Vol. 12, #27 - Jul 16, 2007 - Issue #633
W2K8 To Launch in Feb 08
- Editor's Corner
- Ballmer: Tomorrow You'll Buy Services In The Cloud
- Celebrate International Sysadmin Day - July 27th
- W2K8 To Launch in Feb 08
- Quotes of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Tech Briefing
- Lasers Could Make Disk Drives A Hundred Times Faster
- Average Zero-Day Bug Has 348-Day Lifespan, Exec Says
- Old Trick Back In Vista - Remember CTRL-C?
- Easy Vista CPU Performance Tweak
- Free Upcoming Seminar: Optimizing Exchange Performance
- Diskpart Technical Guide
- One Patch For Active Directory Is A Doozy
- Windows Server News
- Some Comments About The Recent Patches
- Windows Vista SP1 Gets Fast-Tracked
- Microsoft Customers Sour On Software Assurance
- A Revised Vulnerability Rating System Gains Steam
- Grumble: You Can't Virtualize Some Vista Flavors
- WServer Third Party News
- New Ninja Vesion With New Features
- Radmin V3.01 Released
- It's Like Swiss Cheese, These Networks
- WServerNews Fave Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- Ninja Disclaimers for Exchange: Only $99.95 Per Year
"If It Ain't Broke, Don't Fix It"... But Is It Always True?
If you run AV / Antispam from one of the big players on your Exchange
server, you have probably noticed that image spam is getting through,
tech support is crappy, and your yearly renewal fees are in the 40%
range. Isn't that really BROKE? Kick them off your Exchange server
and replace them with Ninja Email Security. A third-gen product that
-really- helps you fight malware, now with a new dedicated image-spam
engine and URL blocklist. We will give you a competitive upgrade
offer you can't refuse. Download the 30-day trial and ask your Rep
about that special offer:
Ballmer: Tomorrow You'll Buy Services In The Cloud
Microsoft wants your yearly subscription. Has been wanting this for
a while actually. This week Ballmer acknowledged that it will still be
years before that will actually happen. Lots of us are not willing
to give up control of our networks, and Linux provides a counterweight
too. But Ballmer states we are going to be "troglodytes" compared
with those who have moved to the new world of server farms. He said:
"Services will be delivered from server farms that are managed on a
huge global scale with the ability to move capacity up and down on-demand
with a new management model. More and more back-end computing will not
be done on premises but on these large farms and hosting centers."
How come this sounds familiar? IBM in the seventies, anyone?
Celebrate International Sysadmin Day - July 27th
The last Friday in July (the 27th) is International System Administrator
Appreciation day. Yay! If you don't know what a sysadmin is or does -
then please go to the bottom of this email and unsubscribe from our
newsletter! Immediately! Whew. Close call. ThinkGeek has some great
gift ideas for that special and almighty sysadmin in your life.
W2K8 To Launch in Feb 08
Last Tuesday at Microsoft's Worldwide Partner Conference in Denver, Redmond's
Chief Operating Officer Kevin Turner said Windows Server 2008 (W2K8) would
launch on February 27, 2008. They are going to have a party in LA, and also
'invite' Visual Studio 2008 and SQL Server 2008 even though the latter will
not be available until mid next year. Redmond is planning on what Turner
called a "feeding frenzy, creating hundreds of billions of dollars in the
ecosystem." Meaning they expect you to buy this by the bushel. I'm not so
sure about that. W2K8 is at the moment in a Community Technology Preview of
Beta 3 and of course Redmond is 'dogfooding' it in-house. RTM is expected
end of this year. Of note, this is also likely to be the last hurrah for
BillG, who will be stepping away from his day-to-day role in July 08.
Quotes of the Week
Since I'm writing this on Friday the Thirteenth, I thought some
'Lucky Quotes' Of The Week were in order:
"The only thing that overcomes hard luck is hard work."
-- Harry Golden (1902-1981)
"I'm a great believer in luck and I find the harder I work the more
I have of it." -- Thomas Jefferson (1743-1826)
And thank you for being a WServerNews subscriber.
Lasers Could Make Disk Drives A Hundred Times Faster
Researchers have demonstrated disk write speeds one hundred times faster
than current hard drives. The method uses a laser to heat the recording
surface and alter its magnetic field. There is no equivalent read speed
increase though, and some problems remain to be resolved. Interesting
story in ComputerWorld:
Average Zero-Day Bug Has 348-Day Lifespan, Exec Says
The average zero-day (0day) bug has a lifespan of 348 days before it is
discovered or patched, and some vulnerabilities live on for much longer,
according to security vendor Immunity Inc.'s chief executive officer.
Zero-day bugs are vulnerabilities that have not been patched or made public.
When discovered and not disclosed, these bugs can be used by hackers and
criminals to break into corporate systems to steal or change data. As a
result, there is a thriving market for zero-day bugs.
"Huge amounts of money are being offering to zero-day discoverers for
their zero-days," said Justine Aitel, Immunity's CEO. More at:
Old Trick Back In Vista - Remember CTRL-C?
Network open cancellation - Do you remember way back when you could hit
CTRL+C to cancel an operation? Well, it's back with Vista - sort of.
Try to open a document on a network resource that it can't find. In WinXP,
you were stuck until the OS decided it couldn't connect. Vista allows you
to hit cancel and it returns control back to you. If you're at the command
prompt, CTRL+C works again. Play around with it and discover the power.
Easy Vista CPU Performance Tweak
Get more performance out of Vista. The default power plan in Vista is set
to Balanced. Changing it to High Performance will increase the CPU
utilization up to 50%. That's in Control Panel, Power Options.
Free Upcoming Seminar: Optimizing Exchange Performance
Time is running out to register for the free 1-day seminar, "Optimizing
Exchange Performance: Architecture, Storage and Tuning Best Practices
for Today and Tomorrow," coming to Minneapolis, MN on August 2nd! At this
SearchExchange.com seminar, independent expert Richard Luckett, a Microsoft
MVP on Exchange Server and book author, will offer practical tips and
best practices you can apply today to help master everyday Exchange
maintenance, tuning and troubleshooting. He'll also show you how to
prepare for and take advantage of the significant changes in Exchange
Server 2007. Seats are filling up fast, register today!
Diskpart Technical Guide
Windows admins can use Microsoft's Diskpart utility to allow storage
configuration from a script, a remote session or another command prompt.
This technical guide reviews Diskpart commands and explains how admins can
use Diskpart to manipulate, extend and delete disk partitions.
One Patch For Active Directory Is A Doozy
Of Microsoft's six July patches, the worst of the bunch are targeted at
Active Directory and the .NET Framework.
||Windows Server News
Some Comments About The Recent Patches
Randy F. Smith from the ultimatewindowssecurity.com site had some good
observations about Patch Tuesday that I wanted to share with you.
"6 Patches released today. Most are affecting workstations. One unusual
exploit is affecting Active Directory. We know your DCs aren't directly
connected to the Internet so you probably already have some workarounds
enabled. And of course you have a firewall...Pay particular attention to
Windows 2000 Server since an anonymous user with access to the network
(oh no!) could deliver a specially crafted LDAP packet to the affected
system in order to exploit this vulnerability. Pay particular attention
to this one. If you don't have the workarounds in place, check your firewall
and/or routers quickly! This one is a good exercise for all AD admins to
look at. Follow the best practices and you won't have to hurry home from
vacation. Of note too is the exploit only affecting Vista. Teredo has to
do with the network address translation of IPv6 traffic. This patch involves
changes to the firewall and it seems this would be easier to implement
that the workarounds." With grateful acknowledgments to Randy.
Also, one patch caused problems for Ninja. We rushed out a hotfix and a
new build that solves the issue.
Windows Vista SP1 Gets Fast-Tracked
According to Mary Jo Foley, a columnist for Redmond magazine who blogs about
Microsoft for ZDNet, Microsoft will be releasing a beta of SP1 sometime the
week of July 16. Quoting unnamed sources, Foley also reported that the final
version of SP1 should be released in November 2007.
That's a speeded-up timetable from Microsoft's recent statements that it
expected to release Vista SP1 next year, closer to the release of Windows
Server 2008. That time-frame was prompted by changes made to Vista's search
functionality, making it more accessible to third-party developers, primarily
Google. The changes, agreed to by Microsoft, the U.S. Department of Justice
and U.S. state attorneys general, are expected to be the major alterations
introduced by SP1. More of this story at the MCPmag site:
Microsoft Customers Sour On Software Assurance
IT procurement managers are finding that Microsoft's Software Assurance
maintenance program may not save them money as hoped, according to a survey
by Forrester Research. If you are on SA, read this InfoWorld story:
A Revised Vulnerability Rating System Gains Steam
A standardized system to rank computer system vulnerabilities has been revised
to help IT managers make better decisions more quickly about potential threats.
SearchWinIT has more about this:
Grumble: You Can't Virtualize Some Vista Flavors
Redmond has limited its virtualization licenses in some Vista flavors.
In the EULA for Vista Home Basic and Vista Home Premium it states:
"You may not use the software installed on the licensed device within a
virtual (or otherwise emulated) hardware system." If you shell out more
dough, Vista Ultimate -does- allow you to stick it in a virtual hardware
system. This limitation could perhaps be aimed at Mac users. They often
run a virtual Windows using for instance SWsoft's Parallels. This will
make that option a lot more expensive.
||WServer Third Party News
New Ninja Vesion With New Features
We have posted version 2.1.4209 of Ninja for download. This version of Ninja
contains the following updates:
This version is a direct upgrade to existing 2.0 and 2.1 versions of Ninja,
simply download the new version from the link below and run the installer.
The upgrade may result in the cycling of Exchange services such as the
Information Store and Inetinfo during the installation. Readme at:
- Critical update to AV plugin in response to MS Hotfix KB928365 (.NET 2.0
issues) NOTE: If you haven't installed the MS Hotfix yet make sure you upgrade
- Updated Cloudmark Engine for increase detection of both image and pdf spam
- Sunbelt Image Spam Engine has been added for additional detection of image spam
- Spam URL Block List Engine has been added for detection of spam based on
URLs within messages
Radmin V3.01 Released
This week, the new updated Radmin 3.01 and its localized versions came out.
Radmin 3.01 is now available in German, French, Italian and Spanish. The new
version also has the following modifications:
- License key activation for all computers within a domain is enabled
(remote domain activation using ".MST" file).
- Installation file size is decreased by 2 MB.
- The system restart check was improved.
- Radmin Viewer is now compatible with Wine (remote control from Linux
- The titles of the Full Control and View Only windows now start with the
connection name, so it is easier to distinguish remote computers when
working on more than one remote machine.
- Compatibility with Korean and Chinese versions of Windows Vista is enabled.
- Improved compatibility of Radmin Mirror Driver with current video card drivers.
The current version of Radmin software is 3.01. If you already have
Radmin 3.0 installed, we recommend that you download and install this
update. You can install Radmin 3.01 without uninstalling Radmin 3.0.
All settings will be saved, including activation. License keys for
Radmin 3.0 Remote Control are valid for any 3.0 and 3.XX versions of
Radmin software. You can download Radmin 3.01 at Sunbelt's website:
- Radmin Viewer, Radmin Server and Documentation Package translated into
German, French, Italian and Spanish.
It's Like Swiss Cheese, These Networks
Sunbelt Network Security Inspector has been updated. Check out the new
vulnerability signatures for this latest SNSI release:
W3150 Microsoft Excel Could Allow Remote Code Execution - Excel 2002/XP
W3149 Microsoft Internet Information Services Could Allow Remote Code Exec
W3147 .NET Framework Could Allow Remote Code Execution - .NET 2.0
W3145 .NET Framework Could Allow Remote Code Execution - .NET 1.1 SP1
W3144 .NET Framework Could Allow Remote Code Execution - .NET 1.1 SP1
W3143 .NET Framework Could Allow Remote Code Execution - .NET 1.0 SP3
W3142 .NET Framework Could Allow Remote Code Execution - .NET 1.0 SP3
W3141 Windows Active Directory Could Allow Remote Code Execution - W2K3
W3140 Windows Active Directory Could Allow Remote Code Execution - W2000
W3138 Microsoft Office Publisher 2007 Could Allow Remote Code Execution
W3137 Microsoft Excel Could Allow Remote Code Execution - Office Compack 07
W3136 Microsoft Excel Could Allow Remote Code Execution - Excel 2007
W3135 Microsoft Excel Could Allow Remote Code Execution - Excel 2003 Viewer
W3134 Microsoft Excel Could Allow Remote Code Execution - Excel 2003
W3133 Microsoft Excel Could Allow Remote Code Execution - Excel 2000
W3132 Symantec Mail Security for SMTP attachment parsing - W2K, XP, W2K3
W3131 GIMP PSD Plug-in vulnerability - W2K, XP, W2K3
W3130 Apache 2.2 Off-by-one error in the ldap mod_rewrite module
W3129 Squid Proxy Fix assertion error on TRACE
W3128 HP Instant Support Driver vulnerability - W2K, XP, W2K3
W3127 RealPlayer SMIL file time string parsing vulnerability - W2K, XP, W2K3
W3126 Wireshark multiple dissectors vulnerable - W2K, XP, W2K3
W2298 Apache 2.0 Off-by-one error in the ldap mod_rewrite module
W2299 Apache 1.3 Off-by-one error in the ldap mod_rewrite module
W0003 Terminal Server Login Buffer Overflow - NT4
W0004 Authentication Flaw in Microsoft Metadirectory Services
W0005 .NET Framework 1.0 Latest Service Pack Installed
W0006 .NET Framework 1.1 Latest Service Pack Installed, XP, W2000, NT
W0007 .NET Framework 1.1 Latest Service Pack Installed, W2003 Server
W0008 .NET Framework 2.0 Latest Service Pack Installed, W2003 Server
W0197 ISA 2004 SP 3 - W2K, XP, W2K3
S0474 Kadmind vulnerability - Solaris 8 - 10
S0473 Nscd susceptible to libsldap flaw - Solaris 8 - 10
S0472 Kadmind RPCSEC_GSS implementation - Solaris 8 - 10
SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of
computer incidents. It also contains the latest SANS/FBI top 20 vulnerability
list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department
of Homeland Security) advisories. To get the latest SNSI version, visit:
To update from within the SNSI console, select Settings, enter your full
registration key and click on Check Now button. To Purchase NOW, visit:
||WServerNews Fave Links
This Week's Links We Like. Tips, Hints And Fun Stuff.
- Take a look at the ten images below. Some of them are photographs of real
objects or scenes, others are created by computer graphics (CG) artists.
Test your ability to tell which among the array of images are real, and
which are CG. I got 7 out of 10.
- This site allows you to travel wholesale, making money while doing it and taking
a tax-write off. Interesting? Watch the Presentation and then click on Join Now:
- Medieval Tech Support Version 2.0. An old classic - but now with better
video quality plus corrected and compete translation. Even funnier now:
- Taser new "XREP" Extended Range Electro-Muscular Projectile shotgun shell:
- A whole bunch of awesome insect shots. Very pretty:
- Slide.com is the YouTube of Slide Shows. Much easier (and cheaper) than
a PowerPoint slide deck and Web-Ex.
- This must be the best obituary ever, in the UK newspaper The Telegraph:
- Awesome airport security. Some one caught this and put it on Flickr:
- How Operating System Feature Requests Were Handled In The Eighties.
By the way, VMS was built by Dave Cutler, the father of Windows NT.
DEC's arrogance was part of its charm, but also its downfall.
- Cooking tips - amazing 'human beatbox' video, and quite funny.
- Some one told me it would take a week before people had the iPhone
doing something it wasn't supposed to do. He was right:
- Googling "how to crack a safe" nets robbers $12,000. I was amused.
- Nanotechnology 101: Researchers are manipulating particles at the atomic
level. One nanometer (nm) is one billionth, or 10-9 of a meter or the
amount a man's beard grows in the time it takes him to raise the razor
to his face:
- Jay Leno inhales "anti-helium" Hilarious! Because of its high density
light objects can float on the gas. It can also alter sound waves:
- The Japanese way of folding a T-shirt (38 second extended version):
- Everybody knows that the iPhone can make phone calls, play movies & music,
and a lot more. But, Will It Blend? That is the question. iSmoke!!!
- Cute, short one to end off: 'Car trouble'
||WServerNews - Product of the Week
Ninja Disclaimers for Exchange: Only $99.95 Per Year
The product is aggressively priced at $99.95 for unlimited mailboxes
per organization. Ninja Disclaimers offers robust policy-based disclaimer
functionality, allowing you to create automatic global and user-based
disclaimers for all outbound email for Exchange 2000 and 2003, with
Exchange 2007 support available late July. Designed to be seamlessly
implemented within an organization without interrupting existing antispam
and antivirus solutions. Configure disclaimers based on specific users,
groups, domains, or public folders. Ninja also prevents multiple
disclaimers when replying or forwarding. Allow users within different
departments to add or bypass a disclaimer on a per email basis based
on predefined keywords that are included in the body or subject of the
email. Comes with disclaimer templates (HTML or plain text) and reports.
A 30-day trial version of Ninja Disclaimers is available: