SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume IV - Issue #4
January 23, 2002
Hawaii anyone? You can get a head start on your GIAC certifications
this year by attending SANS Aloha IV at the Hyatt Waikiki in Honolulu
beginning on January 28. With plane fares at an all time low, and
all four of SANS top rated certification courses (Security Essentials,
Intrusion Detection, Firewalls and Perimeter Protection, and Windows
Security) being taught by the masters (Northcutt, Cole, Brenton,
and Fossen), how can your bosses say no?
See http://www.sans.org/Aloha4.htm
Alan
TOP OF THE NEWS
18 January 2002 China Institutes Strong Internet Content Regulations18 January 2002 Distributed Computing Case Plea Agreement
16 & 17 January 2002 Gates on Trustworthy Computing Initiative
15 January 2002 Windows Patch Site Out Of Commission
THE REST OF THE WEEK'S NEWS
18 January 2002 FTC Settles with Eli Lilly in Customer Privacy Case18 January 2002 Database Security
18 January 2002 SSA Digital Certificate Enabled Online Submissions
17 January 2002 FBI: al Qaeda Might be Looking at Facilities' Sites
17 January 2002 Purported al-Qaeda Files Used Weak Encryption
17 & 18 January 2002 Response to Trustworthy Computing Initiative Message
16 January 2002 NIPC is Considering Reorganization Models
15 & 16 January 2002 Windows Media Player Flaw Can Defeat IE P3P Protections
15 January 2002 ICANN Reluctant to Sign Server Performance Contracts
14 January 2002 Cyber Forensics
14 January 2002 File Sharing Programs Can Expose Personal Data
14 January 2002 Microsoft Shuts On-Line Store to Investigate Alleged Script Hole
14 January 2002 Older Versions of ICQ At Risk for Buffer Overflow
13 January 2002 MoD Laptops Missing
************* This issue sponsored by Websense *******************
Choosing Internet filtering software isn't always easy, is it?
Guess again. With Websense Enterprise, the leading solution, you get
installation and administration that's a breeze. Combine that with
integrations with Microsoft, Cisco, Check Point and others and you'll
see why 15,000+ organizations are using Websense worldwide. If only
ALL your decisions were this simple.
Try a free, fully-functional 30-day trial.
http://www.websense.com?id=10204
*******************************************************************
TOP OF THE NEWS
18 January 2002 China Institutes Strong Internet Content Regulations
New regulations in China require ISPs to screen e-mail for subversive political content and hold them responsible for website, chat-room and bulletin board content. In addition, software manufacturers have to guarantee that their products do not contain backdoors.-http://www.wired.com/news/politics/0,1283,49855,00.html
[Editor's (Grefer) Note: A similar move in terms of liability for content offered within the borders of Germany (independent of where the sites/pages are hosted) has been finalized and published as new legislation. While this does not sit well with ISPs, they have not yet found a legal way of fighting this new law. ]
18 January 2002 Distributed Computing Case Plea Agreement
David McOwen, the former DeKalb Technical College system administrator charged with computer theft and trespass under Georgia's computer crime law for installing distributed computing clients on college computers, has agreed to a plea bargain. McOwen will pay $2,100 in restitution, perform 80 hours of community service and will be on one year of probation.-http://www.securityfocus.com/news/311
-http://www.theregister.co.uk/content/4/23737.html
[Editor's (Murray) Note: The ethical lesson here is that when you set out to do good, be sure that you do it with your own resources, not those of your employer. ]
16 & 17 January 2002 Gates on Trustworthy Computing Initiative
Bill Gates sent all Microsoft employees an e-mail describing the Trustworthy Computing Initiative which stresses reliability, security and privacy. Text of e-mail:-http://www.wired.com/news/business/0,1367,49826,00.html
-http://www.msnbc.com/news/689243.asp?0dm=T215T
-http://zdnet.com.com/2100-1104-817017.html
15 January 2002 Windows Patch Site Out Of Commission
A DNS problem prevented Windows users from downloading critical security patches from the Windows Update site.-http://www.eweek.com/article/0,3658,s%253D700%2526a%253D21231,00.asp
**************** Also sponsored by NFR Security, Inc. **************
Your firewalls are being bypassed. Your employees are doing things
they shouldn't.
Protecting your network and hosts isn't just a matter of knowing who is
there, you must know what they're doing and if it could be damaging.NFR
Security can help - now with both best-of-breed host and network
intrusion detection.
Click here for a FREE white paper on Coverage in Intrusion Detection
Systems
http://www.nfr.com/forum/papers.html
*********************************************************************
THE REST OF THE WEEK'S NEWS
18 January 2002 FTC Settles with Eli Lilly in Customer Privacy Case
The Federal Trade Commission (FTC) has settled a privacy case against Eli Lilly and Company. The drug manufacturer had inadvertently exposed the names of almost 700 subscribers to its Prozac.com reminder service. The company will not pay a fine, but is required to develop a data security program.-http://www.computerworld.com/storyba/0,4125,NAV47_STO67517,00.html
18 January 2002 Database Security
A list of the top ten database security issues compiled from the results of a poll of managers using Protegrity Inc.'s Secure data privacy management products includes suggestions for alleviating some of the problems.-http://www.searchsecurity.com/originalContent/0,289142,sid14_gci797222,00.html
18 January 2002 SSA Digital Certificate Enabled Online Submissions
Washington State will be the first to participate in the Social Security Administration's (SSA) digital certificate program for state wage reports submitted on-line.-http://www.gcn.com/vol1_no1/daily-updates/17765-1.html
17 January 2002 FBI: Al Qaeda Might be Looking at Facilities' Sites
An FBI alert to law enforcement agencies warned of unconfirmed reports that al Qaeda operatives may have been searching certain web sites, some of which contain information about nuclear plant and other facilities. The alert was issued to urge authorities to consider carefully the content they make available on their web sites.-http://www.cnn.com/2002/TECH/internet/01/17/fbi.alert/index.html
17 January 2002 Purported al-Qaeda Files Used Weak Encryption
Files on computers which allegedly belonged to al-Qaeda operatives in Afghanistan were protected with a 40-bit data Encryption Standard (DES), which until last year was the strongest encryption permitted to be exported from the United States. A former NATO encryption expert says the more stringent export controls should not be restored.-http://www.newscientist.com/news/news.jsp?id=ns99991804
17 & 18 January 2002 Response to Trustworthy Computing Initiative Message
While some security experts find Gates' message welcome, others are skeptical.-http://www.wired.com/news/business/0,1367,49809,00.html
-http://news.com.com/2100-1001-817849.html
-http://www.cnn.com/2002/TECH/industry/01/18/microsoft.security.reut/index.html
-http://zdnet.com.com/2100-1107-818138.html
16 January 2002 NIPC is Considering Reorganization Models
National Infrastructure Protection Center (NIPC) director Ronald Dick says he has been speaking with the Centers for Disease Control (CDC) and the National Communications System (NCS) in an effort to find a good organizational model for gathering and disseminating critical infrastructure threat information.-http://www.computerworld.com/storyba/0,4125,NAV47_STO67424,00.html
15 & 16 January 2002 Windows Media Player Flaw Can Defeat IE P3P Protections
A security hole in Windows Media Player (WMP) can defeat the Platform for Privacy Preferences (P3P) which are built into Internet Explorer (IE) 6. The WMP unique ID number can be grabbed by a malicious JavaScript on a website and used as a "supercookie" capable of tracking users' Internet activities. Microsoft issued a patch available for the problem in May. Computer privacy and security consultant and Richard Smith posted information about the vulnerability on BugTraq.-http://zdnet.com.com/2100-1105-814626.html
-http://www.theregister.co.uk/content/55/23700.html
15 January 2002 ICANN Reluctant to Sign Server Performance Contracts
Organizations that oversee some of the Internet's top level domains want ICANN (the Internet Corporation for Assigned Names and Numbers) to guarantee root server stability, but ICANN has not signed such a contract because the liability risk involved is enormous. Some of the organizations are threatening to withhold ICANN fees if their concerns are not addressed.-http://news.bbc.co.uk/hi/english/sci/tech/newsid_1761000/1761362.stm
14 January 2002 Cyber Forensics
This article describes three cases in which cyber forensic investigations helped solve crimes: the Russian credit card thieves eventually nabbed in an FBI sting, the University of Washington denial-of-service zombies and a case in which a former employee stole intellectual property.-http://www.computerworld.com/storyba/0,4125,NAV47_STO67299,00.html
14 January 2002 File Sharing Programs Can Expose Personal Data
Users of file-sharing programs should be careful about which files and directories they make available to the network so as not to accidentally share private information.-http://www.msnbc.com/news/686184.asp?0dm=C235T
14 January 2002 Microsoft Shuts On-Line Store to Investigate Alleged Script Hole
Microsoft shut down its Developers Store web site last week to investigate a potential vulnerability. The alleged script problem could allow access to customer information. The software developer who posted his findings at a security web site says he e-mailed Microsoft about the problem first but received no reply.-http://www.computerworld.com/storyba/0,4125,NAV47_STO67382,00.html
14 January 2002 Older Versions of ICQ At Risk for Buffer Overflow
People using ICQ messaging software that is older than version 2001b on Windows operating systems are vulnerable to a buffer overflow exploit. An AOL spokesman encouraged users to update their software and said the company is taking server-side measures to address the problem.-http://zdnet.com.com/2100-1105-813806.html
13 January 2002 MoD Laptops Missing
Of the 1354 missing UK government computers, nearly 600 alone are from the Ministry of Defense (MoD). A spokesman said that not all computers contain classified information. The MoD also reported 27 hacking incidents during the last three years.-http://news.bbc.co.uk/hi/english/uk/newsid_1757000/1757792.stm
==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites
Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz