continuity provider
in Philadelphia. Even so, he's worried about managing an ever-increasing
sprawl of VMs. More at...
SQL Server 2005 Upgrade Hurdles
Before upgrading to SQL Server 2005, consider this collection of potential
migration hurdles and pitfalls, from parameters that may cause blocking to
default settings that are no longer supported in the new DBMS.
||WINDOWS SERVER NEWS
Gartner: Top 5 Steps to Dramatically Limit Data Loss
Public exposure of private data is becoming a regular occurrence, but the
majority of these incidents can be prevented if companies implement the
proper security best practices, according to Gartner, Inc. Gartner analysts
have identified the top 5 steps to prevent data loss and information leaks.
The top 5 steps to prevent data loss and information leaks are the following:
- Deploy Content Monitoring and Filtering (CMF). A CMF solution monitors
all outbound network traffic and generates alerts regarding (or sometimes
blocks) activity based on inspecting the data in network sessions. CMF
tools monitor common channels, including e-mail, IM, FTP, HTTP and Web
mail (interpreting the HTTP for specific Web mail services) and look for
policy violations based on a variety of techniques. (Sunbelt Messaging
Ninja will have a content filtering plug-in before the end of the year)
- Encrypt Backup Tapes and (Possibly) Mass Storage. Gartner analysts highly
doubt that many of the reported lost backup tapes containing consumer
records eventually result in fraud. However, because there is no way to
know for sure, companies have to assume exposure anyway. Encryption can
ensure that the data will still be safe.
- Secure Workstations, Restrict Home Computers and Lock Portable Storage.
Workstations and laptops can be a major source of loss, especially when
a poorly configured or out-of-date enterprise or home computer is
compromised by a virus or worm, and by losing portable storage media,
such as a Universal Serial Bus (USB) drive or CD-ROM.
"There's really no excuse for not keeping an enterprise system up-to-date
with the latest patches, a personal firewall, antivirus and anti-spyware
software," Mr. Mogull said. "These precautions alone will prevent the vast
majority of commonly encountered Internet attacks."
- Encrypt Laptops. If organizations give employees portable computers,
employees will store sensitive data on it. Policies don't matter: Users
will always use the tools they acquire, and sensitive data will always
end up in unexpected places.
- Deploy Database Activity Monitoring. Most organizations struggle to
secure existing databases that are rarely designed with effective security
controls. While companies eventually need to encrypt some of the data in
their databases, database activity monitoring is a powerful security
control that's easier to implement and more viable than encryption for
many types of data.
Preventing Users from Disabling a Screen Saver
I ran into a really useful hint from Randy Franklin Smith's newsletter
from the UltimateWindowsSecurity site!
Q: How can I prevent my users from disabling the password-protected
screensaver that I configure when setting up new systems?
A: If your computers and user accounts are part of an Active Directory
(AD) domain, you can use one Group Policy Object (GPO) to deploy a
policy to all your users that prevents them from disabling the screen
saver. If you don't use AD, you'll need to configure the setting in the
local GPO of each computer.
Whether editing a GPO in AD or a computer's local GPO, maneuver to the
User Configuration\Administrative Templates\Control Panel\Display
folder in the Microsoft Management Console (MMC) Group Policy Object
Editor and enable the "Hide Screen Saver tab" policy. Now when users
open the Display applet in Control Panel, the Screen Saver tab just
won't be there for them to access. Note that the Display folder also
contains other policies that enable you to configure the screen saver
itself as well as its timeout value and other parameters.
This Security Q&A originally appeared in the Windows IT Security
newsletter's Access Denied column, you can subscribe here:
||WINDOWS SERVER THIRD PARTY NEWS
Why Are GFI MailEssentials Users Switching To Ninja?
We have found that quite a few GFI MailEssentials (MES) users are
making the move to Ninja. We asked them what their main reason was to
upgrade. The first answer we got back from basically all of them was
that the new Attachment Filter in Ninja was something they really needed
and did not have in MES. But also, they complained about the "spam catch"
ratios being not acceptable anymore.
Our perspective on this is that Bayesian filtering works fine for an
individual workstation. It indeed "fine-tunes" for the end user. However,
using it on a general mail server is less optimum. Bayesian filtering as
a technology depends upon being taught what items are spam and what
items are not spam. In a single user environment this concept works
fairly well but in server environment, no as much. Ask one user what is
spam and you'll get a lot of items that are agreed upon, but you will
also get items which are not agreed upon such as newsletters and special
offers. At that point the learning engine gets confused.
Another point is the diversity of email in a server environment. It
can teach the engine to allow too many types of email to be accepted.
Creating separate Bayesian repositories (individual scanning engines) for
each user on a server would work to make things better but at that point
you'll be putting too much load on the server. Toss in problems like
Bayesian poisoning and you've got an engine that won't get you far.
Our prez Alex just blogged about Bayesian poisoning and how it foils
Sunbelt Software offers all existing MES users a 50% Competitive Upgrade
Discount so they can afford to move from their second-generation product
to the latest third-gen (policy-based) messaging security platform.
Download the 30-day Ninja eval, see for yourself how good it works, and
ask your Rep or Reseller for a Competitive Upgrade quote. You'll be
Protecting Virtual Systems with Double-Take Software
Virtualization is one of the fastest-growing technologies in mainstream
Information Technology (IT) today. Market-leaders like VMWare and Microsoft
are pushing this growth by placing increasing focus on providing customers
with the ability to consolidate servers and easily deploy development and
test environments. The benefit of virtualization technologies such as these
is clearly evident - they allow businesses to improve their IT efficiency
while continuing to drive down costs.
As you evolve your IT infrastructures and leverage virtualization to help
address your scalability and manageability needs, it is important that you
also evolve your data protection strategy as well. Double-Take meets this
challenge by providing proven, reliable data replication and high availability
capabilities that work just as well in virtual systems as they do on their
When you combine the accessible data protection capabilities of Double-Take
with the flexibility and efficiency of virtual systems, you have no excuse
for not keeping your company's most valuable asset - it's data - safe:
Double-Take can protect data from either the Host OS (protecting all of the
virtual systems on a server) or the Guest OS (protecting the same way as
physical servers). Double-Take can provide continuous data protection of the
virtual systems and fail them over to another physical host within minutes.
Leveraging virtual systems at the disaster recovery site, one can deploy fewer
physical servers and provide autonomous virtual targets for each client /
business. Due to its patented architecture and feature set, Double-Take is
the proven leader in real-time data protection for virtual systems.
||WServerNews - PRODUCT OF THE WEEK
"GFI MES To Ninja" Competitive Upgrade Offer
Sunbelt Software offers all existing GFI MailEssentials (MES) users
a 50% Competitive Upgrade Discount so they can afford to move from
their second-generation product to the latest third-gen (policy-based)
messaging security platform: Ninja. Download the 30-day Ninja eval,
see for yourself how good it works, and ask your Rep or Reseller for
a Competitive Upgrade quote. You'll be pleasantly surprised: