Kevin's song of the week
news://msnews.microsoft.com:119/ebFHex8xDHA.1932@TK2MSFTNGP09.phx.gbl
-----------------------
This week is a week of celebrations, of family gatherings
Whether it's Christmas, Chanukah, Boxing Day, Kwanzaa or any other
special occasion this week, I know that on behalf of everyone in this
Community a bit of an Irish blessing says it better than I can....
Walls for the wind,
And a roof for the rain,
And drinks beside the fire -
Laughter to cheer you
And those you love near you,
And all that your heart may desire!
-----------------------
In the grand scheme of life, machines are still mastered by us [well,
most of the time anyway] and people are what count anyway
But while you are visting friends and family, take a look at their
computers and make sure an Windows machine is patched and firewalled ;-)
----------------------
Mail Relay
You may have seen recent posts in these newsgroups about SBS servers
"relaying" mail. By default NO SBS 2000 nor SBS 2003 server is a mail
relayer. What we are being "nailed with" these days is something called
"SMTP auth relaying" and even "NDR relaying"
To counter SMTP auth relaying
1. NEVER enable the guest account
2. Ensure that all accounts, especially the Administrator account has a
long, complex password
To counter where Spammers are banging emails via using NDR's, you may
want to follow this --
Disable NDR:
From Exchange System Manager, Global Settings, Internet Message Format.
Double click <Default *> on your right. Advanced tab. Uncheck Allow
non-delivery reports.
-----------------------
Radar reports that an usual flying machine with a driver in a Red outfit
has been seen. For the latest on this radar report check out
http://www.noradsanta.org/
---------------------
FYI.. there is now a hotfix available for this issue you should be able
to call in and request the hotfix mentioned in the following article..
"Cannot find '::{e17d4fc0-5564-11d1-83f2-00a0c90dc849}'" error message
when you click Search in Windows Small Business Server 2003
http://support.microsoft.com/?id=832870
---------------------
Clock is ticking for Windows 98
The Windows Clock Is Ticking:
http://www.microsoft-watch.com/article2/0,0,1418107,00.asp?kc=MWRSS02129TX1K0000535
--------------------
Windows XP sp2 is in beta testing
Get ready for it by reading up ahead of time
It's Out: XP SP2 Beta 1:
http://www.microsoft-watch.com/article2/0,0,1416850,00.asp?kc=MWRSS02129TX1K0000535
--------------------
US Software Assurance customers
Redmond Touts Software Assurance Rebates:
http://www.microsoft-watch.com/article2/0,0,1413582,00.asp?kc=MWRSS02129TX1K0000535
---------------------
Security diary for today
Internet Storm Center:
http://isc.sans.org/diary.html
---------------------
Something better than Google? Say it ain't so!
CNN.com - Going deeper than Google - Dec. 17, 2003:
http://www.cnn.com/2003/TECH/ptech/12/17/fortune.ff.deeper.google/index.html
-----------------------
Shalvik and other firms are sponsoring a moderated listserve discussing
Patch Management
http://www.patchmanagement.org
------------------------
In other news
NASA sites hacked, Zone-H says
Thirteen NASA Web sites were defaced this morning by
a Brazilian crew dubbed drwxr, according to a statement
from Zone-H, an organization that monitors hacking.
Zone-H said the defacer apparently modified the index
pages on the sites to express his opinion about the
war, leaving the message "The war in iraq, kill is
a play!" and linking to a CNN video showing U.S.
soldiers killing an Iraqi and cheering.
http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,88348,00.html
- - - - - - - - - -
RFID: Smart Tags, High Costs
A little over a year ago, when Henkel Consumer
Adhesives Inc. needed to replace its warehouse
management system, the company chose a forward-
thinking vendor that was planning to use radio
frequency identification, or RFID, which was
then, as now, being touted as the "next great
thing" in supply chain automation.
http://computerworld.com/softwaretopics/erp/story/0,10801,88130,00.html
- - - - - - - - - -
Bluetooth security 'crisis' looming
Security experts have warned of the need to take
care as new Bluetooth devices with a transmission
range of up to 100 metres arrive. Security consultant
@stake believes that devices conforming to the latest
Bluetooth standard represent a potential crisis similar
to the introduction of wireless local area networks
based on the 802.11b Wi-Fi standard.
http://www.vnunet.com/News/1151614
--------------------
Recent laws, such as the Health Insurance Portability and Accountability
Act (HIPAA), the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act and
California's SB 1386, that have cybersecurity implications are a driving
force for security investments and provisions. Such regulations force
companies to introduce security measures and procedures or face fines or
civil or criminal charges. However, regulations are often relatively
vague, and adhering to them does not guarantee that an organization
really has a robust security program.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci942102,00.html
--------------------
The article asserts that computer viruses and worms did not utilize any
spectacular technical innovations in 2003 because established infection
and propagation methods continue to work effectively. According to Joe
Hartmann, director of North American anti-virus research at Trend Micro
Inc., 'regular' e-mail and mass-mailing worms will continue to be
popular in 2004. He added: "They are working, so why fix them?" The year
2003 did see some developments in the virus field; the SQL Slammer worm
of January 2003 spread so rapidly that most vulnerable machines were
infected within minutes; in addition, malware increasingly appears to be
created out of a profit motive and virus writers are being linked to
spammers and other online criminals. The second article gives a brief
history of malware and highlights a few of the most interesting and
disruptive past viruses and worms.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci941986,00.html
http://www.ecommercetimes.com/perl/story/32422.html
-----------------
When the fix is worse than the problem.....
Openwares.org, an open source and freeware development organization, has
released a patch for a vulnerability in Microsoft's Internet Explorer
(IE) web browser that could allow an attacker to spoof legitimate sites.
However, it appears that the patch itself contains a buffer overflow
bug; in addition, it is thought to "pass information over to the
Openwares' web site". Microsoft has acknowledged the existence of the IE
vulnerability, but has failed to release a patch for it to date.
http://www.theregister.co.uk/content/4/34610.html
-------------------
Australian bank Westpac is warning customers about an e-mail scam that
tries to trick users into providing their account information by
pretending to be a Westpac security advisory warning people about such
'phishing' scams. The e-mail, titled 'Online Banking: Protect Yourself
from Internet Fraud', appears to be from Westpac, offers details of
known phishing scams, then links customers to a fake Westpac website
where they are asked to 'validate' their account information. The scam
can be identified by the fact that the e-mail contains poor grammar,
font variations and a link to a site where customers are asked to enter
their details, something banks would never do.
http://news.zdnet.co.uk/0,39020330,39118642,00.htm
---------------------
What to watch in 2004
Each week vnunet.com asks a different expert to
give their views on recent virus and security issues,
with advice, warnings and information on the latest
threats. This week vnunet.com's security correspondent
Iain Thomson reads his tea leaves and offers his
predictions for 2004.
http://www.vnunet.com/News/1151655
- - - - - - - - - -
Here's wishing you and yours all the best.
--
http://www.sbslinks.com/really.htm