Newsletters: NewsBites

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume IV - Issue #6

February 06, 2002

TOP OF THE NEWS

1 February 2002 Passenger Security Screening System
1 February 2002 Microsoft Coding Moratorium
31 January 2002 Lawrence Livermore Bans Wireless LANs
4 February 2002 Improving 802.11b Security

THE REST OF THE WEEK'S NEWS

5 February 2002 Diekman Sentenced to 21 Months
1 February 2002 Pirates Plead Guilty
30 January & 1 February 2002 Windows 2000 Security Fixes Bundled
31 January & 1 February 2002 WEF Site Down
31 January 2002 Windows 2000 and NT 4.0 Trust Vulnerability
30 & 31 January 2002 SEC's Phony Site Gets Over 150,000 Hits
30 January 2002 Corley Will Continue to Fight DMCA
29 January 2002 Navigator Flaw Exposes Cookies
29 January 2002 Alleged Hacker-Extortionist Held
29 January 2002 EPIC Wants States to Investigate Microsoft's Passport
28 January 2002 Myparty Worm
28 January 2002 Security Manager's Journal: Addressing Virus Protection
28 January 2002 Cyberattack Study
24 January 2002 Study Says Most CIOs Not Prepared for Disasters


******************* Sponsored by Tripwire, Inc. **********************
Worried about the integrity of your data? Rest easy with Tripwire.
Tripwire data integrity assurance solutions tell you if, when, and
how data or business processes have been changed on your system. This
leads to less time consuming & labor intensive assessment and recovery
processes.
Attend a free online seminar to find out more!
http://www.tripwire.com/products/register.cfml?semclass=65
**********************************************************************

TOP OF THE NEWS

New Guide For Windows 2000 PRO

The US National Institute for Standards and Technology released a security guide for Windows 2000 Professional desktop systems in configurations used by office workers, at home users, or road-warriors. NIST is inviting comments and suggestions on the guide.
-http://csrc.nist.gov/itsec/guidance_W2Kpro.html

1 February 2002 Passenger Security Screening System

The U.S. government plans to test an airline security system that uses data mining and predictive software to generate passenger profiles. Critics of the system are concerned that it could erode civil liberties.
-http://www.cnn.com/2002/TECH/internet/02/01/rec.airlines.database.reut/index.htm
l

-http://www.computerworld.com/storyba/0,4125,NAV47_STO67962,00.html

1 February 2002 Microsoft Coding Moratorium

As part of its new Trustworthy Computing Initiative, Microsoft will not write any new code for one month; instead, the company will use the time to debug its old code.
-http://www.gcn.com/vol1_no1/daily-updates/17874-1.html
[Editor's (Murray) Note: I am all in favor of MS cleaning up its execution. However, its strategy needs to be cleaned up too. ]

31 January 2002 Lawrence Livermore Bans Wireless LANs

Lawrence Livermore National Laboratory, a national defense technology research lab in California, has banned the use of wireless local area networks (LANs) due to security concerns. A lab spokesman said that Los Alamos National Laboratory might introduce a wireless network ban as well.
-http://cgi.zdnet.com/slink?169109
[Editor's (Murray) Note: Yesterday I received an ad for a wireless access point for $130-, down 50% from a year ago. Connectivity trumps security every time. A ban cannot succeed. The only way to successfully exclude wireless is to close the network. Get used to it. ]

4 February 2002 Improving 802.11b Security

Wireless networking standards 802.11a and 802.11b are both popular and vulnerable. A new security algorithm, called Temporal Key Integrity Protocol is being tested. It generates a new encryption key for every ten kilobytes of data transmitted.
-http://www.pcworld.com/news/article/0,aid,82563,00.asp


************************ SPONSORED LINKS *****************************
(1) Solutionary, Inc. FREE WHITE PAPER: A Technical Summary of eV3
and ActiveGuard
http://www.sans.org/cgi-bin/sanspromo/NB3
(2) Looking to implement real time incident response in your security
environment?
http://www.sans.org/cgi-bin/sanspromo/NB2
(3) FREE Web Seminar: "Palm Tightens Grip On Network Security"
http://www.sans.org/cgi-bin/sanspromo/NB1
***********************************************************************

THE REST OF THE WEEK'S NEWS

5 February 2002 Diekman Sentenced to 21 Months

Jason Allen Diekman, who went by the names 'Shadow Knight' and 'Dark Lord,' was ordered to spend 21 months in federal prison and to pay nearly $88,000 in restitution. On February 4. He had hacked into NASA computers and also used stolen credit cards to buy goods over the Internet.
-http://www.latimes.com/news/local/la-000009016feb05.story

1 February 2002 Pirates Plead Guilty

Two men who pleaded guilty to charges stemming from their involvement in an Internet piracy group face up to five years in prison and $250,000 in fines. As part of their plea agreement, the two men revealed details about how group members hid the illegal software.
-http://www.gcn.com/vol1_no1/daily-updates/17875-1.html

30 January & 1 February 2002 Windows 2000 Security Fixes Bundled

Microsoft has released the Windows 2000 Security Rollup package, a collection of all the company's post-Service Pack 2 security patches; the package requires Service Pack 2 to be installed on the system. Users who have older versions of Internet Explorer should upgrade to version 6.0 before installing the security package.
-http://news.com.com/2100-1001-826495.html
-http://www.gcn.com/vol1_no1/daily-updates/17860-1.html

31 January & 1 February 2002 WEF Site Down

The World Economic Forum's (WEF) web site crashed late last week. Activists claim they targeted the site in a "virtual sit-in" denial-of-service attack. Last year, a hacker stole personal information, including credit card numbers, belonging to WEF participants.
-http://www.wired.com/news/politics/0,1283,50159,00.html
-http://www.cnn.com/2002/TECH/internet/02/01/worldforum.techtrouble.ap/index.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO67982,00.html

31 January 2002 Windows 2000 and NT 4.0 Trust Vulnerability

A flaw in the trust relationships in the Windows 2000 and NT 4.0 environments' network domains could allow people to increase their access levels.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO67865,00.html

30 & 31 January 2002 SEC's Phony Site Gets Over 150,000 Hits

The Securities and Exchange Commission (SEC) used on-line investment scam tactics, including preying on people's fears and offering huge returns on investment with no risk, on a phony site designed to educate consumers about investment fraud. People who actually tried to invest were greeted with a warning message. The site received more than 150,00 hits in a three-day period; the SEC says it has planted other phony sites on the Internet in an effort to fight back against investment fraud.
-http://news.com.com/2100-1017-826434.html
-http://www.wired.com/news/business/0,1367,50125,00.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO67866,00.html
[Editor's (Ranum) Note: Educating people by telling them "YOU ARE STUPID!" is an interesting tactic. I guess it's impossible to deliver a cattle-prod like shock over the Internet effectively. ]

30 January 2002 Corley Will Continue to Fight DMCA

Eric Corley, who has been barred from posting a DVD descrambling program under the Digital Millennium Copyright Act (DMCA) has vowed to continue to fight the controversial law. In November 2001, a three-judge panel ruled that free speech provisions did not protect Corley's posting of the program. Corley's attorneys have requested a rehearing by the full 2nd Circuit Court of Appeals in New York; if that proves unsuccessful, they intend to take the case to the Supreme Court.
-http://news.com.com/2100-1023-826710.html

29 January 2002 Navigator Flaw Exposes Cookies

A security hole in Netscape Navigator allows web page operators to look at site visitors' cookies. The flaw affects Navigator versions 6 through 6.2 and Mozilla versions 0.9.6 and earlier. Netscape is encouraging all its affected users to upgrade their web browsers.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO67803,00.html

29 January 2002 Alleged Hacker-Extortionist Held

A Russian hacker, identified as Nikolai, allegedly extorted $10,000 from a U.S. bank; he had threatened to expose account information he had stolen from a database on a server belonging to a company that provides online banking and bill payment services to financial institutions. Nikolai is being detained in Siberia.
-http://www.theregister.co.uk/content/55/23861.html

29 January 2002 EPIC Wants States to Investigate Microsoft's Passport

The Electronic Privacy Information Center (EPIC) is asking the states' attorneys general to protect consumers from Microsoft's "unfair and deceptive trade practices" that accompany the passport online identity service. EPIC claims that in addition to profiling users' web habits, Passport does not do an adequate job of protecting users' credit card information. Microsoft refutes the claims.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO67802,00.html
-http://zdnet.com.com/2100-1106-825340.html

28 January 2002 Myparty Worm

The Myparty worm arrives as an attachment that appears to be an innocuous web site link. However, those who click on the link will become infected with the worm, which sends itself out through to everyone in the machine's address book and leaves a backdoor in the infected system. It infects computers between January 25 and January 29, and won't infect machines running Russian versions of Windows, leading to speculation that Myparty is of Russian origin.
-http://news.com.com/2100-1001-823959.html
-http://www.msnbc.com/news/695292.asp?0dm=T236T
-http://www.computerworld.com/storyba/0,4125,NAV47_STO67773,00.html

28 January 2002 Security Manager's Journal: Addressing Virus Protection

The security manager discusses ideas protecting his computer network at the various points of entry used by viruses: external media, e-mail, web mail, downloads and unpatched operating systems.
-http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO67720,00.ht
ml

28 January 2002 Cyberattack Study

A managed security services company study of cyberattacks on its customers networks in the second half of 2001 found that nearly 40% of the attacks targeted a specific company or computer system. In addition, more attacks originate in the United States than in any other country; Israel tops the list in attacks launched per capita. Code Red and Nimda were not included in the study.
-http://www.washingtonpost.com/wp-dyn/articles/A46836-2002Jan27.html
-http://zdnet.com.com/2100-1105-824448.html

24 January 2002 Study Says Most CIOs Not Prepared for Disasters

The results of a survey conducted by the Gartner consultancy and the Society for Information Management (SIM) indicate that while 88% of CIOs have back-up power supplies and 70% have back-up plans for network, software and other such failures, only about one-third have established business continuity plans that address the possibility of physical attacks.
-http://www.eweek.com/article/0,3658,s%3D701%2526a%3D21681,00.asp


==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites


Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz