Timothy
Parker Consulting Incorporated
|
|
|
|
Questions and Answers Part 7 Q: I heard
from another IS person that there is a serious hole in Windows 2000, something
that hackers can exploit and seize control of a server through.
Is this true? A: Microsoft
has verified that those running Windows 2000 with Internet Information Server (IIS)
5.0 without any patches from Microsoft should be aware of the potential for
exploitation through a hole. This
only occurs when IIS 5.0 has Internet Printing turned on. If Internet printing is turned off, the hole is closed.
Unfortunately, Internet Printing is on by default.
Users of IIS 5.0 have two options: turn off Internet Printing, or
download a patch from the Microsoft Web site. For those buying Windows 2000
Service Pack 2 (to be released in July), the hole will be fixed. The flaw in the IIS
code is serious because it doesn’t take much intelligence for a hacker to
break the system. All they need do
is send enough data to the printing subsystem to overflow the buffer, and then
any program can be run on the server. There are already instructions on how to
exploit this hole available on the Web, so speed in closing the hole is highly
recommended. Q: I was
reading about investment fraud in Macleans. How much fraud is there on the Web?
Is it something all consumers should worry about? A: According
to data from the Internet Fraud Complaint Center, in the last half of 2000 the
breakdown of fraud complaints showed the biggest problem to be on-line auctions.
This accounted for 64% of all complaints.
Investment fraud (either direct or indirect using pump-and-dump schemes)
accounted for only1% of all complaints. For
the record, e-commerce complaints (wrong shipments, non-delivery of items,
illegal billing of credit cards) was 22%, credit card fraud was 5%, and all
other types of fraud accounted for 8%. Specifically
dealing with investment fraud, the obvious rules of real life apply: if it’s
too good to be true, it is. Q: What’s
the best search engine on the Internet? A: What’s
the best piece of music ever written? The
best flavor of ice-cream? Like
these questions, you’ve asked for an opinion, not a fact. There are dozens of search engines on the Internet, and the
most popular (those used by Yahoo, for example) are not the most powerful,
complete, or succinct. My personal
opinion is that AltaVista was the best engine until the last year, but now I use
Google (www.google.com) for all my
searches. I’m not alone: since
it’s roll-out in Sept 1998, Google has grown from 2 servers with less than
5,000 searches a month to 8,000 servers with 70,000,000 searches.
Try it: it’s fast, easy to use, and finds what you want faster than
most engines. Q: What is
ColdFusion? A: ColdFusion
is a Web development package from Macromedia (makers of Flash and DreamWeaver).
The current version of ColdFusion is 4, but version 5 is due out in June.
The package is not easy to learn and requires a fair bit of experience to get
competent with, but it is a very powerful tool for designing complex Web sites
with advanced features such as query pages, Flash integration, and more.
It’s not a cheap package, either, running $1,295US for a single-user
version 5 license. Q: I have a
client who runs Microsoft’s SQL Server and has a large integrated database.
Queries are written in SQL both using applets on a Web page, as well as
ad-hoc. The client wants to move to
Oracle because of its claimed speed increase and wider platform support.
Is this a good move? What
problems are going to crop up? A: Oracle is
the widest used RDBMS on the market, and powers most e-commerce sites.
Oracle is a fine RDBMS, as is Microsoft’s SQL Server.
Oracle runs on many more hardware platforms, so if your customer is
thinking of moving to Linux, UNIX, or minicomputers or mainframes, then the
switch to Oracle may make sense, depending on the scale of their applications.
I have two obvious warnings about the move: Oracle is a complex package
to install and configure properly, even on simple platforms like Windows NT; and
Oracle doesn’t support SQL standards properly, so some SQL scripts and applets
may not work properly and require rewriting. The cost involved in the migration is going to be
considerable, so a good business case for the move (as well as cost factors for
script reprogramming) should be required. Q: Is Linux
available for PDAs? A: Yes, there are several ports designed to allow a PDS to run Linux. They are not full-blown Linux, of course, but they do provide an alternative to PalmOS and its applications. Check a search engine for the locations and information about these ports. |
|
Send mail to
tparker@tpci.com with
questions or comments about this web site.
|