<<SBS news this week - August 20, 2004>>

• Previous message: Gary Karasik: "Re: Problem with PcAnywhere 11.0 on SBS 4.5"
• Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: <<SBS news this week - August 20, 2004>>"
• Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: <<SBS news this week - August 20, 2004>>"
• Messages sorted by: [ date ] [ thread ]

Date: Sun, 22 Aug 2004 22:52:01 -0700

Kevin's song of the week [a classic]
news://msnews.microsoft.com/ukCcLj3hEHA.356@tk2msftngp13.phx.gbl
-------------

SHAMELESS PLUG
-------------
TIME IS RUNNING OUT!
http://www.smbnation.com
Sept 9-13
http://www.smbnation.com/schedule.htm

Choose the business track or the tech track. Also there is rumors that
there will be a audio mp3s available for purchase afterwards.
Now granted, I'm biased because I'm speaking there, but honestly, when
you have a chance to meet up with your fellow IT pros that work in the
same marketplace you do, put faces with email addresses and just ooze
geek stuff for days without anyone rolling their eyes, it's a treat.
---------------

XP sp2
Remember it's hitting the AU on August 25
I used Shavlik to push out to the fleet on Friday night and did a
"staggered" push to a few workstation at a time. So far my only issue
has been with a laptop that had two copies of AOL on there [and I think
the funky dialer toasted the tcp/ip stack. Other than that, no other
issues.
-------------
Should I wait until my vendors approve SP2?
I've seen several articles about vendors saying "we haven't tested for
SP2" and while there were some modifications post RC2, I've found that
all of my applications work just fine

My take? Don't wait for the vendors to "sign off" on this. Do your own
testing, contact your clients and arrange for time to roll out this
service pack.
------------
Quickbooks blog talks about the changes
http://quickbooks_online_blog.typepad.com/blogmain/2004/08/xp_sp2.html
-----------

John Eddy [at one time a SBS MVP lead and now newsgroup administrator]
Asks how can Microsoft improve newsgroups?
http://blogs.msdn.com/mscommunity/archive/2004/08/18/216709.aspx

--------------
Interesting post on why Dana Epp, Security Guru is interested in SBS 2003
http://silverstr.ufies.org/blog/archives/000674.html

---------------
In other news...
- - - - - - - - - -
Possible security breach seen at AOL
America Online Inc. is acknowledging an "issue"
that allowed some of its members to gain access
to online financial portfolios of other members.
But the Internet service provider downplayed the
incident, saying no personal identifying information
such as usernames or credit card numbers was ever
compromised.
http://computerworld.com/securitytopics/security/holes/story/0,10801,95394,00.html
- - - - - - - - - -
New Download.Ject worm variant appears
Users who have not yet installed the three out-of-
cycle patches contained in Microsoft Corp.'s July
30 security bulletin MS04-25 now have another reason
to do so immediately. A new version of a worm called
Download.Ject takes advantage of one of the flaws
fixed by the patches and has begun circulating
online, according to Thor Larholm, a researcher
at PivX Solutions Inc. Like its predecessor,
the new version of Dowload.Ject infects
vulnerable systems with a Trojan horse
and a keystroke logger.
http://computerworld.com/securitytopics/security/story/0,10801,95387,00.html
http://www.pcadvisor.co.uk/index.cfm?go=news.view&news=4084
http://www.theregister.co.uk/2004/08/20/im_worm/
- - - - - - - - - -
Yahoo mail flaws fixed
Yahoo fixed two flaws in its free mail system
that could have allowed a malicious user to read
a victim's browser cookies and change the appearance
of some pages, Yahoo said on Thursday. A representative
of the company said the flaws were fixed last month
by making changes on the company's Yahoo Mail servers.
http://news.zdnet.co.uk/internet/security/0,39020375,39164139,00.htm
- - - - - - - - - -
Faked voice mails tout stock in latest investor scam
Investors are being told to be wary if they receive
a friendly sounding voicemail from a female stranger
offering a hot stock tip. It could be a new investor
scam that hundreds of people have complained about
recently. The Securities and Exchange Commission
issued an investor alert on Friday, warning of the
so-called ``wrong-number'' stock touts, which have
reached home answering machines across the country.
http://www.mercurynews.com/mld/mercurynews/business/technology/9454065.htm
http://www.washingtonpost.com/wp-dyn/articles/A17061-2004Aug19.html
- - - - - - - - - -
Researchers spot XP SP2 security weakness
Security researchers believe they have discovered
a weakness in the new security given to Windows
XP by the recently unveiled Service Pack 2 (SP2).
Since XP SP2 was released, activists have been
searching for weaknesses in the security-focused
service pack. Microsoft yesterday dismissed claims
by German researchers to already have discovered
a flaw.
http://www.vnunet.com/news/1157493
http://zdnet.com.com/2100-1105_2-5318358.html

Microsoft sends security update to home PCs
Microsoft has started to send out its latest major
security patch to home PCs — but some people won't
get it for a while. The first computer owners to
get Windows XP Service Pack 2 began receiving it
on Wednesday night, Microsoft said. The update is
being sent to people who have the automatic update
feature turned on in the operating system. But it
will take at least a few weeks to deliver the 80-
plus megabyte patch to the installed user base,
a company representative said on Thursday.
http://www.globetechnology.com/servlet/story/RTGAM.20040820.gtpatchaug20/BNStory/Technology/

SP2 trickles down to home PCs
http://news.zdnet.co.uk/software/windows/0,39020396,39164136,00.htm
Stumbling over SP2
http://news.com.com/Stumbling+over+SP2/2010-1002_3-5316980.html
- - - - - - - - - -
Software Doesn't Break Laws...
What do file-sharing companies and the National Rifle
Association have in common? A common legal argument,
that's what. The entertainment industry's multi-year
legal war to stamp out illegal online file-sharing
was dealt a major blow yesterday when a federal court
said that two major peer-to-peer software firms can't
be held liable for the copyright-infringing activities
of their users.
http://www.washingtonpost.com/wp-dyn/articles/A18302-2004Aug20.html
http://www.siliconvalley.com/mld/siliconvalley/9449500.htm
http://www.nytimes.com/2004/08/20/technology/20digital.html
http://www.securityfocus.com/news/9374
http://zdnet.com.com/2100-1104_2-5318335.html

File-sharing firms get big court win
http://www.mercurynews.com/mld/mercurynews/business/technology/9449460.htm
Hackers enable iTunes swapping
http://news.zdnet.co.uk/internet/security/0,39020375,39164137,00.htm
- - - - - - - - - -
Cell phones and kids: Do they mix?
It wasn't so long ago that parents asked their teenagers
to double-check that they had a quarter so they could
call home, if need be. Then came cell phones. In 2000,
just 5 percent of 13- to 17-year olds had cell phones.
Today, 56 percent do, according to Linda Barrabee,
wireless market analyst for The Yankee Group. Teens
aren't just using their phones to talk. From rapid-fire
"texting" to full-fledged Web browsing to videos and
video games, cell phones have become portable computers.
And that's opened up a whole new set of concerns.
http://www.msnbc.msn.com/id/5671445/
- - - - - - - - - -
Cyberterrorism: concept, terms, counteraction
Distribution of weapons of mass destruction,
transnational organized crime, drug selling business
and international terrorism are the principal threats
to security of modern world taking into account
present-day conditions. Due to its scales and
abruptness nowadays terrorism turned into one
of the most dangerous social and moral problems
that humanity faced in the 21 century.
http://www.crime-research.org/articles/579/
- - - - - - - - - -
Should your provider block access to websites containing child porn?
Polls held in European countries show that lately,
so many paedophilia-related scandals have shaken
Europe that most citizens vote for toughening
penalties for juvenile molesters, However, in
opinion of experts, paedophiles earn on scenes
with violence and killings more than 3bn EUR
in Europe. According to the Interpol, main
suppliers of such materials are Taiwan,
Vietnam, Ukraine and Russia.
http://www.crime-research.org/news/20.08.2004/573/
- - - - - - - - - -
Opinion: Cryptanalysis of MD5 and SHA: Time for a new standard
At the Crypto 2004 conference in Santa Barbara,
Calif., this week, researchers announced several
weaknesses in common hash functions. These results,
while mathematically significant, aren't cause for
alarm. But even so, it's probably time for the
cryptography community to get together and create
a new hash standard.
http://computerworld.com/securitytopics/security/story/0,,95343,00.html
- - - - - - - - - -
What to expect from Microsoft's NGSCB plan
Microsoft Corp. said that it was retinkering with
its Next Generation Secure Computing Base (NGSCB),
originally announced in 2002 with the code name
Palladium. This step was taken in response to
demands from users and software vendors that
existing applications could take advantage
of the security functions offered by the
NGSCB platform without having to rewrite them.
http://computerworld.com/securitytopics/security/story/0,,95294,00.html
- - - - - - - - - -
NIST makes lists
A program that experts have said is the missing
piece in federal efforts to promote secure computing
will be ready later this year. Officials at the
National Institute of Standards and Technology
announced that a security configuration checklists
program for information technology products,
including a logo that vendors can put on their
wares, is on track for completion before the
end of 2004.
http://www.fcw.com/fcw/articles/2004/0816/web-nist-08-19-04.asp

Report urges defense to help with domestic technologies
http://www.govexec.com/dailyfed/0804/081904tdpm1.htm
- - - - - - - - - -
Cisco flaw opens networks to attacks
Cisco has warned in a security advisory that some
networks with its routers could be vulnerable to
denial-of-service attacks. The problem is in the
processing of packets sent to a Cisco router that
has been configured for the Open Shortest Path
First (OSPF) protocol, the company said in a
security advisory released Wednesday. If the router
receives a malformed packet, it will take a while
to reset. Attackers could flood networks with
packets that cause routers to constantly reboot.
The flaw is limited to versions 12.0S, 12.2 and
12.3 of Cisco's Internetwork Operating System
routing software.
http://news.com.com/Cisco+flaw+opens+networks+to+attacks/2100-7355_3-5316500.html
http://news.zdnet.co.uk/internet/security/0,39020375,39164110,00.htm
- - - - - - - - - -
HP to deliver vulnerability scanning service by year's end
Hewlett-Packard Co. plans to deliver a new
security vulnerability scanning and remediation
service by the end of the year that is designed
to help companies identify and fix weak spots
on their corporate networks, a senior company
executive said this week.
http://computerworld.com/securitytopics/security/story/0,10801,95361,00.html
- - - - - - - - - -
---------------------
Is it worth it? YES!
---------------------

Is Upgrading to Windows XP SP2 Worthwhile?
Users of Microsoft Windows XP Home Edition are
scheduled to begin receiving Service Pack 2 via
automatic update starting today. But delivery of
the Professional Edition has been delayed at least
a week while Microsoft and its users grapple with
compatibility problems.
http://www.newsfactor.com/story.xhtml?story_title=Is-Upgrading-to-Windows-XP-SP--Worthwhile-&story_id=26391

Security Flaws Found in SP2
http://www.pcworld.com/news/article/0,aid,117452,00.asp
Microsoft downplays XP SP2 flaw claims
http://www.vnunet.com/news/1157459
-----------
Word I am hearing is that this is not the big deal they are making
-----------

- - - - - - - - - -
Number crunching boffins unearth crypto flaws
Cryptographic researchers have discovered
weaknesses in the encryption algorithms that
underpin the security and integrity of electronic
signatures. The issue concerns hash functions -
one way mathematical functions that produce
a small fixed length string from a much longer
message. This is sometimes called a message
digest. When two different input values produce
the same output value this is called a collision.
http://www.securityfocus.com/news/9363
- - - - - - - - - -

Valuing Secure Access to Personal Information
Securing data is not a simple endeavor; a multi-
discipline, defense-in-depth approach is necessary,
as information can leak at any point in the
communication process, from receipt, through
storage, retrieval, transmission, and so on.
Furthermore, each information system element
is vulnerable to loss, including hardware,
software, and personnel. Add to this the
exceptional efforts made by those who want
to acquire information through illicit means,
whether for espionage, criminal, political,
mischievous, or other intent...someone is always
trying gain access to information they shouldn't
have.
http://www.securityfocus.com/infocus/1797
- - - - - - - - - -
Infected In Twenty Minutes
What normally happens within twenty minutes?
That's how long your average unprotected PC
running Windows XP, fresh out of the box, will
last once it's connected to the Internet. It's
interesting to ponder just how much time - in
hours, in minutes, sometimes in mere seconds -
it takes for a disaster to occur. The space
shuttle Challenger exploded 73 seconds after
liftoff in 1986.
http://www.securityfocus.com/columnists/262
http://www.vnunet.com/news/1157428
- - - - - - - - - -
SMS spoofing -- How long has it existed?
This kind of high tech felony exists for
a relatively short time. It is a "new lingo in
cybercrime". But it might have a horrifying future.
How is the spoofing carried out? What does an
individual need? SMS spoofing became possible
after many mobile/cellular operators had integrated
their network communications with/in the Internet.
So anybody could send SMS from the Internet using
forms at the websites of mobile operators or even
through e-mail. Unfortunately, I won't break you
in telling that there's no perfect security, it
is only defined by the level of sophisticated
technical arms of malefactors.
http://www.crime-research.org/news/19.08.2004/572/
- - - - - - - - - -
Who guards your company email?
Unless IT and HR work together, the security gap
will not close. Each week vnunet.com asks a
different expert to give their views on recent
security issues, with advice, warnings and
information on the latest threats. This week
Kevin Butler, technical manager at Allasso,
stresses the importance of IT and HR working
together to control the use of email at work.
http://www.vnunet.com/news/1157458
- - - - - - - - - -
Okay this struck me funny :-)

Database snafu puts US Senator on terror watch list
US Senator Ted Kennedy (Democrat, Massachusetts)
was prohibited from flying because his name sparked
a terror alert, the Associated Press reports.
Apparently, the Senator's name came up on a terrorist
watch list, or no-fly list, while attempting to board
a US Airways shuttle out of Washington. A vigilant
airline clerk refused to allow Kennedy to board.
After numerous phone calls, the Senator did manage
to get home to Boston, but the same comedy ensued
as he attempted to return to Washington, the wire
service says.
http://www.theregister.co.uk/2004/08/19/senator_on_terror_watch/

-- 
http://www.sbslinks.com/really.htm

• Previous message: Gary Karasik: "Re: Problem with PcAnywhere 11.0 on SBS 4.5"
• Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: <<SBS news this week - August 20, 2004>>"
• Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: <<SBS news this week - August 20, 2004>>"
• Messages sorted by: [ date ] [ thread ]