SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume IV - Issue #10

March 06, 2002

Hackers are currently scanning the entire Internet looking for Windows
systems with unprotected shares. They have found thousands or perhaps
tens of thousands of vulnerable systems and installed remote-control
bots on those systems. If you have not checked your systems and your
family's systems for open shares, now would be a very good time to
find them and protect them.


Alan

---

TOP OF THE NEWS

4 March 2002 Network Admin Who Destroyed Network Gets 41 Months Of Jail Time
27 February 2002 Warez Ringleader Pleads Guilty
27 February 2002 Life Sentences Proposed for Reckless Hacking
28 February 2002 Millions of Apache Web Servers Vulnerable To PHP Attacks
27 February 2002 Users Band Together To Establish Minimum Security Benchmarks

THE REST OF THE WEEK'S NEWS

4 March 2002 OMB Security Report Could Launch Long-Needed Fixes
4 March 2002 NIST Releases Draft Guidelines For Web Server Defense
28 February 2002 Oracle Security: Less Than Claimed
28 February 2002 Wall Street Execs Voice Concerns About Security
28 February 2002 Hong Kong To Give Smart ID Cards To All Citizens
27 February 2002 Microsoft Security Improvements Underway
27 February 2002 How Will The Next Virus Work?
27 February 2002 Federal CIOs Rate Security Higher Than E-Gov
26 February 2002 New York State Pulls Sensitive Data From Web Sites
25 February 2002 MP3 Files Can Contain Exploits
25 February 2002 Security and Privacy Must Be Balanced

TUTORIAL

Managing the Threat of Denial of Service Attacks

---

************ Sponsored by VeriSign - The Value of Trust **************
Pinpoint the right security solution for your company - FREE Guide
from VeriSign gives you the facts. Learn how to:
- - Add the most powerful online encryption - 128-bit
- - Quickly authenticate your site
Get your FREE Guide now at:
http://www.verisign.com/cgi-bin/go.cgi?a=n061174430057000
***********************************************************************

---

TOP OF THE NEWS

4 March 2002 Network Admin Who Destroyed Network Gets 41 Months Of Jail Time

Timothy Lloyd was sent to prison for nearly 3 and a half years and ordered to pay 2 million US dollars in restitution for planting a time bomb that destroyed the manufacturing software developed by his employer.
-http://www.nwfusion.com/news/2002/0304lloyd.html
[Editor's (Schultz) Note: Cases such as this one and others with similar outcomes will eventually help turn the tide in the war against cybercrime. Perpetrators have for the most part not been forced to face consequences for their actions. ]

27 February 2002 Warez Ringleader Pleads Guilty

John Sankus of Philadelphia has pleaded guilty to one felony count of conspiracy to commit criminal copyright infringement. Law enforcement officials say that Sankus was the ringleader of one of the oldest groups trading illegally in copyrighted software.
-http://www.newsbytes.com/news/02/174822.html

27 February 2002 Life Sentences Proposed for Reckless Hacking

A US House subcommittee voted unanimously to propose lifetime jail sentences for hackers who knowingly attempt "to cause death or serious bodily injury" through electronic means.
-http://www.wired.com/news/politics/0,1283,50708,00.html

28 February 2002 Millions of Apache Web Servers Vulnerable To PHP Attacks

Up to ten million Apache-based web sites are vulnerable to a buffer overflow attack that targets the popular PHP scripting language. Upgrading to the newest version of PHP (4.1.2) or patching older versions fixes the vulnerability.
-http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO68693,00.ht
ml

27 February 2002 Users Band Together To Establish Minimum Security Benchmarks

A consortium of 170 user organizations has published security benchmarks for Cisco routers, Windows 2002 systems and Solaris systems, along with free testing tools to measure whether systems meet the benchmarks. This is a critical step forward in the quest for "minimum standards of due care" in security.
-http://www.usatoday.com/life/cyber/tech/2002/02/27/security.htm

---

*********************** Sponsored Links ****************************
(1) Add it up and upgrade... StoneGate firewall 50% upgrade promotion.
http://www.sans.org/cgi-bin/sanspromo/NB10
(2) Manage or Eliminate NIS and NIS+ using Guardian Version 5.
http://www.sans.org/cgi-bin/sanspromo/NB11
(3) Stop Hackers DEAD with Continuous Intrusion Prevention provided
by ActiveGuard(tm)
http://www.sans.org/cgi-bin/sanspromo/NB12
**********************************************************************

---

THE REST OF THE WEEK'S NEWS

4 March 2002 OMB Security Report Could Launch Long-Needed Fixes

Federal agency reports required by the Government Information Systems Reform Act (GISRA) show extensive security management weaknesses and point toward corrective action.
-http://www.fcw.com/fcw/articles/2002/0304/cov-start-03-04-02.asp
[Editor's (Paller) Note: Federal CIOs now face a choice. They can focus their security efforts on getting more paper reports done so they can get a higher score next year, or they can use the senior management attention created by GISRA to establish continuous monitoring programs and competition among divisions to identify those that are best at securing their systems. I have been very impressed with the leadership being shown by the CIOs who have the foresight (and guts) to be part of the latter group. ]

4 March 2002 NIST Releases Draft Guidelines For Web Server Defense

The US National Institutes of Standards and Technologies (NIST) requested comments on a draft guide containing detailed configuration suggestions for web servers.
-http://www.fcw.com/fcw/articles/2002/0304/web-nist-03-04-02.asp

28 February 2002 Oracle Security: Less Than Claimed

In a teleconference for its clients, security firm Counterpane Internet Security reminded them of the lingering vulnerabilities in the supposedly "unbreakable" product. The article author claims that Oracle has been "less than eager to disseminate useful information about these issues."
-http://www.theregister.co.uk/content/53/24244.html

28 February 2002 Wall Street Execs Voice Concerns About Security

Executives from Morgan Stanley, Donaldson, Lufkin & Jenrette, and Salomon Smith Barney described their key cybersecurity concerns and what they thought could be done to improve protection.
-http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO68689,00.ht
ml

28 February 2002 Hong Kong To Give Smart ID Cards To All Citizens

In a move designed to offer more protection against forgery and allow stronger verification of the cardholder's identity, Hong Kong's government has contracted for an initial batch of 1.2 million smart cards. This is the first step toward providing all 6.8 million citizens with smart cards that can verify identities and later be used for drivers licenses, secure transactions and more.
-http://www.newsbytes.com/news/02/174837.html

27 February 2002 Microsoft Security Improvements Underway

The day to day activities of thousands of Microsoft software developers have changed, according to a Microsoft security spokesperson.
-http://seattlepi.nwsource.com/business/59941_flaws27.shtml

27 February 2002 How Will The Next Virus Work?

This commentary reviews patterns developing in new viruses and worms: bypassing Outlook, using instant messaging, and more.
-http://zdnet.com.com/2100-1107-846099.html

27 February 2002 Federal CIOs Rate Security Higher Than E-Gov

According to a survey, defending federal systems against cyberterrorism has passed the quest for electronic government as the highest priority for federal CIOs.
-http://www.gcn.com/vol1_no1/security/18039-1.html

26 February 2002 New York State Pulls Sensitive Data From Web Sites

Information targeting locations of government offices, dams, and power stations is being removed from New York State web sites in an effort to avoid assisting terrorists who want to do damage.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68628,00.html

25 February 2002 MP3 Files Can Contain Exploits

Features in media players from both Microsoft and RealNetworks allow attackers to package unwanted data as MP3 files and can, according to one security practitioner, allow security holes in Internet Explorer to be exploited from MP3 files.
-http://online.securityfocus.com/news/338

25 February 2002 Security and Privacy Must Be Balanced

IT managers face a growing conflict between the need to implement new security measures while protecting employee privacy.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68593,00.html

---

TUTORIAL

Managing the Threat of Denial of Service Attacks

Although distributed denial of service attacks continue to plague systems across the globe, networks are not without defenses. CERT's paper shows how to build DDoS resilient networks and lays out the steps to follow when analyzing and responding to DDoS attacks.
-http://www.cert.org/archive/pdf/Managing_DoS.pdf
An earlier report on trends in DDOS attacks is available at:
-http://www.cert.org/archive/pdf/DoS_trends.pdf

---

==end==
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites). For a free subscription,
(and for free posters) e-mail sans@sans.org with the subject:
Subscribe NewsBites


Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz