Newsletters: NewsBites

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume III - Issue #36

September 05, 2001


***Scanning for the Top Ten Internet Security Threats***
SANS, the NIPC, and the Federal CIO Council published a consensus
report on the Top Ten Internet Security Threats last summer
(http://www.sans.org/topten.htm) and intend update it in about a month.
This time, with the help of the Center for Internet Security we
will also release a free scanner that tests systems remotely for the
vulnerabilities on the updated list. We need ten large organizations to
test the scanner against commercial tools they use and send us results
within two weeks. If you use a commercial scanner and want to help,
please email sansro@sans.org with the subject "Top Ten Scanner Test"
and tell us your organization, which commercial tools you use, and
how many systems of what type you regularly scan.

***Step-by-Step Business Continuity Plan/Disaster Recovery***
Be part of the consensus group creating this important new guide. Email
sansro@clark.net with subject "Disaster Recover SBS" and your name,
organization, and experience with disaster recovery.

TOP OF THE NEWS

30 & 31 August 2001 Microsoft Reader Encryption Broken
29 August 2001 British Business Group Wants Government Help With Cybercrime
29 August 2001 Parasitic Computing
26 August 2001 Customers Want High-Speed Providers to Shoulder Security Responsibility

THE REST OF THE WEEK'S NEWS

31 August 2001 Russia Warns Experts About Travel to US
31 August 2001 Teen Cracker Consults While on Work Release
31 August 2001 Teen Suspected of Breaking Into Sony Server and VP's Home Computer
31 August 2001 Cancer Center Wireless LAN To Have Added Security
31 August 2001 Indian Cyber Crime Police Station
30 August 2001 US to Finance Censor Evading Technology for Chinese
30 August 2001 "Invalid" Worm
30 August 2001 Air Force to Test Biometric Security Applications
29, 30 & 31 August 2001 Two Arrested in Encryption Device Export Plot
29 August 2001 Blocking DoD Sites During Code Red Was a Good Idea
29 August 2001 Parents Speak on Son's Behalf at Sentencing Hearing
29 August 2001 Financial Sites Don't Score Well on Customer Privacy Survey
29 August 2001 Bank Replacing Compromised Debit Cards
28, 30 & 31 August 2001 Consultant Finds Cross Site Scripting Vulnerability
28, 29 & 30 August 2001 Sklyarov Pleads Innocent
28 August 2001 Digital Clues Led to Alleged Spy's Arrest
28 August 2001 Home Users Need Firewalls
27 August 2001 Managed Security Service Providers' Numbers Dwindle
27 August 2001 Wireless LAN Security Can Be Enhanced


******************* Sponsored by VIGILANTe ***************************
Industry's only 3rd generation network vulnerability assessment
technology - is by VIGILANTe
VIGILANTe tackles traditional hurdles in vulnerability testing
for modern, distributed network architecture. SecureScan NX- is
the first solution that centrally manages distributed network and
firewall testing- providing total testing flexibility for today's
complex networks.
Visit http://www.vigilante.com/securescan/overview.htm?SANS
**********************************************************************

TOP OF THE NEWS

30 & 31 August 2001 Microsoft Reader Encryption Broken

A programmer says he has broken the most stringent level of protection in Microsoft Reader, the company's e-book software, according to Technology Review. The programmer is not releasing the code and is maintaining his anonymity due to his fear of being prosecuted for violating the Digital Millennium Copyright Act (DMCA).
-http://www.msnbc.com/news/621827.asp?0dm=T17MT
-http://www.zdnet.com/zdnn/stories/news/0,4586,2809412,00.html
-http://news.cnet.com/news/0-1005-200-7026815.html?tag=prntfr

29 August 2001 British Business Group Wants Government Help With Cybercrime

The UK's Confederation of British Industry (CBI) wants the government to take action against cybercrime by establishing a center for incident reporting and by updating 1990's Computer Misuse Act to include attacks on computer systems. CBI says that fear of financial losses due to cybercrime is preventing e-commerce from blossoming.
-http://news.cnet.com/news/0-1007-200-7001746.html?tag=prntfr

29 August 2001 Parasitic Computing

University of Notre Dame computer science researchers harnessed the processing power of web servers around the world to solve a mathematical puzzle - without permission. The researchers took advantage of a vulnerability in the TCP error checking process to stage their proof-of-concept exploit. The technique is rather inefficient and is therefore unlikely to be used maliciously.
-http://www.usatoday.com/life/cyber/tech/2001-08-29-parasitic-computing.htm
-http://news.bbc.co.uk/hi/english/sci/tech/newsid_1515000/1515559.stm
[Editor's (Schultz) Note: This is an intriguing development. Many observers seem to be saying that parasitic computing is too inefficient to warrant its use by attackers, but I feel otherwise. A concept followed by proof of concept is normally followed by attempts to improve on the implementation of that concept. And look at IP spoofing. In 1989, when Stephen Bellovin wrote his now classic paper on this subject, many if not most security professionals thought that IP spoofing was esoteric. Look what happened (and is still happening). I'd predict that the same will be true of parasitic computing. ]

26 August 2001 Customers Want High-Speed Providers to Shoulder Security Responsibility

High-speed Internet services users are suggesting that the service providers take more responsibility for security; customers should be informed of the possible security threats that come with high-speed connections and of what they can do to protect their computers, like making sure file sharing is not enabled.
-http://www.securitynewsportal.com/article.php?sid=1665&mode=thread&order
=0



******************* Also sponsored by Trend Micro ********************
5% Rebate on Trend Micro ScanMail, Superior Antivirus Solution
Now you can earn 5% rebate on licenses purchase for Trend Micro
ScanMail for Exchange 2000 by September 28. Integrated with Microsoft
virus-scanning API 2.0, ScanMail ensures 100% inbound/outbound email
scanning and provides remote management.
For program details or download your 30-day FREE evaluation copy, visit
http://www.antivirus.com/banners/tracking.asp?si=19&bi=169&ul=/smex2000/
**********************************************************************

THE REST OF THE WEEK'S NEWS

31 August 2001 Russia Warns Experts About Travel to US

In the wake of Dmitry Sklyarov's indictment for violation of the Digital Millennium Copyright Act (DMCA), Russia has warned its computer experts that they will be subject to the same law when they travel to the United States.
-http://www.msnbc.com/news/622397.asp?0dm=C14LT

31 August 2001 Teen Cracker Consults While on Work Release

Dennis Moran, the New Hampshire teenager serving a nine-month jail sentence for breaking into several military computer systems and other web sites, has been running a computer troubleshooting business launched with the help of a mentor. Moran has been on work-release from jail and his sentence will be complete on September 4.
-http://www.cnn.com/2001/TECH/internet/08/31/hackers.fresh.start.ap/index.html

31 August 2001 Teen Suspected of Breaking Into Sony Server and VP's Home Computer

A Washington state teenager is suspected of breaking into one of the servers that operates a popular Sony online game. In addition, someone stole documents relating to an upcoming version of the game from the home computer of Sony's VP of product development.
-http://seattletimes.nwsource.com/html/localnews/134335724_hacker31m.html

31 August 2001 Cancer Center Wireless LAN To Have Added Security

A Houston cancer center's planned wireless LAN pilot project will incorporate a dynamic key management system, capable of changing encryption keys as frequently as every three minutes. WEP by itself would not satisfy the requirements of the Health Insurance Portability and Accountability Act (HIPAA).
-http://www.computerworld.com/storyba/0,4125,NAV47_STO63465,00.html

31 August 2001 Indian Cyber Crime Police Station

India has established a police station devoted solely to cybercrime in the state of Karnataka.
-http://www.cnn.com/2001/TECH/internet/08/31/india.crime.reut/index.html
[Editor's (Schultz) Note: This news item is in many respects represents a real landmark. The fact that a police station dedicated to dealing with cybercrime in an economically struggling country shows just how important cybersecurity is becoming. ]

30 August 2001 US to Finance Censor Evading Technology for Chinese

The International Broadcasting Bureau, a United States government agency, will finance anonymous surfing technology that will allow Chinese citizens to evade Internet censorship imposed by their government.
-http://www.zdnet.com/zdnn/stories/news/0,4586,5096452,00.html
-http://www.nytimes.com/2001/08/30/technology/30VOIC.html
(Note: this site requires free registration)

30 August 2001 "Invalid" Worm

The "Invalid" worm arrives as an attachment purporting to be a patch from Microsoft. The worm encrypts .exe files with a random key and mails itself to addresses found in .ht* files in the My Documents folder.
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO63419,00.html

30 August 2001 Air Force to Test Biometric Security Applications

The Air Force plans to test iris scanning and hand and face geometries systems for accessing computer networks at certain facilities in Italy and Texas.
-http://www.gcn.com/vol1_no1/daily-updates/16966-1.html

29, 30 & 31 August 2001 Two Arrested in Encryption Device Export Plot

A four-month-long investigation has led to the arrest of two men who allegedly tried to smuggle encryption devices to China. The devices in question are designed for government use; they require State Department export licenses in order to be sent out of the US, and China is not allowed to obtain them from the US at all.
-http://www.wired.com/news/politics/0,1283,46422,00.html
-http://news.cnet.com/news/0-1003-200-7015467.html?tag=prntfr
-http://www.gcn.com/vol1_no1/daily-updates/16973-1.html

29 August 2001 Blocking DoD Sites During Code Red Was a Good Idea

Blocking public access to Defense Department web sites during the Code Red threat limited server problems, according to the director of the Defense Information Systems Agency (DISA). Authorized users had full access to all necessary web sites, and DISA allowed critical information traffic to move by turning on IP addresses as needed.
-http://www.gcn.com/vol1_no1/daily-updates/16964-1.html

29 August 2001 Parents Speak on Son's Behalf at Sentencing Hearing

The parents of the Canadian teenager who pleaded guilty to a variety of charges in connection with the massive Distributed Denial of Service (DDoS) attacks in February 2000 say that the boy needs structure, not more detention.
-http://news.cnet.com/news/0-1005-200-7004125.html?tag=prntfr

29 August 2001 Financial Sites Don't Score Well on Customer Privacy Survey

A survey of 100 financial services web sites conducted by the Center for Democracy and Technology (CDT) found that many are not doing enough to comply with the data privacy laws that took effect July 1 of this year.
-http://www.wired.com/news/business/0,1367,46406,00.html
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO63403,00.html
-http://news.cnet.com/news/0-1005-200-7004484.html?tag=prntfr

29 August 2001 Bank Replacing Compromised Debit Cards

Three thousand Riggs Bank customers will receive new Visa debit cards after an apparent breach of security on a server that processes Visa transactions. While no resulting instances of credit card fraud have been reported, the Bank did not want to take any chances.
-http://washingtonpost.com/wp-dyn/articles/A10322-2001Aug28.html

28, 30 & 31 August 2001 Consultant Finds Cross Site Scripting Vulnerability

Jeremiah Grossman has discovered a cross site scripting vulnerability which would allow a small amount of HTML code to bypass security and allow scripts to perform actions as trusted code. Grossman notified Microsoft about the vulnerability which affected their Hotmail site; the company quickly fixed the holes.
-http://www.zdnet.com/eweek/stories/general/0,11011,2808729,00.html
-http://www.usatoday.com/life/cyber/tech/2001-08-31-hotmail-security-side.htm
-http://www.usatoday.com/life/cyber/tech/2001-08-31-hotmail-security.htm
-http://www.newscientist.com/news/news.jsp?id=ns99991221

28, 29 & 30 August 2001 Sklyarov Pleads Innocent

Russian cryptanalyst Dmitry Sklyarov has pleaded innocent to charges of federal copyright violations in connection with a program that circumvents Adobe's e-book protection scheme. Sklyarov wrote the program for his company, ElcomSoft.
-http://www.zdnet.com/zdnn/stories/news/0,4586,5096327,00.html
-http://www.wired.com/news/business/0,1367,46398,00.html
-http://news.cnet.com/news/0-1005-200-7019566.html?tag=prntfr

28 August 2001 Digital Clues Led to Alleged Spy's Arrest

A former Air Force sergeant was arrested on espionage charges last week. Brian Regan allegedly passed classified satellite photographs and other documents to a foreign government. The documents and photo came from Intelink, a classified intranet for US intelligence agencies and their customers; an examination of the hard drive of Regan's office computer revealed he had visited those very sites.
-http://www.securityfocus.com/news/245

28 August 2001 Home Users Need Firewalls

Home users are beginning to understand that everyone who connects to the Internet should use a firewall as evidenced by the surge in firewall sales that followed the Code Red and SirCam infestations. However, a recent CERT/CC summary indicates that many home users are still not current with software patches and anti-virus software, and are not careful about attachments.
-http://news.cnet.com/news/0-1006-200-6994590.html?tag=prntfr
[Editor's (Grefer) Note: Personal firewalls, along with current anti- virus software, and software patches, could be considered the Three Musketeers of IT Home Defense.. Firewalls should be a mandatory component, but they should not be considered a cure-it-all. A lot depends on their configuration, as well as regular updates. ]

27 August 2001 Managed Security Service Providers' Numbers Dwindle

The market cannot continue to support the current number of Managed Security Services Providers (MSSPs), businesses that monitor and manage antivirus software, firewalls, intrusion detection systems and other security products. While some companies are being consolidated, others have simply shut their doors, leaving customers without back-up plans in the lurch.
-http://www.zdnet.com/intweek/stories/news/0,4164,2807738,00.html

27 August 2001 Wireless LAN Security Can Be Enhanced

Experts say that while wireless LAN security is weak, it can be augmented with additional authentication and encryption techniques; they also suggest not keeping sensitive data on wireless LANs.
-http://www.internetwk.com/story/INW20010827S0009


==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites


Editorial Team:
Kathy Bradford, Roland Grefer, Bill Murray, Stephen Northcutt,
Alan Paller, Marcus Ranum, Howard Schmidt, Eugene Schultz