SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume III - Issue #7
February 14, 2001
In Orlando in April (at the Spring Break SANS) SANS will unveil two new
hands-on courses - one for NMAP and one for Forensics. You may take the
very popular Security Essentials track and the two hands on programs or
take the hands-on programs alone. The Firewalls and Perimeter
Protection track and the Windows 2000 Security track will also be
presented in Orlando. Details: http://www.sans.org/springbreak.htm
TOP OF THE NEWS
12 & 13 February 2001 AnnaKournikova Worm Spreading; Dutch Author Arrested9 February 2001 Student Privacy Legislation Proposed
5 & 6 February 2001 Wireless Cryptographic Flaw
5 February 2001 DSA Flaw
THE REST OF THE WEEK'S NEWS
12 February 2001 Davos Data Theft Update9 February 2001 Castro a Cyber Threat
9 February 2001 Heckencamp Update
8 February 2001 Data Theft Potential for Gnutella Users
8 February 2001 HTML Tags
6 & 8 February 2001 Hacktivism Tactics
7 & 9 February 2001 Cartolina: Italian Love Bug Variant
6 & 7 February 2001 Extremist Groups Posting Info on Bulletin Boards
6 February 2001 Survey Finds People Will Open Suspicious E-Mail
6 February 2001 Hacking/Cracking Hall of Fame
6 February 2001 IT ISAC to Begin Sharing Info Next Month
5 & 6 February 2001 E-Mail Wiretapping Feature Causes Privacy Concern
5 February 2001 CIA Firm Funds New Info Technologies
5 February 2001 IRS VPN
5 February 2001 Single Sign-On
5 February 2001 Critical Infrastructure Organization
1 February 2001 Proposal for Consolidating Critical Infrastructure Security
5 February 2001 Competitive Intelligence
5 February 2001 Going Public with the BIND Vulnerabilities
**********************************************************************
Sponsored by VeriSign - The Internet Trust Company
**********************************************************************
Secure your servers with 128-bit SSL encryption! Grab your copy of
VeriSign's FREE Guide, "Securing Your Web site for Business" and you'll
learn everything you need to know about using 128-bit SSL to encrypt
your e-commerce transactions, secure your corporate intranets and
authenticate your Web sites. 128-bit SSL is serious security for your
online business.
Get it now! http://www.verisign.com/cgi-bin/go.cgi?a=n094410560008000
**********************************************************************
TOP OF THE NEWS
13 & 14 February 2001 AnnaKournikova Worm Spreading; Dutch Author Arrested
A fast spreading e-mail worm carries the subject "Here you have, ;o)" and a message of "Hi: Check This!" along with an e-mail attachment titled AnnaKournikova.jpg.vbs. Opening the attachment causes the worm to be sent as an email to all entries in the user's Outlook address book. A Dutch hacker calling himself OnTheFly turned himself in to police and admitted building the worm using a hacker tool called a Worm Generator.-http://www.cnn.com/2001/TECH/internet/02/14/kournikova.virus/index.html
-http://www.wired.com/news/technology/0,1282,41782,00.html
9 February 2001 Student Privacy Legislation Proposed
Proposed legislation would require that schools obtain parental consent before collecting children's personal data to be used for commercial purposes. The schools would also be required to make known who is getting the information, how it will be used, and the amount of class time used for data gathering.-http://www.cnn.com/2001/TECH/internet/02/09/children.privacy.reut/index.html
5 & 6 February 2001 Wireless Cryptographic Flaw
A research group at the University of California, Berkeley, has found serious cryptographic flaws in the Wired Equivalent Privacy (WEP) algorithm that could let crackers intercept and modify wireless transmissions and gain access to networks.-http://www.idg.net/go.cgi?id=412091
-http://www.zdnet.com/zdnn/stories/news/0,4586,2681947,00.html
-http://news.cnet.com/news/0-1004-201-4730941-0.html?tag=prntfr
5 February 2001 DSA Flaw
A Bell Labs research scientist discovered that the Digital Signature Algorithm's (DSA) random number generator is twice as likely to select a set of numbers from one range than from another. The flaw is not a major threat because enormous computing power is required to exploit it. DSA was designed by the National Security Agency (NSA) for generating and verifying digital signatures.-http://www.idg.net/go.cgi?id=412093
*********** Also sponsored by Network-1 Security Solutions ***********
Host Resident Firewall for Windows NT/2000 Servers and Desktops
CyberwallPLUS is a firewall for NT/ 2000 servers and desktops. It
protects against attacks with an ICSA-certified packet filter that
provides network access controls, intrusion detection and traffic logs.
Local and central management facilities make it ideally suited for
enterprise-wide deployment.
Free 30-day evaluation: http://www.network-1.com/support/download.html
**********************************************************************
THE REST OF THE WEEK'S NEWS
12 February 2001 Davos Data Theft Update
The cracker group claiming responsibility for the theft of personal information from the World Economic Forum's (WEF) registration database in Davos, Switzerland said that the data was not protected and that they stole the information not to use it, but to prove that they had infiltrated the computer system.-http://www.wired.com/news/politics/0,1283,41760,00.html
9 February 2001 Castro a Cyber Threat
The head of the Defense Intelligence Agency told the Senate Intelligence Committee that Fidel Castro might be plotting a cyber attack against the US military. While Cuba's military is not as strong as the US military, the country's intelligence operations have the potential to employ asymmetric tactics against the US.-http://www.wired.com/news/politics/0,1283,41700,00.html
9 February 2001 Heckencamp Update
Jerome Heckencamp, the man accused of cracking eBay and other prominent Internet companies, was freed on $50,000 bond last week.-http://www.usatoday.com/life/cyber/tech/2001-02-09-hacker.htm
8 February 2001 Data Theft Potential for Gnutella Users
Gnutella users could expose themselves to data theft if they have not been careful about specifying exactly which files, folders, and drives they make available to other users of the file-swapping network. Unscrupulous users could download private documents or even cookies, which could allow them to visit websites in the guise of the cookie's rightful owner.-http://www.zdnet.com/zdnn/stories/news/0,4586,2683950,00.html?chkpt=zdnn_rt_late
st
8 February 2001 HTML Tags
E-Mail tracking services use hidden HTML tags to tell you when e-mail you've sent has been read. Recipients are able to opt out of having the information transmitted back to the sender.-http://www.wired.com/news/technology/0,1282,41686,00.html
8 February 2001 Hacktivism Tactics
Hacktivists have traditionally sabotaged web sites of organizations and companies whose policies and practices they oppose, but the theft of personal data is emerging as a new tactic for the cyber protesters. The editor of The Hacktivist, an on-line magazine, feels that such activity "discredits the legitimacy of hacktivism."-http://www.cnn.com/2001/TECH/internet/02/08/hacktivism.ap/index.html
In a related article, responding to the recent theft of data from a World Economic Forum database, an editor and columnist decries Internet vigilantism, calling it imprudent and cowardly.
-http://www.zdnet.com/zdnn/stories/comment/0,5859,2682652,00.html
[Editor's (Paller) Note: Activists and other groups who feel disenfranchised have already begun to use distributed denial of service attacks. ]
7 & 9 February 2001 Cartolina: Italian Love Bug Variant
Cartolina, an Italian version of the Love Bug virus has infected computers at ten European companies. The virus changes the home page of Internet Explorer to an Italian music web site and sends itself on to everyone in the infected machine's address book. This particular virus is unlikely to spread widely because it is written in Italian; that could change if it were to be translated into English.-http://www.zdnet.com/zdnn/stories/news/0,4586,2683333,00.html
-http://www.idg.net/ic_417042_2058_1-1474.html
6 & 7 February 2001 Extremist Groups Posting Info on Bulletin Boards
Extremist groups have been posting encrypted messages on Internet bulletin boards. Using free encryption programs, terrorist groups have can send detailed information around the world. One technique, called steganography, embeds messages within other digitized information, like image and audio files.-http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm
-http://www.wired.com/news/politics/0,1283,41658,00.html
6 February 2001 Survey Finds People Will Open Suspicious E-Mail
An antivirus vendor's survey of business e-mail users in the UK found that as many as 50% would open suspiciously titled e-mail like "Great Joke" and "Special Offer".-http://news.cnet.com/news/0-1003-201-4733888-0.html?tag=prntfr
6 February 2001 Hacking/Cracking Hall of Fame
This article offers a list of hacks/cracks, from John Draper to last year's DDoS attacks. It claims that sometimes the problems have led to good things.-http://www.wired.com/news/technology/0,1282,41630,00.html
[Editor's (Schultz) Note: The article incorrectly reports that the Morris Worm led to the formation of CERT. CERT had already been formed. ]
6 February 2001 IT ISAC to Begin Sharing Info Next Month
The IT Information Sharing and Analysis Center (ISAC) will use an anonymizing service when they begin sharing information on attacks and defenses next month. However, many companies are uncomfortable sharing information about their vulnerabilities with each other and with the government.-http://www.zdnet.com/zdnn/stories/news/0,4586,2682476,00.html
[Editor's (Murray) Note: The absence of accountability that goes with anonymity invites mischief. ]
5 & 6 February 2001 E-Mail Wiretapping Feature Causes Privacy Concern
Embedded JavaScript in e-mail could allow the originator of a message to see any and all forwarded versions of the message. The problem affects HTML-enabled e-mail clients.-http://www.msnbc.com/news/526539.asp?0nm=T25B
-http://news.cnet.com/news/0-1005-200-4719063.html?tag=prntfr
-http://www.wired.com/news/business/0,1367,41639,00.html?tw=wn20010206
5 February 2001 CIA Firm Funds New Info Technologies
In-Q-Tel, the CIA's non-profit venture capital firm, looks to fund technology development projects that will benefit both the agency and the commercial arena. In-Q-Tel recently funded enhancements to a search engine that uses natural language processing and can now bring up results in response to compound questions.-http://computerworld.com/cwi/story/0%2C1199%2CNAV65-663_STO57287_NLTs%2C00.html
5 February 2001 IRS VPN
The Internal Revenue Service (IRS) has established a Virtual Private Network (VPN) that lets 15,000 field agents look up records securely, using smart cards to log in. The VPN performs encryption and authentication functions.-http://www.gcn.com/vol20_no3/news/3642-1.html
5 February 2001 Single Sign-On
Single sign-on lets a user log on to a primary domain and have access to secondary domains without separate log-in procedures. Managers can set policies that allow employees' access to specific areas only. Centralized authorization and authentication facilitates changing employees access permissions and removing someone from the system entirely. Drawbacks to single sign-on include the fact that it could be a single point of failure, and it takes considerable work to set up.-http://computerworld.com/cwi/story/0%2C1199%2CNAV65-663_STO57285_NLTs%2C00.html
5 February 2001 Critical Infrastructure Organization
Some security experts say that a centralized structure is good for critical infrastructure protection, but others believe that decentralization could disseminate information more quickly, and that the sheer number of interested groups could make centralization difficult.-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO57359,00.html
1 February 2001 Proposal for Consolidating Critical Infrastructure Security
The US Commission on National Security has recommended the formation of a National Homeland Security Agency (NHSA) to oversee government and private critical infrastructure security. The proposal includes establishing a National Crisis Action Center and a directorate of critical infrastructure protection. Analysts doubt a new agency will be created, when others are already competing for the same authority and funding.-http://computerworld.com/cwi/story/0%2C1199%2CNAV65-663_STO57233_NLTs%2C00.htm
5 February 2001 Competitive Intelligence
Businesses can use the web to stay informed of the competition's activities. Some on-line services offer news and analysis of a multitude of companies for those seeking competitive intelligence. Businesses wishing to control what information others can gather about them should keep a close eye on information conduits out of the company while bearing in mind the need to balance security with functionality.-http://computerworld.com/cwi/story/0%2C1199%2CNAV65-663_STO57280_NLTs%2C00.html
5 February 2001 Going Public with the BIND Vulnerabilities
CERT decided to make a public announcement about the BIND vulnerabilities because they didn't know "what the intruders[knew ]
." Also, because the software is so widely used, a press conference may have been the best way to alert the community to the problem and the availability a patch.
-http://computerworld.com/cwi/story/0%2C1199%2CNAV65-663_STO57358_NLTs%2C00.html
== End ==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites
Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Bill Murray,
Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
