Re: <<SBS news this week - August 20, 2004>>

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 08/25/04 

Date: Wed, 25 Aug 2004 14:54:13 -0700

rtf

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
> Kevin's song of the week [a classic]
> news://msnews.microsoft.com/ukCcLj3hEHA.356@tk2msftngp13.phx.gbl
> -------------
>
> SHAMELESS PLUG
> -------------
> TIME IS RUNNING OUT!
> http://www.smbnation.com
> Sept 9-13
> http://www.smbnation.com/schedule.htm
>
> Choose the business track or the tech track. Also there is rumors that
> there will be a audio mp3s available for purchase afterwards.
> Now granted, I'm biased because I'm speaking there, but honestly, when
> you have a chance to meet up with your fellow IT pros that work in the
> same marketplace you do, put faces with email addresses and just ooze
> geek stuff for days without anyone rolling their eyes, it's a treat.
> ---------------
>
> XP sp2
> Remember it's hitting the AU on August 25
> I used Shavlik to push out to the fleet on Friday night and did a
> "staggered" push to a few workstation at a time. So far my only issue
> has been with a laptop that had two copies of AOL on there [and I think
> the funky dialer toasted the tcp/ip stack. Other than that, no other
> issues.
> -------------
> Should I wait until my vendors approve SP2?
> I've seen several articles about vendors saying "we haven't tested for
> SP2" and while there were some modifications post RC2, I've found that
> all of my applications work just fine
>
> My take? Don't wait for the vendors to "sign off" on this. Do your own
> testing, contact your clients and arrange for time to roll out this
> service pack.
> ------------
> Quickbooks blog talks about the changes
> http://quickbooks_online_blog.typepad.com/blogmain/2004/08/xp_sp2.html
> -----------
>
> John Eddy [at one time a SBS MVP lead and now newsgroup administrator]
> Asks how can Microsoft improve newsgroups?
> http://blogs.msdn.com/mscommunity/archive/2004/08/18/216709.aspx
>
> --------------
> Interesting post on why Dana Epp, Security Guru is interested in SBS 2003
> http://silverstr.ufies.org/blog/archives/000674.html
>
> ---------------
> In other news...
> - - - - - - - - - -
> Possible security breach seen at AOL
> America Online Inc. is acknowledging an "issue"
> that allowed some of its members to gain access
> to online financial portfolios of other members.
> But the Internet service provider downplayed the
> incident, saying no personal identifying information
> such as usernames or credit card numbers was ever
> compromised.
> http://computerworld.com/securitytopics/security/holes/story/0,10801,95394,00.html
>
> - - - - - - - - - -
> New Download.Ject worm variant appears
> Users who have not yet installed the three out-of-
> cycle patches contained in Microsoft Corp.'s July
> 30 security bulletin MS04-25 now have another reason
> to do so immediately. A new version of a worm called
> Download.Ject takes advantage of one of the flaws
> fixed by the patches and has begun circulating
> online, according to Thor Larholm, a researcher
> at PivX Solutions Inc. Like its predecessor,
> the new version of Dowload.Ject infects
> vulnerable systems with a Trojan horse
> and a keystroke logger.
> http://computerworld.com/securitytopics/security/story/0,10801,95387,00.html
>
> http://www.pcadvisor.co.uk/index.cfm?go=news.view&news=4084
> http://www.theregister.co.uk/2004/08/20/im_worm/
> - - - - - - - - - -
> Yahoo mail flaws fixed
> Yahoo fixed two flaws in its free mail system
> that could have allowed a malicious user to read
> a victim's browser cookies and change the appearance
> of some pages, Yahoo said on Thursday. A representative
> of the company said the flaws were fixed last month
> by making changes on the company's Yahoo Mail servers.
> http://news.zdnet.co.uk/internet/security/0,39020375,39164139,00.htm
> - - - - - - - - - -
> Faked voice mails tout stock in latest investor scam
> Investors are being told to be wary if they receive
> a friendly sounding voicemail from a female stranger
> offering a hot stock tip. It could be a new investor
> scam that hundreds of people have complained about
> recently. The Securities and Exchange Commission
> issued an investor alert on Friday, warning of the
> so-called ``wrong-number'' stock touts, which have
> reached home answering machines across the country.
> http://www.mercurynews.com/mld/mercurynews/business/technology/9454065.htm
> http://www.washingtonpost.com/wp-dyn/articles/A17061-2004Aug19.html
> - - - - - - - - - -
> Researchers spot XP SP2 security weakness
> Security researchers believe they have discovered
> a weakness in the new security given to Windows
> XP by the recently unveiled Service Pack 2 (SP2).
> Since XP SP2 was released, activists have been
> searching for weaknesses in the security-focused
> service pack. Microsoft yesterday dismissed claims
> by German researchers to already have discovered
> a flaw.
> http://www.vnunet.com/news/1157493
> http://zdnet.com.com/2100-1105_2-5318358.html
>
> Microsoft sends security update to home PCs
> Microsoft has started to send out its latest major
> security patch to home PCs — but some people won't
> get it for a while. The first computer owners to
> get Windows XP Service Pack 2 began receiving it
> on Wednesday night, Microsoft said. The update is
> being sent to people who have the automatic update
> feature turned on in the operating system. But it
> will take at least a few weeks to deliver the 80-
> plus megabyte patch to the installed user base,
> a company representative said on Thursday.
> http://www.globetechnology.com/servlet/story/RTGAM.20040820.gtpatchaug20/BNStory/Technology/
>
>
> SP2 trickles down to home PCs
> http://news.zdnet.co.uk/software/windows/0,39020396,39164136,00.htm
> Stumbling over SP2
> http://news.com.com/Stumbling+over+SP2/2010-1002_3-5316980.html
> - - - - - - - - - -
> Software Doesn't Break Laws...
> What do file-sharing companies and the National Rifle
> Association have in common? A common legal argument,
> that's what. The entertainment industry's multi-year
> legal war to stamp out illegal online file-sharing
> was dealt a major blow yesterday when a federal court
> said that two major peer-to-peer software firms can't
> be held liable for the copyright-infringing activities
> of their users.
> http://www.washingtonpost.com/wp-dyn/articles/A18302-2004Aug20.html
> http://www.siliconvalley.com/mld/siliconvalley/9449500.htm
> http://www.nytimes.com/2004/08/20/technology/20digital.html
> http://www.securityfocus.com/news/9374
> http://zdnet.com.com/2100-1104_2-5318335.html
>
> File-sharing firms get big court win
> http://www.mercurynews.com/mld/mercurynews/business/technology/9449460.htm
> Hackers enable iTunes swapping
> http://news.zdnet.co.uk/internet/security/0,39020375,39164137,00.htm
> - - - - - - - - - -
> Cell phones and kids: Do they mix?
> It wasn't so long ago that parents asked their teenagers
> to double-check that they had a quarter so they could
> call home, if need be. Then came cell phones. In 2000,
> just 5 percent of 13- to 17-year olds had cell phones.
> Today, 56 percent do, according to Linda Barrabee,
> wireless market analyst for The Yankee Group. Teens
> aren't just using their phones to talk. From rapid-fire
> "texting" to full-fledged Web browsing to videos and
> video games, cell phones have become portable computers.
> And that's opened up a whole new set of concerns.
> http://www.msnbc.msn.com/id/5671445/
> - - - - - - - - - -
> Cyberterrorism: concept, terms, counteraction
> Distribution of weapons of mass destruction,
> transnational organized crime, drug selling business
> and international terrorism are the principal threats
> to security of modern world taking into account
> present-day conditions. Due to its scales and
> abruptness nowadays terrorism turned into one
> of the most dangerous social and moral problems
> that humanity faced in the 21 century.
> http://www.crime-research.org/articles/579/
> - - - - - - - - - -
> Should your provider block access to websites containing child porn?
> Polls held in European countries show that lately,
> so many paedophilia-related scandals have shaken
> Europe that most citizens vote for toughening
> penalties for juvenile molesters, However, in
> opinion of experts, paedophiles earn on scenes
> with violence and killings more than 3bn EUR
> in Europe. According to the Interpol, main
> suppliers of such materials are Taiwan,
> Vietnam, Ukraine and Russia.
> http://www.crime-research.org/news/20.08.2004/573/
> - - - - - - - - - -
> Opinion: Cryptanalysis of MD5 and SHA: Time for a new standard
> At the Crypto 2004 conference in Santa Barbara,
> Calif., this week, researchers announced several
> weaknesses in common hash functions. These results,
> while mathematically significant, aren't cause for
> alarm. But even so, it's probably time for the
> cryptography community to get together and create
> a new hash standard.
> http://computerworld.com/securitytopics/security/story/0,,95343,00.html
> - - - - - - - - - -
> What to expect from Microsoft's NGSCB plan
> Microsoft Corp. said that it was retinkering with
> its Next Generation Secure Computing Base (NGSCB),
> originally announced in 2002 with the code name
> Palladium. This step was taken in response to
> demands from users and software vendors that
> existing applications could take advantage
> of the security functions offered by the
> NGSCB platform without having to rewrite them.
> http://computerworld.com/securitytopics/security/story/0,,95294,00.html
> - - - - - - - - - -
> NIST makes lists
> A program that experts have said is the missing
> piece in federal efforts to promote secure computing
> will be ready later this year. Officials at the
> National Institute of Standards and Technology
> announced that a security configuration checklists
> program for information technology products,
> including a logo that vendors can put on their
> wares, is on track for completion before the
> end of 2004.
> http://www.fcw.com/fcw/articles/2004/0816/web-nist-08-19-04.asp
>
> Report urges defense to help with domestic technologies
> http://www.govexec.com/dailyfed/0804/081904tdpm1.htm
> - - - - - - - - - -
> Cisco flaw opens networks to attacks
> Cisco has warned in a security advisory that some
> networks with its routers could be vulnerable to
> denial-of-service attacks. The problem is in the
> processing of packets sent to a Cisco router that
> has been configured for the Open Shortest Path
> First (OSPF) protocol, the company said in a
> security advisory released Wednesday. If the router
> receives a malformed packet, it will take a while
> to reset. Attackers could flood networks with
> packets that cause routers to constantly reboot.
> The flaw is limited to versions 12.0S, 12.2 and
> 12.3 of Cisco's Internetwork Operating System
> routing software.
> http://news.com.com/Cisco+flaw+opens+networks+to+attacks/2100-7355_3-5316500.html
>
> http://news.zdnet.co.uk/internet/security/0,39020375,39164110,00.htm
> - - - - - - - - - -
> HP to deliver vulnerability scanning service by year's end
> Hewlett-Packard Co. plans to deliver a new
> security vulnerability scanning and remediation
> service by the end of the year that is designed
> to help companies identify and fix weak spots
> on their corporate networks, a senior company
> executive said this week.
> http://computerworld.com/securitytopics/security/story/0,10801,95361,00.html
>
> - - - - - - - - - -
> ---------------------
> Is it worth it? YES!
> ---------------------
>
> Is Upgrading to Windows XP SP2 Worthwhile?
> Users of Microsoft Windows XP Home Edition are
> scheduled to begin receiving Service Pack 2 via
> automatic update starting today. But delivery of
> the Professional Edition has been delayed at least
> a week while Microsoft and its users grapple with
> compatibility problems.
> http://www.newsfactor.com/story.xhtml?story_title=Is-Upgrading-to-Windows-XP-SP--Worthwhile-&story_id=26391
>
>
> Security Flaws Found in SP2
> http://www.pcworld.com/news/article/0,aid,117452,00.asp
> Microsoft downplays XP SP2 flaw claims
> http://www.vnunet.com/news/1157459
> -----------
> Word I am hearing is that this is not the big deal they are making
> -----------
>
> - - - - - - - - - -
> Number crunching boffins unearth crypto flaws
> Cryptographic researchers have discovered
> weaknesses in the encryption algorithms that
> underpin the security and integrity of electronic
> signatures. The issue concerns hash functions -
> one way mathematical functions that produce
> a small fixed length string from a much longer
> message. This is sometimes called a message
> digest. When two different input values produce
> the same output value this is called a collision.
> http://www.securityfocus.com/news/9363
> - - - - - - - - - -
>
> Valuing Secure Access to Personal Information
> Securing data is not a simple endeavor; a multi-
> discipline, defense-in-depth approach is necessary,
> as information can leak at any point in the
> communication process, from receipt, through
> storage, retrieval, transmission, and so on.
> Furthermore, each information system element
> is vulnerable to loss, including hardware,
> software, and personnel. Add to this the
> exceptional efforts made by those who want
> to acquire information through illicit means,
> whether for espionage, criminal, political,
> mischievous, or other intent...someone is always
> trying gain access to information they shouldn't
> have.
> http://www.securityfocus.com/infocus/1797
> - - - - - - - - - -
> Infected In Twenty Minutes
> What normally happens within twenty minutes?
> That's how long your average unprotected PC
> running Windows XP, fresh out of the box, will
> last once it's connected to the Internet. It's
> interesting to ponder just how much time - in
> hours, in minutes, sometimes in mere seconds -
> it takes for a disaster to occur. The space
> shuttle Challenger exploded 73 seconds after
> liftoff in 1986.
> http://www.securityfocus.com/columnists/262
> http://www.vnunet.com/news/1157428
> - - - - - - - - - -
> SMS spoofing -- How long has it existed?
> This kind of high tech felony exists for
> a relatively short time. It is a "new lingo in
> cybercrime". But it might have a horrifying future.
> How is the spoofing carried out? What does an
> individual need? SMS spoofing became possible
> after many mobile/cellular operators had integrated
> their network communications with/in the Internet.
> So anybody could send SMS from the Internet using
> forms at the websites of mobile operators or even
> through e-mail. Unfortunately, I won't break you
> in telling that there's no perfect security, it
> is only defined by the level of sophisticated
> technical arms of malefactors.
> http://www.crime-research.org/news/19.08.2004/572/
> - - - - - - - - - -
> Who guards your company email?
> Unless IT and HR work together, the security gap
> will not close. Each week vnunet.com asks a
> different expert to give their views on recent
> security issues, with advice, warnings and
> information on the latest threats. This week
> Kevin Butler, technical manager at Allasso,
> stresses the importance of IT and HR working
> together to control the use of email at work.
> http://www.vnunet.com/news/1157458
> - - - - - - - - - -
> Okay this struck me funny :-)
>
> Database snafu puts US Senator on terror watch list
> US Senator Ted Kennedy (Democrat, Massachusetts)
> was prohibited from flying because his name sparked
> a terror alert, the Associated Press reports.
> Apparently, the Senator's name came up on a terrorist
> watch list, or no-fly list, while attempting to board
> a US Airways shuttle out of Washington. A vigilant
> airline clerk refused to allow Kennedy to board.
> After numerous phone calls, the Senator did manage
> to get home to Boston, but the same comedy ensued
> as he attempted to return to Washington, the wire
> service says.
> http://www.theregister.co.uk/2004/08/19/senator_on_terror_watch/
>
>
>
>
> 

-- 
http://www.sbslinks.com/really.htm

Relevant Pages