WinInfo Daily UPDATE, December 2, 2003

This Issue Sponsored By

Free Trial--Fast and Easy Network Management


1. In the News
- Microsoft Takes Windows on the Road
- Microsoft Launches New Hotmail Version
- Debian: Serious Linux Security Flaw Enabled Attack

2. Announcements
- 2004 Dates Announced: Windows & .NET Magazine Connections
- New--Microsoft Security Road Show!

3. Event
- Receive a Free Identity Management White Paper!

4. Contact Us
- See this section for a list of ways to contact us.

==== Sponsor: Free Trial--Fast and Easy Network Management ====

Managing your company's IT assets means more than just selection and maintenance. Reporting, inventory, deployment and forecasting are also part of the job. Learn about an easy, full-featured IT asset management solution that provides you with the tools you need. Click here for a free trial download of NetSupport DNA.

==== 1. In the News ====
by Paul Thurrott, [email protected]

Microsoft Takes Windows on the Road
Remember the joke about how bad cars would be if Microsoft designed them? Well, stop laughing: The software giant has set its sights on the automotive industry, and although the company won't start designing cars anytime soon, it likely will have a lot to say about the electronics in your next vehicle. Today, Windows Automotive software is available in more than 20 car models from companies such as BMW, Citroen, DaimlerChrysler, Fiat, Hyundai, Mitsubishi, Subaru, Toyota, and Volvo. In 2 or 3 years, Microsoft hopes to see its next-generation automotive software, code-named TBox, available in all car models.
"We'd like to have one of our operating systems in every car," said Dick Brass, vice president of Microsoft's Automotive Business Unit. "It's a lofty goal." It sure is: With more than 650 million cars in circulation and 50 million new vehicles produced every year, the size of the automotive market rivals that for desktop PC OSs. Today's cars include multiple electronic devices, including microprocessors. A growing number of cars also include advanced computerlike functionality, such as Global Positioning Systems (GPSs).
Microsoft's plans for the automobile's future are as far-reaching as its plans for desktop computing. TBox will allegedly tell drivers when they need an oil change, warn of upcoming traffic slowdowns, suggest alternative routes, and silently pay tolls, all using a hands-free, less distracting interface than the Windows Automotive software today's cars use.

Microsoft Launches New Hotmail Version
Late yesterday, Microsoft launched the newest version of its Web-based Hotmail service, the world's most popular email service. In this release, the company gave Hotmail a graphical and functional overhaul that more closely resembles Microsoft Outlook 2003 and the subscription-based MSN email clients. The new Hotmail interface also integrates more closely with Microsoft's subscription offerings, including MSN and Hotmail Extra Storage.
"Today 66 percent of the people say \[Hotmail is\] their primary consumer email \[service\] for people who have \[both\] work mail and consumer mail," said Yusuf Mehdi, corporate vice president of the MSN Personal Services & Business Division. "If you ranked \[Hotmail\] in terms of total size, it would be the ninth largest country in the world, behind Bangladesh and before Mexico, in terms of population size. Hotmail \[filters\] over 2.4 billion spam messages \[every day\]."
So what's new in Hotmail? A streamlined interface makes organizing, reading, and sending email messages easier and gives precedence to messages from people in your Contacts list. The Junk Mail filter now lets users report Junk Mail back to Hotmail, letting the service filter those senders at the server level. The new Calendar component offers handy tasks, reminders, and notes, and you can easily share your Calendar with users in your Contacts list. The new Contacts well displays both list and card views, and you can segregate your contacts by groups or alphabetically--a dramatic improvement.
Hotmail is a free service. The new version is currently available for all Hotmail subscribers.

Debian: Serious Linux Security Flaw Enabled Attack
Linux distributor Debian revealed this week that a major security flaw in the Linux kernel enabled the electronic attack that compromised four of its servers in late November. The flaw lets attackers with reduced privileges on a Linux machine escalate their privileges and gain access to the entire system.
According to Debian, attackers compromised at least four of its servers, including the machines responsible for its bug-tracking system, mailing lists, Web sites, and security components. Attackers first compromised a Debian developer's desktop machine and installed a key sniffer application that remotely recorded the developer's keystrokes. That program let the attackers obtain the password to one of Debian's servers when the developer logged on to upload a file. They then used the Linux security vulnerability to escalate the developer's privileges and "own" the system as a root, or administrator-level, account.
Debian once again assured users that the attack didn't affect its Linux code base. "Fortunately, we require developers to sign \[their software\] uploads digitally," Martin Schulze, a member of The Debian Project, said. "These files are stored off-site as well, \[and\] were used as a basis for a recheck." Meanwhile, Debian has locked all developer access to its servers while the company searches for the source of the attack, which is still unknown 2 weeks later.
Most astonishingly, Linux maintainers discovered the flaw that led to the Debian attack way back in September but fixed it only in the most recent Linux kernel version, 2.4.23, which they released last week--8 days after the Debian compromise. The wide gap between the flaw's discovery and its fix casts new doubts on open-source community claims that it can respond to problems more quickly than closed systems such as those Microsoft makes. The episode is also a major embarrassment to Linux advocates, who often passionately defend the open-source software (OSS) development model as the cure for all software ills.
But Linux backers are, naturally, downplaying the seriousness of the vulnerability that led to the attack. Linux creator Linus Torvalds noted that this type of bug isn't as serious as one that can let any user remotely access a system. "It's a local-only compromise that you can't trigger from the outside," he said in an email message that discussed the attack. "To most people, it would thus become serious only after you had some account hacked into--the bug then allows elevation of privileges." But critics warn that the problem has nothing to do with the type of vulnerability that the attackers compromised but rather with the slow nature of the vulnerability's fix. Imagine the outcry from the open-source community if Microsoft ever waited that long between the publication of a security vulnerability and the company's delivery of a fix.

==== 2. Announcements ====
(from Windows & .NET Magazine and its partners)

2004 Dates Announced: Windows & .NET Magazine Connections
Windows & .NET Magazine Connections will be held April 4 to 7, 2004, in Las Vegas at the new Hyatt Lake Las Vegas Resort. Be sure to save these dates on your calendar. Early registrants will receive the greatest possible discount. For more information, call 203-268-3204 or 800-505-1201 or go online at

New--Microsoft Security Road Show!
Join industry guru Mark Minasi on this exciting 20-city tour and learn more about tips to secure your Windows Server 2003 and Windows 2000 network. There is no charge for this event, but space is limited, so register today! Sign up now for our December events.

==== 3. Event ====
(brought to you by Windows & .NET Magazine)

Receive a Free Identity Management White Paper!
Are your existing identity-management and access-control solutions fragmented, duplicated, and inefficient? Attend this free Web seminar and discover how to automate and simplify identity creation, administration, and access control. Leverage your investment in Microsoft technologies and benefit from greater security, improved productivity, and better manageability. Register now!

==== Sponsored Links ====

Sybari Software
Free! "Admins Shortcut Guide to Email Protection" from Sybari;6574227;8214395;q?

Microsoft(R) Security Readiness Kit
Get your free kit for creating an enhanced risk-management plan.;6600432;8214395;e?;6576037;8608804;t?


4. ==== CONTACT US ====

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Manage Your Account
You are subscribed as #EmailAddr#.

To unsubscribe from this email newsletter, send an email message to mailto:#mailing:unsubemail#.

To make other changes to your email account such as change your email address, update your profile, and subscribe or unsubscribe to any of our email newsletters, simply log on to our Email Preference Center.

Copyright 2003, Penton Media, Inc.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.