|
Vol. 13, #28 - Jul 7, 2008 - Issue #682
|
|
Google Gives Away Free Web App Security Scanner
|
- Editor's Corner
- So, When Is XP Really Going To Die?
- Google Gives Away Free Web App Security Scanner
- Quotes of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Tech Briefing
- iPhone Lacks Security Updates
- Free One-Day Seminar: Mark Minasi Provides Vista Best Practices
- Tip: Repairing Damaged OWA Virtual Directories In Exchange 2003
- Tip: Planning MS Office SharePoint Server Disaster Recovery
- Seven Cloud-Computing Security Risks
- Windows Server News
- Debate over Value of Storage Virtualization Begins in Earnest
- Secure SQL Server From SQL Injection Attacks
- MS Office Now In 'SaaS' Format
- Microsoft Investigates WSUS Patch Snafu
- WServer Third Party News
- Do Not Renew Your Current Enterprise AntiVirus!
- Stomping Down On Holes
- Double-Take Software Tech*Ed 2008
- WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- Watch a Demo and Get a Cool Free T-Shirt
|
Watch a Demo and Get a Cool Free T-Shirt
|
iPrism Web Filter leads the pack in stopping Web-based threats
like spyware, malware, anonymizers and inappropriate content.
Now, when you watch the iPrism in action, you get a cool
t-shirt and a chance to win a 50" plasma TV. Better than software-
only solutions, iPrism's powerful appliance-based technology
protects at the perimeter and can be installed and working within
minutes. And iPrism got 5-stars from SC magazine and has renewal
rates of over 98%. Find out why! See the leader of the pack
in action and get a cool t-shirt while supplies last!
http://www.wservernews.com/080707-iPrism-Web-Filter
|
|
 |
Editor's Corner |
|
So, When Is XP Really Going To Die?
Well, it mostly depends on your hardware. Last week XP went into retirement,
but only sorta. It's a bit of a semi-retirement really, because technically
you won't be able to get XP from major vendors like Dell and HP after they
ship their last XP inventory, however, there are ways around it. Microsoft
also will not give you XP under its Volume Licensing program, but you -are-
allowed to downgrade from Vista Biz Ultimate to XP Pro.
There are still quite a few boxed copies floating around in retail stores,
and I'm sure you will start finding those on EBAY at increasing prices.
Retail PC stores can legally sell you XP until January 31, 2009. Next are
the Home and Starter flavors, and these will only be pre-installed on low
cost PCs until June 30, 2010. (that's the nettops and netbooks that a lot
of vendors will be shipping for quite a while)
Redmond has promised to continue to ship security updates and other critical
updates, which I assume will be requiring SP3, until April of 2014. At which
time XP will have lived to the ripe old OS-age of 14!
Google Gives Away Free Web App Security Scanner
If your organization develops or uses Web-based applications, Google just
released for free one of its internal testing tools. They claim that their
'Ratproxy' is quick and less intrusive than other security scanners. They
have posted an overview and also the source code. This may be quite cool,
we have not had the time to play with it:
http://www.wservernews.com/080707-Ratproxy
Quotes of the Week
"And for the support of this Declaration, with a firm reliance on the
protection of divine Providence, we mutually pledge to each other our
Lives, our Fortunes and our sacred Honor." --- last sentence of the
Declaration of Independence, 1776
"We must hang together, gentlemen...else, we shall most assuredly hang
separately." - Benjamin Franklin, at the signing of above Declaration
Thank you for being a WServerNews subscriber. Please
tell your friends about us. They can subscribe here:
http://www.wservernews.com/080707-Subscribe
|
|
You want to know, don't you?
Who is your organization's least productive employee? Is
your PR person writing whitepapers or Wikipedia articles?
Are your account managers updating Salesforce or their
Facebook profiles? Plug Kerio WinRoute Firewall 6.4 into
your network and use the new StaR reporting system to see
where everyone is going online. Works with your existing
firewall and runs on any Windows system. Starts at $399.
http://www.wservernews.com/080707-Kerio-Winroute-Firewall
|
|
|
Tech Briefing |
|
iPhone Lacks Security Updates
According to one researcher, numerous flaws exist on the iPhone, many of
which are the result of the iPhone's software packages not being kept up
to date in the same fashion that patches for the desktop iteration of Mac
OS 10.5 are. (Net Applications has done some math recently and concluded
that Apple has 7.94% of the desktop OS market to Windows' 90.89% and
Linux' 0.80%.) AT&T stated that it will sell the new iPhone 3G without a
service contract for $599 (8GB) or $699 (16GB). That means about $200 to
$400 more than with the two-year AT&T contract, and you will still need
some kind of AT&T wireless subscription if you do not sign up for the
phone service. AT&T has announced they will sell the 3Gs starting July 11.
The service contracts are quite pricey actually. They are from $89.99 a
month to $129.99 plus a $36 activation fee. More at:
http://www.wservernews.com/080707-iPhone-Lacks-Security-Updates
Free One-Day Seminar: Mark Minasi Provides Vista Best Practices
Are you currently deploying or planning an upgrade to Windows Vista? Or just
looking for more information on Microsoft's latest desktop operating system?
If so, let best-selling author and Windows guru Mark Minasi be your guide
at this just-the-facts event coming to Washington DC on August 12, and
Atlanta and Minneapolis in September. Seating is limited, register today!
http://www.wservernews.com/080707-Minasi-Vista-Seminar
Tip: Repairing Damaged OWA Virtual Directories In Exchange 2003
Microsoft Exchange Server virtual directory corruption can prevent Outlook
Web Access (OWA) from displaying icons properly. The step-by-step process
provided in this tip shows you how to repair the damaged Exchange Server
2003 virtual directories that OWA uses. (registration required)
http://www.wservernews.com/080707-Repairing-OWA-Virtual-Directories
Tip: Planning MS Office SharePoint Server Disaster Recovery
When developing a disaster recovery plan for a Windows environment, IT
managers should make sure Microsoft Office SharePoint Server's unique
needs are reviewed and included in the process. This tip outlines seven
key steps to properly protect your SharePoint Server. (registration required)
http://www.wservernews.com/080707-SharePoint-Disaster-Recovery
Seven Cloud-Computing Security Risks
Cloud computing services may be picking up traction with businesses, but a
new report from Gartner warns that the technology has security risks. More:
http://www.wservernews.com/080707-Cloud-Security
|
|
Windows Server News |
|
Debate over Value of Storage Virtualization Begins in Earnest
What is good for the server gander may not be so good for the storage
goose. The complexities of storage virtualization may push people to simpler
approaches to increasing storage utilization rates. Meanwhile, the dynamics
of storage continue to change rapidly, which may be one reason new approaches
to storage services in the cloud are emerging in a way that could ultimately
give rise to a new data-as-a-service model. eWeek has a good discussion:
http://www.wservernews.com/080707-Storage-Virtualization
Secure SQL Server From SQL Injection Attacks
Did you know that any Web application using dynamic SQL is at risk for a
SQL injection attack? It's one of the most common security risks for
Internet-facing SQL Server databases. In this tip, you'll learn how
SQL injection works and get precise steps to protect against attacks.
(registration required)
http://www.wservernews.com/080707-SQL-Injection
MS Office Now In 'SaaS' Format
Redmond came clean about what the secretive Albany project was all about.
'MS-Office as SaaS' is the bet they are making. It's officially called
Microsoft Equipt and they want to rent you Office Home or Student 2007
so they can bundle it when you buy a PC. Obviously this is to push back
Google Apps.
But just look at the prices for a moment. This is $69.99 a year. Sounds
like a deal until you do the math. What these bundles contain is OneNote,
Word, Excel, and PowerPoint. Added is Windows Live Care AV, and Windows
Live tools which are Mail, Messenger and Photo Gallery. You also get
LiveWorkspace, which you use to save documents. The new bit about all this
is that you also get free updates delivered via the pipe, if those come
out before the full-price next generation. You can load it on 3 home PCs.
And now about the math. The above Office software normally is $149.99,
but I have seen cheaper offers. If you add up all above modules it would
be around 200 bucks. So after about 3 years, Redmond gets more money than
if you'd buy it separately. Most households keep their PCs 4 or even 5
years. Erm.. I do not think this is going to be a blockbuster...
Microsoft Investigates WSUS Patch Snafu
Microsoft is investigating reports from users unable to update client
PCs using WSUS. They confirmed last week they are investigating
two-week-old reports from users unable to update client PCs. Also
stated it's "premature" to assume the snafu had the same source as
another patch glitch the company has grappled with since mid-June.
Here is the advisory:
http://www.wservernews.com/080707-WSUS-Patch-Snafu
|
|
WServer Third Party News |
|
Do Not Renew Your Current Enterprise AntiVirus!
It's time to ditch expensive, bloated, old-style AV products! Save your IT
budget and don't renew products from Symantec, McAfee and Trend Micro. AV
products are useless if the cure is worse than the disease - from complaining
users and worse, users that uninstall AV from their desktop. It's time for
next generation AV technology to step in! VIPRE Enterprise gives you a
high-performance, single-engine endpoint agent, without compromising on
detection and remediation of viruses, trojans, worms, spyware and malware,
combined with a strong and fast management console that WORKS. The Virus
Bulletin recently reviewed the beta and is now at this location: PDF
http://www.wservernews.com/080707-VB-Review
Stomping Down On Holes
SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE)
list of computer incidents. It also contains the latest SANS/FBI top 20
vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and
FedCIRC (Department of Homeland Security) advisories.New Checks
H162 CIFS (samba) yields code execution - HP-UX 11
L829 PhpMyAdminrgister_globals .htaccess /libraries flaw - FC
L830 Horde multiple user input sanitation failures - FC
L831 Nasm off-by-one error - FC
L832 Libetpan NULL pointer dereference error - FC
L833 Perl rmtree permissions check failure - FC
L834 Ruby WEBrick & multiple rb_ function overfs - FC
L837 Xine-lib demux_nst_send_chunk flaw - SuSE
L839 Libvorbis residue Xiph.org & audio processing flaws - SuSE
L840 Vorbis-tools Speex file header validation error - SuSE
L841 Pdns-recursor TRXID and UDP randomness flaw - SuSE
L842 Opensuse-updater symlink off-by-one errors - SuSE
L844 Xorg-x11-server multiple vulnerabilities - SuSE
L845 Mozilla-xulrunner181 vulnerabilities - SuSE
L846 TCl/TK ReadImage function flaw - SuSE
L847 CUPS CairoFont::create embedded font error - SuSE
L848 Qemu drive_init raw disk image access flaw - SuSE
L850 PAN Parts batch .nzb data structure management flaw - SuSE
L852 Evolution iCalendar timezone data flaw - SuSE
L853 Opera multiple web page vulnerabilities - SuSE
L854 Linux Kernel multiple vulnerabilities - SuSE
L855 Fetchmail -v-v mode malformed mail flaw - FC
L857 Freetype2 16-bit & Printer Font Binary flaws -SciLinux
L861 Freetype2 16-bit & Printer Font Binary flaws - RHE
M141 Security Update 2008-004 / 10.5.4 - Mac OS X
N89 Cisco UCM multiple security vulnerabilities
S94 SnmpXdmid packet handling vulnerability - Solaris 8 - 10
S325 MySQL Multiple Vulnerabilities - Solaris 10
S439 Adobe Reader plugin vulnerabilities - Solaris
W38 Novell Client Vulnerability - W2K^ XP^ W2K3
W1465 Apache mod_proxy interim response control
W3358 Internet Explorer Domain enforcement iFrame hijacks
Updated Checks
H135 OpenView Operations/VantagePoint JRE vulnerability
L819 Freetype2 16-bit & Printer Font Binary flaws - RHE
S523 Bzip2 Vulnerabilities - Solaris 8 - 10
W1142 Anti-virus Signature Outdated - McAfee
W1986 Anti-virus Signature Outdated - Symantec
W1999 Anti-virus Signature Outdated - Trend Micro
W2067 Anti-virus Signature Outdated - F-Secure
W2070 Anti-virus Signature Outdated - CA eTrust
Sunbelt Network Security Inspector version 1.6.107.0 was released July 3, 2008.
Sunbelt Software recommends you download the new SNSI version 1.6.107.0,
scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/080707-SNSI
Double-Take Software Tech*Ed 2008
With a bronze sponsorship, premium booth location, and huge customer
appreciation party, Double-Take Software made a BIG splash at Tech-Ed 2008.
Thank you to everyone who came out to rock with Double-Take Software and
Cluster-Funk at Margaritaville in Orlando. Cluster-Funk played to a packed
crowd of over 700 people - it was a great evening of music and fun. If you
missed the party this year, don't miss it next year! Be sure to stay tuned
for details on the 2009 Tech-Ed party in Los Angeles!
|
|
WServerNews FAVE Links |
|
This Week's Links We Like. Tips, Hints And Fun Stuff.
|
|
WServerNews - Product of the Week |
|
Watch a Demo and Get a Cool Free T-Shirt
iPrism Web Filter leads the pack in stopping Web-based threats
like spyware, malware, anonymizers and inappropriate content.
Now, when you watch the iPrism in action, you get a cool
t-shirt and a chance to win a 50" plasma TV. Better than software-
only solutions, iPrism's powerful appliance-based technology
protects at the perimeter and can be installed and working within
minutes. And iPrism got 5-stars from SC magazine and has renewal
rates of over 98%. Find out why! See the leader of the pack
in action and get a cool t-shirt while supplies last!
http://www.wservernews.com/080707-iPrism-Demo
|
|
|
|
|
Email me: 