SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume IV - Issue #24
June 12, 2002
TOP OF THE NEWS
6, 7 & 10 June 2002 Homeland Security Department Designed To Bring Cyber Security Efforts Together7 June 2002 Kazaa Users May Inadvertently Share Private Files
6 June 2002 Tenebaum Receives New, Longer Sentence
5 June 2002 Microsoft Admits Contribution to Think Tank That Published Anti Open-Source Paper
3 June 2002 MIT Grad Student Cracks Xbox
3 June 2002 Security Skills In Demand; Jobs Tight
THE REST OF THE WEEK'S NEWS
10 June 2002 Administration to Establish Cybersecurity Board10 June 2002 Software Piracy on the Rise
10 June 2002 Old Code Could be a Liability
7 June 2002 Florida Students Suspended for Changing Grades
7 June 2002 World Cup Virus
6 June 2002 Shakira Worm
6 June 2002 Using Old Software Could be Smart Security Move
6 June 2002 Group Copies Deceptive Duo Behavior
6 June 2002 UK Cyber Snooping Center
4, 5 & 6 June 2002 IE Gopher Hole
5 & 6 June 2002 CERT/CC Warns of BIND Buffer Overflow Flaw; Sun Releases Patches for Solaris Holes
5 June 2002 Simile.D Calls for a New Spin on Virus Detection
5 June 2002 Subpoena Asking for MSNBC Reporter's Notes is Withdrawn
5 & 10 June 2002 Norwegian Database Password Uncovered
5 June 2002 Canadian Man Arrested for Cyber Attack
4 June 2002 State AG Personnel Can Get Cybercrime Training
4 June 2002 Taiwan Reportedly Developing Open Source Project
4 June 2002 Biometrics Best Used Complementarily
3 June 2002 Rogue Access Points Pose Security Threat
******************** Sponsored by PentaSafe **************************
Enterprise security? Have you got the four critical areas covered?
Join us for a free live webcast on July 10: "Managing Security for
Results" sponsored by PentaSafe, KPMG, and SC Magazine. Find out how
you can more effectively manage security in the four critical areas
of policy, vulnerability, intrusion, and user management.
Register today! http://www.pentasafe.com/events
**********************************************************************
TOP OF THE NEWS
6, 7 & 10 June 2002 Homeland Security Department Designed To Bring Cyber Security Efforts Together
qThe new Homeland Security Department would consolidate federal cyber security efforts, bringing together the FBI's National Infrastructure Protection Center (NIPC), the Commerce Department's Critical Infrastructure Assurance Office (CIAO) and the GSA's Federal Computer Incident Response Center (FedCIRC), among others. The Department would serve as a "central clearinghouse" for terrorism-related data.-http://www.fcw.com/fcw/articles/2002/0610/news-bush-06-10-02.asp
-http://www.fcw.com/fcw/articles/2002/0610/news-bush2-06-10-02.asp
-http://www.gcn.com/vol1_no1/daily-updates/18897-1.html
-http://www.govexec.com/dailyfed/0602/060702td1.htm
7 June 2002 Kazaa Users May Inadvertently Share Private Files
A study shows that many Kazaa users are unaware which files on their computers they are making available for the peer-to-peer file swapping system. Researchers found they were able to access email files, financial data and web browser caches and cookies.-http://zdnet.com.com/2100-1105-933836.html
6 June 2002 Tenebaum Receives New, Longer Sentence
Ehud Tenebaum, the Israeli man who as a teenager broke into computers at MIT, NASA, FBI and the US Department of Defense DoD, received an 18-month jail sentence for his intrusions. Tenebaum initially received a year's probation, a fine and six months of community service, but an appeals court overruled the earlier ruling.-http://www.msnbc.com/news/762951.asp
5 June 2002 Microsoft Admits Contribution to Think Tank That Published Anti Open-Source Paper
Microsoft admits that it provides funding to the Alexis de Tocqueville Institution, the think tank that recently released a white paper that maintains open source software is not secure and that government should instead use proprietary software. The Institution will not comment on specific funding for the report.-http://www.wired.com/news/business/0,1367,52973,00.html
[Editor's (Paller) Note: Last year, the same think tank published a paper extolling the benefits of Microsoft's certification programs. ]
3 June 2002 MIT Grad Student Cracks Xbox
An MIT graduate student has posted on the Internet his method for hacking Xbox security, which could allow people to use the video game console to run other software. Andrew Huang attached a custom board to the data path between the Xbox's media chip and its central processor to devise his hack.-http://www.msnbc.com/news/761330.asp?0dm=T25AT
3 June 2002 Security Skills In Demand; Jobs Tight
With security budgets being tightened, many companies are training existing employees to take on additional security responsibilities.-http://www.computerworld.com/securitytopics/security/story/0,10801,71579,00.html
THE REST OF THE WEEK'S NEWS
10 June 2002 Administration to Establish Cybersecurity Board
The Bush administration plans to establish a Cybersecurity and Continuity of Operations Board. Members would include representatives from the Departments of Defense, State and Commerce as well as from intelligence and other agencies.-http://www.computerworld.com/securitytopics/security/story/0,10801,62106,00.html
10 June 2002 Software Piracy on the Rise
The rate of software piracy is increasing, a trend which may be attributed to the growth of computer markets in countries that traditionally have high piracy rates, such as China, India and Vietnam.-http://www.cnn.com/2002/TECH/industry/06/10/software.piracy.ap/index.html
[Editor's (Murray) Note: While polls suggest that the American people generally support these initiatives, I hope that I am not the only one that detects an ominous pattern. ]
10 June 2002 Old Code Could be a Liability
Microsoft will retire old code more quickly as part of its Trustworthy Computing Initiative, according to the company's director of security assurance, Steve Lipner. The problem of vulnerabilities stemming from old code is underscored by the Gopher Hole vulnerability unearthed this week. However, figuring out how to cut out code is a complex process since it is interdependent. eEye's Marc Maiffret says the problem is not that the code is old, but that the programmers are not reviewing the code before they use it.-http://news.com.com/2100-1001-934363.html
7 June 2002 Florida Students Suspended for Changing Grades
Two Florida high school students received 10-day suspensions for allegedly charging classmates $5 to alter grades and attendance records in the school's computer system.-http://www.vnunet.com/News/1132421
7 June 2002 World Cup Virus
The VBS.Chick-F virus claims to be results from the World Cup soccer tournament in Korea, but actually spreads itself though IRC channels and Microsoft Outlook. It arrives with the subject "RE: Korea Japan Results."-http://news.com.com/2100-1023-933888.html
6 June 2002 Shakira Worm
Shakira was created with a VBS worm generator kit and spreads through Microsoft Outlook or IRC. It displays a message that your computer is infected but otherwise has no destructive payload. It makes a few alterations to the registry, including one that will ensure it won't spread twice through the same machine.-http://zdnet.com.com/2100-1105-933309.html
6 June 2002 Using Old Software Could be Smart Security Move
Because script kiddies and hackers tend to focus on the latest software releases, using nearly obsolete software could be viewed as a security measure. Older software can also be more secure by virtue of the fact that bugs have been discovered and patches released.-http://www.theregister.co.uk/content/55/25608.html
[Editor's (Schultz) Note: I do not buy this notion at all. It is at best yet another "security by obscurity" ploy in that it will only work until the bad guys learn that old software versions are being deployed. (Murray) Another way of looking at it is that a population is at risk from homogeneity and a little diversity reduces that risk marginally. That is an effect but hardly a "security measure." ]
6 June 2002 Group Copies Deceptive Duo Behavior
Though the two men who called themselves the "Deceptive Duo" and defaced numerous government and business web sites with database screenshots in the name of security improvement have been arrested, another group has apparently picked up where they left off. The group, which calls itself "Infidelz," defaced a US Navy subdomain with a document allegedly taken from the Navy's human resources department. Though that site was taken down, another was soon similarly defaced.-http://www.vnunet.com/News/1132407
6 June 2002 UK Cyber Snooping Center
The National Technical Assistance Centre (NTAC), an Internet surveillance center for the UK government, will be housed at MI5 headquarters. NTAC will decrypt Internet traffic and e-mail for law enforcement and security and intelligence agencies. Some have expressed concern that the presence of the centre will encourage cyber criminals to adopt stronger encryption technology.-http://news.bbc.co.uk/hi/english/sci/tech/newsid_2027000/2027377.stm
-http://www.vnunet.com/News/1132384
4, 5 & 6 June 2002 IE Gopher Hole
A buffer overflow vulnerability in Internet Explorer's gopher client could allow an attacker to use a specially crafted web page or HTML e-mail to gain access to affected computers. Users can protect themselves by disabling the protocol. Microsoft is investigating the problem, and has criticized the company Oy Online Solutions for making the flaw public so soon.-http://www.computerworld.com/securitytopics/security/holes/story/0,10801,71713,0
0.html
-http://www.cnn.com/2002/TECH/internet/06/05/microsoft.security.flaw.ap/index.htm
l
5 & 6 June 2002 CERT/CC Warns of BIND Buffer Overflow Flaw; Sun Releases Patches for Solaris Holes
CERT/CC has warned of a flaw in BIND versions 9.2.0 and older that could allow denial of service attacks to be launched on DNS servers running the vulnerable software. Most Internet services depend on DNS servers. BIND versions 4 and 8 are unaffected. In an unrelated development, Sun Microsystems has released two patches for Solaris. The vulnerabilities lie in the snmpdx (format string vulnerability) and mibiisa (buffer overflow) agents in versions 2.6, 7 and 8 of the Solaris operating system; the flaw could allow attackers to gain root access to vulnerable systems. BIND needs to be restarted before it will run again.-http://www.computerworld.com/securitytopics/security/holes/story/0,10801,71715,0
0.html
-http://www.theregister.co.uk/content/55/25607.html
-http://zdnet.com.com/2100-1105-932573.html
-http://www.cert.org/advisories/CA-2002-15.html
5 June 2002 Simile.D Calls for a New Spin on Virus Detection
Though the Simile.D virus may not pose a huge threat to computers, it employs some unusual tactics that could have anti-virus researchers reevaluate current virus detection methods. Simile.D changes its characteristics, rendering signature-based detection ineffective. It also changes its size and is able to infect Linux-based machines from Window machines and vice versa.-http://zdnet.com.com/2100-1105-932447.html
[Editor's (Grefer) Note: Heuristic detection has been available for quite some time by now; though it has a much higher performance "penalty" than signature-based detection. ]
5 June 2002 Subpoena Asking for MSNBC Reporter's Notes is Withdrawn
US prosecutors issued a subpoena for MSNBC reporter Bob Sullivan's notes and other information pertaining to interviews with Adrian Lamo, the hacker who broke into New York Times computers, accessing private information about numerous luminaries whose writings had appeared on the newspaper's Op-Ed page. The FBI withdrew the subpoena after it became evident that the attorney who had issued it had not had it reviewed by the Department of Justice.-http://www.usatoday.com/life/cyber/tech/2002/06/05/hacker-subpoena.htm
-http://www.theregister.co.uk/content/6/25574.html
-http://news.com.com/2100-1023-933010.html
5 & 10 June 2002 Norwegian Database Password Uncovered
The New Norwegian Culture Center in Oresta, Norway offered a reward for unlocking a dBase database that holds a catalogue of books and magazines written in New Norwegian. The man who compiled the database died before disclosing the password. Having to unlock passwords isn't an unusual request, though the cause is usually an unhappy employee who has left the company. A Swedish engineer used a program to help him discover the password, which turned out to be the database creator's last name spelled backwards.-http://www.wired.com/news/culture/0,1284,52997,00.html
-http://www.computerworld.com/securitytopics/security/encryption/story/0,10801,71
894,00.html
-http://news.com.com/2100-1001-934653.html
Info:
-http://webon.prodat.no/wsp/aasentunet/webon.wsp?func=list&table=CONTENT&
func_id=20020606b&template=content
5 June 2002 Canadian Man Arrested for Cyber Attack
The Royal Canadian Mounted Police (RCMP) have arrested a Montreal man in connection with an attack last month on a US Postal Service web site. The man allegedly made 500 illegal Internet connections from his home.-http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8251
4 June 2002 State AG Personnel Can Get Cybercrime Training
Personnel in the offices of the Attorneys General of all 50 states will have the opportunity to receive training in cybercrime prosecution and investigation. The expertise in this area varies widely from state to state. The National Association of Attorneys General is working with The National Center for Justice and the Rule of Law (NCJRL) to develop the training program.-http://www.fcw.com/geb/articles/2002/0603/web-train-06-04-02.asp
[Editor's (Murray) Note: The issue is not availability, but motivation and opportunity. ]
4 June 2002 Taiwan Reportedly Developing Open Source Project
According to a report from Taiwan's Central News Agency, the country's government is developing its own open-source project; the move would provide Taiwan with significant savings in royalty payments. The Taiwanese government plans to train open source developers around the country.-http://news.com.com/2100-1001-931765.html
4 June 2002 Biometrics Best Used Complementarily
Biometric identification technology is best used in conjunction with other authentication and security measures, such as passwords, personal identification numbers (PINs) or tokens.-http://www.newsfactor.com/perl/story/18052.html
[Editor's (Murray) Note: True but not unique to biometrics. All authentication techniques, particularly passwords, are best used complimentarily. ]
3 June 2002 Rogue Access Points Pose Security Threat
Many companies are unaware that they have rogue wireless access points access points installed on their corporate networks. Employees often install the access points without getting permission from the IT department. Companies are advised to establish and enforce strict policies regarding installing access points and to use SNMP tools and physical inspections to detect unauthorized access points.-http://www.computerworld.com/mobiletopics/mobile/technology/story/0,10801,71656,
00.html
[Editor's (Murray) Note: One cannot successfully resist rogue access by policy and detection. One must use prevention. It is time to close our networks in any case. However, cheap wireless adds to the urgency. ]
==end==
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) e-mail sans@sans.org with the subject:
Subscribe NewsBites
Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Eugene Schultz
