Re: << SBS News of the week - Sept 26 >>
From: Cris Hanna \(SBS-MVP\) (crishannanospam_at_computingpossibilities.net)
Date: 09/29/04
- Next message: Jeff L: "Re: Web Mail problem"
- Previous message: Jeff L: "Re: New Server, installing Transition Pack"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Community Rocks: "<< SBS News of the week - Sept 26 >>"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Sep 2004 21:53:48 -0500
rtf
-- CRIS HANNA SBS-MVP -------------------------------------------------------- Please do not respond to me directly by email but only in the newsgroups so that all can benefit from the information "Susan Bradley, CPA aka Ebitz - SBS Community Rocks" <sbradcpa@pacbell.net> wrote in message news:uPl8m%23EpEHA.3988@tk2msftngp13.phx.gbl... > > Jeanne is moving up the USA coast and Kevin still writes a song > news://msnews.microsoft.com/e$IzgfqoEHA.3464@TK2MSFTNGP14.phx.gbl > -------------------------------- > > Harry Brelsford's September 2004 SMB Technology Watch Newsletter: > http://www.smbnation.com/newsletter/Issue4-3-September2004.htm > > -------------------------- > We have a new fix to allow workstations to roll out SP2 automagically > http://msmvps.com/cgross/archive/2004/09/24/14251.aspx > Chad points to the new update that allows workstations to get sp2 rather > than sp1 when they /connectcomputer to the server > And he points to the info you need to put the file on the server in the > right place: > Preparing XP SP2 for deployment on SBS 2003: > http://msmvps.com/cgross/archive/2004/09/26/14393.aspx > ----------------------------- > Introducing the Microsoft Exchange Best Practices Analyzer Tool: > http://blogs.msdn.com/exchange/archive/2004/09/21/232516.aspx > > Hi folks, > > We just released an update to the rules. If you have Internet > connectivity from your workstation, then the tool should auto-detect the > update and prompt you to download. If you're working in a closed > environment, or the tool doesn't manage to detect the update, then you > can download and apply the "Web Update Pack" from > http://www.microsoft.com/downloads/details.aspx?FamilyID=4f2f1339-cbcd-4d26-9174-f30c10d7ec4c. > Simply extract the files to your installation folder (usually, > C:\Program Files\ExBPA). Within a short period of time we'll also have a > link to the Web Update Pack from our main > http://www.microsoft.com/exchange/exbpa">http://www.microsoft.com/exchange/exbpa > page. > > If you want to double-check if the update is applied, then click the > "About..." link in the left-hand navigator when the tool is open. You'll > see two version numbers ...the first is 1.0.7408.1 ...this is the > version of the main binaries. The second version number is what we call > the "ConfigVersion". You'll see one of the following: > > 1.5.4.0 = You're running the rules as shipped in the original MSI package > 1.5.5.1 = You're running the rules update that we posted a few days ago > 1.5.6.1 = You're running the very latest rules available > > These latest rules include some refinements that we made in response to > the postings on the newsgroup and the blogs that we're monitoring. > > Please keep the feedback coming! Through your help we can further refine > the rules and documentation so that you see only the issues which are > relevant for you. > > -- > Paul Bowden > Program Manager > Exchange Server Best Practices Analyzer > http://www.microsoft.com/exchange/exbpa > > ----------------------------- > > Speaking of blogs... > > If you've found a really good SBS blog or SBS related blog > Please forward the link > > I've just started to list them on www.sbslinks.com > > -------------------------- > KB's of interest > 875422 - "The wizard cannot set the DHCP scope options" error message > when you run the Configure E-mail and Internet Connection Wizard in > Windows Small Business Server 2003: > http://support.microsoft.com/?kbid=875422 > 873434 - The Exchange Intelligent Message Filter does not scan e-mail > messages on your Exchange Server 2003 computer: > http://support.microsoft.com/?kbid=873434 > ----------------------------- > An email from Scott Schnell: > http://msmvps.com/bradley/archive/2004/09/23/14182.aspx > > Did everyone check this out? > --------------------------- > This is so off topic it's not funny but ... hey > Amazon.com: DVD: Star Wars Trilogy (Widescreen Edition): > http://www.amazon.com/exec/obidos/tg/detail/-/B00003CXCT/qid=1096259172/sr=8-1/ref=pd_csp_1/102-0165151-4936941?v=glance&s=dvd&n=507846 > > The Star Wars DVD is out > Star Wars: Episode IV | Star Wars Trilogy on DVD: > http://www.starwars.com/episode-iv/trilogy_dvd.html > Star Wars: Community | Wallpaper: > http://www.starwars.com/community/downloads/wallpaper/ > > ------------------------ > > Are you patching for GPIplus? > UPDATE: Microsoft JPEG Image Processing Overflow (MS04-028) > > Description: Multiple exploits and a toolkit (posted on the th-research > mailing list) that create specially crafted JPEG files are now > available. Viewing such JPEG files using Internet Explorer, Outlook, > Word etc., results in the execution of arbitrary code. Some security > analysts predict the outbreak of an email virus exploiting the JPEG > vulnerability by the end of this month. > > Council Site Actions: All of the council sites have either patched the > systems, are in the process of patching the systems (or testing the > patches) or plan to patch in the near future. In addition, one site is > working with their network staff to enable appropriate IPS-like filters > at the network perimeter. Another site reported they were hit with this > attack and have taken steps to block it (details not provided). > > References: > Various Exploits > http://www.securiteam.com/exploits/5EP0M0KE0W.html > (Opens a command shell) > http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0819.html > (Adds an administrator) > http://www.securityfocus.com/archive/1/376320/2004-09-23/2004-09-29/0 > (Binds a remote command shell or opens a reverse command shell) > SANS GDI Detection Tool > http://isc.sans.org/gdiscan.php > Previous @RISK Newsletter Posting > http://www.sans.org/newsletters/risk/vol3_37.php (Item #1) > 3) CRITICAL: Symantec Firewall/VPN Default SNMP Community String > Affected: > Symantec Firewall/VPN Appliance 100, 200/200R (firmware builds prior to > build 1.63) > Symantec Gateway Security 320, 360/360R (firmware builds prior to build 622) > > Macromedia is not affected > http://www.macromedia.com/devnet/security/security_zone/mpsb04-07.html > > ------------------------------- > Description: The Symantec Firewall/VPN and the Gateway Security > appliances are designed to protect small business networks. These > appliances use "public" as the default read/write community string for > the SNMP service. In addition, the appliances do not perform sufficient > checks on the UDP packets with the source port set to 53 i.e. a DNS > response. An attacker can exploit these flaws in tandem via specially > crafted SNMP "GET" or "SET" requests with a source port of 53. Such > crafted requests may permit the attacker to make arbitrary changes to > the firewall configuration, thereby putting the entire network protected > by the firewall at risk. Note that the firewall administrator can > neither disable the SNMP service nor change the default SNMP community > string. > > Status: Symantec confirmed. Firmware updates are available for all the > affected products. The updates also fix a denial of service attack > vulnerability that can be triggered by performing a UDP scan on the > firewall appliances. > > Council Site Actions: The affected software is not in production or > widespread use at any of the council sites. They reported that no action > was necessary. > > References: > Posting by Mike Sues > http://www.securityfocus.com/archive/1/376029/2004-09-20/2004-09-26/0 > Symantec Advisory > http://www.sarc.com/avcenter/security/Content/2004.09.22.html > Product Homepage > http://www.symantec.com/smallbiz/gtw/ > SecurityFocus BID > http://www.securityfocus.com/bid/11237 > > > > **************************************************************** > > HIGH: Alt-N MDaemon Multiple Buffer Overflows > Affected: MDaemon version 6.5.1 > > Description: The MDaemon SMTP and IMAP server contain multiple buffer > overflows. The flaws in the SMTP server can be triggered by sending > overlong arguments to the "SAML", "SOML", "SEND" or "MAIL" commands, and > the flaw in the IMAP server can be triggered by an overlong argument to > the "LIST" command. The flaws may be possibly exploited to execute > arbitrary code with "SYSTEM" privileges on the Windows server running > the MDaemon software. Whereas an attacker needs authentication > privileges to exploit the flaw in the IMAP server, depending on the > configuration, the flaws in the SMTP server may be exploited by an > unauthenticated attacker. The proof-of-concept exploit code has been > publicly posted. > > Status: Vendor not confirmed, no updates available. > > Council Site Actions: The affected software is not in production or > widespread use at any of the council sites. They reported that no action > was necessary. > > References: > Posting by pigrelax > http://www.securityfocus.com/archive/1/376082/2004-09-20/2004-09-26/0 > Proof-of-concept Exploit Code > http://www.securitylab.ru/48146.html > http://www.securitylab.ru/_Exploits/2004/09/mdaemon_rcpt.c > http://www.securitylab.ru/_Exploits/2004/09/mdaemon_imap.c > Product Homepage > http://www.altn.com/products/default.asp?product%5Fid=MDaemon > SecurityFocus BID > http://www.securityfocus.com/bid/11238 > > --------------------------------- > In other news > A man admits hacking into computers of high tech company > According to the Plea Agreement, Mr. Erfurt admitted > that, on January 23 and 24, 2003, he hacked into the > computer system of MESC by using a computer from his > workplace at a separate company in Irvine, California. > Mr. Erfurt had previously served as the Information > Technology Manager and then as Network Manager for > MESC. After gaining unauthorized access to MESC's > computer system, Mr. Erfurt admitted that he > downloaded a proprietary database, read the e-mail > account of the company president, and deleted > data from the servers. > http://www.crime-research.org/news/24.09.2004/646/ > - - - - - - - - - - > Four Los Alamos lab workers fired over security, safety lapses > Four laboratory workers were fired from their > jobs at the Los Alamos National Laboratory because > of their roles in several recent security and safety > incidents in the facility. One other worker resigned > in lieu of being fired, while seven other workers > faced disciplinary actions, including demotions, > pay cuts and suspensions or reprimands, according > to Kevin Roark, a spokesman for the New Mexico- > based facility. Another 10 workers who were under > investigation in connection with the problems have > returned to their jobs after being cleared of > wrongdoing, according to Roark. One employee > remains on paid leave. > http://computerworld.com/securitytopics/security/story/0,10801,96169,00.html > - - - - - - - - - - > Hackers use Google to access photocopiers > Making copies of something important? Photocopiers > are the latest networked devices to fall prey > to hackers armed with nothing more than Google's > search engine. Hackers are using search engines > to watch what people photocopy. Using Google hacks > -- requests typed into the search engine that bring > up cached information on networks -- hackers are > discovering and using login details for networked > photocopiers so they can watch what is being copied. > http://news.zdnet.co.uk/internet/security/0,39020375,39167848,00.htm > - - - - - - - - - - > FDIC warns consumers on e-mail scams > Banking agency warns of 'phish' schemes. The FDIC > Friday issued an alert about an increasingly common > e-mail scam designed to steal personal information > and money from millions of unwary consumers. The > Federal Deposit Insurance Corp. (FDIC), perhaps > best known as an insurer of bank deposits, issued > its warning about so-called "phishing" eight months > after criminals began misappropriating its name > and reputation to perpetrate e-mail fraud. > http://msnbc.msn.com/id/6091951/ > > Invasion of the identity snatchers > http://www.theregister.co.uk/2004/09/24/identity_snatchers/ > Credit card leaks continue at furious pace > http://msnbc.msn.com/id/6030057/ > - - - - - - - - - - > Speedy cybersecurity legislation killed by turbulence > An attempt by House Republican leaders to > strengthen the Office of Management and Budget’s > role in cybersecurity was withdrawn late Thursday > after industry and government officials voiced > their opposition to the provision in legislation > overhauling the U.S. intelligence community. Media > reports this week had described the legislation > as shifting responsibility for cybersecurity from > the Homeland Security Department to the Office of > Management and Budget. But David Marin, spokesman > for Rep. Tom Davis (R-Va.), chairman of the House > Government Reform Committee, disputed that. > http://www.gcn.com/vol1_no1/daily-updates/27449-1.html > - - - - - - - - - - > Piracy cut back by compliance laws > Having to fit in with new laws is keeping big businesses > in line when it comes to counterfeit software - but their > smaller counterparts are still a problem. New compliance > and accounting regulations are helping to drive down the > number of firms who use unlicensed and counterfeit > software, according to Microsoft. > http://news.zdnet.co.uk/business/legal/0,39020651,39167738,00.htm > - - - - - - - - - - > Virus writers hit home PCs as companies get tough > Stronger corporate defences make poorly protected > home users easier targets. Virus writers are > increasingly targeting poorly protected home > PCs because company defences are proving too much > of a challenge. Vincent Gullotto, vice president > of the Anti-Virus Emergency Response Team (Avert) > at security company McAfee, said recent attacks > have ignored corporate networks and aimed for > the home user instead. > http://www.vnunet.com/news/1158338 > > JPEG File Flaw Prompts New Wave of Attacks > http://www.newsfactor.com/story.xhtml?story_title=JPEG-File-Flaw-Prompts-New-Wave-of-Attacks&story_id=27175 > - - - - - - - - - - > MS fires armour-piercing suit at 'bullet-proof' spam host > Microsoft has fired off nine new lawsuits against > spammers including an action against a web > hosting firm that allegedly offered so-called > "bullet proof" hosting to junk mailers. National > Online Sales and its owner Levon Gillespie are > jointly accused of offering a "safe haven" for > purveyors of get-rich-quick schemes and penis > enlargement rackets. The case was filed in > Washington State's King County Superior Court. > http://www.theregister.co.uk/2004/09/24/ms_anti-spam_lawsuit/ > http://money.cnn.com/2004/09/23/technology/msftspam.reut/index.htm > > Sender ID dealt killer blow > http://news.zdnet.co.uk/software/applications/0,39020384,39167720,00.htm > - - - - - - - - - - > Symantec Warns of Firewall Weakness > Symantec says it has identified security flaws in > several of its firewall and gateway products that > could leave networks vulnerable to denial-of-service > attacks. The security company has issued firmware > upgrades to close the loopholes. > http://www.newsfactor.com/story.xhtml?story_title=Symantec-Warns-of-Firewall-Weakness&story_id=27185 > - - - - - - - - - - > When they start making Sponge Bob Square Pants Secure ID tokens... we're > in trouble :-) > > VeriSign creates kid credentials > VeriSign and a children's safety group has unveiled > a new technology designed to make it easier for > children to avoid child predators online. The i-Stik > token, inserted in a computer's USB port, provides > verification of a child's age and gender. Chatroom > lurkers who can't prove their age will stick out > like sore thumbs as more kids adopt the tokens, > backers said. > http://news.zdnet.com/2100-1009_22-5380589.html > - - - - - - - - - - > So what is it about Win2k security MS won't enhance? > If you want the 'security enhancements' of Windows XP > SP2 but you're running an earlier version of Windows, > then you're going to have to upgrade, Microsoft has > been confirming to the public prints this week. Despite > this being highly significant for the many companies > still running Windows 2000, Microsoft has been > confirming it pretty quietly - CNET and Microsoft > Watch both seem to have been given statements on > demand, and Redmond does not yet seem to be exactly > bulging with detail on the subject. > http://www.theregister.co.uk/2004/09/24/no_sp2_fixes_for_old_windows/ > > > > > > > > -- > http://www.sbslinks.com/really.htm > http://www.msmvps.com/bradley > https://www.ecora.com/ecora/jump/pm99.asp
- Next message: Jeff L: "Re: Web Mail problem"
- Previous message: Jeff L: "Re: New Server, installing Transition Pack"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Community Rocks: "<< SBS News of the week - Sept 26 >>"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
