WServerNews (formerly W2Knews)

MY PROFILE | PRIVACY

Vol. 15, #5 - Feb 8, 2010 - Issue #763

The Curse Of Software In Cars

This issue of WServerNews is sponsored by

Editor's Corner
- The Curse Of Software In Cars
- Cybersecurity Bill OK'd By House
- Would You Do Us A Favor And Vote for VIPRE?
- Quote Of The Week
Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
Webinars & Seminars
- Affordable, Enterprise Email Archiving - 2/9
- VIPRE® Enterprise Product Demonstration - 2/16
- VIPRE Email Security for Exchange Product Demonstration - 2/23
- Understanding Audit Logging in SQL Server 2008 - 2/18
Tech Briefing
- Heads-Up: Colossal Patch Tuesday Coming
- Bank IT Security Is At Fault With Stolen Funds
- Microsoft To Revise Virtual Desktop Licensing In 2010
- How To Install A Clean Version Of Windows 7
- Why Hyper-V R2's Cluster Shared Volumes Saves Time And Money
Windows Server News
- Top 10 Changes To Windows Server 2008 R2
- Windows Server 2008 Hyper-V Security
- VMware Security: The Ultimate Administrator's Resource Guide
Third Party News
- iPad As A Thin Client For Windows 7
- The Recent List Of Network Holes
WServerNews Fave Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
WServerNews - Product of the Week
- Ensuring Data Integrity In A Global IT Environment

Ensuring data integrity in a global IT environment

International organizations with offices around the world are especially challenged when it comes to ensuring the integrity and consistency of Active Directory data. Imagine IT staff from Brazil to China creating new user accounts using various languages and special characters. rDirectory, a web-based employee and resource directory, ensures the consistency and integrity of Active Directory data by dictating the format of user accounts using pick lists, validation expressions and object selectors. And, you can force users to complete profiles accurately before accessing rDirectory. Users in any country can create or modify accounts in any language error free!
http://www.wservernews.com/100208-rDirectory

	Editor's Corner

The Curse Of Software In Cars I'm driving a Toyota Camry Hybrid, so this is close to home. An unknown amount of accidents are caused by electronic glitches we are told. Car companies started with electronics at the level of relatively simple anti-lock braking. Next was stability control, which gave brakes another software-controlled duty to perform. And in modern hybrids, brakes have now acquired their third role, "regenerative braking," creating juice to recharge the batteries for fuel-saving purposes. Which brings me to the "curse" issue. To save fuel, electronic complexity will increase exponentially with even more sensors, code to optimize emissions, and additional logic to coordinate electric and gas-powered drive trains. Not to speak of "modular" engines, with devices very much like a clutch to link and delink cylinders depending on power needs. All this translates to miles of wire and millions of lines of code. And we in IT know what this means: An average of one bug in a thousand lines of code. That may not be critical in a desktop computer. But it sure can be deadly in a vehicle. I'm certain that the thing which focuses Top Brass at car-makers the most is that recently several Mitsubishi executives were charged with manslaughter in Japan for failing to investigate defects in delivery trucks that were involved in two deaths. There is a growing worldwide trend to create "Corporate Homicide" laws, which I'm sure will cause software development in car companies to climb to NASA-level specs. I hope that Microsoft will follow suit and give us rock-solid Operating Systems from day one of the release. (Hat Tip to WSJ). Cybersecurity Bill OK'd By House Security analysts gave a cautious thumbs-up to the passage of the Cybersecurity Enhancement Act of 2009 (HR 4061) by the U.S. House of Representatives. The bill, sponsored by Rep. Daniel Lipinski (D-Ill.), aims to bolster federal cybersecurity research and development and stimulate the growth of a cybersecurity workforce in the U.S. Approved by the House Science and Technology Committee in November, it won passage by a whopping 422-6 vote in the House. The bill is the first major cybersecurity legislation to make it through the House this year. It now has to pass muster in Senate before it can become law, and no Senate version of the bill that has even been drafted yet. Computerworld has the best write-up: http://www.wservernews.com/100208-Cybersecurity Would You Do Us A Favor And Vote for VIPRE? VIPRE Enterprise is one of 9 finalists in the Security Product of the Year category in the 2010 Networking Computing Awards. Follow the link and cast your vote for VIPRE. Thanks so much in advance! http://www.wservernews.com/100208-Survey Quote Of The Week "Knowledge is of no value unless you put it into practice." - Anton Chekhov Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here: http://www.wservernews.com/100208-Subscribe PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends: http://www.wservernews.com/100208-WXPNews PPS: And now we have our new Win7News! You can subscribe here, and tell your friends: http://www.wservernews.com/100208-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman |

Email me: [email protected]

Wanted: VIPRE Enterprise Premium Beta Testers - Get A T-Shirt

We're getting close to release. Last chance to influence the future of VIPRE 4.0! Beta 4, the last Beta before release and potentially a Release Candidate, will be released the week of Feb 8. VIPRE Enterprise Version 4 new stuff: a Bi-directional Firewall, HIPS, NIPS, IDS, Web Filtering, Ad Blocking, Bad URL Blocking, and Anti-Phishing. For good measure we allow you to write your own SNORT rules. And, it supports "tiering" and "peering" with the new VIPRE Site Service, which also allows granular admin control. And all this still with a very small, super-low overhead, single-agent footprint! Email [email protected] to receive a key for more than 5 workstations. Create your login at:
http://www.wservernews.com/100125-Beta-Forum-Login

You'll get an email with your confirmation. Log in, and then use this link to get the console; the agent automatically downloads.
http://www.wservernews.com/100125-Beta-Forum

	Admin Toolbox

Admin Tools We Think You Shouldn't Be Without Simplify your life with mPowerTools - 100+ Reports - Tackle AD chores in bulk A Search & Replace Tool - you'll never script again & no 3rd party databases! http://www.wservernews.com/100208-mPowerTools ScriptLogic Perspective Network Management Solution. A comprehensive and affordable solution for bandwidth and network performance. http://www.wservernews.com/100208-Perspective Can You Install a Web Security Appliance in 15 mins? You can with the iPrism appliance. Sign up now for a demo & get a t-shirt! http://www.wservernews.com/100208-iPrism Unleash the power of Secure Shell on your Windows servers. Gain secure file transfers and remote administration. Download the white paper. http://www.wservernews.com/100208-Attachmate

	Webinars & Seminars

Affordable, Enterprise Email Archiving - 2/9 Exchange performance is suffering. Your users complain about email storage and don't want any quotas. Your CEO requires legal compliance. Want a high-end, feature-rich, admin-friendly product that solves all these issues at a very affordable price? Then don't miss this Sunbelt Exchange Archiver webinar. When: Tuesday, February 9, 2010, 2:00 PM (EST) Please register here: http://www.wservernews.com/100208-Email-Archiving VIPRE® Enterprise Product Demonstration - 2/16 Want total malware protection without the bloat? Join us for a look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's complex malware in the most comprehensive, highly efficient manner. When: Tuesday, February 16, 2010, 11:00 AM (EST) Please register here: http://www.wservernews.com/100208-VIPRE-Demo VIPRE Email Security for Exchange Product Demonstration - 2/23 Securing your Exchange Server is key to protecting your enterprise environment from spam, viruses, phishing, and other messaging threats. In this product demo, learn how the new version of VIPRE Email Security for Exchange (formerly Ninja Email Security) can help protect your network and cut your Exchange admin time in half with this powerful, policy-based email security product. When: Tuesday, February 23, 2010, 2:00 PM (EST) Please register here: http://www.wservernews.com/100208-VIPRE-Email-Security Understanding Audit Logging in SQL Server 2008 - 2/18 With 2008, SQL Server finally has a real audit log capability. It's flexible, high performance and can report its events directly to the Windows Security Event Log which means you can leverage the security and integrity of the security log AND take advantage of whatever log management solution you currently use to collect, monitor and report server logs. This real training webinar is not free. For specialized topics where finding a sponsor is not practical. The fee is low and there is no sponsor presentation; your info will not be shared with anyone. It's all deep, technical training. Title: Understanding Audit Logging in SQL Server 2008 Date: February 18, 2010 - 12:00PM US Eastern Time This is real training. Space is limited. Reserve your Webinar seat now at: http://www.wservernews.com/100208-Audit-Logging

	Tech Briefing

Heads-Up: Colossal Patch Tuesday Coming Redmond plans to fix a whopping 26 holes this February's Patch Tuesday. Most of the vulnerabilities are related to the Windows OS. They plan to release 13 security bulletins Feb. 9 as part of this month's Patch Tuesday. Five of the 13 bulletins are rated critical, seven are rated important and one is rated moderate. Microsoft said it plans to patch an escalation-of-privilege issue in the Windows kernel that it warned users about in January. Among the issues not being addressed this month are an IE bug the company issued an advisory about on Feb. 3 and a vulnerability in the SMB (Server Message Block) protocol Redmond is still working to fix. Here is the Redmond Bulletin: http://www.wservernews.com/100208-Security-Bulletin Bank IT Security Is At Fault With Stolen Funds WSN subscriber David Stever sent this: "The story about the crappy bank in Texas suing their own customer is a story about crummy bank security, not about the customer doing anything wrong on their end. Read the story again; the bank allowed withdrawals based on a different IP address range, and a completely different pattern than the company had done before, as the article you reference mentions. The bank was out of line to allow the withdrawals, and for them to turn around and sue the customer for responding to their incompetence is beyond belief. Even if account info was breached on the customer end, the fact that the withdrawal pattern was so different then past usage should have been a red flag for the bank, and at least triggered human intervention and some phone calls. The Consumerist website (formerly a part of Gawker Media, and now owned by Consumer Union) had an excellent article last Thursday about this case at: http://www.wservernews.com/100208-Bank-Lawsuit Microsoft To Revise Virtual Desktop Licensing In 2010 Microsoft's Software Assurance licensing program makes desktop virtualization too expensive for many IT shops. But the company said it will make changes to the per-device model. Find out what other IT pros are saying about the relative merits of SA and VECD: http://www.wservernews.com/100208-Virtual-Desktop-Licensing How To Install A Clean Version Of Windows 7 There are several ways to install a clean version of Windows 7 on enterprise desktops. And regardless of the method, the process may be easier than upgrading from Windows XP or Windows Vista. This article provides scenarios recommended for a clean install for Windows 7 as well as four easy steps to replace the hard drive with a larger hard drive with Windows 7 installed: (Email Registration Required) http://www.wservernews.com/100208-Install-Win7 Why Hyper-V R2's Cluster Shared Volumes Saves Time And Money Implementing virtual server technologies is supposed to make data centers more efficient, flexible and cheaper. For the most part, a virtualization platform from any vendor will deliver on those promises. Read this article to find out three benefits that will demonstrate how this clustering technology not only reduces the headaches associated with configuring Hyper-V R2 VMs but also saves valuable storage space, which translates into concrete cost savings: (Email Registration Required) http://www.wservernews.com/100208-Hyper-V

	Windows Server News

Top 10 Changes To Windows Server 2008 R2 The staff at SearchWindowsServer.com did their homework and came up with this slide show that shows that a lot has changed with the release of Redmond's latest server OS. Check out our list of the 10 most significant improvements: http://www.wservernews.com/100208-Server2008-Changes Windows Server 2008 Hyper-V Security Jan De Clercq from WinIT Pro wrote a good article about this. He started out with: "Server virtualization allows for the hosting of different virtual guest computer environments on a single physical host computer. Organizations can use server virtualization to consolidate servers; build more cost-efficient and effective development, test, and pre-production environments; simplify disaster recovery; and easily port virtual servers across different hardware platforms. Microsoft provides two server-virtualization solutions. The first is Microsoft Virtual Server--a free software package that you can use to build virtual servers on top of Windows Server 2003, Windows XP, and Windows Vista. Microsoft's most recent server virtualization solution is Hyper-V--an integral part of Windows Server 2008. Like Microsoft Virtual Server, Hyper-V allows for the virtualization of both Windows and non-Windows OSs. Read the full (long) article for information about Hyper-V security: http://www.wservernews.com/100208-Hyper-V-Security VMware Security: The Ultimate Administrator's Resource Guide Last year, Gartner, Inc. estimated that 60% of virtual machines would be less secure than their physical counterparts through 2009. Was your virtual infrastructure part of the statistic, or were you on top of the virtual security game? Use these resources as a guide to hardening your virtual infrastructure against security attacks and you should be in good shape through 2010: http://www.wservernews.com/100208-VMware-Security

Third Party News

iPad As A Thin Client For Windows 7

If you feel compelled to go out and buy one even though it lacks so many features that I consider basic, here's some interesting news for you: Citrix has announced that they are going to release software to make the iPad a thin client that you can use to connect to your real operating system - Windows 7. Hmm. Now that might actually make the thing useful. Read more here:
http://www.wservernews.com/100208-Win7iPod-Remote-Access

The Recent List Of Network Holes

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

New Checks: 
L281 Trac security- bug repair Dec 2009 - FC  
L457 SLiM X authority mcookie access to X session flaw - FC  
L458 Automake dist rules insecure direcotry permissions 777 error - FC  
L459 NetworkManager CA certificat file & D-Bus connection errors - FC  
L461 GIMP multiple security vulnerabilities - Jan 2010 - FC  
L462 Krb5 KDC NULL dereference & AES/RC4 decryption flaws - FC  
L463 DevIL GetUID crafted DICOM file weakness - FC  
L464 Gif2png bounds check failure in strcpy call - FC  
L466 Wordpress-mu security & permission repairs Jan 2010 - FC  
L70 Ncpfs mount and umount race condition error - FC  
L471 Zabbix nodewatcher get_history & separator NULL pointer flaws- FC  
L472 Samba mount and umount race condition error - FC  
L473 Gzip Huffman data block & LZW decompress errors - FC  
L474 Fuse mount and umount race condition error - FC  
L475 Php NUL prefix in X.509/input sanitization & file limit flaws - FC  
L476 ManiaDrive NUL prefix in X.509/input sanitization & file limit flaws - FC  
L490 Acroread U3D implementation & enhanced security flaws - SuSE  
L501 Opera floating point conversion weakness - SuSE  
L504 Seamonkey multiple security vulnerabilities Jan 2010 - SuSE  
L507 Zope ZEO database sharing authentication bypass weakness - SuSE  
M64 Mac OS X Version not supported - Mac OS X 10.4 and prior  
W2798 IE 6 or older browser acceptance waning - W2K/XP/W2K3  
H70 Enterprise Cluster Master Tookkit Vulnerability - HP-UX 11  
L460 Cacti XSS HTTP and SQL vulnerabilties - FC  
L467 Kernel ipv6_hop_jumbo namespace pointer dereference error - FC  
L468 Kernel ipv6_hop_jumbo/ebtables & print fatal signal errors - FC  
L469 BIND DNSSEC incomplete fix & NSEC validation repair - FC  
L477 Expat big2_toUtf8 function malformed UTF-8 flaw - SuSE  
L478 PostFix e-mail set all interface to listen flaw - SuSE  
L479 PhpMyAdmin directory 777/unserialize & predictable filename errors - SuSE  
L480 PostgreSQL \0 Common Name in X.509 certificate errors - SuSE  
L481 Dovecot 0777 directory auth socket replacement weakness - SuSE  
L483 Msmtp \0 in domain name in X.509 crafted certificate flaw - SuSE  
L484 Kernel multiple vulnerabilities Jan 2010 - SuSE  
L485 Java-1.6.0-ibm multiple security flaws Jan 2010 - SuSE  
L486 Java-1.4.2-ibm multiple security flaws Jan 2010 - SuSE  
L487 Java-1.5.0-ibm multiple security flaws Jan 2010 - SuSE  
L488 Krb5 KDC NULL dereference & AES/RC4 decryption flaws - SuSE  
L489 Kernel multiple vulnerabilities Jan 2010 - SuSE  
L491 Apache2-mod_jk HTTP arbitrary request weakness - SuSE  
L492 Cacti XSS HTTP and SQL vulnerabilties - SuSE  
L493 CUPS use-after-free & XSS vulnerabilities- SuSE  
L494 Pidgin slp.c traversal in the MSN protocol plugin flaw - SuSE  
L495 HTMLdoc set_page_function long MEDIA SIZE error - SuSE  
L496 KDELibs floating point conversion weakness - SuSE  
L499 Poppler create_surface & object stream errors - SUSE  
L500 Lighttpd http_request/URL pattern/& mod_user flaws - SuSE  
L502 Perl-HTML-Parser incomplete SGML reference flaw - SuSE  
L503 PyXML update position function flaw - SuSE  
L505 Wireshark dissector NULL pointer dereference error - SuSE  
L506 NTP malformed packet response log loop weakness - SuSE  
M3 RealPlayer Multiple Vulnerabilities  
M63 Mozilla Thunderbird Multiple Vulnerabilities - Mac OS X  
S288 Kernel UCODE_GET_VERSION IOCTL request Vulnerability  
W26 User Rights: Restore files and directories  
W365 User Rights: Log on as a batch job Informational 
W635 Application Event Logs Could Be Overwritten Informational 
W636 Security Event Logs Could Be Overwritten Informational 
W637 System Event Logs Could Be Overwritten Informational 
W2014 Anti-virus signature outdated - AntiVir Desktop  
W2186 Cisco Unified MeetingPlace/MeetingTime Vulnerabilities  
W2475 Thunderbird Multiple Security Vulnerabilities  
W2537 Internet Explorer Network Protocol Lockdown not set - W2K/XP/W2K3  
W2590 RealPlayer Multiple Vulnerabilities  
W2987 VMWare Server Java JRE Vulnerabilities  
W3126 Wireshark multiple dissector vulnerabilities  
W3295 Apache Tomcat multiple vulnerabilities  
W3317 Cisco Works IPM CO(RBIA GIOP Request Handling Vulnerability  


Updated Checks 
W1142 Anti-virus signature outdated - McAfee  
W1986 Anti-virus signature outdated - Symantec  
W1999 Anti-virus signature outdated - Trend Micro  
W2067 Anti-virus signature outdated - F-Secure  
W2070 Anti-virus signature outdated - CA eTrust  
H122 Veritas 4.X/5.X Vulnerabilities - HP-UX 11  
M76 ClamXav / ClamAV signatures not the latest - Mac OS X  
M80 Virex signature file out of date - Mac OS X  
S33 ClamAV signatures not updated - Solaris  
W2012 Anti-virus signature outdated - Avast! 4/5  
W2013 Anti-virus signature outdated - AVG - W2K/XP/W2K3  
W2056 Anti-virus signature outdated - Norman

Sunbelt Network Security Inspector version 2.0.2670.0 Definition Set 214 was released February 5, 2010. Sunbelt Software recommends you download the new SNSI Vulnerability Update Definitions 214, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/100208-SNSI

	WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff. Exclusive outtake footage of the E*Trade Baby and his buddies. Check this out - you won't see it during the Big Game: http://www.wservernews.com/100208-Outtakes The new and revised Dante's Inferno Super Bowl spot by Electronic Arts: http://www.wservernews.com/100208-Dantes-Inferno Universal Orlando's Harry Potter Super Bowl Ad: http://www.wservernews.com/100208-Harry-Potter-Commercial My favorite Super Bowl 2010 commercial. With knowledge comes confidence: http://www.wservernews.com/100208-Cars-Commercial The Top 10 Super Bowl Tech Ads. Remember these classics from Intel, Iomega, EDS, Apple, Xerox and more? The videos are on the Computerworld site: http://www.wservernews.com/100208-Tech-Ads Computer Science rap at Stanford. It's not often that someone comes up with a pretty clever rap song about a UNIX command. It's pretty geeky! Nerdcore rapper Monzy busts rhymes with an accuracy rate of 98.2%. http://www.wservernews.com/100208-Science-Rap Testing Bullet Proof Glass in 1932. This lady has guts!: http://www.wservernews.com/100208-Guts President Obama delivering his State of the iPad address. Smart Humor: http://www.wservernews.com/100208-iPad-Address Olympic Aerialist Ryan St. Onge explains the "double full full full", a jump he plans to perform at the Winter Olympics 2010 in Vancouver: http://www.wservernews.com/100208-Aerial-Skiing 40 wild birds play a Gibson Les Paul guitar: It's funny and oddly compelling: http://www.wservernews.com/100208-Guitar Green Mental Health: First Do No Harm. Click to watch Hyla Cass, Psychiatrist explain how to handle mental problems correctly, meaning not for profit: http://www.wservernews.com/100208-Cass Der Fuhrer is disappointed over Apple iPad. Warning: Strong language in subtitles, Not Safe For Work: http://www.wservernews.com/100208-iPad One of our Tech Support guys found the most epic article of all time about why people hate tech support; you must read (and be prepared to laugh) NSFW: http://www.wservernews.com/100208-Tech-Support Looking for dirt cheap real estate in the Tampa Bay area? ListingBook is an online tool that will give you access to the same database that real estate business pros use and you can access it 24/7. It will provide you with up-to-the-minute data on all the hot properties that matter to you. Sign up for an account: http://www.wservernews.com/100208-ListingBook

	WServerNews - Product of the Week

Ensuring Data Integrity In A Global IT Environment International organizations with offices around the world are especially challenged when it comes to ensuring the integrity and consistency of Active Directory data. Imagine IT staff from Brazil to China creating new user accounts using various languages and special characters. rDirectory, a web-based employee and resource directory, ensures the consistency and integrity of Active Directory data by dictating the format of user accounts using pick lists, validation expressions and object selectors. And, you can force users to complete profiles accurately before accessing rDirectory. Users in any country can create or modify accounts in any language error free! http://www.wservernews.com/100208-r-Directory

Copyright © TechGenix Ltd.
TechGenix.com is in no way affiliated with Microsoft Corp.
Please read our Privacy Policy and Terms & Conditions.