Nmap 3.50 Press Release

February 27, 2004


Now THIS is some Friday entertainment. While reading through the ChangeLog of the new release of NMap, I found this:

"SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken to an extortion campaign of demanding license fees from Linux users for code that they themselves knowingly distributed under the terms of the GNU GPL. They have also refused to accept the GPL, claiming that some preposterous theory of theirs makes it invalid (and even unconstitutional)! Meanwhile they have distributed GPL-licensed Nmap in (at least) their 'Supplemental Open Source CD'. In response to these blatant violations, and in accordance with section 4 of the GPL, we hereby terminate SCO's rights to redistribute any versions of Nmap in any of their products, including (without limitation) OpenLinux, Skunkware, OpenServer, and UNIXWare. We have also stopped supporting the OpenServer and UNIXWare platforms. "
Nmap 3.50 Press Release


Slipstreaming W2K Install CDs

February 26, 2004


Slipstreaming and Boot CDs
JSI Tip 4253. A quick guide to presinstalling Windows 2000 and Windows XP.
How to create a custom bootable unattended Windows 2000 CD with integrated service pack and automated application installation - (.Doc version) - This is the BEST resource I found for creating my CDs.
Winnt.sif Creator - I do all the work, so you don't have to! - Very nice little free Creator.. even includes reg tweaks. - although you could always use the setupmgr.exe file inside the deploy.cab file on the Windows2000 CD in the \support\tools folder.
Unattended Windows 2003 CD - Reference - A great site for creating an unattended install cd - covers auto installing apps, drivers, tweaks, etc, and contains a great explaination of each option in winnt.sif.

Explorer Tip


You have a shortcut to explorer.exe but everytime you click it opens in My Documents. To save you time by getting it to open in My Computer instead just open the properties of the explorer.exe shortcut link, and paste explorer.exe /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D} into the target.

Ntoskrnl.exe is missing or corrupt

February 24, 2004


You come in and a machine is at a black screen telling you the Ntoskrnl.exe is missing or corrupt. Before you panic, take a look at this:
JSI Tip 2745. Windows NT could not start, Ntoskrnl.exe is missing or corrupt?
I dealt with the ntoskrnl.exe issue w/ a laptop just this morning. Basically what you're looking at is a corrupt/missing boot.ini file.
What I ended up doing was taking out the laptop's hdd, attaching it to an laptop hdd to ide adapter, then to a ide to usb adapter. Hooked it up to my workstation, and copied over a copy of the boot.ini file from another like-modeled laptop. Within 20 minutes (including backing up the user's profile and researching the issue) the laptop was back in the user's hands.

Yahoo spying on you'hoo

February 20, 2004


Freeware Arena Messageboard :: View topic - Yahoo spying on you'hoo: "Yahoo is now using something called 'Web Beacons' to track Yahoo
users around the net and see what you're doing and where you
are going - similar to cookies. Take a look at their updated privacy
statement: http://privacy.yahoo.com/privacy/us/pixels/details.html About half-way down the page, in the section 'Outside the Yahoo!
Network', you'll see a little 'click here' link that will let
you 'opt-out' of their new method of snooping. I strongly recommend
that you do this.

Note: This acts just like cookies.. so you have to do this for each browser and each pc and everytime you empty your cookies.

Code attacks Windows vulnerability | (MS04-007)

February 17, 2004


Code attacks Windows vulnerability | CNET News.com - A piece of code that exploits a critical vulnerability that Microsoft issued a patch for only last week has been posted online, raising fears of an imminent MSBlast-style attack.

On Feb. 10, Microsoft released a patch that fixes a networking flaw affecting all Windows XP, NT, 2000 and Windows Server 2003 systems. The company warned people to patch their systems because the vulnerability could be exploited by virus and worm writers.

Four days after the patch was released, a piece of code was published on a French Web site that would let anyone exploit the vulnerability, meaning that unpatched customers could be hit with a worm similar to last summer's MSBlast, also known as Blaster.

*Note:* Everyone needs to patch as soon as possible but be careful; I've heard mixed reviews about this one.. including domain controllers not booting or allowing anyone to log on after the patch has been applied.

Internet Storm Center - MS04-007 Exploit released

February 15, 2004


Internet Storm Center - MS04-007 Exploit released: "A DOS exploit has been made available using the ASN.1 bug (MS04-007). This exploit uses port 445, 139 or 135. While this is just a DOS exploit, more serious exploits may follow soon.
Note: This Exploit appears to work only against Windows 2000 Professional. Dont forget history, it wasnt long after Dcom came out, that we saw universal shellcode for almost all windows platforms."

Microsoft probes Windows code leak

February 12, 2004


Microsoft probes Windows code leak | CNET News.com: "Microsoft is investigating how a file containing some protected source code to Windows 2000 was posted to several underground sites and chat rooms.
A spokesman said late Thursday that incomplete portions of Windows 2000 and Windows NT were illegally posted to the Internet. "

To repair a damaged Personal Folders PST file

February 11, 2004


To repair a damaged Personal Folders PST file - Microsoft provides the Inbox Repair Tool for correcting most problems with damaged Personal Folders .pst files. If you do not see the Inbox Repair Tool on the Start menu, under Programs | Accessories | System Tools, use Start | Find or Start | Search (depending on your operating system) to search your system for Scanpst.exe.

Ars Technica: Windows XP SP2 Beta first look:-- (1/2004)


Ars Technica: Windows XP SP2 Beta first look -- (1/2004) - take a sneak preview of WXP SP2.

Microsoft Security Bulletin Summary for February, 2004


Microsoft Security Bulletin MS04-005 - Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150) - Important - This one is pretty out there for the average sysadmin..

Microsoft Security Bulletin MS04-006 - Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352) - Important - if you run WINS (still) you may want to take a peek at this...

Microsoft Security Bulletin MS04-007
- ASN.1 Vulnerability Could Allow Code Execution (828028) - Critical - This one is fun. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow. An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.

Because ASN.1 is a standard for many applications and devices, there are many potential attack vectors. To successfully exploit this vulnerability, an attacker must force a computer to decode malformed ASN.1 data. For example, when using authentication protocols based on ASN.1 it could be possible to construct a malformed authentication request that could expose this vulnerability.

Server systems are at greater risk than client computers because they are more likely to have a server process running that decodes ASN.1 data.

So basically, this is in *almost* every Windows system (not installed by default on WinNT), there is no workaround, there are a wide numbers of attack vectors (not like you could just block a port), and servers will most likely be hit easier than workstations.

Couple this with the IE update earlier this month (which breaks websites) and it looks like I'll have some overtime on my hands. THANKS MICROSOFT!!!

Templates, Checklists, and Guides

February 10, 2004


TechRepublic - Templates & Checklists - these are worth a look.

SystemExperts - Windows 2000 security - Hardening Windows 2000 Guide.

RealOne Player multiple file buffer overflows

February 09, 2004


For those of you who are forced to use this POS...

ISS X-Force Database:realoneplayer-multiple-file-bo(15040): RealOne Player multiple file buffer overflows

Flushing The Outlook Cached Email Addresses

February 06, 2004


From W2KNews Newsletter:

A tiny hint, but a source of endless pain for end-users. How to get rid of these cached addresses that keep popping up every time you start typing an email address?

Do a search for a hidden file with the extension *.nk2. That is Outlook's cache. Delete it and you should be fine. Make sure in the search that you are looking for "Hidden Files and Folders".

RSS feed for MS KB articles


kbAlertz! - More RSS Feeds - "Receive Free Email Alerts [and RSS feeds] every time Microsoft Publishes NEW Support or Knowledge Base Articles" - Choose your alert for each product. - Nice!

Some Exchange Links from Microsoft

February 05, 2004


Thinking about going to Exchange? Here are some links from Microsoft to get you started:

Download details: Exchange 2003 Deployment Guide

Download details: Troubleshooting Exchange Server 2003 Performance

Download details: Server Consolidation Using Exchange Server 2003

Download details: Microsoft Online Seminars: Microsoft Exchange

Download details: Exchange Server 2003 Glossary

These links provided by the Microsoft Download Center RSS feed: http://www.thundermain.com/rss/. (This is from just 3 weeks on this feed!).

Cable modem hackers conquer the co-ax


SecurityFocus HOME News: Cable modem hackers conquer the co-ax: "A small and diverse band of hobbyists steeped in the obscure languages of embedded systems has released its own custom firmware for a popular brand of cable modem, along with a technique for loading it -- a development that's already made life easier for uncappers and service squatters, and threatens to topple long-held assumptions about the privacy of cable modem communications. "

IE security patch nixes some apps | CNET News.com


IE security patch nixes some apps | CNET News.comSome Web developers are complaining that an Internet Explorer patch that's meant to foil Net scams is disabling some applications that didn't put a premium on security. Microsoft last week announced that a modification to its IE browser would stop the insecure practice of including sensitive information in links. The update, which was released Monday, had some Web site programmers up in arms Wednesday due to complaints from Web users that they could no longer log in to sites that secure entry through credentials included in the URL. "Microsoft may have legitimate reasons for addressing the issue, but the way they addressed it--an across-the-board kill of an industry standard--is troublesome," said James Rosko, a software engineer for a data-processing service on the Web. He and other programmers spent Tuesday night making changes to the programs that process login requests for his company's Web site, which he requested not be named.
This *could* be a problem for some users who have to log into bank websites to do business. Make sure you test this with your users before deploying.

HOW TO: Move a Certification Authority to Another Server

February 04, 2004


298138 - HOW TO: Move a Certification Authority to Another Server: "Certification authorities (CAs) are the central component of the public key infrastructure (PKI) of an organization. The CAs are configured to exist for many years, even decades, in some cases, during which time the hardware that hosts the CA is more than likely upgraded."

Microsoft Security Bulletin MS04-004

February 02, 2004


Microsoft Security Bulletin MS04-004 - Cumulative Security Update for Internet Explorer (832894) - Fixes 3 security issues, one of which is rated critical.

- A vulnerability that involves the cross-domain security model of Internet Explorer. The cross domain security model of Internet Explorer keeps windows of different domains from sharing information. This vulnerability could result in the execution of script in the Local Machine zone.

- A vulnerability that involves performing a drag-and-drop operation with function pointers during dynamic HTML (DHTML) events in Internet Explorer. This vulnerability could allow a file to be saved in a target location on the user's system if the user clicked a link. No dialog box would request that the user approve this download.

- A vulnerability that involves the incorrect parsing of URLs that contain special characters. When combined with a misuse of the basic authentication feature that has "username:password@" at the beginning of a URL, this vulnerability could result in a misrepresentation of the URL in the address bar of an Internet Explorer window.

Tips & Newsletters-SearchWin2000.com, Customize default user profiles

February 01, 2004


Customize default user profiles : "When different users log on locally to the same Windows 2000 computer, Windows uses the factory-supplied default user profile as a template to create a profile for each newly logged-on user. However, with a little work it's possible to edit this custom default profile, so that the administrator can provide customizations to the default profile that all users can share."

AVG FREE Edition


AVG FREE Edition - a nice FREE for home use Antivirus product that provides a great solution for those who can't (or won't) pay for AV software.

TechRepublic's server templates


TechRepublic's server templates: "If disaster strikes your network, will you have the information on your servers available so you can get back online quickly? Download our set of templates to store all the information you'll need for a speedy recovery."