News from PANUG - August 17, 2001 http://panug.org GROUPWISE SECURITY HOLE by Gregg Berkholtz If you're running Novell's GroupWise product, you have probably already been contacted by Novell about a GroupWise security problem whose details Novell is not revealing. The Novell Tech I talked to on the phone wouldn't confirm or deny anything other than: * It is a server-side issue, with a small patch that also improves performance for the clients. * This is not related to the file browsing hole that was discovered back in February With so little information to go on, I don't have any way to gauge the seriousness of the issue. I don't know what to do before all my systems are upgraded (firewalling, etc...), if my systems or data have already been compromised, what to watch for is someone tries to exploit this vulnerability, etc. The patch is a 5.5MB file that has to be copied to every server. Some of my company's offices have slow or intermittent links. This is a significant effort that I don't want to undertake without knowing more. My boss wants to know more. This is really frustrating. At least security holes in Novell's products are rare - relative to some alternatives. Novell is kind enough to provide free Technical Support, for this issue, at 1.800.858.4000. LAST NIGHT'S MEETING by Ed Sawicki Alan Spaeth's presentation at last night's meeting (The Spaeth Report) focused on Microsoft's new licensing and was informative, entertaining, and there was lots of audience participation. I was left with wondering why anyone would want to continue to use Microsoft software under these new licensing terms. These terms might be reasonable if Microsoft software was high quality and worth the expense, but... well, you know. If you missed the presentation, Alan promises to send us a HTML version of the presentation that we'll put on the PANUG web site but it just won't be the same as being there. Alan will do other presentations at upcoming meetings that will focus on Microsoft's business, tactics, and technological "innovations" that impact us. The demonstration of Open Office left me wondering how much longer it will be before open source office suites are real alternatives to Microsoft office for those who need compatibility with Microsoft Office file formats. When reading Word documents, Open Office displayed apostrophes as question marks. While not a terrible problem, this is not a reasonable rendering of a document, regardless of whether there is an easy to use search and replace operation. Note that open source office suites are usable now if you don't need compatibility with Microsoft's file formats.