Close Window


A Monthly Newsletter - May 2003

We had a great response to the April Reader Survey. Thank you to everyone who participated. In this issue, learn more about your fellow readers and their security interests. We also provide a tip about a useful SecureFX script and a link to an amusing description of an SSH1 exploit in "The Matrix Reloaded".

New maintenance releases are now available for VShell Server for Windows 2.1.4, SecureCRT 4.0.6, SecureFX 2.1.5, Entunnel 1.0.5, CRT 4.0.6, and AbsoluteFTP 2.0.5.


1. Feature - Reader Survey Results Are In!
2. Tips - How To Put Dates In Log File Names
3. SSH1 Exploit in "The Matrix Reloaded"
4. VanDyke in the News - The Weakest Link Series
5. New Releases
6. Current Releases

***************** NEW VSHELL FOR MAC OS X *****************

Mac OS X platform support will soon be available in VShell Server for UNIX 2.2. VShell for UNIX provides IT professionals with the ability to configure a Secure Shell solution from VanDyke Software for their mixed platform networks and replace nonsecure Telnet and FTP access to UNIX servers with SSH2. This beta release will be available to a limited number of testers.

To find out more about the beta program for Mac OS X, contact kelli burkinshaw at:

Learn more about VShell for UNIX at:

******************** BETA NOW AVAILABLE ********************

1. Reader Survey Results Are In!

Thanks to all of you who participated in the April Reader Survey. We hoped to get a 5% response rate and 12% of you completed the survey. We appreciate the time you took to share your thoughts with us.

Here's an overview of what your fellow readers look like:

- Over 17% of you are system administrators. Eleven percent are directors (director of IT, product director, or managing director). Nine percent are consultants, 8% programmers or analysts, 8% network or systems engineers, 7% software engineers, and 6% senior network engineers/technologists.

- You are almost evenly split between preferring an HTML (44%) and a text (56%) format for the newsletter. Some of you suggested that we continue the text format, but offer a link to an HTML version on our web site. This is now available at:

This link has expired.

- An overwhelming majority of you (83%) prefer to search using Google. Other search engines you mentioned included Yahoo, Altavista, Excite, Hotbot, Lycos, Copernicus, and Opera.

- You were evenly divided between wanting a longer newsletter and preferring to keep it concise with links to articles on our web site.

- We asked you to rank the value of the newsletter's current sections: feature article, tips, new releases, current releases, quote of the month, and recommended reading. The most valuable section is new releases, followed by tips and current releases. You're most interested in reading about security issues, secure shell "ins and outs", software tips, and security basics.

- You'd like to see more useful tips and ideas. You also suggested that we give you more information about security and Secure Shell functionality, as well as more technical news and security problems and fixes.

While we were glad to hear that many of you like the newsletter the way it is, we'll be working to implement many of your suggested improvements over the next few months. Thanks again
for your participation and for the great feedback.

2. Tips - How To Put Dates In Log File Names

Would you like to have your log information include the date as part of the log file name? If you are using the SecureFX or AbsoluteFTP command-line client (sfxcl.exe or aftpcl.exe, respectively), you can create a DOS batch file to make the log information go to a file with the date as part of the name.

Here's a sample DOS batch file:

FOR /f "tokens=2-4 delims=/ " %a in ('DATE /T') do SET MyDate=%a%b%c

sfxcl.exe /log c:\MyLogs\SecureFX\%MyDate%.log ... [rest of command]

This will create a log file with the current date as the log name, such as "05212003.log".

********************** BUG FIX SURVEY **********************

Have you ever reported a bug to VanDyke technical support? If so, we'd like to hear your opinions about how we distribute our hot fixes and what you'd like to see in the future.

If you've reported a bug to us, and would like to participate in this short survey, go to:


3. SSH1 Exploit in "The Matrix Reloaded"

Have you seen "The Matrix Reloaded" yet? If you haven't, or the next time you see it, check out the scene in which Trinity hacks into the power grid using Nmap to pull off an SSH1 exploit.

Fyodor, creator of Nmap and owner of a web site and mailing list at, has written up an amusing account of Trinity's exploit.

Like almost any self-respecting geek, I bought tickets to 'Matrix: Reloaded' several weeks back (no spoilers, I promise)...

All was going well until Trinity needed to do some hacking. Oh, no! I was sure we'd see a silly "Hackers"-esque 3D animated "hacking scene". Not so! Trinity is as smart as she is seductive! She whips out Nmap (!!!), scans her target, finds 22/tcp open, and proceeds with an Uber ssh technique! I was so surprised, I almost jumped out of my seat and did the "r00t dance" right there in the theatre!

Take a minute to read Fyodor's complete posting at:

4. VanDyke in the News - The Weakest Link Series

Even companies that have turned off nonsecure protocols such as Telnet may overlook switching from FTP to a secure file transfer solution. In the April 29 issue of his Weakest Security Link series at, Luis Medina focuses on securing file transfers using SSH2.

In this article, find out how to set up a secure file transfer solution with SecureFX and an SSH2 server. Read more at:,289483,sid7_gci896262,00.html

Medina is also author of "The Weakest Security Link Series" (Writers Club Press, 2003, ISBN 0595264948), a book of security tips for network users, administrators, and engineers.

In "The Weakest Security Link," Medina advocates and provides tips for proactively implementing a comprehensive security approach that establishes defenses in all seven layers of the
OSI (Open Systems Interconnect) model.

This book will save you time and effort by helping you to identify the weakest - and often overlooked - links in your network security.

5. New Releases

VShell Server for Windows 2.2 and VShell Server for UNIX 2.2 are now in limited beta release. VShell Server 2.2 increases your choices for enterprise-wide authentication methods by introducing support for Kerberos v5 authentication via GSSAPI. VShell Server 2.2 provides you with more options to fine tune your server and environment and limit access to sensitive areas.

To find out more about VShell Server for Windows 2.2 and how to participate in the beta 2 test program, visit:

New maintenance releases are available for VShell Server for Windows 2.1.4, SecureCRT 4.0.6, SecureFX 2.1.5, Entunnel 1.0.5, CRT 4.0.6, and AbsoluteFTP 2.0.5.

You can download these releases at:

For quick access to previous official releases, go to:

6. Current Releases

Here are our latest official product releases:

     - VShell Server for Windows 2.1.4
- SecureCRT 4.0.6
- SecureFX 2.1.5
- Entunnel 1.0.5
- CRT 4.0.6
- AbsoluteFTP 2.0.5

To download any of our current releases, go to:

To download OpenSSH 3.5p1, an extended version of OpenSSH that supports the public-key subsystem, visit:

All VanDyke Software products may be downloaded and evaluated at no cost for 30 days. Licenses include one year of free upgrades and unlimited access to our expert technical support.

Pass it along! If you find this monthly newsletter helpful and informative, forward it to co-workers or friends, or tell them where to sign up.

What do you think?

Let us know what you think about this issue. Were the tips useful? Did you like the feature? Is there a topic you'd like to see us write about? Send us an e-mail at:

Subscription Information

VanDyke Company News is an opt-in mailing list. If you prefer not to receive e-mail like this from us, or need to change your e-mail address, go to:

You may also send an e-mail message to:

with the following message in the body of your e-mail:

unsubscribe vandyke-company-news


VanDyke Software, AbsoluteFTP, CRT, Entunnel, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.

All other products and services mentioned are trademarks or registered trademarks of their respective companies.

Close Window