<< SMALL BIZ SERVER NEWS THE WEEK OF APRIL 18, 2004>>

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 04/19/04 

Date: Sun, 18 Apr 2004 22:06:12 -0700

Just a reminder... on the msnews.com newsservers there is:

4.5 group microsoft.public.backoffice.smallbiz
2000 group microsoft.public.backoffice.smallbiz2000
2003 group microsoft.public.windows.server.sbs

-----------------------------
THIS WEEK WAS PATCH WEEK

JUST A REMINDER - IF YOUR SBS2K OR 2K3 PROMPTS YOU SAYING IT NEEDS TO
REBOOT, YOU MUST REBOOT YOUR SERVER FOR THE PATCH TO PROTECT YOU

--------------------------

April 13, 2004
Microsoft released the following Security Bulletins.

Note: www.microsoft.com/technet/security and www.microsoft.com/security
are authoritative in all matters concerning Microsoft Security
Bulletins! ANY
e-mail, web board or newsgroup posting (including this one) should be
verified by visiting these sites for official information. Microsoft never
sends security or other updates as attachments. These updates must be
downloaded from the microsoft.com download center or Windows Update. See
the individual bulletins for details.

Because some malicious messages attempt to masquerade as official
Microsoft security notices, it is recommended that you physically type
the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summaries:

Windows: http://www.microsoft.com/technet/security/Bulletin/winapr04.mspx

Critical Bulletins:

MS04-011 - Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/security/Bulletin/MS04-011.mspx

MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)
http://www.microsoft.com/technet/security/Bulletin/MS04-012.mspx

MS04-013 - Cumulative Security Update for Outlook Express (837009)
http://www.microsoft.com/technet/security/Bulletin/MS04-013.mspx

Important Bulletins:

MS04-014 - Vulnerability in the Microsoft Jet Database Engine Could Allow
Code Execution (837001)
http://www.microsoft.com/technet/security/Bulletin/MS04-014.mspx

Re-Released Bulletins:
The following bulletins have been re-released to advise of the
availability of updates for various versions of Microsoft Exchange
Server. Please see the bottom of each bulletin for revision information.

MS00-082 - Patch Available for 'Malformed MIME Header' Vulnerability
http://www.microsoft.com/technet/security/Bulletin/MS00-082.mspx

MS01-041 - Malformed RPC Request Can Cause Service Failure
http://www.microsoft.com/technet/security/Bulletin/MS01-041.mspx

MS02-011 - Authentication Flaw Could Allow Unauthorized Users To
Authenticate To SMTP Service
http://www.microsoft.com/technet/security/Bulletin/MS02-011.mspx

MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code
Execution (829436)
http://www.microsoft.com/technet/security/Bulletin/MS03-046.mspx

This represents our regularly scheduled monthly bulletin release (second
Tuesday of each month). Please note that Microsoft may release bulletins out
side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after
reading the above listed bulletin you should contact Product Support
Services in the United States at 1-866-PCSafety (1-866-727-2338).
International customers should contact their local subsidiary.

----------------------------------

Exchange webcasts
http://blogs.msdn.com/exchange/archive/2004/04/16/114697.aspx

-----------------------
Small Bus Server Technical overview
May 14
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032248962&Culture=en-US

-----------------------------
Partner site preview.....
http://members.microsoft.com - Partner Site Preview:
http://members.microsoft.com/partner/sitepreview/default.aspx
----------------------------
Getting ready for TechEd
http://techedbloggers.net/

------------------------------
- - - - - - - - - -
Card frauds: geography of crimes
More than 40% of crimes related to bank cards frauds
are committed by citizens of former Yugoslavia, Nigeria,
Romania, Pakistan and Indonesia. Online deals contracted
by these people are more often illegal, informs an MSNBC
official site referring to a research made by Cybersource
company. Yugoslavian residents make 13% of all fraudulent
online purchases. For comparison Americans commit only
1,7% of these crimes.
http://www.crime-research.org/news/13.04.2004/204
- - - - - - - - - -
Security problem hits NCAR supercomputer site
AN UNNAMED security problem hit NCAR computer users
at the end of last week, it appears, and will tie
up security resources for another week. The scientific
computing division (SCD) of NCAR (the National Center
for Atmospheric Research) notified users that it had
taken "the prudent action" of disabling user accounts
on its supercomputing resources.
http://www.theinquirer.net/?article=15310
- - - - - - - - - -
Advertising company sues Utah over new anti-spyware law
A New York company whose software creates pop-up
ads during routine Web browsing is seeking to block
a Utah law that bans such practices. In a lawsuit
filed late Monday in 3rd District Court, WhenU.com
Inc. argues that the new law violates its
constitutionally protected right to advertise,
while doing little to protect computer users'
privacy.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8422326.htm
- - - - - - - - - -
Feds asked to hang up on FBI's wiretap proposal
A major cell phone trade group objected to a proposal
that would force broadband Internet providers to rewire
their networks to support easy wiretapping by police.
The proposal, from the U.S. Department of Justice,
the FBI and the Drug Enforcement Administration, is
"expressly exempted from the law" and puts an unfair
burden on broadband subscribers to fund any network
overhaul, according to a regulatory filing by the
Cellular Telecommunications & Internet Association
(CTIA), whose members include the nation's top cell
phone service providers.
http://zdnet.com.com/2100-1105_2-5190685.html
- - - - - - - - - -
Federal agencies must set security benchmark, says US workgroup
http://www.computerweekly.com/articles/article.asp?liArticleID=129896

Defense agencies develop data-sharing standard
The Defense Department and defense agencies from
several other countries have developed a standard
for documenting and sharing configuration
information about large systems. Military services
and contractors can use the standard to maintain
up-to-date descriptions of how large items are
configured, such as weapons systems.
http://www.gcn.com/vol1_no1/daily-updates/25551-1.html

9-11 group faults IT obsolescence
http://www.fcw.com/fcw/articles/2004/0412/web-fbi-04-13-04.asp
Homeland Security official urges prudent cyber approach
http://www.govexec.com/dailyfed/0404/041304tdpm1.htm
Pentagon tightens control of personnel data
http://www.govexec.com/dailyfed/0404/041304sz1.htm
Task force puts security responsibility on CEOs
http://zdnet.com.com/2100-1105_2-5190202.html
http://msnbc.msn.com/id/4724316/
UK firms failing security challenge
http://news.zdnet.co.uk/internet/security/0,39020375,39151496,00.htm
American Airlines data used to test passenger snoop system
http://www.theregister.co.uk/2004/04/13/privacy/
- - - - - - - - - -
Hackers lurk through holes in hot spots
Wireless networks aren't just popular with computer
users on the go. Hackers are finding them an easy
target to snoop on consumers' laptop PCs and,
eventually, their employers' networks.
http://www.usatoday.com/money/industries/technology/2004-04-13-hackers-wireless_x.htm
- - - - - - - - - -
Gmail likely to clear privacy hurdles
The UK's data protection authorities seem to
be smiling on Google's plan to offer Web users
a gigabyte of email storage in return for targeted
adverts. Google's forthcoming email service
probably won't run into legal issues in Britain,
as long as the company doesn't deceive customers
about how their personal information will be treated.
http://news.zdnet.co.uk/internet/ecommerce/0,39020372,39151489,00.htm

California may block Gmail over privacy concerns
http://news.zdnet.co.uk/business/legal/0,39020651,39151479,00.htm
http://www.cnn.com/2004/TECH/internet/04/13/block.gmail.reut/index.html
http://www.wired.com/news/business/0,1367,63041,00.html
http://www.theregister.co.uk/2004/04/13/ban_google_email/
Google values its own privacy. How does it value yours?
http://www.theregister.co.uk/2004/04/13/asymmetric_privacy/
- - - - - - - - - -
E-mail lists choke on spam
For close to half a decade, entertainment executives
and copyright-averse college students have debated
the future of technology side by side on the "Pho"
e-mail list. Now that forum is under siege. Membership
is falling, even though subscription requests are
rising. In large part that's because so many e-mail
addresses are choked with spam, or have fallen
incommunicado behind bulk mail filters, and have
had to be eliminated.
http://zdnet.com.com/2100-1104_2-5190826.html

Network Associates builds a better SpamKiller
http://zdnet.com.com/2100-1105_2-5190209.html
- - - - - - - - - -
Cisco thwarts EAP dictionary attacks
New tool prevents hackers launching offline A
to Z attacks on password-based authentications.
Cisco has released a security authentication
protocol to protect 802.1X Extensible
Authentication Protocol (EAP) networks
from dictionary attacks.
http://www.vnunet.com/News/1154348
http://computerworld.com/mobiletopics/mobile/story/0,10801,92203,00.html
- - - - - - - - - -
Microsoft releases new patches for Windows flaws
Microsoft Corp. released three critical patches
Tuesday to fix Windows security flaws that could
allow an attacker to take over another person's
computer. A fourth patch, which the company
called ``important,'' fixes a similar vulnerability
in versions of the Windows operating system,
which runs more than 90 percent of the world's
computers.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8422313.htm

Microsoft warns of a score of security holes
http://zdnet.com.com/2100-1105_2-5190818.html
http://computerworld.com/securitytopics/security/story/0,10801,92206,00.html
- - - - - - - - - -
Pirates of the Box Office
"Pirates of the Caribbean" may have been a big
hit last year, but don't bet on Hollywood casting
Johnny Depp or any other heartthrob when it inevitably
begins filming "Terminator 4: Pirates of the Internet."
As broadband continues to take off, Internet users
who once swapped songs with abandon are now ripping
their favorite movies onto DVDs and trading them
online. And Hollywood isn't happy.
http://www.washingtonpost.com/wp-dyn/articles/A7790-2004Apr13.html
- - - - - - - - - -
Fatal attraction--browsers and the beguiled
It comes as no surprise that browser-based attacks
have been identified as an emerging security threat
in a recent study. As part of its second annual
survey on IT security and the workforce, The
Computing Technology Industry Association (CompTIA)
asked nearly 900 organizations to rank their top
15 security concerns.
http://zdnet.com.com/2100-1107-5190400.html
http://www.vnunet.com/News/1154338
http://www.theregister.co.uk/2004/04/13/browser_security_woes/
- - - - - - - - - -
They don't teach security in biology class
As humans, we like turning to biology for
inspiration, when we are faced with hard
technological problems. For example, the
Wright brothers studied the flight of birds
in designing planes with flexible, twisting
wings and an aerofoil shape to provide lift.
Today, researchers seeking answers to the
technological issue of securing computer
networks are emulating the Wrights in
turning to nature for solutions.
http://zdnet.com.com/2100-1107-5190668.html

Who says biology need be destiny?
http://news.com.com/2010-7355_3-5190213.html
- - - - - - - - - -
Forensic Analysis of a Live Linux System, Part Two
Last month in the first part of this article
series, we discussed some of the preparation and
steps that must be taking when analyzing a live
Linux system that has been compromised. Now we'll
continue our analysis by looking for malicious
code on the running system, and then discuss some
of the searches that can be done with the data
once it has been transferred to our remote host.
http://www.securityfocus.com/infocus/1773
- - - - - - - - - -
News.com wins award for MSBlast coverage
CNET News.com on Tuesday won a national award
in deadline reporting from the Society of
Professional Journalists, the largest journalism
organization in the United States.
http://news.com.com/2100-1025_3-5190694.html 

-- 
http://www.sbslinks.com/really.htm

Relevant Pages
Loading