SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume III - Issue #10

March 07, 2001

There are 13 days left in which to take advantage of the registration
discounts for SANS2001 in Baltimore. SANS2001 has all seven GIAC
certification tracks plus 60 additional one day courses. It also
includes the JCSC - the only substantive, future-oriented conference
for CISOs and security managers (other than Gartner's). Plus a unique
workshop for university security administrators, a technical conference
full of short courses and technology updates, and the largest security
exposition we've ever convened.

If you want to attend SANS Security Essentials program please consider
coming to Dallas, Raleigh, Orlando or London instead of Baltimore. And
if you want to attend the Firewalls, Perimeter Protection, and VPNs
certification track, please consider coming to Orlando. The alternative
sites give you the same top rated instructors as SANS2001, but in
smaller, more interactive classes.

AP

---

TOP OF THE NEWS

6 March 2001 Amazon Unit Loses Client Data To Hacker
2 March 2001 Back Door Bypasses Palm Passwords
2 March 2001 Power Grid Vulnerable to Attack
2 March 2001 Companies Still Running Flawed BIND Software
1 & 2 March 2001 Cisco IOS Software Flaw
28 February 2001 IT Disaster Preparedness

THE REST OF THE WEEK'S NEWS

2 March 2001 Satellite Software Stolen
2 March 2001 Visa to Offer Help With Security Guideline
2 March 2001 Congress Wants Reports on Agency Security
1 March 2001 CIAO Report Says There's Still Lots of Work to Do
28 February 2001 Security Requires Diligence and Funding
28 February 2001 Many University Networks Ripe for Misuse
27 February 2001 Merging Physical and IT Security
27 February 2001 Chinese Internet Filtering Software
27 February 2001 Laptop Tracking System
27 February 2001 Firewall Patches Examine Application Content
26 & 27 February 2001 W32Gnuman.worm is First Peer-to-Peer Virus

TUTORIAL

T1 March 2001 Silence Does Not Serve Security
T1 March 2001 Twelve Keys to Security
T28 February 2001 Overlooked Security Measures
T26 February 2001 Security Manager's Journal

---

************** This issue sponsored by SurfControl, Inc. *************
IT DEPT. UNDERSTAFFED & OVER-WORKED?
Let SuperScout lighten the load. Eliminate bandwidth problems &
strengthen security w/ Internet filtering from SurfControl. Their packet
sniffing technology monitors, reports, blocks & manages all TCP/IP
protocols - so your IT staff can concentrate on more important matters.
FREE TRIAL: http://www.surfcontrol.com/promo/SNB0307
**********************************************************************

---

TOP OF THE NEWS

6 March 2001 Amazon Unit Loses Client Data To Hacker

Amazon announced that hackers had stolen data on 98,000 customers of its Bibliofind.com subsidiary.
-http://www.infoworld.com/articles/hn/xml/01/03/06/010306hnbiblio.xml?0306alert

2 March 2001 Back Door Bypasses Palm Passwords

A back door in the Palm OS - used by developers to debug applications - - affords anyone with developer tools and a sync cable the ability to access data on the handheld devices, even if they have been locked with a password.
-http://news.cnet.com/news/0-1006-201-5005917-0.html?tag=prntfr

2 March 2001 Power Grid Vulnerable to Attack

Experts are concerned that the increased visibility of the nation's power grid, due to the West Coast power shortages, may invite attacks on the system. Electric companies have established an Information Sharing and Analysis Center (ISAC).
-http://www.computerworld.com/cwi/story/0,1199,NAV47_STO58300,00.html

2 March 2001 Companies Still Running Flawed BIND Software

An Icelandic software and consulting firm tested DNS systems at Fortune 1000 companies and .coms at periodic intervals after the announcement of the flaw in BIND software. After a striking initial drop in the number of sites running insecure versions of BIND, the surge has faded to a trickle. SANS GIAC and CERT/CC have begun receiving reports of successful BIND vulnerability exploits.
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO58302,00.html

1 & 2 March 2001 Cisco IOS Software Flaw

A vulnerability in Cisco's IOS software could allow an attacker to intercept and modify TCP traffic. The flaw affects only those TCP sessions that originate or terminate on the Cisco device. The company has free upgrades available.
-http://www.zdnet.com/zdnn/stories/news/0,4586,2691594,00.html
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO58279,00.html

28 February 2001 IT Disaster Preparedness

The earthquake that rocked the northwest last week put IT disaster readiness to the test. Disaster planning at Boeing paid off, as its data center appeared to be unaffected. Starbucks headquarters was not so lucky, with some IT systems going off-line.
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO58158,00.html

---

***************Also Sponsored by Symantec Corporation ****************
How to tame the risk and unleash the possibilities:
Only Symantec's Webthority provides a scalable, integrated security
solution enabling secure Web-based e-business. Download your FREE copy
of "Guide to Enabling Secure Web Usage" at
http://enterprisesecurity.symantec.com/content/promotions.cfm?promocode=AXE0118
Tame the risk and unleash the possibilities with Webthority.
**********************************************************************

---

THE REST OF THE WEEK'S NEWS

2 March 2001 Satellite Software Stolen

A Swedish lawyer claims that an unidentified cracker broke into a federal computer system at the US Naval Research Laboratory in Washington, DC and stole source code used to control satellites. The cracker is believed to have used a computer at a German University and a hijacked account at a Swedish ISP.
-http://www.wired.com/news/politics/0,1283,42139,00.html
-http://www.idg.net/ic_464249_2058_1-1474.html
-http://www.cnn.com/2001/TECH/internet/03/02/navy.hacker.ap/index.html
-http://news.cnet.com/news/0-1003-200-5006606.html?tag=prntfr

2 March 2001 Visa to Offer Help With Security Guideline Compliance

Visa USA, Inc. is implementing a program to help e-commerce sites adhere to the company's security guidelines, which include deploying firewalls, encrypting stored data, and employing anti-virus software. Visa will offer training sessions, reviews, and consultations to help Internet merchants comply with the guidelines.
-http://www.computerworld.com/cwi/story/0,1199,NAV47_STO58303,00.html
The "Cardholder Information Security Program" is accessible at
-http://www.visabrc.com/documents/cisp.pdf

2 March 2001 Congress Wants Reports on Agency Security

The House Commerce subcommittee on investigations wants security testing compliance reports from 15 agencies. Under a federal law passed last year, the agencies are required to test their own security and hire third party penetration testers.
-http://www.wired.com/news/politics/0,1283,42148,00.html

1 March 2001 CIAO Report Says There's Still Lots of Work to Do

A Critical Infrastructure Assurance Office (CIAO) report says that while government-private sector security technology partnerships are moving forward, the majority of agencies have not done much to secure computers and networks. The CIAO's new initiative, Project Matrix, proposes to identify key government systems, their vulnerabilities, and the potential fallout from attacks.
-http://news.cnet.com/news/0-1003-201-4994624-0.html?tag=prntfr

28 February 2001 Security Requires Diligence and Funding

A lack of vigilance and scanty funding leave the door open to cyber attacks and virus infestations. Fixes and patches have been released for many vulnerabilities that are still being exploited, like the BIND and IIS 4.0 holes, and some administrators depend too heavily on anti- virus software to protect their systems. Additionally, proactive spending is hard to justify.
-http://www.wired.com/news/technology/0,1282,42047,00.html

28 February 2001 Many University Networks Ripe for Misuse

The revelation that an Indiana University computer was being used as a repository for a cracker's music and video files underscores the fact that university computer networks frequently present an olio of security approaches.
-http://www.wired.com/news/culture/0,1284,42063,00.html

27 February 2001 Merging Physical and IT Security

Microsoft and other companies are combining physical and IT security into a single unit. Some IT security directors expressed concern that other managers may not have the technical knowledge necessary to protect data from attacks.
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO58119,00.html

27 February 2001 Chinese Internet Filtering Software

China's Ministry of Public Security has released Internet filtering software to prevent its citizens from accessing "unhealthy information." The software comes in different versions for homes, schools, and Internet cafes.
-http://www.wired.com/news/politics/0,1283,42043,00.html

27 February 2001 Laptop Tracking System

A new laptop monitoring center in Maryland will allow government agencies to keep track of IP addresses, user names, e-mail addresses and originating phone numbers which could help recover missing computers with the help of software installed on the machines. Repartitioning the hard drive will not remove the software.
-http://www.fcw.com/fcw/articles/2001/0226/web-comp-02-27-01.asp

27 February 2001 Firewall Patches Examine Application Content

Some personal firewall vendors have released updates that protect against malicious applications in friendly disguises. Most firewalls test an application's legitimacy by checking the file name and port number; the patches alter the identification process, looking at actual content or code.
-http://www.idg.net/ic_461016_2094_1-1474.html

26 & 27 February 2001 W32Gnuman.worm is First Peer-to-Peer Virus

A virus that infects the systems of Gnutella users disguises itself as a music or image file. It is actually an .exe file that renames itself and answers every search request with a positive result. The virus can be recognized by its constant size of 8,192 bytes. The virus consumes system resources and opens the door for other, more malicious peer-to- peer attacks. Most anti-virus vendors have released updates that recognize the virus.
-http://www.infoworld.com/articles/hn/xml/01/02/27/010227hnp2pvirus.xml?0227alert
-http://news.cnet.com/news/0-1003-201-4954849-0.html?tag=prntfr

---

TUTORIAL

1 March 2001 Silence Does Not Serve Security

CIOs are reluctant to speak about their companies' security because any statement - an acknowledgment of vulnerability or a declaration of invulnerability - invites attacks. Security experts advise CIOs to be forthcoming about security so that companies can learn from each others' mistakes.
-http://www2.cio.com/archive/030101/silence_content.html

1 March 2001 Twelve Keys to Security

While 100% security is not a reality, experts offer twelve security essentials, which include applying appropriately differing levels of security to different assets, spending carefully, approaching security as risk management instead of threat avoidance, and educating employees.
-http://www.cio.com/archive/030101/keys.html

28 February 2001 Overlooked Security Measures

An IT professional notes some essential aspects of security are often overlooked; physical security can be neglected, and data is often stored unencrypted, making it usable to thieves.
-http://www.computerworld.com/cwi/story/0,1199,NAV65-663_STO58140,00.html

26 February 2001 Security Manager's Journal

The author, a security manager, believes hackers make great security team employees, and he hires one from within the company. He also requests some intrusion detection software and scanning products.
-http://www.computerworld.com/cwi/story/0,1199,NAV65-663_STO58018,00.html

---

== End ==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites


Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Bill Murray,
Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz