Liudvikas Bukys

Auerback Analysis, via TechRepublic: Intrusion detection: A guide to the options

TechRepublic: Use NetMeeting to support remote clients–for free

Wired News: Stealing MS Passport’s Wallet 12:25 p.m. Nov. 2, 2001 PST

To correct serious security flaws, Microsoft on Friday disabled the virtual wallet function of its Passport service and has begun notifying partners about the vulnerabilities, the company has confirmed.

The bugs in Passport, a sign-on service used by more than 200 million people, were discovered this week by Marc Slemko, a software developer who lives near Microsoft’s Redmond, Washington, headquarters.

Besides posting it at his site, Slemko intends to release the technical details on several security mailing lists Friday “so that, if they choose, users and partners can choose to reduce the impact on themselves,” he said. Because of the severity of the flaws, Slemko withheld publication until Microsoft had an opportunity to correct it.

MS to force IT-security censorship. The Register Nov 2 2001 12:34AM ET [Computer security news]

Cambridge University gets low grades for IT. Silicon.com Nov 2 2001 3:22AM ET [Tech latest]

Security Focus (Neohapsis):

Microsoft released a new version of HFNetChk today.

A couple of errors were fixed with the utility itself, and the readme.txt file was updated to include instructions on using HFNetChk if you cannot or do not want to update to at least MS Internet Explorer 5.0 (these instructions might have been there before, but I don’t recall seeing them).

If you are not familiar with HFNetChk, it is an excellent tool for determining whether your WinNT or Win2k systems (workstations and servers) have the recommended hotfixes installed. You run it from a Command Prompt and HFNetChk downloads the current patch list from Microsoft then checks to see if the system is up-to-date. (The patch list, in XML format, is saved to the default directory, so you can also test systems that aren’t on the network.) Not only is the operating system itself checked, but HFNetChk also knows how to check Exchange, SQL and IIS. You can check systems across the network and can specify multiple systems to be checked with one command. The output can be redirected to file for detailed review and historic documentation purposes.

Using HFNetChk alone won’t completely secure your system, but it does make the process of checking for missing patches more manageable.

See http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31154 and the links therein for more info.

– Mark Medici mark@dbma.com

Ben Adida: Why Not MySQL? (for the OpenACS Project)

NOTE: This Document was written in May 2000. Thus, it is outdated and does not represent the latest data concerning MySQL. I will attempt to find time to rewrite this with more current information soon (August 10th, 2001)

If what you want is raw, fast storage, use a filesystem. If you want to share it among multiple boxes, use NFS. If you want simple reliability against simplistic failure, use mirroring. Want a SQL interface to it all? Use MySQL.

Now, if what you want is data storage that guarantees a certain number of invariants in your data set, that allows for complex operations on this data without ever violating those constraints, that isolates simultaneous users from each other’s partial work, and that recovers smoothly from just about any kind of failure, then get your self a real RDBMS. Yes, it will be slower than the MySQL file system. Just like TCP is slower than UDP, while providing better service guarantees.