SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume III - Issue #47
November 21, 2001
Microsoft Cumulative Patch for IE
The cumulative patch for Internet Explorer is a very important
development for all IE users. We point to it in the Cookies story
below, but even people not worried about cookies should use it.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull
etin/ms01-055.asp
New Security Salary Data
The Foote Salary Survey of all computer skills (covering 53
certifications and 82 skills) shows pay for all computer skills
declining but pay for certified security people rising rapidly. David
Foote writes, "The press has picked up the pattern, showing GIAC
certifications on a real tear. Even National Public Radio highlighted
this in an interview with me broadcast during drive time this morning."
The survey data show that security certifications achieved the
highest growth rates (up 9.2% to 8.3% of base pay in the past quarter
and up 18.6% in the past two quarters). The five leading security
certifications are all GIAC programs: UNIX, Intrusion Detection, System
and Network Security Auditor, Incident Handler and Firewall Analyst.
A gift for Washington DC-area subscribers:
As part of next week's Washington DC Cyber Defense Initiative training
conference (http://www.sans.org/CDI.htm) we will be inviting DC,
Maryland and Virginia NewsBites subscribers to a free keynote session
called Fighting Back Against Cybercrime: An Action Plan. It lays out
six dimensions of the Cyber Defense Initiative and shows what actually
works to improve security. If your address in our records does not
have a DC, MD, or VA zip code, please update it by Monday afternoon.
Directions for updating your records are at the end of the note.
(Others may want to update their addresses, as well, as we have similar
sessions in cities around the globe and only local people are invited.)
AP
TOP OF THE NEWS
20 November 2000 Cable Company Demands Users Drop Firewalls15 November 2001 IE Cookie Patch Released
14 November 2001 ICANN Meeting Focuses on Security
14 November 2001 Survey Finds Businesses Focus on Wrong Measures
13 November 2001 Interview With US Cybersecurity Chief Dick Clarke
12 November 2001 Lieberman Proposes Spending $1 Billion on Government IT Security
THE REST OF THE WEEK'S NEWS
16 November 2001 Huge Cache of Pirated Software Seized; Three Suspects Arrested16 November 2001 Cyclone Offers a New Twist on Programming
15 November 2001 Virus Numbers Dwindle; Impact Rises
15 November 2001 Hybris Infects American Muslim Council e-Mail List
15 November 2001 Government Disaster Recovery and Contingency Plans
14 November 2001 Industry Reps to Testify Before Legislative Panel
14 November 2001 Bankruptcy Court Won't Protect Software Pirate from Fine
14 November 2001 Server Farm Security
14 November 2001 Viruses and Anti-Virus Software
13 & 14 November 2001 NMCI Should Improve Navy Network Security
13 November 2001 Man Who Posted Phony Takeover Story is Fined
13 November 2001 Schneier on Disclosure
13 November 2001 Subprocess Control Service Vulnerability
12 November 2001 Security Manager's Journal: False Alarm
TUTORIAL
13 November 2001 PC Anti-Virus Advice*********************** Sponsored by Websense ************************
WHAT DO CISCO, MICROSOFT AND CHECK POINT HAVE IN COMMON?
They're all integrated with Websense, the leading Internet filtering
software solution. Transparently monitor, manage and report on traffic
from your internal networks to the Internet. Maximize your network
bandwidth, increase productivity and reduce legal liability.
Try Websense free for 30-days. http://www.websense.com?id=110102
**********************************************************************
TOP OF THE NEWS
20 November 2000 Cable Company Demands Users Drop Firewalls
Technical support people at TimeWarner's RoadRunner cable broadband unit require users to remove PC-based firewalls before the company will provide technical support.-http://www.businessweek.com/bwdaily/dnflash/nov2001/nf20011120_6165.htm
15 November 2001 IE Cookie Patch Released
Microsoft has released a patch for a vulnerability in Internet Explorer (IE) 5.5 and 6 that allows unauthorized access to cookies on users' computers. The patch also addresses three other security problems.-http://www.computerworld.com/storyba/0,4125,NAV47_STO65747,00.html
-http://news.cnet.com/news/0-1005-200-7885941.html?tag=prntfr
-http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull
etin/ms01-055.asp
14 November 2001 ICANN Meeting Focuses on Security
Crackers could target the Internet's 13 root servers or the top level domain servers and wreak havoc on the Web, said a speakers at the Internet Corporation for Assigned Names and Numbers (ICANN) conference. Engineers at the conference say they have designed contingency plans for root server failures and are maintaining tight physical security. After the September 11 attacks, ICANN announced its annual meeting would focus on security.-http://www.usatoday.com/life/cyber/tech/2001/11/14/internet-vulnerable.htm
14 November 2001 Survey Finds Businesses Focus on Wrong Measures
A KPMG survey of 500 executives from multinational corporations found that the majority believed the solution to security problems is to purchase the right technology. KPMG says they are wrong and that developing a strategy that includes education, training and policy is a more effective response.-http://www.zdnet.com/zdnn/stories/news/0,4586,5099609,00.html
13 November 2001 Interview With US Cybersecurity Chief Dick Clarke
In an interview, presidential cybersecurity advisor Richard Clarke discusses GovNet, critical infrastructure protection and the role of ISPs in mitigating denial of service attacks. He maintains that "the most critical thing" is to increase investments in education, training, and awareness, and also focuses on the central role that security- conscious ISPs can and must play in protecting the Internet.-http://www.zdnet.com/zdnn/stories/news/0,4586,2824322,00.html?chkpt=zdnnp1tp02
12 November 2001 Lieberman Proposes Spending $1 Billion on Government IT Security
Senator Joseph Lieberman (D-Conn.) wants to create a $1 billion fund to be used for improving government information security systems, protecting critical infrastructure and enhancing defenses against homeland security threats. Specific projects include a system to identify suspected terrorists during the flight booking process and the development of a database that links universities and the INS to monitor visa violations. The Office of Management and Budget (OMB) would manage the fund.-http://www.computerworld.com/storyba/0,4125,NAV47_STO65601,00.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO65602,00.html
******************* Also sponsored by Trend Micro ********************
TREND MICRO SCANMAIL : THE #1 GROUPWARE ANTIVIRUS SOLUTION
".run, not walk, to your nearest software emporium and purchase
Trend Micro ScanMail for Microsoft Exchange 2000" - Ron Anderson,
Network Computing, January 2001. According to a recent IDC study,
Trend Micro's 31% market share makes ScanMail the #1 choice of
administrators in the Groupware market.
Download your 30-day FREE evaluation copy of Trend Micro ScanMail:
http://www.antivirus.com/sans
**********************************************************************
THE REST OF THE WEEK'S NEWS
16 November 2001 Huge Cache of Pirated Software Seized
Three Suspects Arrested In the culmination of an 18-month sting operation, law enforcement officials in Los Angeles arrested three people and seized $100 million worth of counterfeit Microsoft and Symantec software. Two of those arrested had tried to bribe an undercover agent posing as a US Customs official.-http://www.msnbc.com/news/659059.asp?0dm=C11QT
16 November 2001 Cyclone Offers a New Twist on Programming
Computer scientists at Cornell University and AT&T Labs in New York are developing Cyclone, a programming language designed to dramatically reduce the number of bugs usually found in software. Based on the C programming language, Cyclone's compiler identifies problematic code segments using a "type-checking engine" and then rewrites the code or offers suggestions to fix the problem.-http://www.newscientist.com/news/news.jsp?id=ns99991578
[Editor's Note (Murray): About time. It is easier to promote good practice and prevent bad code than it is to catch it after the fact. ]
(Paller) For Thirty-five years, under Richard Conway and Max Maxwell, Cornell has been an innovator in creating compilers that are smarter than the ones that vendors have produced. Let's hope this research effort makes its way quickly into commercial compilers. ]
15 November 2001 Virus Numbers Dwindle
Impact Rises An AV company researcher says that fewer viruses are being seen, but the ones that are showing up do more damage. He also says most companies are doing a good job at blocking viruses at their gateways but that PDAs will allow future viruses to bypass the protections.-http://www.idg.net/crd_idgsearch_728577.html?sc=
15 November 2001 Hybris Infects American Muslim Council e-Mail List
The American Muslim Council's computer holding its e-mail list was infected with the Snow White worm, also known as Hybris. While the Council's spokesman believes it was a deliberate attack, some security consultants think it was just a random infection.-http://www.wired.com/news/politics/0,1283,48412,00.html
15 November 2001 Government Disaster Recovery and Contingency Plans
The General Accounting Office (GAO) plans to assess federal agencies' IT and telecommunications disaster recovery plans.-http://www.gcn.com/vol1_no1/daily-updates/17502-1.html
The US Federal Communications Commission's (FCC) newly formed Homeland Security Policy Council will create disaster contingency plans to maintain essential communication during emergencies.'
-http://www.computerworld.com/storyba/0,4125,NAV47_STO65743,00.html
14 November 2001 Industry Reps to Testify Before Legislative Panel
Security officials from several private sector high tech organizations will testify before the House Energy and Commerce Committee's Commerce, Trade and Consumer Protection Subcommittee about the measures they have taken to protect their products and networks from cyber attacks.-http://www.newsbytes.com/news/01/172160.html
14 November 2001 Bankruptcy Court Won't Protect Software Pirate from Fine
Khanh "Kenneth" Nguyen of California must pay Novell Inc. $680,000 as a penalty for software piracy. Though Nguyen has filed for bankruptcy protection, the judge ruled that his "acts were willful and malicious" and ruled that he could not escape paying the fine.-http://www.computerworld.com/storyba/0,4125,NAV47_STO65688,00.html
14 November 2001 Server Farm Security
Many businesses use server farms to mirror their in house sites to ensure continuity in the event of a catastrophe. While some server farms' locations make them vulnerable to natural and man-made disasters, others are housed in a nuclear bunker, an off-coast gunnery, and an abandoned gypsum mine.-http://www.wired.com/news/business/0,1367,48104,00.html
14 November 2001 Viruses and Anti-Virus Software
This article provides a time line of virus vector evolution, from the inefficient mode of removable disks to infected bootleg software downloaded from bulletin boards to e-mail-borne pathogens and broadband connections. The author predicts that virus scanning will eventually permeate all levels of the Internet; meanwhile, he advises, install anti-virus software, be smart about attachments, and pay attention to your computer's behavior.-http://www.newsday.com/technology/reviews/ny-pitutor2462585nov14.column
13 & 14 November 2001 NMCI Should Improve Navy Network Security
The Navy-Marine Corps Intranet (NMCI) has been tested by the Navy's "Red Team," a group of twenty skilled people who attempt to launch a variety of attacks on computer systems. NMCI, with its centralized management, will enhance Navy network security, which is hindered by a lack of standardized policy.-http://www.fcw.com/fcw/articles/2001/1112/web-nmci-11-14-01.asp
-http://www.washingtontechnology.com/news/1_1/daily_news/17438-1.html
13 November 2001 Man Who Posted Phony Takeover Story is Fined
Kenneth Chan Yen Yau was fined almost $44,000 for a posting a phony news release that may have influenced investors' purchases. Chan reaped $13.15 in commissions from the false story about a takeover.-http://news.cnet.com/news/0-1007-200-7862730.html?tag=prntfr
13 November 2001 Schneier on Disclosure
Bruce Schneier, founder and CTO of Counterpane Internet Security, discusses disclosure at length. He maintains that full disclosure is more helpful than harmful while rejecting publishing exploits as irresponsible.-http://www.zdnet.com/zdnn/stories/comment/0,5859,2824251,00.html
13 November 2001 Subprocess Control Service Vulnerability
CERT/CC has issued an advisory about a CDE (Common Desktop Environment) Subprocess Control Service vulnerability that could allow crackers to seize administrative control of host systems including HP-UX, AIX, Solaris and some other UNIX systems. Some vendor patches are available; users who do not yet have patches may block untrusted-http://www.computerworld.com/storyba/0,4125,NAV47_STO65656,00.html
-http://www.cert.org/advisories/CA-2001-31.html
12 November 2001 Security Manager's Journal: False Alarm
The security manager's staffers checked in with him when they believed they had detected a new worm. The behavior they noted turned out to be due to nothing more than self-updating applications and poorly written software.-http://computerworld.com/nlt/1%2C3590%2CNAV65-663_STO65531_NLTSEC%2C00.html
TUTORIAL
13 November 2001 PC Anti-Virus Advice
After installing the antivirus software, users should download the most recent signature files and continue to update them regularly. Machines that have already been infected can be repaired with custom removal tools, by booting from a clean operating system disk, or by reformatting the hard drive and reinstalling the operating system; users should also back up their data regularly.-http://www.zdnet.com/zdnn/stories/news/0,4586,2824299,00.html
==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites
**********************************************************************
Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz
