Newsletters: NewsBites

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume IV - Issue #34

August 21, 2002

TOP OF THE NEWS

19 August 2002 NIST Warns Against Wireless LANs for Government
16 August 2002 DoD Wireless Policy Nearly Ready
19 August 2002 DrinkOrDie Ringleader Sentenced
15 August 2002 Library Site Defacer Gets 1-3 Year Prison Sentence
14 August 2002 Princeton Admissions Dean/Hacker to be Reassigned
15 & 16 August 2002 FBI Agent Accused of Illegal Computer Access

THE REST OF THE WEEK'S NEWS

15 & 16 August 2002 Apache Web Server has Vulnerability; Upgrade is Available
16 August 2002 Microsoft Releases Patches for Windows 2000, SQL Server 7.0 and 2000
16 August 2002 Microsoft Funds Initiative For Software Choice
16 August 2002 Think Tank Wants Linux Certified Under Common Criteria
16 August 2002 NIPC Requests Quotes for Contractor Support
15 & 16 August 2002 IRS Can't Account for Computers Lent to Volunteers
15 August 2002 Researchers Develop Personalized Laptop Crypto System
15 August 2002 Variety of Anti-Virus Products Proves Helpful to Scottish Bank
14 August 2002 Oracle Releases Patch for Debugger Vulnerability
14 August 2002 Cyber Corps Gets an Additional $19.2 Million
14 August 2002 UK E-Commerce Site Removes Exposed Customer Data
14 August 2002 InfraGard Members Warned About Warchalking
14 August 2002 Security Certifications Down Except for Disaster Planning and Recovery (Not!)
13 August 2002 Burma to Test Passports with Embedded Chips
13 August 2002 Crackers are Targeting Security Professionals
13 & 14 August 2002 Digital Pearl Harbor Simulation
13 August 2002 SSL Vulnerability in Microsoft, KDE
15 August 2002 Microsoft Says SSL Problem is in Windows, Not IE
19 August 2002 Microsoft's Lag Time Frustrates
12 August 2002 Virus Activity Down

SECURITY TRAINING NEWS

Gold Standard Training for Securing Windows 2000


******************* This Issue Sponsored by NetIQ ********************
Security Technical Workshops from Microsoft and NetIQ
Is your enterprise secure? Learn how to fight hackers during the
Digital Crime Prevention Labs. These one-day workshops will deliver
the ultimate experience in defending the enterprise. You'll team up
to defend a LIVE network against a hacker. Register by 8/30 and save!
http://www.netiq.com/events/seminars/digitalcrimeprevention/default.asp
**********************************************************************

TOP OF THE NEWS

19 August 2002 NIST Warns Against Wireless LANs for Government

The National Institute of Standards and Technology (NIST) is putting the final touches on a report that will recommend the US government not use wireless LANs (local area networks) except in rare cases. NIST also advises placing LAN access points where unauthorized users cannot access them and using VPN (virtual private network) clients and gateways.
-http://www.nwfusion.com/news/2002/134874_08-19-2002.html

16 August 2002 DoD Wireless Policy Nearly Ready

The Defense Department wireless use policy should be finalized soon. The policy will address the use of wireless devices in and around the Pentagon. The policy will prohibit wireless connections to classified networks or computers. Another policy submitted for formal consideration addresses wireless devices on the global grid.
-http://www.govexec.com/dailyfed/0802/081602td2.htm

19 August 2002 DrinkOrDie Ringleader Sentenced

Christopher Tresco, who was reportedly a ringleader in the DrinkOrDie digital piracy ring, received a 33-month sentence for "conspiracy to violate criminal copyright laws." Tresco was a system administrator at MIT and allegedly used university computers to distribute the pirated content.
-http://www.securitynewsportal.com/cgi-bin/cgi-script/csNews/csNews.cgi?database=
JanQ.db&command=viewone&id=95

15 August 2002 Library Site Defacer Gets 1-3 Year Prison Sentence

Christopher J. Chinnichi received a sentence of between 1 and 3 years in state prison and was ordered to pay restitution of $15,000 for twice defacing the Monroe County (NY) Library System's web site. The site was shut down for two days after one attack and for three weeks after the other.
-http://www.democratandchronicle.com/news/0815story110800_news.shtml

14 August 2002 Princeton Admissions Dean/Hacker to be Reassigned

The Princeton University dean who hacked into a Yale University admissions site meant only for applicants has lost his job. Stephen LeMenager said he was only trying to test the security of the site. Disciplinary action will be taken against other Princeton admissions office employees. LeMenager will work in Princeton's communications office until he is placed in another job at the university.
-http://www.usatoday.com/news/nation/2002-08-13-princeton-yale-hacking_x.htm

15 & 16 August 2002 FBI Agent Accused of Illegal Computer Access

A Russian Federal Security Service investigator has begun criminal proceedings against an FBI agent has allegedly lured two Russian hackers to the US, offered them jobs at a fictional company and harvested passwords to their computer in Russia. The FBI downloaded the evidence before they had a search warrant. The two allegedly stole information from large US companies and from two banks, and may be tied to the theft of credit card numbers from CD Universe and Western Union. The agent is accused of gaining unauthorized access to the pair's computers.
-http://www.msnbc.com/news/563379.asp?0dm=T22DT
-http://news.com.com/2100-1001-950719.html
-http://www.theregister.co.uk/content/55/26715.html


************************ SPONSORED LINKS *****************************
Privacy notice: These links redirect to non-SANS web pages.
(1) Uncover network vulnerabilities with Retina, #1 rated scanner.
FREE trial available at:
http://www.sans.org/cgi-bin/sanspromo/NB66
(2) ACTIVATE your firewall to block as-yet-unknown attacks.
FREE case study.
http://www.sans.org/cgi-bin/sanspromo/NB67
(3) ALERT: Top 14 Web Application Attack Techniques and Methods
to Combat Them
http://www.sans.org/cgi-bin/sanspromo/NB68
**********************************************************************

THE REST OF THE WEEK'S NEWS

15 & 16 August 2002 Apache Web Server has Vulnerability; Upgrade is Available

A security hole in Apache Web server version 2.0 could allow attackers to gain control of vulnerable systems. An upgraded version of the software is available. The vulnerability researcher who discovered the vulnerability waited until Apache had posted the upgraded version of the software to announce the flaw.
-http://www.pcworld.com/news/article/0,aid,104073,00.asp
-http://www.theregister.co.uk/content/4/26686.html
-http://httpd.apache.org/info/security_bulletin_20020809a.txt
-http://www.apache.org/dist/httpd/

16 August 2002 Microsoft Releases Patches for Windows 2000, SQL Server 7.0 and 2000

Microsoft released patches for two of its products. The first is for a critical flaw in the Network Connection Manager (NCM) component of Windows 2000 that could allow an attacker to gain control of a vulnerable system. The second is a cumulative patch for SQL server 7.0 and 2000.
-http://www.computerworld.com/securitytopics/security/holes/story/0,10801,73566,0
0.html

Windows 2000:
-http://www.microsoft.com/technet/security/bulletin/ms02-042.asp
SQL Server 7.0 and 2000:
-http://www.microsoft.com/technet/security/bulletin/MS02-043.asp
[Editor's Note (Ranum): Shoot. I guess this means that Microsoft's "stand-down" to fix all the bugs didn't work. I'm shocked, shocked, I tell you. ]

16 August 2002 Microsoft Funds Initiative For Software Choice

Microsoft has joined a group called the Initiative for Software Choice, which was created after several countries including, France, Germany and Peru passed or were considering legislation requiring their governments to use open source software.
-http://news.zdnet.co.uk/story/0,,t269-s2120759,00.html
-http://www.vnunet.com/News/1134428
[Editor's Note (Northcutt): In what is probably a tempest in a teacup, the Digital Software Security Act, has been proposed to require California state government to use open source.
-http://www.usatoday.com/tech/news/techpolicy/2002-08-16-linux-programmers_x.htm
(Schultz) Secure software does not depend on whether it is open- or closed-source, but rather on the quality of the development process. (Paller): Microsoft has a valid case in asking that governments not automatically exclude Microsoft software in favor of open source software. However, two Microsoft pressure tactics may backfire. The first is the company's expansive funding and subsequent control of specific lobbying initiatives of organizations that claim to represent far broader interests. The second is Microsoft's more direct efforts to pressure US Department of Defense executives to halt support for SE Linux when, in reality, the government has spent far more on projects that help improve security of Microsoft products than on projects that make Linux products secure. ]

16 August 2002 Think Tank Wants Linux Certified Under Common Criteria

The Cyberspace Policy Institute at George Washington University wants Linux to be certified under the Common Criteria, which would allow Linux to be purchased for "sensitive government applications." The Institute is offering to be the repository for the federally, certified Linux.
-http://zdnet.com.com/2100-1104-950123.html
-http://www.vnunet.com/News/1134428

16 August 2002 NIPC Requests Quotes for Contractor Support

The National Infrastructure Protection Center (NIPC) is requesting quotes for contractor support in identifying and predicting threats, analyzing and assessing threat information and disseminating information among its partners and the public. NIPC has been criticized for being slow to issue warnings about cyber security threats.
-http://www.fcw.com/fcw/articles/2002/0812/web-nipc-08-16-02.asp
-http://newsfactor.com/perl/story/19059.html

15 & 16 August 2002 IRS Can't Account for Computers Lent to Volunteers

According to an audit report from the Office of the Treasury Inspector General for Tax Administration, the Internal Revenue Service (IRS) cannot account for some portion of 6,600 computers it lent to volunteers to help prepare returns for low income, disabled and senior citizens. Earlier this year, the Inspector General found 2,300 computers missing from other areas of the IRS. The missing machines may contain sensitive taxpayer data.
-http://www.govexec.com/dailyfed/0802/081502t1.htm
-http://www.washingtonpost.com/wp-dyn/articles/A24030-2002Aug15.html
-http://zdnet.com.com/2100-11-950160.html

15 August 2002 Researchers Develop Personalized Laptop Crypto System

Brian Noble and Mark Corner, researchers at the University of Michigan, have developed a system that will encrypt computer data when the computer's owner steps away from the machine. The system works by the owner wearing a transmitter strapped on like a watch; when the owner is a designated distance away from the computer, the data is automatically encrypted. The wireless communication is also encrypted.
-http://www.newscientist.com/news/news.jsp?id=ns99992683
[Editor's Note (Schultz): File encryption is such a two-edged sword. It can assure confidentiality of data, but can also result in effectively losing encrypted files. I know of several Windows 2000 users who have lost all their files due to loss or corruption of their File Encrypting Key. And, unfortunately, key management schemes are usually pretty inadequate. ]

15 August 2002 Variety of Anti-Virus Products Proves Helpful to Scottish Bank

The Halifax/Bank of Scotland uses different anti-virus products at each layer of its IT infrastructure, a strategy it says has reduced the number of virus incidents in its systems by a factor of 10, from 3,000 to 300 a month.
-http://www.vnunet.com/News/1134385

14 August 2002 Oracle Releases patch for Debugger Vulnerability

A security hole in Oracle9i's debugging mechanism could crash vulnerable servers. The mechanism is enabled by default. Oracle has issued a patch for the vulnerability.
-http://www.theregister.co.uk/content/55/26678.html
-http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941

14 August 2002 Cyber Corps Gets an Additional $19.2 Million

President Bush signed into law a supplemental funding bill that allocates an additional $19.2 million for the Cyber Corps: the federal scholarship for service program in information security. Cyber Corps also funds capacity-building programs.
-http://www.fcw.com/fcw/articles/2002/0812/web-cyber-08-14-02.asp
[Editor's Note (Schultz): This investment in cybersecurity will undoubtedly return huge benefits in time. ]

14 August 2002 UK E-Commerce Site Removes Exposed Customer Data

Personal data belonging to about 1,700 UK Shopping City on-line customers was exposed on a website. A UK Information Commissioner's Office compliance manager said the unauthorized release is a violation of the Data Protection Act. UK Shopping City has removed the exposed customer data. The affected customers had each referred three friends whose names and e-mail addresses were also exposed. The managing director speculated that the problem occurred when the company changed servers recently.
-http://zdnet.com.com/2100-1106-949706.html
-http://news.com.com/2100-1017-949868.html

14 August 2002 InfraGard Members Warned About Warchalking

An FBI special agent warned Pittsburgh-area InfraGard members about warchalking - the practice of marking the locations of wireless access points on sidewalks and the outsides of buildings. One web site lets wardrivers submit their information and then creates street maps that note the access points. The agent says warchalking poses a threat to criminal investigations. InfraGard is a partnership between the FBI and businesses that allows them to share information about cyber security concerns.
-http://www.computerworld.com/securitytopics/security/story/0,10801,73479,00.html

14 August 2002 Security Certifications Down Except for Disaster Planning and Recovery (Not!)

The number of security certifications obtained during an 8-month period in 2002 is significantly lower than the number obtained during the same span a year earlier, according to a Brainbench Cyber IQ Defense Report. The trend affects all areas except disaster planning and recovery certifications, which are up 90% over last year.
-http://www.ntsecurity.net/Articles/Index.cfm?Articleclass=26262
[Editor's Note (Murray): CISSP certifications and still growing. (Northcutt) After reading this story, and seeing fellow Editor Bill Murray's comment that the CISSP was continuing to grow, I checked the GIAC certification numbers: They have grown substantially in the past year. So it was obvious something was wrong with this story. I contacted Eileen Townsend, one of the principle authors of the technical report on which this article is based, and she told me that the only source of data were the number of people taking their |wn Brainbench tests. Lower numbers of people using their service does not mean fewer people are attempting to earn security certifications.

13 August 2002 Burma to Test Passports with Embedded Chips

Burma will test an electronic passport system. As part of the 5,000 person pilot program, diplomats and some business people will receive passports with embedded microchips that contain personal information like fingerprints and photographs.
-http://news.bbc.co.uk/1/hi/world/asia-pacific/2191883.stm

13 August 2002 Crackers are Targeting Security Professionals

A hacker group called "e18" appears to be targeting security professionals. The group may be responsible for a Trojan that infected OpenBSD code. The group has intercepted e-mail, stolen files from people's computers and published the personal documents in their e-zine. The group is unhappy with the fact that security professionals publish vulnerabilities.
-http://www.wired.com/news/technology/0,1282,54400,00.html

13 & 14 August 2002 Digital Pearl Harbor Simulation

The US Naval War College and Gartner Research teamed up to conduct a "Digital Pearl Harbor" simulation. Analysts concluded that cyber terrorists could do serious damage to US critical infrastructure, but they would require five years of preparation time and significant amounts of money and intelligence. Recovery from the attacks would be difficult because there are no early warning systems for cyber attacks and no organized response to them.
-http://news.com.com/2100-1017-949605.html
-http://www.theregister.co.uk/content/55/26675.html

13 August 2002 SSL Vulnerability in Microsoft, KDE

Microsoft is investigating a vulnerability in the way Internet Explorer (IE) versions 5.0, 5.5 and 6.0 handles digital certificates. The security hole in IE's implementation of the Secure Socket Layer (SSL) standard could be exploited to trick users into thinking they are visiting a legitimate website that can be trusted with personal information.
-http://www.computerworld.com/securitytopics/security/holes/story/0,10801,73437,0
0.html

-http://www.usatoday.com/tech/news/computersecurity/2002-08-13-explorer-flaw_x.ht
m

15 August 2002 Microsoft Says SSL Problem is in Windows, Not IE

Microsoft says the SSL implementation problem lies not in Internet Explorer (IE) but in Windows itself. Microsoft is developing patches for Windows 98, Me, NT4, 2000 and XP.
-http://www.computerworld.com/securitytopics/security/holes/story/0,10801,73507,0
0.html

19 August 2002 Microsoft's Lag Time Frustrates

Microsoft's delay in addressing this and other security issues has frustrated users. KDE, developers of other software with the same security hole, released a patch within hours of the vulnerability's disclosure.
-http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8772
-http://www.theregister.co.uk/content/55/index.html

12 August 2002 Virus Activity Down

Explanations offered for the decline in virus activity over the past year include improved anti-virus software, more secure systems and new laws that assign stiffer penalties for hacking and the like, including life in prison. Some warn that people should not get complacent; virus activity will pick up again.
-http://www.reuters.com/news_article.jhtml?type=internetnews&Storyclass=13183
12

[Editor's Note (Schultz): This is a fascinating statistic. If it holds over time, it will represent a genuine victory for the information security arena. ]

SECURITY TRAINING NEWS

Gold Standard Training for Securing Windows 2000

using the new consensus standards and free testing tools got top ratings in both Melbourne Australia and Washington DC. 38 additional cities are now scheduled for this one-day, hands-on training. For locations:
-http://www.sans.org
/Win2KWorldTour/">
-http://www.sans.org
/Win2KWorldTour/
SANS Network Security 2002 in October: SANS largest fall conference, and largest exposition of advanced security tools and services.
-http://www.sans.org
/NS2002">
-http://www.sans.org
/NS2002
Advanced training in nineteen additional cities, plus Local Mentor programs staring in 30 cities. See:
-http://www.sans.org


== end ==
NewsBites Editorial Board:
Kathy Bradford, Dorothy Denning, Roland Grefer, Bill Murray, Stephen
Northcutt, Alan Paller, Marcus Ranum, and Eugene Schultz
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) e-mail sans@sans.org with the subject:
Subscribe NewsBites