Vol. 12, #32 - Aug 17, 2007 - Issue #638
Exchange Server 2007 SP1 Stacked With Goodies
- Editor's Corner
- Impact Of "Credit Crisis" On IT?
- More On Thumbs Down On Vista For Admins
- Test Your Geek IQ
- Quotes Of The Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Tech Briefing
- WinXP SP3 Released To Small Group
- Is Your Company Using Proxcards? This Is Highly Insecure
- Trouble Ahead - Main Security Threats For 2007
- Mobile Device Insecurity Facts
- Nokia Says 46 Million Batteries May Overheat
- Interpreting The Five Disk-Related Blue Screen Of Death Errors
- Tutorial: Configuring Microsoft Exchange Direct Push Technology
- Windows Server News
- Exchange Server 2007 SP1 Stacked With Goodies
- Exchange Server 2003 Performance On VMware ESX Server 3
- WServer Third Party News
- Email Management, According To The Managers
- Take Credit Cards? A Cost Effective Way To Get PCI DSS Compliant
- WServer News FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- Use EBay or PayPal? Get their Security Key
10 Questions You Should Ask About Enterprise Antispyware
ITSecurity.com recently posted their Antispyware Buyers Checklist with
10 questions you should ask when considering implementing an enterprise
antispyware solution in your organization. To aid in your search to
find the right antispyware solution, we have provided answers to each
question on how CounterSpy Enterprise is able to deliver all the
necessary requirements to best protect your network from spyware and
other malware. Direct link to a short 2-page PDF - No registration:
Impact Of "Credit Crisis" On IT?
OK, it's all over the news: "Credit Crisis". But subprime mortgages
are only 5% of the total economy. The uncertainly connected with it
though, and who is exposed makes it seem worse than it is. However,
tightness in credit extends out to business lending. And that could
influence IT. Here are a few scenarios you might see in the next six
months, depending on the financial strength of your own organization:
Two-thirds of the U.S economy is driven by consumers. Your IT budget
is always a percentage of your corporate sales.
- Vendors with low profit margins cannot get cheap money, so they
will likely be acquired.
- Large, capital-intensive IT project could likely get scaled down.
- If your organization has large debts, there will be a budget crunch.
- If this fully filters down to consumers (who no longer can use their
house as an ATM), that could mean lower general corporate revenues.
Worst case design, it would be a slump similar to the Internet Bubble
hangover, but not very likely. The Feds are just going to print money
and pump it in the economy when things threaten to get bad. Prepare
for the worst and hope for the best.
More On Thumbs Down On Vista For Admins
I got some good feedback from admins about using Vista for admin
tasks. They told me that installing the adminpak.msi on Vista would
take care of a lot of these complaints. There still seem to be some
performance issues with it. But try installing the Windows Server
2003 admin tools, I get reports they work fine on Vista. You just
need to follow these instructions:
Downgrading to XP also seems to come with other problems. Below is a
link from HP that seems to state that much of the hardware in the HP
Vista equipped laptops systems is not and will not be supported by any
other operating system drivers. In other words, did Microsoft force
component hardware manufacturers to not write software drivers other
than Vista for the new machines? See the link:
Generally speaking, there are some problems with Vista that give it a
bum rap, despite the fact that the actual underlying code is actually
a lot more solid than XP's. Let me summarize these for a sec:
And then there were bugs. For example the slow copying of files, which
seems to still be the case in a peer-to-peer network, something not
fixed by the recent patches. The coming SP1 should improve things
- A lot of drivers were not ready at release time
- Desktop performance is bad
- The UAC looked like it was designed by marketing
- Upgrade pricing stank
Test Your Geek IQ
InfoWorld has a fun test. It's not easy. They told me to get a suit
and become a manager, as I was 'no good' as a geek. (I don't know
much about Linux, and that sure came out in this test!) Here's how
the invite looked:
"Sure, you may have scored more than 150 on the standardized IQ test,
you may party hearty with Mensa Mommas -- but what's that actually
worth in the real world? Diddly. If you truly want to know how smart
you are when it counts, then InfoWorld's Geek IQ test is the puzzler
for you. Answer the 20 questions below, and we'll add up your score
and let you know how you measure up. Even a suit can follow those
directions. And remember: Googling every question will not give you
an accurate score. Got a beef or want to brag? Take it out on the
comments section of the Answer Key page at the end of the test."
Quotes Of The Week
"You must keep your mind on the objective, not on the obstacle."
-- William Randolph Hearst
"The nationalist not only does not disapprove of atrocities committed
by his own side, he has a remarkable capacity for not even hearing
about them." -- George Orwell
Thank you for being a WServerNews subscriber!
WinXP SP3 Released To Small Group
Redmond has this week dropped an early copy of WinXP SP3 in the lap
of a small group of testers. Coming in at less than 350MB, the service
pack includes fixes for over 900 reported problems, some of which have
already been resolved with post-Service Pack 2 hotfixes. This build
is tagged 5.1.2600.3180, and here are some pictures of the build:
Is Your Company Using Proxcards? This Is Highly Insecure
Chris Paget, director of R&D for IOActive, in his speech at BlackHat,
talked about a low-cost, handheld device for cloning RFID cards. Paget
held up several RFID cards, waved them close to his cloning device, and
in seconds created a usable copy of the original RFID card. In conclusion,
Paget said, "If you use 125KHz proximity cards, your doors are highly
Well, I just did a Google search, and found that indeed since a few years
the technology to break them exists, and that it's not all -that- hard
when you are a geek. Here is a page that explains how to do it. In Sunbelt
we have moved to biometrics completely. You need your fingerprint to open
our main doors. It's not 100% either but it's definitely better than this:
Trouble Ahead - Main Security Threats For 2007
A recent University of Michigan study found that 70 percent of
corporate theft incidents can be traced to an insider. This year
saw the increase in Web-based attacks, and that's only going to
intensify in 2007, security experts say. A recent IDC report found
that up to 30 percent of companies with 500 or more employees have
been infected via Web surfing, and 20- to 25 percent via email-borne
worms and viruses.
Mobile Device Insecurity Facts
Mobile device use is widespread. More than half those surveyed (60.8%)
have at least one, and almost a third (29.3%) have two. The vast majority
of users (70.7%) keep confidential information on their mobile device -
be it their own or their employer's. Almost all users (78.1%) who lost a
portable device containing confidential information still do not encrypt
their data today.
Nokia Says 46 Million Batteries May Overheat
Nokia is offering to replace 46 million batteries made by another company
for use in its mobile phones because of a risk of overheating, Nokia said
on Tuesday. It's moving from Laptops to phones now! Faulty batteries made
by Japan's Matsushita and sold in a wide range of Nokia phones will be
replaced for free. InfoWorld broke the news:
Interpreting The Five Disk-Related Blue Screen Of Death Errors
A dreaded Blue Screen of Death error message can provide insight into the
root cause of the failure. Here you'll learn what the five most common
disk-related BSOD Stop messages mean.
Tutorial: Configuring Microsoft Exchange Direct Push Technology
Learn how Microsoft Direct Push technology works and find out how to configure
and implement Direct Push in an Exchange 2003 SP2 email environment.
||Windows Server News
Exchange Server 2007 SP1 Stacked With Goodies
Redmond release a new CTP (community technology preview) which includes
more support for W2K8, W2K3 SP2, Vista, and Lotus Notes. People that have
MSDN and TechNet can get their hot little hands on it.
The CTP is now feature complete, and supports Vista better, e.g. Exchange
management tools now run on Vista and W2K8. E2K7 SP1 Beta 2 also adds standby
continuous replication, which allows Exchange to maintain an updated stand-by
server to prevent catastrophic data loss in the event of power failures, but
there is no automatic failover, this is a manual switch.
Then, there's the additional security. Redmond says that Exchange Server-side
security has been improved to support military requirements. Admins will
also be interested in the new S/MIME (Secure/Multipurpose Internet Mail
Extensions) support Redmond has dropped into Outlook Web Access (OWA).
OWA looks even more like Outlook now. SP1 will provide support for custom
forms, new and much better mobile-device management like new ActiveSync
policies for synching, authentication, and encryption.
E2K7 SP1 also adds an array of other updates, including the intro of IPv6
support, a service pack for Forefront Security for Exchange Server that
"increases filtering and scanning performance," better integration with
the new Office Communications Server 2007.
An interesting fact from a slide that was presented at Microsoft's yearly
Financial Analyst Meeting in June, shows that Exchange is a $1.5 billion
annual revenue stream. Redmond claims more than a thousand companies
have switched from Lotus Notes to Exchange in the last 12 months. They
did not tell how many changed from Exchange to Notes though. ;-D
Getting SP1 released later this year is likely to convince many admins who
have been sitting on the sidelines to migrate to E2K7. And we have a Ninja
version for them too.
Exchange Server 2003 Performance On VMware ESX Server 3
This VMware white paper discusses the performance and scalability of Microsoft
Exchange Server 2003 when deployed within virtual machines running under VMware
ESX Server 3.0.1. The introduction of this 19 page white paper reads:
"Virtualization has become a mainstream technology, allowing enterprises to
consolidate underutilized servers while helping to increase reliability and
fault tolerance and simplify load balancing. As organizations embrace
virtualization in the data center, many may consider virtualizing Microsoft
Exchange software. This paper suggests how an enterprise-critical messaging
application like Microsoft Exchange Server 2003 should be sized and deployed
on VMware ESX Server1 to obtain a satisfactory Quality of Service.
Specifically, we examine:
This paper discusses the performance and scalability of Exchange Server
2003 when it is deployed within virtual machines hosted by VMware ESX Server
3.0.1 on a Dell PowerEdge 6850 server with a Dell-EMC CX500 FC SAN. The Heavy
user profile from Microsoft's Exchange Server 2003 Load Simulator benchmarking
tool was used to simulate the Exchange workload. Results indicated that a
uniprocessor virtual machine can support up to 1,300 Heavy users. Our
experiments also show that consolidating multiple instances of these
uniprocessor Exchange virtual machines on a PowerEdge 6850 can cumulatively
support up to 4,000 Heavy users while still providing acceptable performance
- The performance implications of running Exchange Server 2003 on a virtual
machine versus a physical system.
- The performance of Exchange Server 2003 in virtual machine configurations
when "scaling-up" (adding more processors to a machine) and "scaling-out"
(adding more machines).
A key observation in the study is that uniprocessor virtual machines are,
from a performance perspective, equivalent to half as many multiprocessor
(two virtual processors) virtual machines. Hence we recommend that the
Windows and Exchange licensing costs, ease of management, and corporate
standards guide your configuration in this regard.
This VMware white paper discusses the performance and scalability of Microsoft
Exchange Server 2003 when deployed within virtual machines. PDF:
||WServer Third Party News
Email Management, According To The Managers
When you're evaluating email security management systems, defining your
must-haves is the easy part: ironclad effectiveness, no downtime, easy
to manage. Finding out which of five top-tier solutions in wide use really
deliver on those qualities is more difficult, unless you have the means to
survey several organizations using them. But that's exactly what Osterman
Research did, and the results are available to you now in a free white paper,
"Comparing Email Management Systems that Protect Against Spam, Viruses,
Malware and Phishing Attacks". When you're evaluating critical security
solutions, what you really need to know is how they perform in the real
world, not in the lab. That's just what you'll learn about email security
management systems in this free white paper. (PDF, no registration!):
Take Credit Cards? A Cost Effective Way To Get PCI DSS Compliant
Visa is warning large merchants who accept credit cards that they face
higher transaction fees beginning in October if they don't fully comply
with the PCI data security standard by the end of next month.
If your organization takes credit cards, one of the requirements is you
scan your networks for vulnerabilities. SNSI can do that for you at an
SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE)
list of computer incidents. It also contains the latest SANS/FBI top
20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft
and FedCIRC (Department of Homeland Security) advisories.
New vulnerability updates for this release include:
W3183 Vector Markup Language Could Allow Remote Code Execution
W3182 Virtual PC and Virtual Server Could Allow Elevation of Privilege
W3180 Windows Media Player Could Allow Remote Code Execution
W3179 GDI Could Allow Remote Code Execution
W3178 Cumulative Security Update for Internet Explorer
W3177 Microsoft Excel Could Allow Remote Code Execution
W3176 Microsoft Excel Could Allow Remote Code Execution
W3175 Microsoft Excel Could Allow Remote Code Execution
W3174 Microsoft Excel Could Allow Remote Code Execution Office 2000
W3173 OLE Automation Could Allow Remote Code Execution - Visual Basic 6
W3172 OLE Automation Could Allow Remote Code Execution
W3171 Microsoft XML Core Services Could Allow Remote Code Execution
W3170 Microsoft XML Core Services Could Allow Remote Code Execution
W3169 Microsoft XML Core Services Could Allow Remote Code Execution
W3168 XML Core Services Could Allow Remote Code Execution XML Core 6
W3167 XML Core Services Could Allow Remote Code Execution XML Core 4
W3166 XML Core Services Could Allow Remote Code Execution XML Core 3
W3165 Visual Studio 6 VDT70.dll ActiveX Vulnerability - W2K, XP, W2K3
W3164 Photoshop PNG, BMP file handling vulnerability - W2K, XP, W2K3
W414 ActivIdentity CAC Card Detected
S487 Java Portal Server XSLT handling - Solaris 8 - 10
S486 Java Web Server HTTP response splitting - Solaris 8 - 10
N65 IOS Next Hop Resolution Protocol Vulnerability
N64 IOS UCM Voice Vulnerabilities
M123 Security Update 2007-007 not installed - Mac OS X
M2 Photoshop PNG, BMP file handling - Mac OS X
H7 OpenView Performance Insight Shared Trace Vulnerability - HP-UX 10, 11
Sunbelt Network Security Inspector version 126.96.36.199 was released Aug 15, 2007.
Sunbelt Software recommends you download the new SNSI version 188.8.131.52 and
scan and patch your machines today. To get the latest SNSI version, visit:
||WServer News FAVE Links
This Week's Links We Like. Tips, Hints And Fun Stuff.
- Women In Film. 100 years of female movie stars from 1907 to 2007. The morphing
is very well done. See how many you recognize?
- At almost 90% the size of the real aircraft - this is without doubt one of the
biggest radio-controlled model airplanes in the world:
- Pittsburgh Blogger's 300-Page iPhone Bill Mailed In Box: RIOT !
- And another one. This gent took his iPhone to England, on ROAM, and raked
up a healthy $5,086.66 bill, just using the Internet... Here's his blog:
- Singularity is a Redmond project focused on building a research operating
system prototype extending programming languages, and developing new
techniques and tools for specifying and verifying program behavior.
- Meet six-year-old music prodigy Ethan Bortnick. He can play up to 200 melodies
from memory, and has composed over 20 pieces. You would think he learned it
all in a past life...
- The Sun In Motion website shows how dynamic that energy source really is!
- For the first time it is possible to have, in the same automobile, a much
smoother ride than in any luxury sedan and less roll and pitch than in any
sports car. This technology is called "active suspension" See the video:
- The Directors Bureau has a 'Special Projects Idea Generator'. Click on
the center button and get inspired for your new movie!
- Meet Cosmic Enemy Number One. What to do when a large asteroid comes
dangerously close to Earth, threatening to devastate human civilization?
Scientists have figured out a very clever Asteroid Deflection Strategy:
- A levitating helicopter? No. The frame rate of the video recorder matches
the rotor speed!
- Here is the "Mumblety-Peg" game automated. Remember spreading your hand
out and then taking a knife rapidly and stab the spaces between the fingers?
- Need to give a presentation? A little nervous? Here are the Pro's Notes
on making it through alive and being a success at the same time:
- Stuntman with mind-blowing skills. Prepare to be amazed:
- Last but not least, a funny Sony Vaio TV-ad. How -not- to use a laptop
for business video-conferencing:
||WServerNews - Product of the Week
Use EBay or PayPal? Get their Security Key
Some one sent this to me. It's not new, but a really good idea.
"If you are a eBay or PayPal member, I recommend that you consider
getting the PayPal Security Key. This security key adds another
authentication factor for access to your eBay and PayPal accounts.
The pocket size device generates a unique six-digit security code
about every 30 seconds. You enter that code when you log in to your
PayPal or eBay account with your regular user name and password.
Then the code expires - no one else can use that code. Once the
security key is activated for your account, no one can access your
account with using the key. Simple! Online banking websites should
have been doing this long ago." Get one here for 5 bucks: