SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume III - Issue #49
December 05, 2001
Goner is a dangerous worm that is spreading far too rapidly. However,
it caused no problem at all in those organizations that block
attachments of most malicious types. An increasing number of
organizations use filtering and secure configuration management to
protect their users and reduce the cost of cleaning up after worms
and other attacks. Makes sense to me.
AP
**********************************************************************
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 3, Number 49 December 5, 2001
TOP OF THE NEWS
5 December 2001 Goner Worm Hits Hard30 November 2001 Security Patch Demand is Overwhelming
28, 29 & 30 November 2001 WU-FTPD Vulnerability
28, 29 & 30 November 2001 Appeals Courts Uphold DCMA
26 & 28 November 2001 Google Search Results Could Present Security Problem
THE REST OF THE WEEK'S NEWS
5 December 2001 US Cyber Security Chief Asks Vendors To Do More To Protect Users3 December 2001 Federal Agencies Need Security Specialists
30 November 2001 Dreamcast Game Screensaver Infected with Kriz Virus
30 November 2001 Gary McGraw Interview
30 November 2001 Government Sites Defaced
26 November 2001 Sklyarov Hearing Date Set
29 November 2001 National IDs Won't Work
27 & 28 November 2001 McNealy Interview
29 November 2001 Russian Man Arrested in ATM Fraud Case
29 November 2001 Former Cisco Accountants Sentenced for Fraud
28 November 2001 GSA Team to Review GovNet Input
27 November 2001 Network Associates Denies Working with FBI
26 November 2001 Disclosure Waiting Period Wouldn't Work
26 November 2001 Security Funds Misallocated, Says Oppenheimer VP
************************ Sponsored by NetIQ **************************
Free Security Guide from NetIQ.
Learn How to Unlock Your Firewall's Secrets with Security Manager.
Find out how to maximize the return on your firewall investment.
Download NetIQ's free white paper, "Reporting and Incident Management
for Firewalls: The Keys to Unlocking Your Firewall's Secrets."
Visit http://www.netiq.com/f/form/form.asp?id=397
**********************************************************************
TOP OF THE NEWS
5 December 2001 Goner Worm Hits Hard
The goner worm comes by email, offers a screen saver, spreads rapidly, infects large numbers of user files, and tries to delete firewall and antivirus software.-http://www.cnn.com/2001/TECH/internet/12/04/goner.worm/index.html
30 November 2001 Security Patch Demand is Overwhelming
IT managers are overwhelmed with patches and updates, according to a recent study. A UK-based study found that most companies would have to make an average of 5 updates every work day to keep up with the steady flow of fixes from security vendors.-http://www.computerworld.com/storyba/0,4125,NAV47_STO66215,00.html
28, 29 & 30 November 2001 WU-FTPD Vulnerability
CERT/CC has issued a warning about a vulnerability in the Washington University FTP daemon that could allow crackers to gain complete control of computer systems unless patches are installed. A group of vendors had agreed to release their patches on December 3, but Red Hat mistakenly released an advisory on November 27.-http://news.cnet.com/news/0-1003-200-8007615.html?tag=prntfr
-http://www.theregister.co.uk/content/55/23082.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO66202,00.html
28, 29 & 30 November 2001 Appeals Courts Uphold DCMA
A federal appeals court upheld a ruling that prohibits Eric Corley, operator of the 2600 magazine web site, from publishing or linking to code that breaks DVD encryption, marking a victory for proponents of the Digital Millennium Copyright Act (DCMA). In another DCMA-related case, a New Jersey federal district court judge dismissed a case brought by Princeton Professor Edward Felten against the Recording Industry Association of America (RIAA) and the Secure Digital Music Initiative (SDMI). Felten alleged the RIAA threatened him with legal action if he presented his code-breaking research at conferences.-http://news.cnet.com/news/0-1005-200-8011238.html?tag=prntfr
-http://www.wired.com/news/politics/0,1283,48726,00.html
-http://www.usatoday.com/life/cyber/tech/2001/11/29/princeton-professor.htm
-http://www.cnn.com/2001/TECH/industry/11/30/dmca.appeal.idg/index.html
26 & 28 November 2001 Google Search Results Could Present Security Problem
A new tool in the Google search engine can return results not intended for public viewing. Not only can the searches turn up credit card numbers and other sensitive information, but they are capable of pinpointing sites running software with known vulnerabilities.-http://news.cnet.com/news/0-1005-200-7946411.html?tag=prntfr
-http://www.theregister.co.uk/content/55/23069.html
**************** Also Sponsored by Cyber Defense West ****************
Turbo charge your security career with one of the great immersion
training tracks in San Francisco, December 16-20.
http://www.sans.org/CDI.htm
**********************************************************************
THE REST OF THE WEEK'S NEWS
5 December 2001 US Cyber Security Chief Asks Vendors To Do More To Potect Users
Dick Clarke told software companies that their responsibility doesn't end when they fix a hole in their products and announce it on their web site. They can take more responsibility for ensuring the fixes are implemented.-http://www.siliconvalley.com/docs/news/svfront/033011.htm
3 December 2001 Federal Agencies Need Security Specialists
Government agencies have had trouble attracting strong applicants for computer security jobs not only because of the significant salary discrepancies, but also because of the length of time it takes to get employees the necessary security clearances and the small pool of applicants with sufficient expertise. In addition, some agencies do not make security a priority.-http://www.fcw.com/fcw/articles/2001/1203/mgt-ranks-12-03-01.asp
[Editor's (Schultz) Note: I'm convinced that many agencies do not make security a priority because they do not really know what to do. Some of them, for example, entangle themselves in complex risk assessment methods to the degree that they divorce themselves from reality or drain a disproportionate amount of their resources on activities that do not directly result in elevated protection of systems and networks. (Murray) The problem is not nearly so much a problem of absence of technical skills as one of absence of management attention. ]
30 November 2001 Dreamcast Game Screensaver Infected with Kriz Virus
A screensaver included with the Dreamcast game Atelier Marie is infected with the Kriz virus; its malicious payload includes attempts to corrupt BIOS chips and overwrite all files on hard disks and network drives. The developers have recalled the game.-http://www.theregister.co.uk/content/56/23139.html
30 November 2001 Gary McGraw Interview
Gary McGraw, co-author of Building Secure Software, speaks to CNET News.com about his ten principles for better security, which include identifying and securing the weakest link and keeping things simple, and the five worst security problems, which include buffer overflows and misused cryptography.-http://www.zdnet.com/zdnn/stories/news/0,4586,2829102,00.html?chkpt=zdhpnews01
-http://www.zdnet.com/zdnn/stories/news/0,4586,2829117,00.html
[Editors' (Multiple) Note: McGraw is 100% correct. Many of the same principles have been promoted for more than a decade by people like Steve Bellovin, Gene Spafford and Matt Bishop. The fact that programmers have systematically ignored them illuminates the absence of security in the priorities set by the people who manage programmers. (Murray) Quality software is useful but not sufficient for good security. Teaching "security" in colleges will not help to get quality software; we must teach software engineering. Further, even misused cryptography is better than unused cryptography. It may be sufficient to get you off of the target of opportunity list. ]
30 November 2001 Government Sites Defaced
Crackers defaced two US government sites, one belonging to the National Oceanic and Atmospheric Administration (NOAA) and the other to the National Institute of Health (NIH), with anti-American propaganda. A different cracker defaced the Army's Waterways Experiment Station home page.-http://www.newsbytes.com/news/01/172582.html
26 November 2001 Sklyarov Hearing Date Set
Dmitry Sklyarov, the Russian programmer charged with violating the Digital Millennium Copyright Act (DMCA) for writing a program that lets Adobe eBook Reader users to copy books, will have a court hearing on April 15, 2002.-http://news.cnet.com/news/0-1005-200-7983072.html?tag=prntfr
29 November 2001 National IDs Won't Work
Jay Stanley and Barry Steinhardt of the American Civil Liberties Union (ACLU) offer five reasons why a national identity system is not a good idea, including the "slippery slope of surveillance" and the potential for discrimination and harassment.-http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO66153,00.ht
ml
27 & 28 November 2001 McNealy Interview
Sun Microsystems Chairman and CEO Scott McNealy discusses last year's external memory cache problem, customer nondisclosure agreements (which have since been dropped), national ID cards, and the upcoming Solaris 9.-http://www.computerworld.com/storyba/0,4125,NAV47_STO66102,00.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO66121,00.html
29 November 2001 Russian Man Arrested in ATM Fraud Case
A Russian organized crime ring stole account and personal identification numbers (PINs) from people using point of sale ATMs in Manhattan, New Your City. The group allegedly stole $1.5 million from the victims, who are largely Chase and Citibank customers. The US Treasury's Secret Service police have arrested one man in connection with the thefts and are looking for another.-http://www.msnbc.com/news/664990.asp?0dm=T217T
29 November 2001 Former Cisco Accountants Sentenced for Fraud
Geoffrey Osowski and Wilson Tang, formerly accountants at Cisco, have been sentenced to nearly three years in prison for exploiting their insider status to commit computer and securities fraud.-http://www.theregister.co.uk/content/55/23100.html
28 November 2001 GSA Team to Review GovNet Input
A General Services Administration (GSA) team will look at industry responses to the proposed GovNet, a secure voice and data network not connected to the Internet.-http://www.gcn.com/vol1_no1/daily-updates/17552-1.html
27 November 2001 Network Associates Denies Working with FBI
An Associated Press article alleged that McAfee has spoken with the FBI about ensuring that its antivirus software wouldn't detect the agency's Magic Lantern software. Network Associates, which makes McAfee products, was roundly criticized by security specialists and denied having contacted the FBI.-http://www.wired.com/news/politics/0,1283,48648,00.html
26 November 2001 Disclosure Waiting Period Wouldn't Work
Computerworld senior columnist Frank Hayes points out that had Microsoft's proposed 30-day waiting period been in place, we would only just now officially be hearing about Nimda. A waiting period for vulnerability disclosures would not reduce security risks because virus and worm writers are not likely to abide by the 30-day rule.-http://www.computerworld.com/storyba/0,4125,NAV47_STO65969,00.html
26 November 2001 Security Funds Misallocated, Says Oppenheimer VP
Mike Hager, Oppenheimer Funds VP of network security and disaster recovery, says that companies spend 80% of their security budgets guarding against outside threats while 80% of attacks come from internal sources.-http://computerworld.com/nlt/0%2C3590%2CNAV65-663_STO66046_NLTSEC%2C00.html
[Editor's (Schultz) Note: Hager is wrong here; he is perpetrating a myth based on 1983 FBI statistics. Most attacks now come from the outside, but organizations generally deploy firewalls and other perimeter measures that stop most outside attacks. Hager should carefully examine organizations' firewall logs before making a statement such as the one he has made. I agree with the premise that insider attacks are still by far the greater source of loss, however. ]
==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites
Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz