Kevin's song of the week
news://msnews.microsoft.com/O3d95boZEHA.2944@TK2MSFTNGP11.phx.gbl
---------------
This week is patch week - look our for Tuesday's Security bulletins
-----------------
David Barnes posted to my blog this list of patch install steps... So
what do you do to install SBS ?
http://msmvps.com/bradley/archive/2004/07/10/9904.aspx#FeedBack
------------------
Exchange
843363 - List of bugs that are fixed in Exchange Server 2003 Service
Pack 1:
http://support.microsoft.com/?kbid=843363
841995 - The Always-up-to-date Notifications feature may not work with
mobile devices in Exchange Server 2003 SP1:
http://support.microsoft.com/?kbid=841995
867628 - Monitoring programs report that the Store.exe process consumes
additional memory after you install Exchange Server 2003 SP1:
http://support.microsoft.com/?kbid=867628
867626 - New error correcting code is included in Exchange Server 2003 SP1:
http://support.microsoft.com/?kbid=867626
Small Business Server
840685 - An event ID 1000 error message is logged to the application
event log when you restart Windows Small Business Server 2003:
http://support.microsoft.com/?kbid=840685
827601 - Cannot send external mail when your smart host server is
different from the ISP server where your e-mail is stored in Windows
Small Business Server 2003:
http://support.microsoft.com/?kbid=827601
838429 - The "My Company's Internal Web Site" link on the default Web
site Welcome page does not work when you connect to the site over the
Internet in Windows SBS 2003:
http://support.microsoft.com/?kbid=838429
838431 - You receive an error message when you try to join your computer
to a Windows Small Business Server 2003 domain:
http://support.microsoft.com/?kbid=838431
842612 - You receive a "403 Forbidden" message when you try to connect
to a Web site that is on Small Business Server 2003:
http://support.microsoft.com/?kbid=842612
836413 - You receive an "unexpected error occurred" error message when
you try to access resources on a Windows-based network from your
Macintosh computer:
http://support.microsoft.com/?kbid=836413
837365 - You cannot expand the public folders list in Exchange System
Manager on a Windows Small Business Server 2003-based computer:
http://support.microsoft.com/?kbid=837365
--------------------
SBS once again talked about at the WWPC
--------------------
CRN | Ringing Up Partner Profits:
http://www.crn.com/sections/coverstory/coverstory.jhtml?articleId=22104657
-------------------
Ballmers memo to the troops
http://www.fortune.com/fortune/print/0,15935,661919,00.html
--------------------
CRN | Microsoft Rethinks Customer Segmentation:
http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=22104737
---------------------
Okay so how soon before a bobble head shows up on Ebay?
MICROSOFT Tries To Buddy Up To ISVs
Information Week - USA
... To entice its employees to participate in the program, Microsoft is
handing out bobble-head dolls of senior VP Eric Rudder, the executive
in charge of the ...
<http://www.informationweek.com/story/showArticle.jhtml?articleID=22104671>
In other news
- - - - - - - - - -
Feds drag feet on cybersecurity, officials say
Business and government representatives teamed up
in March to recommend steps to reduce the nation's
vulnerability to cyberattacks. But they say they
have yet to receive a response from the U.S.
Department of Homeland Security, and wonder what
is causing the delay. "There has been a 'pregnant
pause' waiting for a response," says Rick White,
CEO of TechNet, a technology industry trade group
and co-sponsor of a December 2003 summit to develop
an action plan.
http://computerworld.com/securitytopics/security/story/0,10801,94391,00.html
- - - - - - - - - -
Security hole found in Mozilla browser
update Developers at the open-source Mozilla
Foundation have confirmed that the latest version
of their Web browsers have a security flaw that
could allows attackers to run existing programs
on the Windows XP operating system. The flaw,
known as the "shell" exploit, was publicized
Wednesday on a security mailing list, along with
a link to a fix for the problem. Updated versions
of the affected software programs, which include
the Mozilla, Firefox and Thunderbird browsers,
have been released.
http://news.com.com/Security+hole+found+in+Mozilla+browser/2100-1002_3-5262676.html
- - - - - - - - - -
Cybsecurity research underfunded, executives say
The National Science Foundation can only fund a
subset of the research proposals it receives on
ways to better IT system security, an NSF official
said at a House technology subcommittee hearing.
?There are good ideas in the cybersecurity area
that we?re simply not able to fund,? Peter Freeman,
assistant director of NSF?s computer and information
science and engineering directorate, said at
yesterday?s hearing.
http://www.gcn.com/vol1_no1/daily-updates/26526-1.html
- - - - - - - - - -
Web app vulnerabilities on the rise
Nine out of 10 web applications remain vulnerable
to attack even after developers think they have
been 'fixed', security experts have claimed.
A study by security firm Imperva on the vulnerability
of public and private web applications found that,
despite periodic penetration testing and subsequent
fixes, flaws reappeared over time.
http://www.vnunet.com/news/1156498
- - - - - - - - - -
Fujitsu technique hides data in images
Fujitsu has developed a method of embedding data
invisibly within printed pictures. The procedure,
commonly known as steganography, will allow
numerical information to be hidden within a color
image and accessed via a camera. Steganograghy
involves altering an image in a way that cannot
be perceived by the human eye, but which can
be detected electronically. Fujitsu's technique
can apparently hide a 12-digit number in a
1-centimeter square.
http://zdnet.com.com/2100-1103_2-5260241.html
- - - - - - - - - -
Investigating digital images
What's real and what's phony? "Seeing is no longer
believing. Actually, what you see is largely irrelevant,"
says Dartmouth Professor Hany Farid. He is referring
to the digital images that appear everywhere: in
newspapers, on Web sites, in advertising, and in
business materials, for example. Farid and Dartmouth
graduate student Alin Popescu have developed a
mathematical technique to tell the difference between
a "real" image and one that's been fiddled with.
http://www.dartmouth.edu/~news/releases/2004/07/01.html
- - - - - - - - - -
Spam can hurt in more ways than one
Small businesses that depend heavily on the Web and
e-mail to market products are increasingly caught in
a spam squeeze. Hackers and spammers hijack their PCs
and then Internet providers wrongly shut down the
victims' e-mail.
http://www.usatoday.com/tech/news/2004-07-07-spam_x.htm
- - - - - - - - - -
E-voting security: getting it right
As we noted in our previous story - E-voting security:
looking good on paper? - the much-celebrated voter
verifiable paper trail is useless as a security measure
for Direct Recording Electronic (DRE) election systems,
and actually introduces far more problems than it solves.
http://www.theregister.co.uk/2004/07/08/getting_e-voting_security_right/
Wash. state announces safeguards for electronic voting
http://www.usatoday.com/tech/news/techpolicy/2004-07-08-wash-evote_x.htm
- - - - - - - - - -
Security spending rises, as do risks
IT security spending across the world is rising, but
so are virus and malicious code attacks. The findings
from the Global Information Security Survey, conducted
by vnunet.com's sister magazine Computing and its
international sister publications, shows businesses
are not following best practice security advice,
but are increasing security budgets to cope with
growing threats.
http://www.vnunet.com/news/1156507
- - - - - - - - - -
Service Pack Deux?
Microsoft should make SP2 available to all users
and backport the changes to older operating systems,
or they risk putting profits ahead of security yet
again. As some of you may have guessed by now, one
of my side interests when I'm not sitting in front
of a computer is the study of history.
http://www.securityfocus.com/columnists/254
- - - - - - - - - -
Scotland Yard and the case of the rent-a-zombies
Vast networks of home computers are being rented
out without their owners' knowledge to spammers,
fraudsters and digital saboteurs, security experts
said on Wednesday. The terminals have been infected
by a computer virus, turning them into "zombies"--
slaves to the commands of a malicious and unseen
controller. Connect them all up, and the result
is a powerful network of zombie PCs that security
experts call a "botnet."
http://zdnet.com.com/2100-1105_2-5260154.html
- - - - - - - - - -
Everyone saw this right?
ISP's have the right to read your mail
You've Got Mail (and Court Says Others Can Read It)
When everything is working right, an e-mail message
appears to zip instantaneously from the sender to
the recipient's inbox. But in reality, most messages
make several momentary stops as they are processed
by various computers en route to their destination.
Those short stops may make no difference to the
users, but they make an enormous difference to the
privacy that e-mail is accorded under federal law.
http://www.nytimes.com/2004/07/06/technology/06net.html
- - - - - - - - - -
- - - - - - - - - -
Great Britain: A new law on cybercrime is being elaborated
The threats facing Britain's Internet-enabled
companies and consumers are so great that new
laws are needed to fight the problem, and fix
the mistakes made by the government in its
previous attempts to combat spam. That was
the message from the Communications Management
Association (CMA) on Monday, as it kicked off
a debate into Broadband Britain at the
Enterprise Networks show.
http://www.crime-research.org/news/07.07.2004/474/
- - - - - - - - - -
Old-school worm loves Windows applications
The latest Lovgate worm variant can destroy access
to hundreds of Windows applications as it spreads.
The latest variant of the Lovgate worm scans PCs
for executable files and then renames them,
a tactic used by viruses from a much older
generation, according to antivirus companies.
http://news.zdnet.co.uk/internet/security/0,39020375,39159870,00.htm
- - - - - - - - - -
Password-stealing Trojan cut off at source
A malicious program that tried to steal banking
passwords has been stopped, says Symantec.
An attempt to pinch user information from banking
sites using a malicious pop-up program has been
nipped in the bud, says Symantec. Last week,
security experts uncovered a Trojan horse --
dubbed PWSteal.Refest by the security software
maker -- which installs itself through a pop-up
advertisement when users logged onto the Web
sites of any one of nearly 50 targeted banks.
http://news.zdnet.co.uk/internet/security/0,39020375,39159780,00.htm
- - - - - - - - - -
Lax data security seen at many Japanese companies
A Japanese government report published yesterday
says at least 40% of companies surveyed are taking
no special measures to ensure the privacy and
security of personal data stored on computers.
Results of the survey were included in the
government's annual White Paper on Information
and Communications in Japan, which was published
by the Ministry of Public Management, Home Affairs,
Posts and Telecommunications (MPHPT). It comes
after several incidents in the last year in which
personal information on customers, sometimes
numbering into the millions of people, has
beenleaked or stolen from Japanese companies.
http://computerworld.com/securitytopics/security/story/0,10801,94368,00.html
- - - - - - - - - -
36 percent of software worldwide pirated, trade group says
O&O Software, with only 28 employees, has built
a $3 million-a-year business developing award-
winning utilities for personal computers. How
much bigger it might be without the plague of
software piracy is impossible to say, but it's
clear sales are being lost.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9097724.htm
Software piracy losses double
http://zdnet.com.com/2100-1104_2-5259395.html
http://www.cnn.com/2004/TECH/biztech/07/07/software.piracy.reut/index.html
http://www.newsfactor.com/story.xhtml?story_title=Software-Piracy-Soars&story_id=25750
UK firms 'forget' to pay £1bn for software
http://news.zdnet.co.uk/business/legal/0,39020651,39159797,00.htm
http://www.vnunet.com/news/1156500
Software pirates cost $9.7bn in Europe - BSA
http://www.theregister.co.uk/2004/07/07/bsa_software_piracy_study/
- - - - - - - - - -
Two more from NIST
Two new publications from the National Institute
of Standards and Technology provide technical help
for government agencies and businesses that are
required to protect information systems. One
publication offers a starting point for organizations
to understand basic information security principles.
The other gives technical tips for setting up
electronic authentication using guidelines issued
by Office of Management and Budget officials.
http://www.fcw.com/fcw/articles/2004/0705/web-nist-07-07-04.asp
- - - - - - - - - -
PC: Hey, your mobile's being stolen!
Researchers at Leeds University are developing
technology that will allow Bluetooth devices to
keep tabs on - and potentially protect - each other.
Bluetooth, the short-range personal area networking
technology, may have found a new application as
a guard dog for notebooks and smartphones.
http://news.zdnet.co.uk/hardware/emergingtech/0,39020357,39159785,00.htm
- - - - - - - - - -
Another day, another IE flaw...
Yet another vulnerability has been unearthed
in Microsoft's Internet Explorer - the company
is working on a 'series of updates', it says.
A computer science researcher has highlighted
the shortcomings of Microsoft's latest patch
for its Internet Explorer browser by identifying
another way that online vandals could run
malicious programs on a Web surfer's computer.
http://news.zdnet.co.uk/0,39020330,39159868,00.htm
Microsoft, biometrics firm to tackle homeland security
http://zdnet.com.com/2100-1105_2-5259889.html
- - - - - - - - - -
Multi-Layer Intrusion Detection Systems
A business critical system has been breached
by attackers. Responding to the event, you grab
your gear and head down to where the system is.
En route a red faced executive seemingly about
to explode brushes past you in a hurry, suddenly
turning around upon realization that you are the
specialist responding to the very incident which
has him on the brink. Already knowing the words
about to come out of his mouth, the man begins
to spout, "We need this system back up immediately!!
http://www.securityfocus.com/infocus/1788
- - - - - - - - - -
Attention, Shoppers:
You Can Now Speed Straight Through Checkout Lines!
Radio-frequency chips are retail nirvana. They're
the end of privacy. They're the mark of the beast.
Inside the tag-and-track supermarket of the future.
I'm in a supermarket called the Extra Future Store
in Rheinberg, Germany, 40 kilometers north of
Düsseldorf, jonesing for a bit of Philadelphia
cream cheese. I feed my request into the touchscreen
console on my shopping cart, and up pops a map
showing the optimal path to the dairy section.
I steer over and grab a box - regular in name
but far smarter than the average cream cheese.
The package carries a computer chip that talks
to a 2-millimeter-thin pad lining the shelf
under the box. When I pick up the cheese,
sensors in the pad notify the store's
database that the box has been removed.
http://www.wired.com/wired/archive/12.07/shoppers.html
--
http://www.sbslinks.com/really.htm