SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume III - Issue #34
August 22, 2001
TOP OF THE NEWS
16 August 2001 Microsoft Releases Bundled IIS Fixes and Two New Security Tools20 July 2001 Apache's Good Security Reputation
14 August 2001 Virus Writers Target IMs
12 & 13 August 2001 Alleged Software Pirates Arrested
30 July 2001 Wireless Customer Security Breach Investigation
THE REST OF THE WEEK'S NEWS
17 August 2001 Windows XP Firewall Capabilities Questioned17 August 2001 Microsoft Has Patch for Outlook ActiveX Flaw
16 August 2001 OpenView and NetView Users Urged to Patch Hole
16 August 2001 US Sites Fail to Meet EU Data Privacy Standards
16 August 2001 SirCam Ebbing Slowly
16 August 2001 UK Student Finds Trojan, Traces Source to US
15 & 17 August 2001 GroupWise Patch: Available But Secret
15 August 2001 Judicial Panel Recommends On Line Court Document Privacy Measures
15 August 2001 NNTP Denial-of-Service Vulnerability
13 August 2001 Judge Rules in Favor of Anonymity
13 August 2001 Hackers Urged to be Socially Responsible
13 August 2001 Home User Survey Reveals Hacking Attempts are Wide-Spread
13 August 2001 LANL Public Access Network Site Defaced
13 August 2001 Recommendations for Wireless Application Security
13 August 2001 E-Government Security Goals
12 August 2001 Wireless Networks in Public Places are Not Secure
16 July 2001 Russian Crackers in Organized Crime Rings
*********************** Sponsored by NetIQ ***************************
NETWORK SECURITY: FREE NETIQ PRODUCT TRIAL
Protect your network from the Code Red Worm and other malicious
attacks!
Security Analyzer detects the latest-known vulnerabilities and provides
valuable information addressing them. Get more than 2,300 tests and
comprehensive reports for multiple platforms.
Download your FREE trial now!
http://www.webtrends.com/redirect/ONSASPB070101.htm
**********************************************************************
TOP OF THE NEWS
16 August 2001 Microsoft Releases Bundled IIS Fixes and Two New Security Tools
In the wake of Code Red, which illustrated the fact that many systems were not up to date on their security fixes, Microsoft has released a bundled IIS update and two security tools to help ease the burden of keeping systems secured. The IIS update download includes numerous patches for IIS 4.0 and 5.0 as well as fixes for five recently detected vulnerabilities. The two new security tools, HFNetChk for corporate networks and Microsoft Personal Security Advisor (MPSA) for home users, allow users to check security levels on their systems. IIS:-http://ww.msnbc.com/news/615163.asp?0dm=C15KT
New Tools:
-http://www.computerworld.com/storyba/0,4125,NAV47_STO63091,00.html
Both:
-http://www.zdnet.com/zdnn/stories/news/0,4586,5095796,00.html
[Editor's (Schultz) Note: I commend Microsoft for making these bundled IIS fixes and new security tools available. I just wish that everything would work right the first time. Where I work we've had a lot of problem with the bundled IIS fixes in particular--it seems as if not every vulnerability that is supposed to be fixed is fixed, depending on what fixes have been made before. ]
20 July 2001 Apache's Good Security Reputation
This article points out the differences between Microsoft's Internet Information Services (IIS) web server and the Apache HTTP Server, emphasizing Apache's simpler design and superior security record.-http://www.zdnet.com/zdnn/stories/news/0,4586,2792860,00.html
[Editor's (Paller) Note: When a highly reputable organization like eWeek labs provides strong evidence of the security superiority of Apache over IIS, Microsoft is put in an awkward position. If Microsoft cannot prove that its Internet software is at least as safe as the more widely used Apache, users may be pressured to move to Apache out of concern for potential negligence claims. ]
14 August 2001 Virus Writers Target IMs
Instant messaging (IM) services are becoming the targets of worm and virus writers. In the last few months, MSN Messenger has been hit with both the Hello worm and the Choke worm. IM worms are usually not stopped by standard anti-virus software. Users are urged to exercise caution about opening attachments.-http://www.zdnet.com/zdnn/stories/news/0,4586,5095671,00.html
12 & 13 August 2001 Alleged Software Pirates Arrested
The FBI has arrested four men in connection with a large counterfeit Microsoft software smuggling ring. Agents seized $10.5 million worth of phony goods including Windows ME CDs with hologram stickers; on genuine versions of the software, the hologram is embedded in the disk.-http://www.zdnet.com/zdnn/stories/news/0,4586,5095572,00.html
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO63030,00.html
30 July 2001 Wireless Customer Security Breach Investigation
Verizon and AT&T wireless groups are investigating a security breach that allowed some customers' personal data - including drivers license and social Security numbers - to be posted in Internet chat rooms.-http://iwsun4.infoworld.com/articles/hn/xml/01/07/30/010730hnverup.xml
******************** Also Sponsored by Oblix, Inc. *******************
HOW SECURE IS YOUR E-BUSINESS FOUNDATION?
The Eiffel Tower...the Pyramids...the Golden Gate Bridge--all were
built on SECURE FOUNDATIONS allowing them to transcend time.
Great structures need a solid foundation, including e-business infra
"structures". Oblix NetPoint (TM) provides a unified identity and
security foundation that will enable your business to withstand the
test of time.
Visit us at http://www.oblix.com/reply/sans4 for a FREE infrastructure
white paper and a chance to WIN a t-shirt.
**********************************************************************
THE REST OF THE WEEK'S NEWS
17 August 2001 Windows XP Firewall Capabilities Questioned
Microsoft's Windows XP operating system's firewall capabilities are limited to inbound traffic, a point glossed over on a promotional web site. Security specialists have noted that the claims made could give users a false sense of security. Microsoft has removed some language from the site.-http://www.cnn.com/2001/TECH/internet/08/17/microsoft.security.ap/index.html
[Editor's (Murray) Note: As a general rule, vendors should describe security features, functions, and properties while avoiding claims as to their efficacy. ]
17 August 2001 Microsoft Has Patch for Outlook ActiveX Flaw
Microsoft has released a patch for a flawed ActiveX control in Outlook e-mail software. The flaw allows Outlook to be exploited to modify data and run malicious code. A vulnerability in Microsoft Outlook View Control could allow unauthorized users to view mail folders. The vulnerability affects Outlook 98, 2000, and 2002.-http://www.computerworld.com/storyba/0,4125,NAV47_STO63152,00.html
16 August 2001 OpenView and NetView Users Urged to Patch Hole
Users of Hewlett-Packard's OpenView and Tivoli's NetView software are being urged to apply a patch for a vulnerability that could let an intruder obtain administrative level control of a machine. The vulnerability could also be exploited to modify other networked devices.-http://www.zdnet.com/zdnn/stories/news/0,4586,2804964,00.html?chkpt=zdnnp1tp02
-http://www.cert.org/advisories/CA-2001-24.html
16 August 2001 US Sites Fail to Meet EU Data Privacy Standards
None of 75 US corporate web sites surveyed by Andersen met all six criteria for the European Union's data privacy standard. The study found that only two of the 75 sites met five of the six guidelines, which include telling customers what is done with their personal information, allowing customers to view and correct errors to their personal data, storing data securely, and providing help to those whose privacy has been violated.-http://news.cnet.com/news/0-1005-200-6892337.html?tag=prntfr)
[Editor's (Schultz) Note: These results should surprise nobody. Most U.S. organizations have not adequately come to grips with customer privacy issues, but particular when it comes to records stored in computers. I view "Safe Harbor" as a "cop-out" in which the fox (U.S. corporations) guard the proverbial henhouse. Fortunately, there seems to be growing momentum for national privacy protection legislation in the U.S., something that (if passed) will provide real impetus for adequate privacy protection. ]
16 August 2001 SirCam Ebbing Slowly
The SirCam worm accounted for 65% of all reported viruses reported to one antivirus company. The worm has not abated at the rate other worms have due to its people's inherent curiosity about the attachments. Sircam is leaking substantial amounts of proprietary information. ]-http://www.wired.com/news/technology/0,1282,46087,00.html
16 August 2001 UK Student Finds Trojan, Traces Source to US
Matthew Hillman, a UK computer student, noticed a Trojan horse program appearing on his machine. Hillman traced the source of the attack to a US college; he also discovered that a number of companies had been infected with the Trojan. The FBI is investigating.-http://news.bbc.co.uk/hi/english/sci/tech/newsid_1494000/1494091.stm
15 & 17 August 2001 GroupWise Patch: Available But Secret
Novell GroupWise 5.5 Enhancement Pack and GroupWise 6 users are being urged to apply a software patch called "Padlock Fix" for a vulnerability that could compromise e-mail system security. In a move that has frustrated some customers, Novell is not saying what the fix does for fear crackers will exploit the vulnerability.-http://www.nwfusion.com/news/2001/0815groupwisebug.html
-http://www.theregister.co.uk/content/55/21115.html
15 August 2001 Judicial Panel Recommends On Line Court Document Privacy Measures
A panel of judges has recommended privacy measures for court documents available on line; Social Security and financial account numbers would be modified to avoid potential abuse. The panel does not support making criminal case court documents available on line. The panel's report will be considered by the Judicial Conference of the United States in September.-http://news.cnet.com/news/0-1005-200-6885955.html?tag=prntfr
15 August 2001 NNTP Denial-of-Service Vulnerability
Microsoft has released a patch for a security hole in its Network News Transport Protocol (NNTP) service that could let attackers consume system memory by sending irregular postings to the service.-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO63078,00.html
13 August 2001 Judge Rules in Favor of Anonymity
A California judge ruled that Yahoo does not have to reveal the identities of people who posted message board items that were critical of an Oklahoma-based company.-http://news.cnet.com/news/0-1005-200-6863061.html?tag=prntfr
13 August 2001 Hackers Urged to be Socially Responsible
Speaking at HAL2001, CryptoRights Foundation founder Dave del Torto called for hackers to put their skills to good use by helping victims of human rights violations in Guatemala. People gathering testimonials of killings in Guatemala run the risk of retaliation if their identities become known.-http://www.wired.com/news/culture/0,1284,46035,00.html
[Editor's (Murray) Note: We should start by urging them to restrict their activities to their own systems. Society decided a long time ago that it is not well served by vigilantes. Who appointed Mr. del Torto to nominate the "bad guy of the day?" Next thing you know, he will be inviting us to a lynching. ]
13 August 2001 Home User Survey Reveals Hacking Attempts are Wide-Spread
Symantec gave 167 volunteers personal firewalls and had them log all attempts to compromise their computers. Ninety-five percent of the participants received attention from hackers' probes. The majority of the attacks were attempts to install the SubSeven Trojan.-http://news.bbc.co.uk/hi/english/sci/tech/newsid_1484000/1484704.stm
[Editor's (Murray) Note: I doubt it. The majority of the attacks were attempts to locate and exploit the SubSeven program. Most of these are by script kiddies, not rogue hackers. Most attempts to install SubSeven would be transparent to a firewall. (Paller) I concur - the journalist reported the threat incorrectly. People get infected by SubSeven through email attachments, downloads from infected web sites, infected screen savers and more. The firewall picks up the scans looking for systems that have already been effective. ]
13 August 2001 LANL Public Access Network Site Defaced
Crackers exploited an IIS software hole to deface a web site on a Los Alamos National Laboratory (LANL) external network. The site was taken down so it could be rebuilt and tested for vulnerabilities.-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO63035,00.html
13 August 2001 Recommendations for Wireless Application Security
A list of recommendations for securing wireless applications includes using embedded access controls, and installing intrusion detection systems and access point firewalls. Users should also be well acquainted with security issues.-http://www.fcw.com/fcw/articles/2001/0813/tec-mobbx1-08-13-01.asp
13 August 2001 E-Government Security Goals
The CIO Council, Chief Financial Officers Council and the Information Technology Association of America (ITAA) have listed five security goals for e-government: availability, identification and authentication, confidentiality, integrity, and nonrepudiation.-http://www.fcw.com/fcw/articles/2001/0813/tec-sprtbx-08-13-01.asp
12 August 2001 Wireless Networks in Public Places are Not Secure
Wireless networks offered in coffee shops, airports, and hotels are not secure; users should employ personal firewalls and use VPN software from employers. One man using an airport lounge network observed that it is a trade-off between risk and benefit.-http://news.cnet.com/news/0-1004-200-6853688.html?tag=prntfr
16 July 2001 Russian Crackers in Organized Crime Rings
Russian crackers are increasingly working with organized crime groups, stealing credit card and bank account numbers as well as proprietary information. They sometimes attempt extortion, either demanding money in return for repairing vulnerable systems, or threatening to release sensitive data if their demands are not met.-http://www.zdnet.com/intweek/stories/news/0,4164,2784950,00.html
==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites
Editorial Team:
Kathy Bradford, Roland Grefer, Bill Murray, Stephen Northcutt,
Alan Paller, Marcus Ranum, Eugene Schultz