SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume III - Issue #42
October 17, 2001
Federal officials have awakened to the realization that they may have
funded the computers most likely to be used in terrorist cyberattacks.
Universities that deployed the vulnerable systems have gotten the same
message. The first step in solving the problem is to add language to
federal contracts and grants requiring technical security standards
be met on all federally supported computers. If you are involved in
security of university-based computers, your comments and suggestions
can help. Please review the draft language in the RFC at the end of
this NewsBites and get back to us by Friday.
AP
TOP OF THE NEWS
16 October 2001 Anthrax Virus Shows Depravity Of Virus Writers12 - 15 October 2001 SirCam's Second Payload Set To Execute on October 16 (Not!)
12 October 2001 Sun CEO Supports National ID System
11 & 12 October 2001 Clarke Calls for Secure Government Network
10 October 2001 UK ISP Closes Connections of Users
THE REST OF THE WEEK'S NEWS
12 October 2001 Air Force to Move Toward Classified Systems11 & 12 October 2001 LiveUpdate Security Flaw
11 October 2001 On Line Merchant Doesn't Yield to Extortionist
11 October 2001 Vigilante Bank Hackers Declare Another Victory
11 October 2001 Disaster Recovery and Business Continuity
10 & 11 October 2001 Female Hackers
10 October 2001 Microsoft Customer Data is Exposed; Hole is Plugged
10 October 2001 Web Server Security Not High Priority, Survey Says
9 October 2001 Ridge Calls for Cooperation
9 October 2001 Surfers Directed to False News Story
************************** Sponsored by NetIQ ************************
FREE SECURITY GUIDE:
Get the in-depth knowledge you need to secure your enterprise with
NetIQ's FREE step-by-step security guide - "Selecting The Right
Security Solution" -
at http://www.netiq.com/f/form/form.asp?id=109
NetIQ's security solutions not only identify intruders, but ensure
that threats don't ever become incidents.
**********************************************************************
TOP OF THE NEWS
16 October 2001 Anthrax Virus Shows Depravity Of Virus Writers
A new virus, with subject line "Antrax Info." offers to show a photo of anthrax side effects.-http://www.siliconvalley.com/docs/news/svfront/056744.htm
12 - 15 October 2001 SirCam's Second Payload Set to Execute on October 16 (Not!)
Symantec researchers said that the SirCam worm will drop an additional payload on October 16th; infected machines run a 5% risk of having all the files and folders deleted from their hard drives. But further analysis by NAI and other researchers showed that an error in the code blocked the erasure.-http://www.wired.com/news/technology/0,1282,47476,00.html
-http://www.wired.com/news/technology/0,1282,47582,00.html
12 October 2001 Sun CEO Supports National ID System
Sun Microsystems CEO Scott McNealy, who once remarked that "privacy is dead," advocates a smart card national identification system that could include biometric data. He also foresees that parents will eventually implant smart chips behind their children's ears.-http://www.computerworld.com/storyba/0,4125,NAV47_STO64729,00.html
[Editor's (Schultz) Note: What Scott McNealy has been quoted as supporting here is truly frightening, but, unfortunately, probably inevitable given the events of last September 11. Identification through visual recognition, signatures, recall of maiden names of mothers, and so on just isn't good enough for many purposes anymore. Civil libertarians should be crying foul at this point. ]
11 & 12 October 2001 Clarke Calls for Secure Government Network
Newly appointed special advisor for cyberspace security Richard Clarke is calling for the development of GOVNET, a secure government network, immune from viruses, worms, denial-of-service attacks and other Internet-borne ills. The network would not be connected to the Internet and would be used for voice and data communications and possibly videoconferencing.-http://www.washingtonpost.com/wp-dyn/articles/A40092-2001Oct10.html
-http://www.zdnet.com/zdnn/stories/news/0,4586,5098169,00.html?chkpt=zdnnp1tp02
-http://www.usatoday.com/life/cyber/tech/2001/10/10/cybersecurity-supercomputer.h
tm
-http://www.computerworld.com/storyba/0,4125,NAV47_STO64726,00.html
[Editor's (Schultz) Note: I am surprised that the business community has not really yet demanded something such as Richard Clark has proposed. The Internet as we know it is like the Wild West--too insecure, too uncontrollable for many purposes. I feel that not only the government but also the commercial sector is ready for a new, more secure method of internetworking. ]
10 October 2001 UK ISP Closes Connections of Users
A British Internet service provider has joined the ranks of ISP's that are suspending the connections of users whose systems are infected with worms and viruses or who have not applied appropriate patches.-http://www.zdnet.com/zdnn/stories/news/0,4586,5098072,00.html?chkpt=zdhpnews01
[Editors' (Multiple) Note: ISPs are the first line of defense against any fast moving attack. Leading ISPs such as UUNET have long had technology and processes that allow them to act quickly to cut the connections of computers that are attacking other computers. That smaller ISPs are joining the ranks of good cyber citizens is very good news, indeed. ]
THE REST OF THE WEEK'S NEWS
12 October 2001 Air Force to Move Toward Classified Systems
The Air Force plans to increase its use of secure, classified computer systems for electronic communication.-http://www.fcw.com/fcw/articles/2001/1008/web-af-10-12-01.asp
11 & 12 October 2001 LiveUpdate Security Flaw
A security hole in Symantec's LiveUpdate 1.4 could allow malicious coders to trick the software into downloading a Trojan horse program.-http://www.zdnet.com/zdnn/stories/news/0,4586,2817368,00.html
-http://www.theregister.co.uk/content/56/22203.html
11 October 2001 On Line Merchant Doesn't Yield to Extortionist
An e-commerce site refused to give in to an extortionist's demands for money to prevent customer data from being exposed on the web. While the cracker did post the information on-line, the company e-mailed its customers, describing the situation and explaining that no credit card numbers were compromised, and that they would issue customers new account numbers.-http://www.msnbc.com/news/641534.asp?0dm=T14NT
-http://www.zdnet.com/zdnn/stories/news/0,4586,5098177,00.html
11 October 2001 Vigilante Bank Hackers Declare Another Victory
Vigilante hackers broke into a Saudi bank's computers, providing a news service with proof in the form of several spreadsheets ostensibly taken from the compromised server. The same group of hackers allegedly broke into a Sudanese bank last month and gathered information on accounts belonging to bin Laden and al Qaeda terrorists. Another hacker defaced the hackers' web site.-http://www.newsbytes.com/news/01/171035.html
11 October 2001 Disaster Recovery and Business Continuity
This article elucidates the differences between business continuity plans and disaster recovery plans and describes how to create both.-http://www.tisc2001.com/newsletters/319.html
10 & 11 October 2001 Female Hackers
Female hackers are becoming more visible. Some researchers find women take a gentler approach, focusing more on the programming challenge than on the virus' destructive impact.-http://www.sfgate.com/cgi-bin/article.cgi?file=/gate/archive/2001/10/11/womhacke
rs.DTL
-http://www0.mercurycenter.com/premium/business/docs/femhack10.htm
10 October 2001 Microsoft Customer Data is Exposed; Hole is Plugged
A security researcher found a security hole in a Microsoft customer service web site that allowed him to view names, sales records and other sensitive customer information stored in a database. Microsoft has fixed the problem; no credit card numbers were exposed. The researcher who found this vulnerability is the same one who managed to alter a Yahoo news story several weeks ago.-http://www.msnbc.com/news/640592.asp?0dm=T228T
-http://news.cnet.com/news/0-1005-200-7475010.html?tag=prntfr
[Editor's (Murray) Note: People who "research" another's computer without permission are called rogue hackers, not researchers. One can call garlic a "fragrant rose" but it still stinks. ]
10 October 2001 Web Server Security Not High Priority, Survey Says
A survey indicates that despite the recent high profile Internet worms, many companies are not concerned with web server security because they don't consider the data stored on them to be important.-http://www.newsbytes.com/news/01/170988.html
[Editor's (Murray) Note: Nice people do not attach weak systems to the public network, even if their contents are "not sensitive." Attaching weak systems to the public net puts one's neighbors at risk. Nice people do not put their neighbors at unnecessary risk. Those that do run the risk of being adjudged negligent. I look forward to the opportunity to testifying against such people. (Paller) Some universities have demonstrated serious disregard for the safety of others on the Internet. The joint initiative (at he end of this NewsBites) shows a healthy shift in attitude. ]
9 October 2001 Ridge Calls for Cooperation
Tom Ridge, the head of the newly created Office of Homeland Security, has called for government agencies to share intelligence information with each other.-http://www.fcw.com/fcw/articles/2001/1008/web-ridge-10-09-01.asp
9 October 2001 Most Security Problem "Self-Inflicted"
The majority of security breaches are the result of misconfigured and unpatched software, according to Gartner analyst John Pescatore. Speaking at the company's Symposium/ITxpo 2001, Pescatore also recommended that companies consolidate security management to make sure the products work together.-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO64605,00.html
9 October 2001 Surfers Directed to False News Story
A hacker managed to exploit a browser feature to send web surfers to a phony page that appeared to be a legitimate CNN.com news story. The man responsible for creating the fake story says he was researching how quickly and widely information travels on the Internet. CNN.com says the problem has been fixed.-http://www.internetnews.com/dev-news/article/0,,10_900811,00.html
SANS Internet Security Request For Comment. SRFC 01-201 Securing Federally-Funded University Computers Draft October 16, 2001 Background: The largest and most visible distributed denial of service attacks were launched primarily from computers in research facilities in American universities. Most of these computers were funded in whole or part by federal grants. Universities and other research centers have used federal money to deploy tens of thousands of powerful computers, on high-speed networks, directly connected to the Internet, without even minimal security configuration or maintenance. These systems create a significant and immediate threat to other users of the Internet and to the economic well-being of the developed world. Some researchers who control these computers have claimed that they believe they should not be subjected to even minimal security requirements because the federal grants they received do not explicitly require security. This RFC proposes language federal granting agencies can add to their contractual documents to remove any uncertainty about security responsibilities of federal grant recipients. Proposed Language To Be Includes In Federal Research Grant Documents Any Internet-connected information technology acquired or otherwise supported using funds from this grant must be configured in compliance with minimum security benchmarks such as those published by the Center for Internet Security and must have applicable operating system and application security patches and updates installed within seven days of their availability on the vendor's web site. The institution receiving the grant will maintain automated records containing compliance scores and patch history information for each of the systems supported under this grant. This information should be available to the granting agency upon request.
==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites
Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz