LabMice.net - The Windows 2000\XP\.NET Resource Index
Home | About Us | Search |

Last Updated December 10, 2003

LabMice Link of the Day Archive - June 2003
As we surf the web in our pursuit of additional content for LabMice, we occasionally stumble upon a really cool, humorous, unusual, or very useful link that we think should stand out from the hundreds we add every week. So we developed a small section on our front page to highlight these, and will archive the rest here.
 
This Month:

The High Cost of Efficiency
"Computers are tremendous labor-saving devices. They give us power to accomplish extraordinary amounts of work in extraordinarily short intervals of time: financial analysis, data mining, design automation. But they also give us the capability to do things like play solitaire. Or send instant messages. Fiddle with fonts. Futz with PowerPoint. Twiddle with images. Reconfigure link rollovers. In the spring of 1994, I wiped the game Civilization off my office computer. I wiped it off my home PC. I wiped it off my laptop. I threw away the original disks on which it had come. It was clear to me that I had a choice: I could either have Civilization on my computers, or I could be a deputy assistant secretary of the US Treasury. I could not do both. It wasn't that my boss ordered me to - she herself played a mean game of computer solitaire. In this, I was the boss, and I had decided that with Civilization on DeLong's hard disk, DeLong's productivity would be unacceptably low." Source: Wired (July 2003)

IM Security Primer
The seemingly overnight appearance of Instant Messaging (IM) software in the corporate environment took most IT departments by surprise. Before IT could put formalized policies and security procedures in place, IM clients were popping up everywhere. To make the best use of IM, you need to know which types of IM networks are the most popular, how they work, what their vulnerabilities are, and how to minimize the risk to your end users and network. As you'll learn, the world of IM is full of malicious activity, automated bots, channel wars, and Denial of Service (DoS) attacks. Source:NTsecurity.net

Windows 2000 SP4 released
Windows 2000 Service Pack 4 (SP4) provides the latest updates to the Windows 2000 operating systems. This service pack includes 669 public fixes and 6 partner only fixes in the following areas: security, application compatibility, operating system reliability, and setup. Windows 2000 SP4 is a recommended update that includes the updates contained in previous Windows 2000 service packs. To determine whether to install Windows 2000 SP4, Microsoft recommends that you review the Windows 2000 SP4 documentation.

Configuring Application Isolation on Windows Server 2003 and Internet Information Services (IIS) 6.0
This paper discusses the general topic of application isolation as it relates to Web applications run on Windows Server 2003 servers with IIS 6.0 running in worker process isolation mode. Isolation refers to the degree of separation between two Web applications running on a server. In this paper, the notion of a ©Web application? is meant in a very broad sense; it includes the processes, files, and even users, serviced by the application. Applications are isolated from each other to the degree that one application is prevented from accessing resources used by another application. Source: Microsoft TechNet

Landing a Job Can Be Puzzling
Microsoft is legendary for running job applicants through grueling interviews full of brain teasers and bizarre questions. Now, other companies are following suit. Some of the more commonly used brain teasers include questions like, "If you are on a boat, and you throw your suitcase overboard, will the water level rise or fall?" and "How many piano tuners are there in the world?" "We use these types of questions not necessarily to see if the candidate gets the right answer but to observe the candidate's thought process," said one vice president of a business software firm, who asked not to be named. "How does the candidate think on their feet? Do they work through the problem in a logical manner? Do they have the drive and determination to work through the problem no matter how difficult the question?" Source: Wired

Tracking Down the Phantom Host
This article explains techniques on how to locate a problem host when you are not sure where it is physically located. Source: SecurityFocus.com

E-mail scam makes Best Buy scramble
Best Buy has become the target of an e-mail scam that links to a look-alike Web site to try and convince consumers to give up their credit-card information.
The e-mail tells a recipient that an order made on BestBuy.com used the person's credit-card information, and it asks the recipient to follow a link to the company's page for its fraud department. The link actually goes to a different Web site, which masquerades as Best Buy's site and requests personal information. Source: CNET (June 19, 2003)

Balancing Your Career: Certification, Education and Experience
Making yourself marketable in today©s economy is ©priority one? when it comes to you and your career. Many times we become stagnant in our positions and skills, or on the other side of the spectrum, we never had the skills and are trying either to break into or to advance in the Information Technology (IT) field. Either way, you have to focus on marketability, and that is the focus of this article©how to make yourself marketable. Source: CertMag.com

WLANs scale, just not easily
If you're thinking about rolling out a big WLAN, network professionals who have built them say, be prepared for a project that will rival, if not surpass, in complexity and detail any LAN you've built. This article chronicles lessons learned from some of the world's largest WLAN deployments including Microsoft, Cisco, and McGill University in Montreal.
Source: NetworkWorldFusion

Account Passwords and Policies
Password and account lockout settings are designed to protect accounts and data in your organization by mitigating the threat of brute force guessing of account passwords. Settings in the Account Lockout and Password Policy nodes of the Default Domain policy settings enable account lockout and control how account lockout operates. This white paper describes how these settings affect account lockout and makes some general recommendations for configuring and troubleshooting account lockout issues. Source: Microsoft Technet

Microsoft Exams Retiring at End of June
Nine Microsoft exams whose retirements were announced in June 2002 will be discontinued at the end of this month. According to an ongoing policy, Microsoft makes impending exam retirement announcements in June each year, with retirements taking place one year after the announcements are made. Because of another policy implemented in October 2001 (see the FAQ at http://www.microsoft.com/traincert/
highlights/announcement.asp
for details), Microsoft also requires no recertification in order to retain currently valid certifications. This means that anyone holding a certification that uses any of these soon-to-retire exams will remain certified. Source: MCPMag

Defending your DNS: Best practices for reliable DNS and DHCP
Well-publicized attacks against Domain Name System (DNS) root servers and top-level domains highlight the vulnerability of the DNS infrastructure. Many CIOs are looking for ways to ensure secure, reliable network services. In this article, Paul V. Mockapetris, the inventor of the domain name system and chief scientist at Nominum, gives advice on ways to ensure your networks are secure and reliable.

Ten common management mistakes
Your job is to keep the network up and running, so employees can work without interruption and so that you can get home. The problem is that things don't always go the way you want them to go. Some days just plain stink. There are many reasons, but we'll just stick to the 10 most commonly encountered network management  potholes. Source: NetworkWorldFusion

Slammed!
In this controversial article, Wired magazine takes an inside look at the Slammer worm which wrecked havoc on the internet last January. The worm infected about 75,000 systems in less than 15 minutes and by some estimates caused $1 billion in damages. The magazine's editors have received strong criticism from security experts for not only revealing step by step how Slammer works, but also for publishing Slammer's source code in the magazine. 

SAN Security Reaches Critical Mass
In insecure times, security threats seem to be everywhere, and heightened security awareness is rampant. While SAN technology's rudimentary security managed to avoid scrutiny in its early days, it too is now coming under the security spotlight. What security threats exist today for storage area networks, and how can you protect your SANs from them? Source: EnterprizeStorageForum.com

Microsoft Baseline Security Analyzer v1.1.1 (for Professionals)
Microsoft has released an updated version of their BaseLine Security Analyzer, which is available as a free download. Version 1.1.1 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows Server 2003, Windows 2000, and Windows XP systems and will scan for common security misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and 2002. MBSA also scans for missing security updates for Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS, SQL, Exchange, IE, and Windows Media Player.

W32/BugBear.B@MM
The big task for many administrators today is to batten down the hatches for a new variant of the BugBear mass mailing worm that is spreading rapidly. Oddly enough, this virus exploits a vulnerability in older versions of IE (5.1 and 5.5) that was patched by Microsoft over 2 years ago, but is still spreading like wildfire prompting a number of antivirus companies to upgrade their threat assessments several times in the last twelve hours.

Microsoft Wireless LAN Deployment and Best Practices
This paper describes the history of the deployment of the wireless local area network (WLAN) of the Microsoft Corporation, the technologies used to provide secure wireless access, and its current configuration and infrastructure. This paper concludes with a list of WLAN deployment best practices.

Idiocy Imperils the Web
Twice in the last few weeks, I've had the same experience. I receive a security notice on a new virus, first Fizzer and then Palyh. I then find out that they infect Windows-based systems when a user opens an attachment from an unsolicited e-mail message. I then think to myself, "This won't be big; everyone knows you don't open attachments in unexpected e-mails." Then the virus spreads across tens of thousands of systems. What's up with these people? Over the last few years, there have been hundreds of new viruses that spread in this manner. Most people figure out that if they keep grabbing the electric fence, they'll get a shock every time. So why do they continue to stupidly open attachments they aren't expecting? It's time for us to stop admiring virus writers and start dishing out heaping spoonfuls of shame to stupid users. Source: eWeek

Microsoft to introduce security certifications
Microsoft Corp. is expected to announce its first set of certification credentials for IT administrators and engineers who specialize in security in a Windows environment. The requirements are essentially the same as for an ordinary MCSE certification, except the security candidate has to take the core security design exam and a security implementation exam that Microsoft introduced in January, along with the ISA Server or CompTIA exam. Source: ComputerWorld

Why Centrino and VPNs Don't Mix
Intel's Centrino chipset is not compatible with most Virtual Private Networks, an Intel spokesman admits. Unless laptop users disable a key feature of the chip when it runs with a VPN, they get nothing but a blue screen. Source: Wired

 


Past Archives

This site and its contents are Copyright 1999-2003 by LabMice.net. Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with LabMice.net. The products referenced in this site are provided by parties other than LabMice.net. LabMice.net makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.