News

Wednesday, September 05, 2007

Recent Outages Point to a Sketchy Internet Services Future

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Server Consolidation Essentials

http://list.windowsitpro.com/t?ctl=64A64:4160B336D0B60CB178BB8F484EF87C62

SQL Server Optimization & Data Protection w/ Intelligent ISCSI SANs

http://list.windowsitpro.com/t?ctl=64A65:4160B336D0B60CB178BB8F484EF87C62

BladeSystem as a Horizontal Technology: WP

http://list.windowsitpro.com/t?ctl=64A79:4160B336D0B60CB178BB8F484EF87C62


=== CONTENTS ===================================================

IN FOCUS: Recent Outages Point to a Sketchy Internet Services Future

NEWS AND FEATURES
- Teen's Hardware Crack Liberates iPhone
- Hackers Team to Donate Technology to Charities
- 8 More Absolutely Cool, Totally Free Utilities
- Recent Security Vulnerabilities

GIVE AND TAKE
- Security Matters Blog: When Is a "Rootkit" Not a Rootkit?
- FAQ: Installing Kernel-Mode Printer Drivers
- From the Forum: Tools to Audit Web Site Access Histories
- Share Your Security Tips

PRODUCTS
- Give Data Owners Control over Data Access
- Product Evaluations from the Real World

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: Microsoft =========================================

Server Consolidation Essentials
Discover the benefits of server consolidation using virtualization
technologies! Chapter 1 of this free eBook is available now, with
details about how server consolidation can help you do more with less.

http://list.windowsitpro.com/t?ctl=64A64:4160B336D0B60CB178BB8F484EF87C62


=== IN FOCUS: Recent Outages Point to a Sketchy Internet Services
Future ==========================================================
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

An interesting series of events took place over the past several weeks
that should be noted because of the events' similarities, relative
closeness in time to each other, and implications for the future.

The least important of the events happened in early August. Google
somehow mistakenly identified one of its own blogs as spam and deleted
it. The blog was related to Google's custom search engine technology,
and although deleting the blog didn't have a huge impact on customers,
it did come as a surprise that a major technology company--one that
considers itself to be on the extreme cutting edge--managed to make
such a mistake. Obviously, some of Google's technology is flawed and
fortunately it wasn't a heavily relied upon aspect of the company's
technology that suffered in this incident.

http://list.windowsitpro.com/t?ctl=64A73:4160B336D0B60CB178BB8F484EF87C62

At roughly the same time, Cisco Systems made its entire Web site
unavailable through hardware failure. According to the company's blog,
"The issue occurred during preventative maintenance of one of our data
centers when a human error caused an electrical overload on the
systems. This caused Cisco.com and other applications to go down.
Because of the severity of the overload, the redundancy measures in
some of the applications and power systems were impacted as well,
though the system did shut down as designed to protect the people and
the equipment. As a result, no data were lost and no one was injured.
Cisco has plans already in process to add additional redundancies to
increase the resilience of these systems."

http://list.windowsitpro.com/t?ctl=64A68:4160B336D0B60CB178BB8F484EF87C62

Cisco's site failure was indeed a serious problem. Imagine the
worldwide impact if that outage had occurred while customers were
trying to download a recently released security patch for a
vulnerability that was being actively exploited.

Next on the list is Skype, which managed to take down its entire
worldwide peer-to-peer network last month. Because of flaws in its
"supernode" software design, the company essentially created a
situation in which a Denial of Service (DoS) attack became possible
simply because many people were rebooting their computers at about the
same time. As a result, Skype's VoIP network--which the company would
surely like the majority of us to depend on for day-to-day voice
communication--became useless for three days.

http://list.windowsitpro.com/t?ctl=64A72:4160B336D0B60CB178BB8F484EF87C62

Yet another outage occurred when an Internet backbone cable was cut.
The cut cable took down major portions of networks operated by Level 3,
Cogent, and TeliaSonera, all of which provide Internet connectivity to
many endpoints. When the cut cable was discovered, repair crews
inadvertently repaired the damaged cable with another damaged cable and
didn't discover the damage to the second cable until after the repair
didn't work. As a result, the outage lasted far longer than it should
have. Meanwhile, Internet connectivity for many entities was
nonexistent. This particular incident wasn't any one company's fault;
however it's noteworthy as yet another outage with considerable impact.

http://list.windowsitpro.com/t?ctl=64A61:4160B336D0B60CB178BB8F484EF87C62

If those events weren't strangely coincidental enough already, there's
more. Microsoft recently made mistakes that rendered a large number of
people's Windows systems nearly useless. According to Microsoft (at the
URL below), "preproduction code was accidentally sent to production
servers" and the code just happened to handle the company's Windows
Genuine Advantage (WGA) technology. The overall effect was that for a
short period of time, the affected Windows systems could not be
activated, and for a long period of time (nearly 20 hours), Windows
systems could not be validated.

http://list.windowsitpro.com/t?ctl=64A69:4160B336D0B60CB178BB8F484EF87C62

Think of the implications of these incidents, and ask yourself, "How
secure is my enterprise if it relies increasingly on software as a
service?" For John Dvorak's take on this issue, see "Don't Trust the
Servers" at the following URL.

http://list.windowsitpro.com/t?ctl=64A80:4160B336D0B60CB178BB8F484EF87C62


=== SPONSOR: EqualLogic ========================================

SQL Server Optimization & Data Protection w/ Intelligent ISCSI SANS
More and more companies are deploying storage area networks or SANs
as storage needs continue to proliferate. SANs offer many unique
capabilities that improve data protection, storage performance and
scaling, and reduction in storage management time. This web seminar
reviews best practices in deploying SQL Server in an intelligent iSCSI
SAN, and shows how this provides dramatic improvements in deploying,
optimizing, backing up, and recovering SQL.

http://list.windowsitpro.com/t?ctl=64A65:4160B336D0B60CB178BB8F484EF87C62


=== SECURITY NEWS AND FEATURES =================================

Teen's Hardware Crack Liberates iPhone
In what will most likely go down in history as one of the most
sensational hardware cracks ever, a teen finally broke the iPhone's
AT&T lock. The phone can now be made to work with other cell phone
carriers.

http://list.windowsitpro.com/t?ctl=64A76:4160B336D0B60CB178BB8F484EF87C62

Hackers Team to Donate Technology to Charities
A new project, ihackcharities.com, was recently launched to help
provide technology equipment and services to charitable organizations.

http://list.windowsitpro.com/t?ctl=64A71:4160B336D0B60CB178BB8F484EF87C62

8 More Absolutely Cool, Totally Free Utilities
We've combed the Web for a brand-new collection of fantastic, free
tools that will make your job easier. Download these lifesavers, add
them to your USB toolkit, and be a happy administrator!

http://list.windowsitpro.com/t?ctl=64A74:4160B336D0B60CB178BB8F484EF87C62

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at

http://list.windowsitpro.com/t?ctl=64A6A:4160B336D0B60CB178BB8F484EF87C62


=== SPONSOR: HP ================================================

BladeSystem as a Horizontal Technology: WP
In this brief, IDC describes the importance of manageability in the
selection of a blade platform and examines the needs of the market with
respect to managing large volumes of homogeneous Linux platforms. Learn
the three tenets in the design of HP's Control Suite. Explore automated
options.

http://list.windowsitpro.com/t?ctl=64A79:4160B336D0B60CB178BB8F484EF87C62


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: When Is a "Rootkit" Not a Rootkit?
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=64A7B:4160B336D0B60CB178BB8F484EF87C62

I think every security administrator will agree that a rootkit is
actually a program that grants an unauthorized user access to a
system--typically administrator- or root-level access. A directory or
file hidden on a system does not constitute a rootkit.

http://list.windowsitpro.com/t?ctl=64A67:4160B336D0B60CB178BB8F484EF87C62

FAQ: Installing Kernel-Mode Printer Drivers
by John Savill, http://list.windowsitpro.com/t?ctl=64A78:4160B336D0B60CB178BB8F484EF87C62


Q: How do I allow the installation of kernel-mode printer drivers?

Find the answer at

http://list.windowsitpro.com/t?ctl=64A75:4160B336D0B60CB178BB8F484EF87C62

FROM THE FORUM: Tools to Audit Web Site Access Histories
A forum participant hosts a Web site on Microsoft IIS that requires
people to log on to access confidential information. She's looking for
a third-party tool to monitor access attempts on the server and a tool
to monitor bandwidth utilization and traffic patterns. Offer
suggestions at

http://list.windowsitpro.com/t?ctl=64A62:4160B336D0B60CB178BB8F484EF87C62

SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com

Give Data Owners Control over Data Access
Varonis Systems announced DataPrivilege 2.5, which lets data owners
rather than IT address user access requests. The new version offers
enhancements in permissions handling, group membership requests,
entitlement handling, and reporting. Data users can submit requests to
access folders or files, and data owners can grant them by assigning
users to a group with permission to the resources or by explicitly
giving the users access. Users can ask to be added to specific Active
Directory (AD) user groups. A data owner can define rules (e.g.,
stating that all users who request access to a particular folder will
be given read-only permission for a week). DataPrivilege 2.5 pricing is
based on the number of users, with licenses starting at $12,800 for 1
to 500 users. For more information, go to

http://list.windowsitpro.com/t?ctl=64A7F:4160B336D0B60CB178BB8F484EF87C62

PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.


=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit

http://list.windowsitpro.com/t?ctl=64A77:4160B336D0B60CB178BB8F484EF87C62

As file and print servers continue to proliferate, IT is turning to
Windows file server and storage consolidation to control management
costs. Explore how to save money by leveraging existing hardware, how
to implement a scalable NAS cluster based on a shared data framework,
and how to get the most out of your existing network infrastructure and
management processes by using a shared date architecture.

http://list.windowsitpro.com/t?ctl=64A63:4160B336D0B60CB178BB8F484EF87C62

Get the facts about Microsoft Unified Communications, including
Exchange Server 2007 and Office Communications Server 2007, at this
free virtual event on September 19. Independent Exchange experts will
present practical, real-world information about deploying, managing,
and securing Exchange Server 2007 and Office Communications Server
2007.

http://list.windowsitpro.com/t?ctl=64A6E:4160B336D0B60CB178BB8F484EF87C62

File fragmentation is a serious problem. As a disk becomes fragmented,
the workload on the OS and hardware increases, making it more difficult
for applications to read and write data. File corruption becomes a
distinct possibility, the computer's performance degrades, and its
reliability is endangered. This white paper looks at the effect of disk
defragmentation on your users.

http://list.windowsitpro.com/t?ctl=64A66:4160B336D0B60CB178BB8F484EF87C62


=== FEATURED WHITE PAPER =======================================

KVM over IP in Distributed IT Environments
Keyboard/video/mouse (KVM) switches are a valuable management tool,
but they have weaknesses in distributed environments. This white paper
presents the complexities of managing the distributed data center and
highlights the advantages of using a KVM-over-IP solution for flexible,
scalable, affordable CAT5-based remote access.

http://list.windowsitpro.com/t?ctl=64A6B:4160B336D0B60CB178BB8F484EF87C62


=== ANNOUNCEMENTS ==============================================

Windows IT Pro: Buy 1, Get 1
With Windows IT Pro's real-life solutions, news, tips, and tricks,
AND with access to over 10,000 articles online, subscribing is like
hiring your very own team of Windows consultants. Subscribe now, and
get 2 years for the price of 1!

http://list.windowsitpro.com/t?ctl=64A6C:4160B336D0B60CB178BB8F484EF87C62

Save 50% Off Scripting Pro VIP
Scripting Pro VIP is the IT administrator's source for scripting
information, tools, and downloadable code. Subscribers also get access
to our editors to help answer technical questions, as well as a host of
other unique benefits. Order now at an exclusive charter rate and save
$50!

http://list.windowsitpro.com/t?ctl=64A6D:4160B336D0B60CB178BB8F484EF87C62


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=64A7A:4160B336D0B60CB178BB8F484EF87C62

http://list.windowsitpro.com/t?ctl=64A7E:4160B336D0B60CB178BB8F484EF87C62

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=64A70:4160B336D0B60CB178BB8F484EF87C62

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB178BB8F484EF87C62

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=64A7C:4160B336D0B60CB178BB8F484EF87C62

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=64A6F:4160B336D0B60CB178BB8F484EF87C62

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive