SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume III - Issue #39
September 26, 2001
More than 700 people attended SANS courses on Microsoft IIS security
in Washington and two other cities last week. A large fraction of
those people had already earned MSCE certification. Why were they
going back to class, we asked. Their answer, "Because MCSE training
virtually ignored security. Either Microsoft didn't want to tell us
about the security vulnerabilities or the instructors didn't understand
them, or both."
On Monday, we made the IIS security course available on line so that
many more of the 200,000 people who manage IIS servers can learn
to run them securely. Immersion courses on Intrusion Detection,
Firewalls and Perimeter Protection, Hacker Exploits, and SANS Security
Essentials are also now online at www.sans.org.
AP
TOP OF THE NEWS
24 September 2001 Dartmouth Center Offers Analysis Of Likely Cyber Attacks24 September 2001 TROJ_VOTE.A Virus
21 September 2001 Some Infected High Speed Internet Users Will be Cut Off
20 September 2001 Russian Man Charged With Cyber Crimes
20 September 2001 Outlook Express Allows Scripts to Execute Without Permission
19, 20 & 21 September 2001 Yahoo News Story Altered
THE REST OF THE WEEK'S NEWS
21 September 2001 GAO Says BPD Needs to Improve Security21 September 2001 Back-Up Options
21 September 2001 Encryption Programmer Saddened
17 September 2001 The Encryption Debate
20 September 2001 Freezing bin Laden's Assets Might Require Cyber Methods
18 September 2001 Hacktivism (Vigilantism) Could Be Harmful
17 September 2001 Hackers Break Into Bank's Servers for TV Show
17 September 2001 Federal Agencies Expedite Security Efforts
17 September 2001 Wireless Security Policies
************************** Sponsored by NetIQ **************************
Free Security Guide from NetIQ.
Keep the bad guys out with NetIQ's security guide,
"Jack the Hacker Tells All: Insights into Security Dos and Don'ts."
Respond to threats before they become major incidents.
Download it now before it's too late.
http://www.netiq.com/f/form/form.asp?id=56
**********************************************************************
TOP OF THE NEWS
24 September 2001 Dartmouth Center Offers Analysis Of Likely Cyber Attacks
Dartmouth's Institute for Security Technology Studies issued a report analyzing trends in cyber attacks and details the potential types, targets, and sources of cyber attacks that we should be prepared for.-http://www.ists.dartmouth.edu/ISTS/counterterrorism/cyber_attacks.htm
24 September 2001 TROJ_VOTE.A Virus
The WTC.exe virus, also known as TROJ_VOTE.A, arrives as an attachment purporting to be a letter advocating peace but actually carries a nasty payload: reformatting hard drives, deleting files and trying to delete antivirus software. TROJ_VOTE.A propagates through Outlook.-http://www.computerworld.com/storyba/0,4125,NAV47_STO64195,00.html
[Editor's (Murray) Note: What might be dismissed as mere mischief in normal times takes on a different color when done in times of crisis. The person who did this is certainly not a script kiddie or a rogue hacker but a cyber terrorist.]
21 September 2001 Some Infected High Speed Internet Users Will be Cut Off
The ubiquity of Internet worms that slow down traffic and the availability of patches to plug the holes they exploit has impelled some broadband Internet access providers to "blackhole" customers whose machines are infected with Code Red or Nimda. Others are screening networks for infected machines and offering patching advice for those customers. ISPs report that customers are supportive of their actions.-http://www.wired.com/news/business/0,1367,47037,00.html
[Editor's (Schultz) Note: This is an encouraging development. Although some ISPs do a good job in securing their networks, others have been notoriously lax over the years. The fact that this item states that IPSs say that customers are supporting of ISPs' efforts to tighten security is also encouraging. ]
20 September 2001 Russian Man Charged With Cyber Crimes
A Russian man was charged in Seattle with an assortment of cyber crimes. The man and a cohort allegedly broke into computers belonging to a variety of businesses, then threatened to release sensitive customer data if the companies did not meet their demands for payment or employment. They are accused of making good on their threat in at least one case and also of using proxy e-mail addresses and stolen credit card numbers to defraud PayPal.-http://seattlep-i.nwsource.com/local/39579_hacker20.shtml
[Editor's (Murray) Note: Do not mess with PayPal. (Next to the Secret Service) they are the meanest kid on the block. ]
20 September 2001 Outlook Express Allows Scripts to Execute Without Permission
A security hole in Outlook Express 5.0, 5.5, and 6.0 allows plain-text e-mails messages to run scripts on recipients' computers without approval. Changing the Internet security level to high should prevent any scripts from running in Outlook Express.-http://www.msnbc.com/news/631837.asp?0dm=T17NT
19, 20 & 21 September 2001 Yahoo News Story Altered
Adrian Lamo informed Yahoo! News that he was able to modify text in their stories using a web browser and proxy web servers. One of the stories he modified remained on line for three days. Yahoo says the security hole has been fixed. He also claims that he accessed a tool that could have allowed him to alter the stock quotes sent to Yahoo customers.-http://www.msnbc.com/news/631231.asp?0dm=T21AT
-http://news.cnet.com/news/0-1005-200-7238972.html?tag=prntfr
-http://www.securityfocus.com/news/254
******** Also sponsored by VeriSign - The Internet Trust Company *******
Pinpoint the right security solution for your company - FREE Guide
from industry leader VeriSign gives you all the facts. Learn how to:
- - Add the most powerful online encryption - 128-bit
- - Quickly authenticate your site
Get your FREE Guide now at:
http://www.verisign.com/cgi-bin/go.cgi?a=n061142310014000
************************************************************************
THE REST OF THE WEEK'S NEWS
21 September 2001 GAO Says BPD Needs to Improve Security
The General Accounting Office (GAO) says the Bureau of Public Debt (BPD) needs to reinforce its computer security to prevent financial data and other sensitive information from being exposed. The GAO noted password weaknesses, a faulty back-up power system, and some physical security gaps.-http://www.fcw.com/fcw/articles/2001/0917/web-bdp-09-21-01.asp
[Editor's (Paller) Note: This story is included because it illustrates the problems in the auditing process. Nearly every site in the country has a few weaknesses like these. Their existence has little to do with the agency's ability to withstand a network-based attack. It is high time that auditors start measuring how ready agency computers and networks are to withstand cyber attacks. To do that they need to agree on benchmarks and automated measurement tools that the auditors can use for assessment and that agencies can use to monitor themselves. ]
21 September 2001 Back-Up Options
Companies learned from the World Trade Center bombing in 1993 to back up their data. The two most common methods used are magnetic tapes or disk-mirroring. While tapes are the less expensive option, they are usually created only once a week and if stored on site, could be destroyed in a calamity. Disk-mirroring, or "hot backups," are instantaneous and off site though the service can be considerably more expensive.-http://www.wired.com/news/business/0,1367,47004,00.html
21 September 2001 Encryption Programmer Saddened
Phil Zimmerman, creator of the Pretty Good privacy (PGP) encryption program, believes in the need for good encryption technology, but is struggling with the disturbing idea that terrorists may have used his program to plan their attack.-http://www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html
17 September 2001 The Encryption Debate
While lawmakers seem to want to impose stronger restrictions on encryption, programmers and others in the IT community are concerned that the restrictions will do nothing to guard against terrorists and will curtail people's privacy.-http://www.computerworld.com/cwi/story/0,1199,NAV47_STO63964,00.html
-http://www.wired.com/news/politics/0,1283,46900,00.html
-http://www.zdnet.com/zdnn/stories/comment/0,5859,2812913,00.html
20 September 2001 Freezing bin Laden's Assets Might Require Cyber Methods
Because US officials may have difficulty obtaining cooperation from all the banks and other depositories of bin Laden's money, they may use computers to cut off his access to funds. The process requires coordination, in-depth knowledge and help from insiders, and raises some legal questions as well.-http://www.computerworld.com/cwi/story/0,1199,NAV47_STO64072,00.html
18 September 2001 Hacktivism (Vigilantism) Could Be Harmful
Hacktivism, a modern form of vigilantism, is hacking for a political or social cause. It could be detrimental to building and maintaining relationships with potential US allies; in addition, US systems could be compromised as the culprits stage denial-of-service attacks.-http://news.cnet.com/news/0-1003-201-7214703-0.html?tag=prntfr
Hackers deface sites in protest:
-http://www.zdnet.com/zdnn/stories/news/0,4586,2813055,00.html
-http://www.msnbc.com/news/630310.asp?0dm=T22AT
[Editors' (multiple) note: Vigilantism has long been considered unacceptable. It does not get any more acceptable in cyberspace. ]
17 September 2001 Hackers Break Into Bank's Servers for TV Show
Hackers hired by a German television show broke into a bank's on-line system servers, downloaded customer information, then advised bank technicians on patching the vulnerabilities. A bank spokeswoman maintains that during the time the intrusion occurred, a new, secure site was on line along side the older one that the hackers penetrated.-http://www.newsbytes.com/news/01/170191.html
17 September 2001 Federal Agencies Expedite Security Efforts
The Federal Aviation Administration's (FAA) 24-hour computer emergency response team is now operational, nine months before planned; the agency is also accelerating the research program it conducts jointly with MIT. The Treasury Department is speeding up installation of Windows XP and also plans to use virtual machine hosts, tokens, and eventually biometrics.-http://www.gcn.com/vol1_no1/daily-updates/17123-1.html
17 September 2001 Wireless Security Policies
Companies should have wireless deployment policies to keep a rein on data. Experts recommend registering wireless network cards and base stations, securing network interface cards (NICs), and conducting regular scans for rogue access points.-http://computerworld.com/nlt/1%2C3590%2CNAV65-663_STO63887_NLTSEC%2C00.html
[Editor's (Murray) Note: Those policies should begin with "Do not rely upon the transport layer to protect sensitive data. All business applications should be secured at the application layer." See the last paragraph of the article. The policy must require that ALL devices that connect to the network must be registered. A policy that requires that only wireless devices be registered is ineffective. ]
==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites
Editorial Team:
Kathy Bradford, Roland Grefer, Bill Murray, Stephen Northcutt,
Alan Paller, Marcus Ranum, Eugene Schultz
