WServerNews (formerly W2Knews)

Vol. 12, #35 - Sep 10, 2007 - Issue #641

Should Governments Be Allowed To Install Spyware?

This issue of WServerNews is sponsored by

Editor's Corner
- Should Governments Be Allowed To Install Spyware?
- Third Quarter Blowout Specials
- Upcoming Sunbelt/Double-Take Seminars
- Quotes Of The Week
Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
Tech Briefing
- Memory Leak Causes XP To Lock Up
- The 8 Most Dangerous Consumer Technologies
- Upgrading To SQL Server 2005: A Dozen Must-Have Tips
- CA Alert Service Vulnerable To Buffer Overflow
- Invalid Security Certificate Error With Outlook 07 And E2K7
Windows Server News
- Redmond Releases New Virtual Machine Manager
- Making The Decision To Move To Windows Server 2008, Part 2
- Patch Tuesday Looks Light
- iPhone Or Blackberry?
- Whassup with WSUS?
- ISO Rejects Redmond's Open XML But Fat Lady Has Not Sung
WServer Third Party News
- Will These Holes Ever Stop?
- Need To Discuss Active Directory With Your Peers?
WServerNews Fave Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
WServerNews - Product of the Week
- Reclaim up to 80% of your Exchange Store with ExchangeCompress

Reclaim up to 80% of your Exchange Store with ExchangeCompress

Attachments can be consuming up to 90% of your Exchange Server mailbox
space. In addition many of the attachments are duplicated again and
again wasting gigabytes of space. You can try to impose quotas, but
you are subjected to endless phone calls when user's run out of space.
Now there is a better way! ExchangeCompress 2.0 allows you to control
the space used by attachments and reduce the size of your Exchange
mailboxes by up to 80%! ExchangeCompress 2.0 can separate attachments
as they come in with no impact to the user. Download a free trial at:
http://www.wservernews.com/070910-ExchangeCompress

	Editor's Corner

Should Governments Be Allowed To Install Spyware? The German government is floating a proposal to deploy spyware to infect the computers of suspected terrorists and/or criminals. The security community is still up in arms about the recent "anti-hacking" law that essentially undermined legitimate security research in Germany. Now the German Interior Ministry has been seeking support for a new security law that would allow the German feds to cyberspy on cases they think might work on terrorist attacks. And since this week's terrorist attack that got foiled was executed by homegrown Islamist radicals, (first names Fritz and Daniel) you can see why they would want this. On the other hand, putting a government sponsored Trojan on the PC of a suspect goes straight into the teeth of privacy and is an invasion by Big Brother. More over, what would be the situation when outfits like us would find the trojan and be asked not to put it in our threat database? Interesting situation don't you think? I'd like your input on that and will report back next week on this. Email me at: feedback@wservernews.com PS: Make sure you read the item about Redmond's release of Virtual Machine Manager! Third Quarter Blowout Specials Sunbelt sales are doing excellent. We're playing a game to get the Q3 sales better than ever. So, here are the 'end-of-Q3-specials': Free Sunbelt Network Security Inspector (SNSI) for any order of Ninja which is over $1,500. SNSI is an award-winning vulnerability scanner that normally is $1,795 per admin, so this is a killer deal. If you buy CounterSpy Enterprise (and you -should-, it's a really strong malware fighter with an exciting upgrade path) you get a free client license for all your employees at home... PLUS a free copy of Ninja Disclaimers with every order. And as a special bonus, anyone buying Double-Take also gets a free copy of Ninja Disclaimers. Upcoming Sunbelt/Double-Take Seminars You are invited to the following seminars we are hosting: Seminar: "Recovery Made Easy for Exchange, SQL, and other Critical Applications" - Join Sunbelt and Double-Take Software as we discuss strategies for implementing high availability, remote availability and offsite disaster recovery solutions for SQL, Exchange and other mission critical applications using Double-Take. You will also hear about Double-Take's NEW solutions that power your keys to recoverability. Hosted at the Wyndham Jacksonville Riverwalk in Jacksonville, FL on Wednesday, September 12th. Register here: http://www.wservernews.com/070910-Jacksonville-Seminar Hosted at Microsoft in Dallas, TX on Wednesday, October 10th. Register here: http://www.wservernews.com/070910-Dallas-Seminar Quotes Of The Week "The difference between salad and garbage is timing." -- Dan Kennedy "At Microsoft, quality is job SP1." -- Book author John Hedtke And thank you for being a WServerNews subscriber.

Hope you enjoy this issue of WServerNews! Warm regards, Stu |

Email me: feedback@wservernews.com

	Admin Toolbox

Admin Tools We Think You Shouldn't Be Without Reclaim up to 80% of your Exchange Store with ExchangeCompress. Download your trial copy today. http://www.wservernews.com/070910-Reclaim-Exchange-Store Get mPowerTools to do tedious Active Directory tasks without scripting. Includes AD, security & permissions reporting. Use it free for 15 days. http://www.wservernews.com/070910-mPowerTools The Microsoft Exchange Troubleshooting Assistant helps and automates determining performance, mail flow and database mounting problems: http://www.wservernews.com/070910-Exchange-Troubleshooting-Assistant Need to move large numbers of directories and files between servers? FileZilla is Graphical, free, and allows a simple bulk copy of files and directories from one location to another via FTP. At SourceForge: http://www.wservernews.com/070910-FileZilla

	Tech Briefing

Memory Leak Causes XP To Lock Up If you have a program using Windows Management Instrumentation (WMI) running on your XP computer, you might get lock ups (unresponsiveness) because of a memory leak that occurs when the RPC cache gets too big. There is a hotfix for the problem, but you'll need to submit a request to Microsoft Online Customer Services to get it. To find out more, see KB article 890196 at http://www.wservernews.com/070910-XP-Memory-Leak The 8 Most Dangerous Consumer Technologies Companies can't depend wholly on policy to maintain the level of security they need ComputerWorld has a good story. High-tech consumer products and services of all kinds are making their way into the workplace. They include everything from smart phones, voice-over-IP systems and flash memory sticks to virtual online worlds. And as people grow more accustomed to having their own personal technology at their beck and call -- and in fact can't imagine functioning without it -- the line between what they use for work and what they use for recreation is blurring. In a recent survey of corporate users by Yankee Group Research Inc., 86% of the respondents said they had used at least one consumer technology in the workplace, for purposes related to both innovation and productivity. Unfortunately, this trend poses problems for IT organizations. For one thing, the use of these technologies increases the risk of security breaches. Here are the 8 culprits: http://www.wservernews.com/070910-Dangerous-Consumer-Technologies Upgrading To SQL Server 2005: A Dozen Must-Have Tips Upgrading to SQL Server 2005? In these tips, get information on backward compatibility issues, the coexistence of SQL Server 2005 and 2000 on the same machine, migrating with the Copy Database Wizard and more. http://www.wservernews.com/070910-SQL-Server-2005-Upgrade CA Alert Service Vulnerable To Buffer Overflow Russ Cooper reported in Security Watch that numerous CA products include the company's Alert Service, which has been discovered to be vulnerable to several attacks via the SMB protocol. Such attacks would typically occur via TCP 445 or TCP 139. An attack could yield the criminal access to the victim system in the security context of SYSTEM. On Windows XP and Windows Server 2003 systems, an attacker would have to have authenticated to the victim system's RPC environment. Windows 2000 can be attacked by an unauthenticated criminal. In any event, the RPC interfaces should not be available outside of the security perimeter, so attacks will likely come from internal systems only. This vulnerability is similar to previous vulnerabilities in Symantec's anti-virus products which ultimately led to attacks. The most likely scenario is that a roving user becomes infected while outside the security perimeter, and then brings the infected system back into your organization where it proceeds to attack other systems. Be prepared to segment your network and identify attacking systems should an attack in the wild occur. Patches are available at: http://www.wservernews.com/070910-CA-Alert-Vulnerability Russ Cooper is a senior information security analyst with Verizon Business. He's also founder and editor of NTBugtraq http://www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to MS security. Invalid Security Certificate Error With Outlook 07 And E2K7 When Microsoft Outlook 2007 users connect to an Exchange 2007 server, they may experience the error: The name of the security certificate is invalid or does not match the name of the site. Find out the cause of this problem and how to fix it in this tip. http://www.wservernews.com/070910-Certificate-Error

	Windows Server News

Redmond Releases New Virtual Machine Manager Redmond is 'only number two' in the virtualization space, so it needs 'to work harder'. Well, here is something very cool. This week they RTMed a new tool called System Center Virtual Machine Manager 2007. It allows you a single and simultaneous view of both your physical and virtual machines. And as most of you already know, deploying virtual machines without the proper management tools can quickly turn into major confusion. Redmond has been working on System Center Virtual Machine Manager 2007 (SCVMM or VMM for short) for about 18 months and it has been RTMed now. You can get your hands on it in October, and it is part of Redmond's System Server Management Center. VMM was built using the same architecture as DPM, Ops Manager and Config Manager. You can use VMM to control virtual machines if you run Microsoft Virtual Server 2005 R2. Microsoft tweaked its licensing model for its for its System Center Server Management Suite Enterprise. It's now $860 per host server, and that includes any number of instances of virtual software, and two years of Software Assurance. Now, here is the answer to the question that was sitting there itching in the back of you head. Yes, Microsoft also plans a next version of VMM so that it not only supports Windows virtualization but also VMware and XenSource Inc. w00t! A beta of that version is expected in Q1, '08. I also hear about a rumor that VMM allows you to convert machines running VMWare to Microsoft format, but have not been able to confirm that at deadline. More at the Microsoft site about VMM: http://www.wservernews.com/070910-VMM Making The Decision To Move To Windows Server 2008, Part 2 PowerShell and virtualization are two of the reasons that make good business sense when thinking about migrating to Windows Server 2008. Some features in Microsoft's newest OS can boost productivity and save money. This expert tip reviews File System Improvement, PowerShell, Windows Hardware Error Architecture and virtualization. http://www.wservernews.com/070910-Windows-Server-2008 Patch Tuesday Looks Light Redmond's Patch Tuesday looks to be on the light side this September. There are just five patches. One of these is labeled "Critical" and four are rated "Important". The single critical issue, similar to earlier ones, has a potential remote code execution (RCE) risk. You can fix the problem though with a reboot and sweep the system with Baseline Security Analyzer to see if that box even needs an update. Microsoft will also release a new version of Windows Malicious Software Removal tool, and is rolling out one high-priority, non-security update on Microsoft Update and nothing for Windows Update. iPhone Or Blackberry? I asked our IT dept how they hooked up the iPhone to Exchange. The answer I got back was surprising. Here goes: "It's really easy. The reason why we could not hook up our Controller resulted from me being stupid. I had all the settings on her phone correct but it just wouldn't work right. Then I finally remembered that she wasn't previously set up as a VPN user so she didn't have all of the necessary permissions needed to access our Exchange server (everyone else I had helped set up were already in the VPN Users group). Once I got the perms set up right, it worked like a champ. "Now, if you're thinking about getting one, the major caveat is it's not "push" email like a blackberry. It checks every 15 minutes when the phone is turned on. If you're remote (i.e. not directly connected to our network via Wi-Fi), you need to connect over the VPN to be able to check email. A lot of times when the phone goes to sleep, it might still tell you that it's connected to the VPN, but it really loses that VPN connection and you have to re-connect in order to be able to retrieve email - kind of like how a laptop works when it goes to sleep. To me, it's not a huge hassle to use it that way but if you're used to using a blackberry, it is different." InfoWorld has picked seven serious business phones, and has a good comparison here, including the BlackBerry 8800 and the Nokia E61i: http://www.wservernews.com/070910-Business-Phones Whassup with WSUS? Considering a WSUS upgrade? You should. Greg Shields wrote a really good article about this, with a lot of good ammo and reasons why. It starts out like this: "After what seemed like an eternity in beta, the long-awaited WSUS 3.0 upgrade finally made it to market in early May. The good news is this full-point upgrade to Microsoft's patch-management system adds a host of new and desirable features that were missing from previous versions. Adding stability and scalability to an already fully functional, no-cost tool further solidifies its place as an enterprise patch-management solution. "So what should you expect in this upgrade? First, Microsoft has completely eliminated the much-maligned Web interface for configuring WSUS and replaced it with a new interface based on Microsoft Management Console (MMC) 3.0. This means that if you haven't upgraded your MMC, you'll soon be upgrading it on your management workstation. You'll also need to download and install Microsoft Report Viewer 2005, because WSUS uses this tool for report generation. More of this article at RedmondMag: http://www.wservernews.com/070910-WSUS ISO Rejects Redmond's Open XML But Fat Lady Has Not Sung Redmond lost round one this week one in their battle to gain ISO approval of the Office Open XML file format (OOXML). But before you start wringing your hands, or cackle with glee, remember it's still early in the game. What the ISO members actually did it just said "NO" to the so called 'fast track' status for OOXML. Basically Redmond got told to wait in line for its turn to be voted on via normal channels. Quite a few members were positive about the concept of OOXML though. It's interesting to see the marketing spin that all parties put on this. Everybody 'won'. More about this in a blog over at InfoWorld: http://www.wservernews.com/070910-OOXML

WServer Third Party News

Will These Holes Ever Stop?

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

New vulnerability updates for this release include:

W3165	Visual Studio 6 VDT70.dll ActiveX Vulnerability
W3081	Trend Micro ServerProtect Vulnerabilities
W2411	MSN Messenger, Windows Live Messenger Webcam Stream Vulnerability
W1835	Oracle Database Server Vulnerabilities (March 2003)
W1706	BIND 8 Cache Poisoning / End of Life
W0199	Oracle E-Business Suite 11 Diagnostics Vulnerability
N0068	Cisco IOS AAA Radius authentication bypass
L45 	Po4a predictable /tmp name attack - FC
L53 	Libvorbis header size and stream errors - FC
L55 	Id3lib tempfile creation mkstemp error - FC
L56 	Pam_SSH allow blank password bypass - FC
L58 	Ipsec-Tools src/racoon/isakmp error - FC
L59 	RPM showQueryPackage error - FC
L60 	Sylpheed inc_put_error() function vulnerability - FC
L61 	Star dot dot directory traversal error - FC
L62 	Bugzilla multiple vulnerabilities - FC
L63 	GDM NULL handling in g_strsplit ? MDV
S0489	ATA Disk Driver ioctl flaw - Solaris 8-10_x86
S0299	Oracle E-Business 11/11i / Sun Management Center - Solaris
M0006	BIND 8 Cache Poisoning / End of Life

Sunbelt Network Security Inspector version 1.6.76.0 was released September 5, 2007). Sunbelt Software recommends you download the new SNSI version 1.6.76.0 and scan and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/070910-SNSI

Need To Discuss Active Directory With Your Peers?

Sunbelt Software hosts the Active Directory list to invite the free and open discussion of Microsoft Active Directory Administration Issues:
http://www.wservernews.com/070910-Communities

	WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff. Base Jumpers have been known for going to great lengths in order to obtain some altitude, but this has to be the most unique we've seen so far. http://www.wservernews.com/070910-Base-Jumping This 11 year old girl rides a zip line twice a day to go to school. http://www.wservernews.com/070910-Zip-Line A new contest spun out of the SysAdmin of the Year competition asks you to craft your own version of the SysAdmin Rockstar song. Check the lyrics! http://www.wservernews.com/070910-SysAdmin-Song Fly a lot to keep spread-out sites up and running? The Travelpost website offers wi-fi data for over 200 U.S. and 80 international airports. http://www.wservernews.com/070910-Travelpost-Wifi High-Tech restaurant without waiters http://www.wservernews.com/070910-High-Tech-Restaurant A-Space: Social Network for Spies. http://www.wservernews.com/070910-A-Space Remember the f*****d Company website during the dot.com bubble? There is a new site, this time for mortgage-lending outfits. http://www.wservernews.com/070910-ML-Implode A sharp eyed user saw a submarine with its propeller in full view in Redmond's Virtual Earth. http://www.wservernews.com/070910-Submarine Google Earth has a hidden flight simulator: http://www.wservernews.com/070910-Google-Earth-Flight-Sim Manhole Cover art in Japan. Quite interesting! http://www.wservernews.com/070910-Manhole-Cover-Art Introducing Engineering TV, an innovative online video program by engineers for engineers. http://www.wservernews.com/070910-Engineering-TV The oddee site is a source of never ending entertainment. http://www.wservernews.com/070910-oddee

	WServerNews - Product of the Week

Reclaim up to 80% of your Exchange Store with ExchangeCompress Attachments can be consuming up to 90% of your Exchange Server mailbox space. In addition many of the attachments are duplicated again and again wasting gigabytes of space. You can try to impose quotas, but you are subjected to endless phone calls when user's run out of space. Now there is a better way! ExchangeCompress 2.0 allows you to control the space used by attachments and reduce the size of your Exchange mailboxes by up to 80%! ExchangeCompress 2.0 can separate attachments as they come in with no impact to the user. Download a free trial at: http://www.wservernews.com/070910-ExchangeCompress