Kevin's song of the week....
news://msnews.microsoft.com/unaz3MfXDHA.888%40TK2MSFTNGP10.phx.gbl
A definite classic
--------------------------------
Never forget.... a single exhaust port hit by a targeted blast brought
down a Death Star.
All it takes is one weak link.....Plug those weaknesses and patch
http://www.bridgescore.de/alien/site4/starwars.html
[don't blame me Star Wars was on TV this afternoon]
EVERYONE PATCH FOR 03-026
Microsoft Security Bulletin MS03-026:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp?frame=true
Can be done via Windows update, shut down Exchange prior to patching
!!!IMPORTANT!!!!
READ THIS SECTION IF YOU ARE STILL ON SBS 4.5
UNCHECK THE 03-029 PATCH
DO NOT INSTALL THIS TO YOUR SBS 4.5 BOX AS IT WILL BREAK RRAS. CALL
MICROSOFT FOR AN UPDATED PATCH [THIS IS A FREE CALL]
Contact Microsoft PSS on your local regional number US (800) 936-4900 or
UK (0870) 60 10 100. Other regional points of contact can be found by
browsing to the following address and entering your specific country.
International Support:
http://support.microsoft.com/common/international.aspx?gssnb=1
-------------------------------
Just a reminder
microsoft.public.backoffice.smallbiz2000 - SBS2k group
microsoft.public.backoffice.smallbiz - SBS 4.5 group
microsoft.public.windows.server.sbs - SBS2k3 RC group
-------------------------------
Isa Server tools from Jim Harrison
http://www.isatools.org/Middle.htm
------------------------------
Want to do a remote query of Event logs?
Grab a copy of this month's Win Net mag for Mark Minasi's article on
pulling a
remote query in Win2k3
Microsoft Windows XP - Eventquery.vbs:
http://www.microsoft.com/TechNet/prodtechnol/winxppro/proddocs/eventquery.asp?frame=true
/s systemname /u username /p password option are needed for remote
system
eventquery /L security /s remotepc /u jane /p password
-----------------------------
SMB-Nation SBS Conference!
Visit the SMB Nation site at www.smbnation.com for details and online
registration. You may also register via telephone at: Domestic USA
1-800-461-1931, International 1-800-688-4890
FREE Advanced SBS Workshops in USA
Here is the current list of cities where SBS author Harry Brelsford will
be presenting a free 2-hour Advanced SBS Workshop. This is a lecture
format similar to a Microsoft TS2 event but in-depth SBS content. This
workshop has already been presented in 15 USA cities in 2003!
Lecture topics include SBS-specific security matters, advanced Microsoft
Exchange functionality, and advanced SBS administration. It is
recommended you bring a copy of "Small Business Server 2000 Best
Practices" to the event for reference (please purchase in advance from
book resellers as book copies will not be sold at event).
Advanced Small Business Server 2000 Workshops
(2-hours, 7pm-9pm, FREE)
JULY 2003
Portland, OR 7-17-03
AUGUST 2003
Chicago, IL 8-20-03
Cleveland, OH 8-21-03
Columbus, OH 8-22-03
Dayton, OH 8-23-03* (read important note below for this
event)
Indianapolis, IN 8-24-03
END OF TOUR!
* This is part of ComputerFest (www.computerfest.com) and will be
presented at 2pm (Saturday). Note that ComputerFest has a modest two-day
admission charge you will need to pay: $10.00. Details at:
http://www.computerfest.com/tickets-home.shtml
To register, send e-mail to rsvp@nethealthmon.com and
put a city name from the above list in the e-mail Subject line.
---------------------------
I've got one workstation that I need to do this on
822798 - You Cannot Install Updates or You Are Prompted to Install
Updates That You Have Already Installed:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q822798
------------------------------
The Kinko's Caper: Burglary by Modem
ON a steamy summer day, the 16-story apartment building
on Kissena Boulevard in Flushing, Queens, hardly looks
like a place where Secret Service agents would show up
with a search warrant, and later for an arrest. Women
trudge from the bustling markets just two blocks away,
children and bags in tow; elderly couples sun themselves
on park benches. Nothing about the quiet, neatly kept
grounds suggests a crime scene.
http://www.nytimes.com/2003/08/07/technology/circuits/07kink.html?th
http://www.iht.com/articles/105567.html
- - - - - - - - - -
Microsoft fends off web worms
Two separate alerts have been issued this week about
a new computer worm that exploits a flaw in Microsoft's
Internet Explorer web browser. In a security bulletin
on its website, Microsoft warns of a mass mailer worm
dubbed W32/Mimail@MM or W32/Mimail.A@MM that spreads
through e-mail if recipients open an attached zip file
and then open the html file inside it. Internet security
specialist Symantec Security Response is analysing the
new worm and has listed it on its site with a rating
of three, indicating that it is a moderate risk.
http://www.stuff.co.nz/stuff/0,2106,2604463a28,00.html
- - - - - - - - - -
OMB guides agencies to meet IT security law
The Office of Management and Budget yesterday set
guidelines for agencies to report their progress
in securing IT systems. In a letter to agency
executives, OMB director Joshua Bolten outlined
how agencies should implement the Federal
Information Security Management Act, which became
law as a provision in the E-Government Act of 2002
last December. OMB detailed steps in four sections
of the memo that agency CIOs and inspectors general
must follow in evaluating IT security. These sections
include changes introduced by FISMA, reporting
instructions, quarterly plans and performance
updates, and definitions in law and policy in
the guidance.
http://www.gcn.com/vol1_no1/daily-updates/23078-1.html
- - - - - - - - - -
Government IT Review
E-Gov Czar Heading for Exit; Linux Might Get More
Expensive; Florida's Super Spy Program; and More
Gov't IT Headlines... The Bush Administration's
e-government czar, Mark Forman, is leaving his
post at the Office of Management and Budget for
an undisclosed job in the private sector.
http://www.washingtonpost.com/wp-dyn/articles/A28641-2003Aug7.html
------------------------------
Oh good...another abbreviation besides GLB and HIPAA...get ready for
FISMA
"FISMA introduces a statutory definition for information security. This
definition is not substantively different than that used in current OMB
and agency policies or NIST guidelines. Therefore, this new definition
does not require changes to current policies or programs. It reads: ?The
term ?information security? means protecting information and information
systems from unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide ? (A) integrity, which
means guarding against improper information modification or destruction,
and includes ensuring information nonrepudiation and authenticity; (B)
confidentiality, which means preserving authorized restrictions on
access and disclosure, including means for protecting personal privacy
and proprietary information; and (C) availability, which means ensuring
timely and reliable access to and use of information.?
http://www.whitehouse.gov/omb/memoranda/m03-19.pdf
- - - - - - - - - -
In the trenches of the ?spam wars?
Spam is an ever-increasing annoyance for consumers,
but it is far more than that for those serving on the
front lines of the bruising battle over junk e-mail
and ? some would say ? the future of the Internet.
For them, it also is the root of the hardball legal
tactics, hacking, harassment and death threats that
are the hazards of their chosen vocation.
http://www.msnbc.com/news/945559.asp
- - - - - - - - - -
The perils of sharing files online
In the midst of proposals that would impose criminal
penalties for distribution of copyrighted files through
peer-to-peer networks without authorization and proposed
legislation that would require consent from computer
users before spyware could monitor their movements on
the Internet, the Federal Trade Commission (FTC) has
issued a recent consumer alert cautioning consumers
about the risks of file sharing and spyware. At the
same time, the FTC provides prudent suggestions
as to how to minimize these risks.
http://www.usatoday.com/tech/columnist/ericjsinrod/2003-08-06-sinrod_x.htm
- - - - - - - - - -
Know your security onions
Each week vnunet.com asks a different expert to
give their views on recent virus and security issues,
with advice, warnings and information on the latest
threats. This week Steve Brown, managing director
of Novell UK, recommends the multiple, overlapping
layers of the 'onion' approach to cyber-security.
http://www.vnunet.com/News/1142875
Time running out to manage security
http://www.itweb.co.za/sections/internet/2003/0308070700.asp?O=FPT
Security flaws under the microscope
http://computerworld.com/securitytopics/security/story/0,10801,83811,00.html
- - - - - - - - - -
Hacking hit-list to highlight security flaws
Security experts Qualys have put together a list
of the top ten computer security priorities -
vulnerabilities in computer systems that can be
used by hackers. The list, which will be updated
in real time, can be found at www.qualys.com/RV10.
It was launched at the start of the month and is
based on the company's QualysGuard Web Service
Architecture. The RV10scan will be continually
recompiled from - in the words of Qualys - 'a
statistically representative sample, including
thousands of networks'.
http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=45679
- - - - - - - - - -
Memory sticks are the latest security risk
Memory sticks have been branded as the latest security
risk by security firm SecureWave, whose intrusion
prevention technology can be used to control the
use of the popular devices in corporate environments.
The alleged risk here is that "many organisations run
the risk of viruses and unauthorised software entering
the network, as well as confidential data being
removed through these small, yet powerful desktop
devices."
http://www.theregister.co.uk/content/55/32200.html
See you on the wires!
--
"Don't lose sight of security. Security is a state of being, not a
state of budget. He with the most firewalls still does not win.
Put down that honeypot and keep up to date on your patches. Demand
better security from vendors and hold them responsible. Use what
you have, and make sure you know how to use it properly and
effectively."
~ Rain Forest Puppy
http://www.wiretrip.net/rfp/txt/evolution.txt