MY PROFILE | PRIVACY 
Vol. 16, #5 - Feb 7, 2011 - Issue #814
What Redmond Withheld About The Latest Zero Day

This issue of WServerNews is sponsored by
  1. Editor's Corner
    • What Redmond Withheld About The Latest Zero Day
    • Quotes of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • Webinar: Maximizing the Performance of End-to-End AV Security Feb 10
    • Webinar: Ensuring Your Organization's Integrity and Security in a Digital World - Mar 17
    • BriForum 2011: Register Today And Save
  4. Tech Briefing
    • Top 10 Free Open Source Tools For Network Admins
    • Intel Uncovers Fault In Chip: $700 Million Recall
    • SaaS, PaaS, and IaaS: A security checklist for cloud models
    • 4G Shootout: Verizon LTE vs. Sprint WiMax
    • High-Tech Printers Now Targets of Hackers
  5. Windows Server News
    • The Server You Buy Today Could Last A Decade
    • A Wish List For The Future Of System Center Virtual Machine Manager
    • VMware vMotion: A Complete Guide
    • Managing Virtual Resources In Microsoft Hyper-V Cloud
    • Managing VMware View 4.5 Virtual Desktops With PowerCLI
  6. Third Party News
    • Need To Monitor And Manage Your User's Web Browsing Habits?
    • VIPRE Enterprise vs. Symantec
  7. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  8. WServerNews - Product of the Week
    • rDirectory 3.0 Is Now Shipping
rDirectory 3.0 Is Now Shipping!

Namescape has just released a major upgrade to rDirectory, a powerful identity application platform for Active Directory that solves many critical business problems with an easy-to-use, web-based directory and full featured Design tool that allows you to create customized search, detail and provisioning applications. Version 3.0 integrates ExtJS(r), the leading cross-browser JavaScript library for building Rich Internet Applications (RIA) that bring accessibility and extensibility to web applications across browsers and desktops. This major technology upgrade provides Namescape with an industry- first platform that allows us to accelerate the development of rich applications for rDirectory:
http://www.wservernews.com/110207-rDirectory


Editor's Corner

What Redmond Withheld About The Latest Zero Day

Redmond's recent Security Advisory 2501696 (link below) alerts us about new a zero-day threat in "all supported versions of Microsoft Windows." Sounds a bit ominous. It affects XP SP3, Vista, Win7 32- and 64-bit, and WinServer 2003 SP2 and 2008 SP2. However, what is odd, that they conveniently omit to mention that only IE users (and that includes IE 9 beta) have to worry about this hole.

The actual vulnerability is caused by how MHTML files get processed. It is a file format that Redmond cooked up more than 10 years ago. It was built to merge different pieces of Web pages: HTML, Java applets, Flash files, and more. The concept was to create a "kitchen-sink" format so that you can save a Web page, with all of its pieces, in one file. MHTML was never taken up by the rest of the industry, however.

This particular zero day lets a compromised MHTML file take over the system if you click on a link to that file. As stated above, Redmond did not clarify that this hole can only be triggered when you use IE. Firefox, Chrome, and Safari are safe because they never supported MHTML. Redmond PR is craftily talking around that. There's a Fixit available in KB article 2501696 that basically turns off MHTML.

The upshot: Redmond presents this as a "windows hole" but it comes about because of a design problem in IE. Check it out for yourself here:
http://www.wservernews.com/110207-Compromised-MHTML


Quotes of the Week

"A man's errors are his portals of discovery." -- James Joyce

"Hold fast to your dreams, for without them life is a broken winged bird that can't fly." -- Langston Hughes

"Marriage is an attempt to solve problems together which you didn't even have when you were on your own." -- Eddie Cantor

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/110207-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/110207-WXPNews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/110207-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

VIPREŽ Email Security for Exchange

Email security moves to the next generation with antivirus, malware protection and antispam software for Microsoft Exchange Server. The time required to manage Exchange has become a highly important cost factor. VIPRE for Exchange takes HALF the admin time compared to other products. VIPRE for Exchange was recently VBSpam Certified by Virus Bulletin! Get your 30-day eval here:
http://www.wservernews.com/110207-VIPRE-Email-Security
<

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Simplify your life with mPowerTools - 100+ Reports - tackle AD chores in bulk - a search & replace tool - you'll never script again AND NO third party databases!
http://www.wservernews.com/110207-mPowerTools

Did you know there is a new LinkedIn group where you can discuss Internet Security Awareness Training? Benefits, Costs, Value and How-To:
http://www.wservernews.com/110207-Internet-Security-Awareness-Training


Webinars & Seminars

Webinar: Maximizing the Performance of End-to-End AV Security Feb 10

Malware is a never-ending concern for busy network administrators in search of the perfect balance between antivirus protection and network performance. Discover the top considerations for significantly improving the performance and availability of network resources without sacrificing any antivirus protection.

1:00 PM ET / 10:00 AM PT / 6:00 PM GMT
Date: Thu, Feb 10, 2011
Location: This is an Internet based event.
http://www.wservernews.com/110207-Webinar-Feb-10


Webinar: Ensuring Your Organization's Integrity and Security in a Digital World - Mar 17

You can't watch the TV or surf the web today without over the top advertisements stating that your PC is probably infected with a virus that is slowing it down and causing permanent damage. Although the advertisements are often misleading, the reality is that viruses and other types of malware can cripple an organization-destroying productivity and reputation, especially if an organization becomes the source of a malware outbreak for a customer. In this seminar, we'll look at the common types of malware, how they attack, and the methods to mitigate them-including looking at multiple layers of security and malware protection with emphasis on end-point protection and the key features that should be considered when choosing your end-point protection approach and best practices.

12:00PM ET / 9:00AM PT / 5:00PM GMT
Date: Thu, Mar 17, 2011
Location: This is an Internet based event.
http://www.wservernews.com/110207-Webinar-Mar-17


BriForum 2011: Register Today And Save

The most advanced, technical, hands-on desktop virtualization event takes place 10-11 May in London and July 19-21 in Chicago where experts led by Brian Madden share the latest tips and strategies. Register today and save:
http://www.wservernews.com/110207-BriForum-2011


Tech Briefing

Top 10 Free Open Source Tools For Network Admins

From troubleshooting DNS queries and misbehaving network apps to keeping your configurations and passwords organized, these tools have you covered. Routing issues, slow network applications, DNS resolution problems -- a network administrator has to deal with a host of network nuisances on a daily basis. How do you survive when you're constantly under the gun to fix the problems? Like any other professional, you need a solid set of tools. InfoWorld put them all neatly together for you:
http://www.wservernews.com/110207-Free-Open-Source-Tools


Intel Uncovers Fault In Chip: $700 Million Recall

Microsoft pundit Paul Thurott reported that "Intel discovered a hardware fault in a supporting chipset for its new CPU lineup and will take a $300 million revenue hit this quarter to fix the problem. The issue involves a design problem that causes its support chipset-the Intel i6 Series (code-named Cougar Point)-to potentially "degrade over time," affecting the performance of hard drives and other devices connected to the chipset's SATA connector. Here is Paul's Blog item:
http://www.wservernews.com/110207-Intel-Chip-Fault


SaaS, PaaS, and IaaS: A security checklist for cloud models

Key security issues can vary depending on the cloud model you're using. Vordel CTO Mark O'Neill looks at 5 critical challenges.

How does security apply to Cloud Computing? In this article, CSO addresses this question by listing the five top security challenges for Cloud Computing, and examine some of the solutions to ensure secure it.

Organizations and enterprises are increasingly considering Cloud Computing to save money and to increase efficiency. However, while the benefits of Cloud Computing are clear, most organizations continue to be concerned about the associated security implications. Due to the shared nature of the Cloud where one organization's applications may be sharing the same metal and databases as another firm, Chief Security Officers (CSOs) must recognize they do not have full control of these resources and consequently must question the inherent security of the Cloud. However, it is important to note that Cloud Computing is not fundamentally insecure; it just needs to be managed and accessed in a secure way. More:
http://www.wservernews.com/110207-Cloud-Security


4G Shootout: Verizon LTE vs. Sprint WiMax

Brian Nadel at Computerworld wrote: "Last month, I pitted Sprint's WiMax-based fourth-generation (4G) network against its third-generation (3G) network in a series of real-world tests around the New York metropolitan area.

My goal was to find out whether the speed boost you'll get is worth the hassle and expense of upgrading from 3G to 4G. My conclusion? Absolutely - if it's available in your area.

Now that Verizon's competing LTE-based 4G network has been rolled out in my area, I returned to all the same locations and repeated my tests (see "How I tested") for a showdown between Verizon's and Sprint's 4G services. Let's see how they stack up:
http://www.wservernews.com/110207-Sprint-vs-Verizon


High-Tech Printers Now Targets of Hackers

Researchers at last weekend's ShmooCon 2011 convention in Washington, D.C., demonstrated how Internet-connected printers that aren't properly secured can be hijacked and used to gain unauthorized access to corporate networks they're running on, according to an article in MIT's Technology Review:
http://www.wservernews.com/110207-Printer-Hackers


Windows Server News

The Server You Buy Today Could Last A Decade

Thanks to scalable virtualization-ready hardware, there's never been a better time to refresh your server infrastructure.

"It used to be easy to tell when a server was ready to be put out to pasture. With CPU speeds clicking upward like a shuttle launch, it wasn't terribly hard to justify aging out a 1.3GHz Pentium III server for a 2.26GHz Pentium 4 box. But the yearly boost in clock speed hasn't been in effect for a while now. What's more, we're suddenly very aware of just how little clock speed really matters for a large swath of the data center." Read More at InfoWorld:
http://www.wservernews.com/110207-Decade-Server


A Wish List For The Future Of System Center Virtual Machine Manager

Though Microsoft's System Center Virtual Machine Manager (SCVMM) has its share of impressive functionalities, the company will need to build out its abilities in order to remain relevant. This expert tip breaks down four features admins want to see in the future of SCVMM, from hybrid and private cloud capabilities to virtual machine resource templatization:
http://www.wservernews.com/110207-SCVMM


VMware vMotion: A Complete Guide

VMware vMotion enables the live migration of virtual machines from one host to another with continuous uptime and makes disaster recovery faster and more efficient. This exclusive guide provides a comprehensive guide to VMware's vMotion including how to avoid common roadblocks during install:
http://www.wservernews.com/110207-vMotion


Managing Virtual Resources In Microsoft Hyper-V Cloud

Many IT pros have discovered that Microsoft Hyper-V Cloud is not as much about Hyper-V as it is about managing the hypervisor. This featured tip covers how Hyper-V Cloud quantifies virtual resources to balance virtual machine workloads:
http://www.wservernews.com/110207-Hyper-V-Cloud


Managing VMware View 4.5 Virtual Desktops With PowerCLI

VMware View 4.5 hosts a whole series of PowerShell extensions to help you to manage your environment, one of them being PowerCLI. In this expert tip, you will discover why PowerCLI is becoming the standard for any command-line interface-based activity, and learn how to take advantage of its speed, portability and ease of use:
http://www.wservernews.com/110207-VMware-View


Third Party News

Need To Monitor And Manage Your User's Web Browsing Habits?

How much of your users' time - and your bandwidth - is wasted on non-work- related sites, such as Facebook, YouTube, Gmail, gaming sites, etc.? And is your network protected against infected or malicious downloads? Studies show that 40% of employee Internet access at work is not work-related. This eats into your bottom line - as does the uncontrolled use of company-wide bandwidth. Put an end to non-work-related web surfing and wasted resources, check out GFI WebMonitor:
http://www.wservernews.com/110207-WebMonitor


VIPRE Enterprise vs. Symantec

We received this email: "I am amazed at how much memory we freed on our machines by switching to VIPRE. This product is fast. Bootup time is way faster. We already migrated 50 machines without any glitch with the Symantec Uninstaller. Congrats on this great product ! Click on the green button for your 30-day free trial:
http://www.wservernews.com/110207-VIPRE-Business-Premium


WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff



WServerNews - Product of the Week

rDirectory 3.0 Is Now Shipping

Namescape has just released a major upgrade to rDirectory, a powerful identity application platform for Active Directory that solves many critical business problems with an easy- to-use, web-based directory and full featured Design tool that allows you to create customized search, detail and provisioning applications. Version 3.0 integrates ExtJS(r), the leading cross-browser JavaScript library for building Rich Internet Applications (RIA) that bring accessibility and extensibility to web applications across browsers and desktops. This major technology upgrade provides Namescape with an industry- first platform that allows us to accelerate the development of rich applications for rDirectory:
http://www.wservernews.com/110207-rDirectory