Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 13, #28 - Jul 7, 2008 - Issue #682
Google Gives Away Free Web App Security Scanner

  1. Editor's Corner
    • So, When Is XP Really Going To Die?
    • Google Gives Away Free Web App Security Scanner
    • Quotes of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Tech Briefing
    • iPhone Lacks Security Updates
    • Free One-Day Seminar: Mark Minasi Provides Vista Best Practices
    • Tip: Repairing Damaged OWA Virtual Directories In Exchange 2003
    • Tip: Planning MS Office SharePoint Server Disaster Recovery
    • Seven Cloud-Computing Security Risks
  4. Windows Server News
    • Debate over Value of Storage Virtualization Begins in Earnest
    • Secure SQL Server From SQL Injection Attacks
    • MS Office Now In 'SaaS' Format
    • Microsoft Investigates WSUS Patch Snafu
  5. WServer Third Party News
    • Do Not Renew Your Current Enterprise AntiVirus!
    • Stomping Down On Holes
    • Double-Take Software Tech*Ed 2008
  6. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  7. WServerNews - Product of the Week
    • Watch a Demo and Get a Cool Free T-Shirt
Watch a Demo and Get a Cool Free T-Shirt

iPrism Web Filter leads the pack in stopping Web-based threats like spyware, malware, anonymizers and inappropriate content. Now, when you watch the iPrism in action, you get a cool t-shirt and a chance to win a 50" plasma TV. Better than software- only solutions, iPrism's powerful appliance-based technology protects at the perimeter and can be installed and working within minutes. And iPrism got 5-stars from SC magazine and has renewal rates of over 98%. Find out why! See the leader of the pack in action and get a cool t-shirt while supplies last!
http://www.wservernews.com/080707-iPrism-Web-Filter

Editor's Corner

So, When Is XP Really Going To Die?

Well, it mostly depends on your hardware. Last week XP went into retirement, but only sorta. It's a bit of a semi-retirement really, because technically you won't be able to get XP from major vendors like Dell and HP after they ship their last XP inventory, however, there are ways around it. Microsoft also will not give you XP under its Volume Licensing program, but you -are- allowed to downgrade from Vista Biz Ultimate to XP Pro.

There are still quite a few boxed copies floating around in retail stores, and I'm sure you will start finding those on EBAY at increasing prices. Retail PC stores can legally sell you XP until January 31, 2009. Next are the Home and Starter flavors, and these will only be pre-installed on low cost PCs until June 30, 2010. (that's the nettops and netbooks that a lot of vendors will be shipping for quite a while)

Redmond has promised to continue to ship security updates and other critical updates, which I assume will be requiring SP3, until April of 2014. At which time XP will have lived to the ripe old OS-age of 14!

Google Gives Away Free Web App Security Scanner

If your organization develops or uses Web-based applications, Google just released for free one of its internal testing tools. They claim that their 'Ratproxy' is quick and less intrusive than other security scanners. They have posted an overview and also the source code. This may be quite cool, we have not had the time to play with it:
http://www.wservernews.com/080707-Ratproxy


Quotes of the Week

"And for the support of this Declaration, with a firm reliance on the protection of divine Providence, we mutually pledge to each other our Lives, our Fortunes and our sacred Honor." --- last sentence of the Declaration of Independence, 1776

"We must hang together, gentlemen...else, we shall most assuredly hang separately." - Benjamin Franklin, at the signing of above Declaration

Thank you for being a WServerNews subscriber. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/080707-Subscribe

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

You want to know, don't you?

Who is your organization's least productive employee? Is your PR person writing whitepapers or Wikipedia articles? Are your account managers updating Salesforce or their Facebook profiles? Plug Kerio WinRoute Firewall 6.4 into your network and use the new StaR reporting system to see where everyone is going online. Works with your existing firewall and runs on any Windows system. Starts at $399.
http://www.wservernews.com/080707-Kerio-Winroute-Firewall


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Help Desk application now available for the rest of us. Learn more about BridgeTrak:
http://www.wservernews.com/080707-BridgeTrak

Free Web-based Online Directory, Self Service Editing, LCS/OCS Presence! Check out other editions with Data Integrity Controls and Photo support.
http://www.wservernews.com/080707-Web-based-Online-Directory

iPrism Web Filter leads the pack in value and performance. See the iPrism in action and get a cool t-shirt free!
http://www.wservernews.com/080707-iPrism

Save yourself significant IT budget, management headaches and prevent end- user complaints that their PC slows down. VIPRE Enterprise is coming:
http://www.wservernews.com/080707-VIPRE-Enterprise


Tech Briefing

iPhone Lacks Security Updates

According to one researcher, numerous flaws exist on the iPhone, many of which are the result of the iPhone's software packages not being kept up to date in the same fashion that patches for the desktop iteration of Mac OS 10.5 are. (Net Applications has done some math recently and concluded that Apple has 7.94% of the desktop OS market to Windows' 90.89% and Linux' 0.80%.) AT&T stated that it will sell the new iPhone 3G without a service contract for $599 (8GB) or $699 (16GB). That means about $200 to $400 more than with the two-year AT&T contract, and you will still need some kind of AT&T wireless subscription if you do not sign up for the phone service. AT&T has announced they will sell the 3Gs starting July 11. The service contracts are quite pricey actually. They are from $89.99 a month to $129.99 plus a $36 activation fee. More at:
http://www.wservernews.com/080707-iPhone-Lacks-Security-Updates


Free One-Day Seminar: Mark Minasi Provides Vista Best Practices

Are you currently deploying or planning an upgrade to Windows Vista? Or just looking for more information on Microsoft's latest desktop operating system? If so, let best-selling author and Windows guru Mark Minasi be your guide at this just-the-facts event coming to Washington DC on August 12, and Atlanta and Minneapolis in September. Seating is limited, register today!
http://www.wservernews.com/080707-Minasi-Vista-Seminar


Tip: Repairing Damaged OWA Virtual Directories In Exchange 2003

Microsoft Exchange Server virtual directory corruption can prevent Outlook Web Access (OWA) from displaying icons properly. The step-by-step process provided in this tip shows you how to repair the damaged Exchange Server 2003 virtual directories that OWA uses. (registration required)
http://www.wservernews.com/080707-Repairing-OWA-Virtual-Directories


Tip: Planning MS Office SharePoint Server Disaster Recovery

When developing a disaster recovery plan for a Windows environment, IT managers should make sure Microsoft Office SharePoint Server's unique needs are reviewed and included in the process. This tip outlines seven key steps to properly protect your SharePoint Server. (registration required)
http://www.wservernews.com/080707-SharePoint-Disaster-Recovery


Seven Cloud-Computing Security Risks

Cloud computing services may be picking up traction with businesses, but a new report from Gartner warns that the technology has security risks. More:
http://www.wservernews.com/080707-Cloud-Security


Windows Server News

Debate over Value of Storage Virtualization Begins in Earnest

What is good for the server gander may not be so good for the storage goose. The complexities of storage virtualization may push people to simpler approaches to increasing storage utilization rates. Meanwhile, the dynamics of storage continue to change rapidly, which may be one reason new approaches to storage services in the cloud are emerging in a way that could ultimately give rise to a new data-as-a-service model. eWeek has a good discussion:
http://www.wservernews.com/080707-Storage-Virtualization


Secure SQL Server From SQL Injection Attacks

Did you know that any Web application using dynamic SQL is at risk for a SQL injection attack? It's one of the most common security risks for Internet-facing SQL Server databases. In this tip, you'll learn how SQL injection works and get precise steps to protect against attacks. (registration required)
http://www.wservernews.com/080707-SQL-Injection


MS Office Now In 'SaaS' Format

Redmond came clean about what the secretive Albany project was all about. 'MS-Office as SaaS' is the bet they are making. It's officially called Microsoft Equipt and they want to rent you Office Home or Student 2007 so they can bundle it when you buy a PC. Obviously this is to push back Google Apps.

But just look at the prices for a moment. This is $69.99 a year. Sounds like a deal until you do the math. What these bundles contain is OneNote, Word, Excel, and PowerPoint. Added is Windows Live Care AV, and Windows Live tools which are Mail, Messenger and Photo Gallery. You also get LiveWorkspace, which you use to save documents. The new bit about all this is that you also get free updates delivered via the pipe, if those come out before the full-price next generation. You can load it on 3 home PCs.

And now about the math. The above Office software normally is $149.99, but I have seen cheaper offers. If you add up all above modules it would be around 200 bucks. So after about 3 years, Redmond gets more money than if you'd buy it separately. Most households keep their PCs 4 or even 5 years. Erm.. I do not think this is going to be a blockbuster...

Microsoft Investigates WSUS Patch Snafu

Microsoft is investigating reports from users unable to update client PCs using WSUS. They confirmed last week they are investigating two-week-old reports from users unable to update client PCs. Also stated it's "premature" to assume the snafu had the same source as another patch glitch the company has grappled with since mid-June. Here is the advisory:
http://www.wservernews.com/080707-WSUS-Patch-Snafu


WServer Third Party News

Do Not Renew Your Current Enterprise AntiVirus!

It's time to ditch expensive, bloated, old-style AV products! Save your IT budget and don't renew products from Symantec, McAfee and Trend Micro. AV products are useless if the cure is worse than the disease - from complaining users and worse, users that uninstall AV from their desktop. It's time for next generation AV technology to step in! VIPRE Enterprise gives you a high-performance, single-engine endpoint agent, without compromising on detection and remediation of viruses, trojans, worms, spyware and malware, combined with a strong and fast management console that WORKS. The Virus Bulletin recently reviewed the beta and is now at this location: PDF
http://www.wservernews.com/080707-VB-Review


Stomping Down On Holes

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.
New Checks
H162 CIFS (samba) yields code execution - HP-UX 11
L829 PhpMyAdminrgister_globals .htaccess /libraries flaw - FC
L830 Horde multiple user input sanitation failures - FC
L831 Nasm off-by-one error - FC
L832 Libetpan NULL pointer dereference error - FC
L833 Perl rmtree permissions check failure - FC
L834 Ruby WEBrick & multiple rb_ function overfs - FC
L837 Xine-lib demux_nst_send_chunk flaw - SuSE
L839 Libvorbis residue Xiph.org & audio processing flaws - SuSE
L840 Vorbis-tools Speex file header validation error - SuSE
L841 Pdns-recursor TRXID and UDP randomness flaw - SuSE
L842 Opensuse-updater symlink off-by-one errors - SuSE
L844 Xorg-x11-server multiple vulnerabilities - SuSE
L845 Mozilla-xulrunner181 vulnerabilities - SuSE
L846 TCl/TK ReadImage function flaw - SuSE
L847 CUPS CairoFont::create embedded font error - SuSE
L848 Qemu drive_init raw disk image access flaw - SuSE
L850 PAN Parts batch .nzb data structure management flaw - SuSE
L852 Evolution iCalendar timezone data flaw - SuSE
L853 Opera multiple web page vulnerabilities - SuSE
L854 Linux Kernel multiple vulnerabilities - SuSE
L855 Fetchmail -v-v mode malformed mail flaw - FC
L857 Freetype2 16-bit & Printer Font Binary flaws -SciLinux
L861 Freetype2 16-bit & Printer Font Binary flaws - RHE
M141 Security Update 2008-004 / 10.5.4 - Mac OS X
N89 Cisco UCM multiple security vulnerabilities
S94 SnmpXdmid packet handling vulnerability - Solaris 8 - 10
S325 MySQL Multiple Vulnerabilities - Solaris 10
S439 Adobe Reader plugin vulnerabilities - Solaris
W38 Novell Client Vulnerability - W2K^ XP^ W2K3
W1465 Apache mod_proxy interim response control
W3358 Internet Explorer Domain enforcement iFrame hijacks

Updated Checks H135 OpenView Operations/VantagePoint JRE vulnerability L819 Freetype2 16-bit & Printer Font Binary flaws - RHE S523 Bzip2 Vulnerabilities - Solaris 8 - 10 W1142 Anti-virus Signature Outdated - McAfee W1986 Anti-virus Signature Outdated - Symantec W1999 Anti-virus Signature Outdated - Trend Micro W2067 Anti-virus Signature Outdated - F-Secure W2070 Anti-virus Signature Outdated - CA eTrust
Sunbelt Network Security Inspector version 1.6.107.0 was released July 3, 2008.

Sunbelt Software recommends you download the new SNSI version 1.6.107.0, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/080707-SNSI


Double-Take Software Tech*Ed 2008

With a bronze sponsorship, premium booth location, and huge customer appreciation party, Double-Take Software made a BIG splash at Tech-Ed 2008. Thank you to everyone who came out to rock with Double-Take Software and Cluster-Funk at Margaritaville in Orlando. Cluster-Funk played to a packed crowd of over 700 people - it was a great evening of music and fun. If you missed the party this year, don't miss it next year! Be sure to stay tuned for details on the 2009 Tech-Ed party in Los Angeles!

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - Product of the Week

Watch a Demo and Get a Cool Free T-Shirt

iPrism Web Filter leads the pack in stopping Web-based threats like spyware, malware, anonymizers and inappropriate content. Now, when you watch the iPrism in action, you get a cool t-shirt and a chance to win a 50" plasma TV. Better than software- only solutions, iPrism's powerful appliance-based technology protects at the perimeter and can be installed and working within minutes. And iPrism got 5-stars from SC magazine and has renewal rates of over 98%. Find out why! See the leader of the pack in action and get a cool t-shirt while supplies last!
http://www.wservernews.com/080707-iPrism-Demo