Newsletters: NewsBites

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume IV - Issue #35

August 28, 2002

TOP OF THE NEWS

26 August 2002 Identity Theft Insurance
21 & 23 August 2002 Feds Raid ForensicTec Offices
23 August 2002 Proposed US Network Operations Center Would Centralize Cyber Security Data
27 August 2002 FTC Releases "Safe At Any Speed" Security Guidance for Consumers

THE REST OF THE WEEK'S NEWS

27 August 2002 Flying for WiFi
21 August 2002 Wardriving Day
26 August 2002 Hacker Demonstrates SSL Exploit
26 August 2002 Study Advocates Open Source for Governments
22 & 23 August 2002 Duload Worm Targets Kazaa Network
26 August 2002 VA Revamps Computer Disposal Policy
23 August 2002 Liquidated Computers Harbor Sensitive Data
25 & 26 August 2002 Attorney to Appeal Russian Hacker's Case
24 August 2002 OMB Orders IT Spending Freeze to Eliminate Redundant Investments in Homeland Security
23 August 2002 Trillian Buffer Overflow Vulnerability
23 August 2002 Microsoft Releases Cumulative IE Patch
22 August 2002 Office and IE Holes
20 & 21 August 2002 Microsoft FTM Vulnerability
20 August 2002 Apache and Windows 2000 Holes
22 August 2002 Air Force Research Lab to Collaborate on Digital Watermarking Technology
22 August 2002 Nine Electronic Crimes Task Forces to be Established
21 August 2002 On Line Court Docs Pose Privacy Problems
21 August 2002 West Virginia DMV Shuts Down NASCAR Plate Site to Investigate Hacking
21 August 2002 Software Needs to be Better Secured
20 August 2002 Businesses are Improving Cyber Security
20 August 2002 Networking Information and Technology R&D Program Plans
19 August 2002 Security Event Management Systems
18 August 2002 Virtual Honeynets

TUTORIAL

23 August 2002 Top Ten Worms and Viruses

FREE WEB BROADCAST

Mark your calendar for September 4, 1 PM EDT (1700 UTC)

SECURITY TRAINING NEWS

Gold Standard Training for Securing Windows 2000


********* This Issue Sponsored by Check Point Software ****************
Get Your FREE White Paper: "Building Secure Wireless LANs"
When building a wireless LAN, you need a solid security
foundation. Learn how with Check Point's white paper, "Building Secure
Wireless LANs." See how you can protect your network's integrity with
proven encryption and authentication while connecting users through
flexible wireless technology.
Get it FREE! Just click here:
http://cgi.us.checkpoint.com/Wireless/wireless.htm
***********************************************************************

TOP OF THE NEWS

26 August 2002 Identity Theft Insurance

Identity theft insurance will usually cover expenses incurred by those who have to endure the ordeal of identity theft. Victims often need to take time away from work to deal with banks, credit card companies and other concerns. The policy is usually available as a rider on homeowner's insurance.
-http://www.msnbc.com/news/799425.asp?0dm=C21AT
[Editor's Note (Schultz): I'd dispute any notion that infosec insurance sales are doing all that well, but I'd be willing to bet that identity theft insurance will be popular. Identity theft is simply too prevalent already, it results in terrible inconvenience for the victim, and it can be purchased as a rider to a home insurance policy---how perfect! ]

21 & 23 August 2002 Feds Raid ForensicTec Offices

The FBI raided the offices of ForensicTec, the company that claimed it had found vulnerable computer networks in the government and military while conducting a security audit for an unrelated private firm. The company allegedly peered into scores of files on these computers. ForensicTec president Brett O'Keefe said their goal was to alert the government to the need for better security and to gain good PR for the company. Accessing a computer without permission is a felony in the United States.
-http://www.washingtonpost.com/wp-dyn/articles/A42019-2002Aug20.html
-http://www.cnn.com/2002/TECH/internet/08/23/computer.security.ap/index.html
[Editors' Note (multiple): Last week your NewsBites editors decided not to run this story because we sensed something wrong with a company hacking a government agency and bragging about it. We included the story this week because law enforcement involvement rounded it out. Here are the URLs from last week that we excluded:
-http://www.washingtonpost.com/wp-dyn/articles/A24191-2002Aug15.html
-http://news.com.com/2100-1001-954179.html
-http://www.gcn.com/vol1_no1/daily-updates/19683-1.html]

23 August 2002 Proposed US Network Operations Center Would Centralize Cyber Security Data

As a part of its National Strategy to Secure Cyberspace, the Bush Administration is proposing to create a cyber-security Network Operations Center that would serve as a single point of collection for security related e-mail and other security data. The center would bring together data from the National Infrastructure Protection Center (NIPC), the Critical Infrastructure Assurance Office (CIAO), the Department of Energy and commercial networks. In addition, private networks would be encouraged to collect data to share with the government. Concerns about the center include government agencies' reluctance to share information with each other and the possibility of privacy violations.
-http://www.eweek.com/article2/0,3959,481112,00.asp

27 August 2002 FTC Releases "Safe At Any Speed" Security Guidance for Consumers

The US Federal Trade Commission today released a four page guide to safety for computers connected to the Internet at high speed (such as using DSL and cable). It's the first such document that communicates effectively with the general public. The FTC is making free printed color copies available to any groups that need them for classes or handouts to customers or for any other purpose. See the FTC note at the end of this issue for the address to request copies. The electronic version is available in text and PDF format at the new FTC InfoSecurity web site which will soon have a great deal more useful information.
-http://www.ftc.gov/bcp/conline/edcams/infosecurity/


************************ SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.
(1) ACTIVATE your firewall to block as-yet-unknown attacks. FREE
case study. http://www.sans.org/cgi-bin/sanspromo/NB69
(2) STOP SPAM and unwanted email. Take control. FREE WHITE PAPER!!!
http://www.sans.org/cgi-bin/sanspromo/NB70
(3) IDENTIFY AND STOP THE FIVE THREATS TO INTERNET DATA SECURITY!
CLICK HERE! http://www.sans.org/cgi-bin/sanspromo/NB71
***********************************************************************

THE REST OF THE WEEK'S NEWS

27 August 2002 Flying for WiFi

The search for accessible wireless networks has taken to the sky. A group A group calling itself WAFreeNet flew in a small plane around Perth, Australia, looking for wireless networks. The group says they want to map out the locations of other wireless networks so they won't interfere with their own.
-http://www.theage.com.au/articles/2002/08/24/1030052995854.html
[Editor's Note (Murray): Yeah, right. ]

21 August 2002 Wardriving Day

On August 31, hackers plan to come together in Red Deer, Alberta for the first Alberta International Wardriving Day, a contest to see who can find the most wireless networks. There are no prizes for participants; the event's organizer says it raises awareness about security and privacy needs.
-http://rtnews.globetechnology.com/servlet/ArticleNews/tech/RTGAM/20020821/gtwar/
Technology/techBN

26 August 2002 Hacker Demonstrates SSL Exploit

A Swedish hacker demonstrated for Reuters how he could easily break into Microsoft server software used at several Swedish banks. He exploited a vulnerability in Microsoft's implementation of the Secure Socket Layer (SSL) standard. Microsoft claims it is not possible, "I can't even see the theoretical possibility for it to happen", said Mats Lindkvist, responsible for security at Microsoft in Sweden..
-http://news.com.com/2100-1001-955442.html

26 August 2002 Study Advocates Open Source for Governments

A study from University of Maastricht's International Institute of Infonomics strongly recommends that governments use open source software instead of proprietary products. The study argues that the use of open source software in governments would save money and increase competition.
-http://zdnet.com.com/2100-1104-955282.html
-http://www.infonomics.nl/FLOSS/index.htm

22 & 23 August 2002 Duload Worm Targets Kazaa Network

A visual basic worm called Duload has been spreading through the Kazaa file-sharing network. It arrives as an attachment and copies itself to the system directory, modifies the registry so it loads on every start, and places itself into a folder in the Windows directory using a list of phony file names and makes that folder available to people on the file-sharing network (39 copies). One of the variants also downloads Trojans to infected computers.
-http://www.smh.com.au/articles/2002/08/23/1030052966626.html
-http://www.theregister.co.uk/content/55/26794.html
-http://zdnet.com.com/2100-1105-954893.html

26 August 2002 VA Revamps Computer Disposal Policy

129 computers from the Department of Veterans Affairs (VA) that contained sensitive information such as health records and government credit card numbers were given away in Indianapolis. The VA is revising its computer disposal policy. The VA's CIO says the agency will buy an enterprise license for software that will erase data from hard drives and will develop and establish a qualification and certification program for all VA ISOs.
-http://www.fcw.com/fcw/articles/2002/0826/news-va-08-26-02.asp

23 August 2002 Liquidated Computers Harbor Sensitive Data

Two used computers bought from a liquidation firm on the Internet turned out to contain quantities of sensitive information from the businesses that originally owned them. The author suggests running a magnet over hard drives before the computers are sold and instituting legal action against those who expose others' personal information by allowing it out with discarded computers.
-http://www.linuxjournal.com/article.php?sid=6286

25 & 26 August 2002 Attorney to Appeal Russian Hacker's Case

A Seattle attorney who is defending one of the two Russian men nabbed in an FBI sting plans to argue in his appeal that the FBI agents violated US law when they downloaded the information from the Russians' computers without a warrant. His line of argument is similar to that used by Russian FSB officials who have charged the FBI agent with criminal activity.
-http://news.com.com/2100-1001-955251.html
-http://online.securityfocus.com/columnists/105
[Editor's Note (Murray): The legitimacy of this investigation turns on a number of untested legal points including jurisdiction and timely warrants. Better to have it decided on this case than on an accusation of hacking against and authorized and supervised law enforcement officer. ]

24 August 2002 OMB Orders IT Spending Freeze to Eliminate Redundant Investments in Homeland Security

The US Office of Management and Budget has ordered seven of the agencies that will become part of the proposed Department of Homeland Security to halt all IT project spending until it determines whether or not proposed projects can be combined to save money. The OMB also wants to make sure new projects will be compatible across the new DHS. Ongoing projects are not affected by the spending freeze.
-http://www.washingtonpost.com/wp-dyn/articles/A55084-2002Aug23.html

23 August 2002 Trillian Buffer Overflow Vulnerability

The messenger client Trillian, v. 0.73 is vulnerable to a buffer overflow attack. Trillian allows users to connect a variety of instant messaging clients in a single interface. An analyst has published a proof-of-concept attack for the vulnerability.
-http://news.zdnet.co.uk/story/0,,t278-s2121250,00.html

23 August 2002 Microsoft Releases Cumulative IE Patch

Microsoft has issued a cumulative patch for Internet Explorer (IE) that also addresses six vulnerabilities, the most serious of which could allow attacker to take control of vulnerable machines. The flaws affect IE versions 5.01, 5.5 and 6.0; older, unsupported versions of IE may also be vulnerable. The patch also disables two vulnerable ActiveX controls.
-http://www.computerworld.com/securitytopics/security/holes/story/0,10801,73732,0
0.html

-http://www.theregister.co.uk/content/55/26807.html
-http://www.microsoft.com/technet/security/bulletin/MS02-047.asp

22 August 2002 Office and IE Holes

Critical security holes In Microsoft's Office suite and Internet Explorer could allow attackers to run programs on vulnerable computers, possible reading files or even crashing machines. Microsoft has made a patch for the vulnerability available.
-http://www.msnbc.com/news/797978.asp?0dm=C11NT

20 & 21 August 2002 Microsoft FTM Vulnerability

Microsoft warned customers of a security flaw in its File Transfer Manager (FTM) program which is used to download certain software from the company's web site. FTM users are urged to upgrade to the newest version of the program which is available on Microsoft's FTM web site. The flaw could allow an attacker to gain control of vulnerable systems.
-http://news.com.com/2100-1001-954590.html
-http://www.computerworld.com/securitytopics/security/holes/story/0,10801,73674,0
0.html

-http://www.theregister.co.uk/content/55/26765.html
FTM web site:
-http://transfers.one.microsoft.com/ftm/install/HomeIE.asp

20 August 2002 Apache and Windows 2000 Holes

Security holes affect Apache server software version 2.0.39 and earlier on Microsoft Windows 2000, IBM OS/2 and Novell Netware. The Apache flaw, which could allow an attacker to access sensitive information or execute code, affects only non-Unix platforms. The Windows flaw, which could allow the attacker to obtain elevated privileges on vulnerable systems, is in the Network Connection Manager (NCM) component. There are patches available for both security holes.
-http://zdnet.com.com/2100-1105-954502.html
-http://www.ciac.org/ciac/bulletins/m-114.shtml
-http://www.ciac.org/ciac/bulletins/m-113.shtml
-http://httpd.apache.org/info/security_bulletin_20020809a.txt
-http://www.microsoft.com/windows2000/downloads/critical/q326886/default.asp?Fini
shURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D41406%26redirect%3Dno

22 August 2002 Air Force Research Lab to Collaborate on Digital Watermarking Technology

The Air Force Research Laboratory (AFRL) Information Directorate will work with a private sector company on the research and development of digital watermarking technology. The goal is to develop digital watermarking technology that will add security to identity documents. It will also help identify phony documents.
-http://www.fcw.com/fcw/articles/2002/0819/web-afrl-08-22-02.asp

22 August 2002 Nine Electronic Crimes Task Forces to be Established

The US Secret Service plans to establish nine Electronic Crimes Task Forces (ECTFs) across the country. Patterned after the one already established in New York City, will allow IT specialists to share information about cyber security threats without the risk of publicly exposing problems. The US Patriot Act mandates the establishment of an ECTF in every major city.
-http://www.computerworld.com/securitytopics/security/story/0,10801,73696,00.html

21 August 2002 On Line Court Docs Pose Privacy Problems

States are increasingly putting court documents on line which pits the right of access to public records against citizens' right to privacy. Some states have imposed a moratorium on placing their public records online until they have developed a policy regarding privacy. Though much sensitive data is deleted, but remaining information, such as bank account numbers and addresses, could abet identity theft or other crimes.
-http://story.news.yahoo.com/news?tmpl=story2&cid=528&ncid=528&e=2&am
p;u=/ap/20020821/ap_on_hi_te/court_records_online_3

21 August 2002 West Virginia DMV Shuts Down NASCAR Plate Site to Investigate Hacking

West Virginia's DMV has shut down a web site that was used to sell NASCAR license plates on line; the FBI is investigating allegations that a hacker breached the site's security. The FBI has taken the server, which contains credit card numbers of people who bought NASCAR plates, as part of its investigation.
-http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8794

21 August 2002 Software Needs to be Better Secured

According to security experts, bad software is to blame for the increase in cyber attacks. Consumers need to demand better products from manufacturers. White House cyber security advisor Richard Clarke calls for boycotting software that is not secure. The National Institute of Standards and Technology (NIST) has developed quality assurance testing tools for software.
-http://www.newsfactor.com/perl/story/19104.html

20 August 2002 Businesses are Improving Cyber Security

US companies seem to be heeding the warning that the next arena for a terrorist attack could be their computer systems. According to a Computer Economics survey of 233 businesses, 77% of the companies have bolstered their protection against cyber attacks like viruses and hacker attacks; improvements include updating anti-virus software and generating daily backups. A survey by SCI and the FBI found that 90% of large corporations and government agencies discovered security breaches in the past year.
-http://www.usatoday.com/advertising/orbitz/orbitz-window.htm

20 August 2002 Networking Information and Technology R&D Program Plans

Plans for the federal Networking Information and Technology R&D (NITRD) program include research in the areas of encryption and authentication and high-speed wired and wireless security. The program also offers graduate fellowships and postdoctoral research funding in areas of advanced IT training. President Bush has requested $1.8 billion for the program for fiscal 2003, an increase of $59 million over 2002.
-http://www.gcn.com/vol1_no1/daily-updates/19713-1.html

19 August 2002 Security Event Management Systems

The abundance of security systems available to administrators, including firewalls, intrusion detection systems, anti-virus software and content-filtering systems, can provide too much information to process effectively and efficiently. The next generation of security tools aims to address this problem. Called security event management systems, they analyze and correlate data from a variety of security systems on a central console.
-http://www.informationweek.com/story/IWK20020816S0036

18 August 2002 Virtual Honeynets

This article from the Honeynet Project defines and describes the deployment of self-contained and hybrid virtual honeynets.
-http://www.honeynet.org/papers/virtual/
[Editor's Note (Murray): Counter-espionage is not an exercise for amateurs. One cannot buy it in a kit. If you do not know what you will do with the results, do not collect them. ]

TUTORIAL

23 August 2002 Top Ten Worms and Viruses

This article describes the differences between worms, viruses and Trojan horses, and offers descriptions of the ten worst viruses and worms of all time. The article also offers advice for protecting computers from infections: use anti-virus software and update it regularly, don't open unexpected or suspicious e-mail attachments and keep up to date with software patches and virus news.
-http://www.pcworld.com/features/article/0,aid,103992,00.asp

FREE WEB BROADCAST

Mark your calendar for September 4, 1 PM EDT (1700 UTC)

Visual displays and statistics to help catch intruders featuring David Marchette. Plus Symantec's Brian Hernacki on Recourse Technology. Listen live and ask questions, or, once you have an access code, sign on later to listen to the webcast at your leisure.
-http://sans.digisle.tv/audiocast_090402/brief.htm

SECURITY TRAINING NEWS

Gold Standard Training for Securing Windows 2000

using the new consensus standards and free testing tools - 38 cities.
-http://www.sans.org
/Win2KWorldTour/">
-http://www.sans.org
/Win2KWorldTour/
SANS Network Security 2002 in October: Largest security conference & expo:
-http://www.sans.org
/NS2002">
-http://www.sans.org
/NS2002
For military security managers: click on the National Information Assurance Leadership Conference. Microsoft's advertising site, AOL, CNN, and the Recording Industry Association of America sites have all been taken down by Distributed Denial of Service (DDoS) attacks over the past 18 months. Your site could be next. The defenses, the mitigation strategies, and the best of breed tools are still emerging and the DDOS Symposium is your only chance to see all of the products and technology at the same time - with live demos. (
-http://www.sans.org
/NS2002">
-http://www.sans.org
/NS2002
/ddos.php) Advanced security training in nineteen additional cities, plus Local Mentor programs in 35 cities. See:
-http://www.sans.org