SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume III - Issue #48
November 28, 2001
One of the new questions we are hearing is, "Where can we find
tools and consultants who can help us perform continuous monitoring
of our systems?" Apparently there's too much opportunity for
security failures between penetration tests. If your firm does
continuous monitoring of configuration errors, missing patches and
other security vulnerabilities, either for yourself or for other
organizations, please send us a brief summary of the tools you use
and what vulnerabilities you look for. Send them to sansro@sans.org
with the subject "continuous monitoring."
Did you know that it is actually warmer in San Francisco in December
than in August? And that this December international tourism is
way down, so you can enjoy the city without fighting crowds? Cyber
Defense Initiative West will be held in San Francisco on December
16-21 and features the five most popular SANS immersion training and
certification tracks. (http://www.sans.org/CDI.htm)
AP
**********************************************************************
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 3, Number 48 November 28, 2001
TOP OF THE NEWS
26 November 2001 Badtrans.b Worm Spreading Rapidly25 November 2001 Global Cyber Crime Treaty Signed
20 & 21 November 2001 Playboy.com Customer Information Stolen
20 November 2001 Web Conference Security Lacking
20 November 2001 Media Player Vulnerability
THE REST OF THE WEEK'S NEWS
21,22 & 23 November 2001 Voyager Alpha Force21 November 2001 Car Rental Agency Tests Biometrics
20 November 2001 Biometric Technology
21 November 2001 FBI Wants Telecoms Companies to Add Hardware, Software for Surveillance
20 & 21 November 2001 Magic Lantern
15 November 2001 FBI Prefers Fingerprints to Other Biometrics
20 November 2001 Ziff Davis Subscribers' Data Revealed
20 November 2001 Gartner: Internet Reliability is 5 Years Out
19 & 20 November 2001 Microsoft Apologizes, Admits it Knew of Vulnerability
19 November 2001 Security Spending Up Despite Sluggish IT Budgets
19 November 2001 Health Care Site Privacy
19 November 2001 Hacking Back is Not a Good Idea
19 November 2001 Protecting Businesses From Failed Vendors
19 November 2001 ABA Hears UCITA Arguments
18 November 2001 Ellison's Boast of "Unbreakable" Server Could Lead to Embarrassment
************************ Sponsored by NetIQ ***************************
Free Security Guide from NetIQ.
Keep the bad guys out with NetIQ's security guide, "Jack the Hacker
Tells All: Insights into Security Dos and Don'ts."
Respond to threats before they become major incidents.
Download it now before it's too late.
http://www.netiq.com/f/form/form.asp?id=56
**********************************************************************
TOP OF THE NEWS
26 November 2001 Badtrans.b Worm Spreading Rapidly
Badtrans.B exploits an Outlook and Outlook Express vulnerability to execute its infected attachment automatically when the e-mail is opened. The worm's subject line appears to be a reply to a previously sent message. Badtrans.B self-propagates, then installs a back door on the computer, sends the machine's IP address to the worm's author, and runs a key logging program.-http://www.infoworld.com/articles/hn/xml/01/11/26/011126hnbadtrans.xml?1126alert
-http://www.cnn.com/2001/TECH/internet/11/26/badtrans.worm/index.html
-http://news.cnet.com/news/0-1003-200-7979449.html
25 November 2001 Global Cyber Crime Treaty Signed
The United States, Canada, Japan and South Africa joined their counterparts in 26 other countries in signing the Council of Europe1s Convention on Cybercrime to harmonize laws and penalties for crimes committed via the Internet.-http://www.newsbytes.com/news/01/172398.html
-http://news.cnet.com/news/0-1003-200-7826224.html?tag=lh
20 & 21 November 2001 Playboy.com Customer Information Stolen
A cracker sent Playboy.com online store customers e-mail messages that contained their credit card numbers and other personal information. Playboy.com quickly e-mailed all customers who has shopped at the site in the last five years and advised them to contact their credit card companies to check for fraudulent charges. The company also informed customers that Playboy.com has hired a security consultant to audit its systems and that the FBI is investigating the case.-http://www.cnn.com/2001/TECH/internet/11/20/playboy.hacked/index.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO65979,00.html
20 November 2001 Web Conference Security Lacking
Web conferences, which have increased in popularity since September 11, often lack basic security measures such as encryption and strong passwords. Furthermore, simple searches for web addresses containing names of web conference providers can reveal meeting times and topics.-http://www.usatoday.com/usatonline/20011120/3637693s.htm
20 November 2001 Media Player Vulnerability
Microsoft released an advisory warning of a buffer overflow vulnerability in its Media Player software. The company advised customers to apply a patch which fixes not only the Media player flaw, but several others, some of which have not been disclosed.-http://www.computerworld.com/storyba/0,4125,NAV47_STO65921,00.html
******** Also Sponsored by Windows Security Vulnerabilities ***********
Get the inside story on Windows security vulnerabilities and solutions.
Order your copy of the only security guide for Windows 2000 that is
updated every month.
"Windows 2000 Security Vulnerabilities and Solutions," By Jesper Johansson
Order it at http://www.sansstore.org/
***********************************************************************
THE REST OF THE WEEK'S NEWS
21,22 & 23 November 2001 Voyager Alpha Force
A new hybrid worm, Voyager Alpha Force, infects improperly configured SQL server systems and uses an IRC channel to force them to launch DDOS attacks. The worm affects only MS SQL Server 7.0 and earlier (i.e. doesn't affect MS SQL Server 2000).-http://news.cnet.com/news/0-1003-200-7946943.html?tag=prntfr
-http://www.theregister.co.uk/content/4/22990.html
-http://www.zdnet.com/zdnn/stories/news/0,4586,2826892,00.html
21 November 2001 Car Rental Agency Tests Biometrics
Dollar Rent A Car agencies at thirteen US airports are requiring customers to supply thumbprints as part of a pilot biometric system aimed at reducing theft and fraud. Privacy advocates say the use of biometric information is not well regulated and could be abused.-http://www.wired.com/news/politics/0,1283,48552,00.html
20 November 2001 Biometric Technology
A growing interest in biometric security technology has burgeoned since September 11, and people seem to be willing to forfeit some measure of privacy in return for heightened security. Civil liberties advocates are concerned that the technology presents a "slippery slope to a surveillance society." A sidebar in this article offers brief descriptions of several different types of biometric systems.-http://www.msnbc.com/news/654788.asp?0dm=B1AST
21 November 2001 FBI Wants Telecoms Companies to Add Hardware,Software for Surveillance
The FBI wants telecommunications companies to add software and equipment to enable the agency to access voice communications much as it captures electronic communication. Among the agency's requests are 24 hour real-time monitoring capability and undetectable, reliable interceptions.-http://www.msnbc.com/news/661333.asp?0dm=T19ST
20 & 21 November 2001 Magic Lantern
The FBI is developing software that can install surveillance programs remotely. Dubbed "Magic Lantern," the tool would aim to plant keystroke-logging programs on targeted computers.-http://www.msnbc.com/news/660096.asp?0dm=T18ST
-http://news.cnet.com/news/0-1003-200-7944351.html?tag=prntfr
15 November 2001 FBI Prefers Fingerprints to Other Biometrics
The FBI told a Senate subcommittee that the agency prefers fingerprints to new, fancier biometric identification systems. The FBI already has an enormous amount of fingerprint data in digital databases; it also has a system to retrieve and match prints quickly and which is compatible with similar databases in Canada, the UK and at Interpol.-http://www.fcw.com/fcw/articles/2001/1112/web-fbi-11-15-01.asp
20 November 2001 Ziff Davis Subscribers' Data Revealed
Ziff Davis Media accidentally posted some subscribers' personal information, including credit card numbers and mailing addresses, on its website. Ziff Davis initially erased the contents of the accessible database, then blocked access to its address entirely.-http://www.wired.com/news/business/0,1367,48525,00.html
20 November 2001 Gartner: Internet Reliability is 5 Years Out
A Gartner commentary predicts that the Internet will not be as stable or reliable as private networks until 2006. Businesses should assess their systems for vulnerabilities, test incident response plans, and contract for denial-of-service protection.-http://news.cnet.com/news/0-1003-201-7933085-0.html?tag=prntfr
19 & 20 November 2001 Microsoft Apologizes, Admits it Knew of Vulnerability
Microsoft apologized for "inaccurate" statements regarding an Internet Explorer (IE) vulnerability disclosed by Online Solutions. Initially, Microsoft blasted Online Solutions for making the vulnerability public on November 8, but then admitted that the security company had notified them of the problem a week before.-http://news.cnet.com/news/0-1003-200-7920273.html?tag=prntfr
-http://www.theregister.co.uk/content/55/22935.html
19 November 2001 Security Spending Up Despite Sluggish IT Budgets
A recent survey of 174 IT managers conducted by Computerworld and J.P. Morgan Securities Inc. found that while IT budgets are decreasing or staying the same as last year, spending on security technology is on the rise. Survey participants expected to invest in SSL products, anti-virus software, intrusion detection systems, VPNs and firewalls.-http://www.computerworld.com/storyba/0,4125,NAV47_STO65860,00.html
19 November 2001 Health Care Site Privacy
Many health care web sites are not bound by the privacy rules that govern what health care providers may and may not do with patients' information.-http://www.zdnet.com/zdnn/stories/news/0,4586,5099803,00.html?chkpt=zdnn_nbs_hl
19 November 2001 Hacking Back is Not a Good Idea
Even though new products are capable of providing more information about who is behind certain cyber attacks, people are reluctant to turn the tables on attackers because they may not have the right target and because some hacking back is illegal.-http://www.newsfactor.com/perl/story/14874.html
19 November 2001 Protecting Businesses From Failed Vendors
As the uncertain economy nibbles away at the financial viability of technology vendors, businesses are well advised to include protection clauses in their licensing and outsourcing contracts. Establishing a backup plan with an alternate supplier is also helpful.-http://www.computerworld.com/storyba/0,4125,NAV47_STO65859,00.html
[Editor's (Schultz) Note: Organizations that are considering obtaining outside help in areas such as intrusion detection monitoring need to weigh financial/organizational stability of candidate providers much more heavily than most buyers currently do. ]
19 November 2001 ABA Hears UCITA Arguments
The American Bar Association (ABA) heard arguments about the Uniform Computer Information Transactions Act (UCITA). It is considering whether or not to support the controversial software licensing law. Of particular concern is the "self-help" provision that lets vendors remotely shut down software if they suspect license violations. Thirty-two states' attorneys general have signed a letter opposing the law.-http://www.computerworld.com/storyba/0,4125,NAV47_STO65893,00.html
Computerworld's Maryfran Johnson speaks out against UCITA ; she advises businesses to carefully examine software contracts for UCITA provisions and fight their inclusion.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO65797,00.html
18 November 2001 Ellison's Boast of "Unbreakable" Server Could Lead to Embarrassment
Oracle's Larry Ellison is touting a new e-mail server as "unbreakable", a label that is all too likely to serve as an invitation to hackers, according to David Coursey.-http://www.zdnet.com/zdnn/stories/comment/0,5859,2825352,00.html?chkpt=zdnn_nbs_
hl
[Editor's (Schultz) Note: Statements such as the ones Ellison has made appear to reflect gross ignorance about even the most basic principles of information security. (Murray) Security people say "hardened," not "unbreakable. (Paller) SANS is gathering information about the greatest security threats to database products in order to help the database vendors improve their products and to teach their users how to protect themselves. Please share the important security vulnerabilities you have found involving Oracle software by emailing us at sans@sans.org with the subject: Oracle threats. ]
==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites
Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz
