SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume IV - Issue #9

February 27, 2002

If you have ever wanted to get children involved early in learning
to keep systems more secure, there's something you can do now: tell
the school in your city about the Kids Improving Security poster
contest. SANS and the FBI's National Infrastructure Protection Center
are cosponsoring the (page-sized) poster contest for kids in grades
3-8. Winners' schools earn $1,500 in computer equipment and the six
student winners each earn a trip to Washington for themselves and a
parent. DoD will make the winning posters into screen savers. Deadline
is in three weeks. If you live outside the US, borrow the concept
and the materials and run a poster contest yourself; we'll help tell
people in your country about it. http://www.staysafeonline.org/

Alan

---

TOP OF THE NEWS

26 February 2002 Patch Internet Explorer Now CERT Warns
25 February 2002 Spitzner to Present HoneyNets On The Web
23 February 2002 Bill Would Increase Cybercrime Penalties
20 February 2002 Microsoft Baseline Security Advisor
19 February 2002 Wake Up and Smell the Coffee, Says Clarke
18 February 2002 Cybersecurity Information Coordination Center

THE REST OF THE WEEK'S NEWS

22 February 2002 Gartner Says Focus on Allocating Funds Efficiently
22 February 2002 Gator Digital Wallet Vulnerability
22 February 2002 Q & A with Stephen Crocker
22 February 2002 Microsoft Patches
21 & 22 February 2002 Vulnerability Reporting Standards Proposal
21 February 2002 UK Passport Office Looks Toward Biometrics
21 February 2002 Microsoft to Share Windows Source Code with Integrators
21 February 2002 FAA Security Holes Fixed, Says FAA CIO
20 February 2002 Companies Going In-house for Cyber-forensics
19 February 2002 Yarner Worm
19 February 2002 Wireless Security Holes
19 February 2002 Peekabooty Unveiled
18 February 2002 Alleged Cyber Intruder Arrested in Australia

---

********************* Sponsored by NetIQ Corp. ***********************
Concerned with Windows Security? FREE NetIQ WHITE PAPER!
Spend wisely to maximize Windows security, minimize risks. Learn key
IT investments for the best ROI and six money-wasters to avoid. Don't
allocate your limited budget and resources to the wrong tools.
Download NetIQ's FREE white paper, "Investing Wisely in Windows
Security"!
http://www.netiq.com/f/form/form.asp?id=547
**********************************************************************

---

TOP OF THE NEWS

26 February 2002 Patch Internet Explorer Now CERT Warns

Internet Explorer users should apply the latest security patch to address application vulnerabilities. The patch addresses the flaw in Microsoft Internet Explorer version 5.01 and higher. The buffer overflow vulnerability enables hackers to execute arbitrary code on a system that is not patched through malicious code embedded in HTML documents.
-http://www.nwfusion.com/news/2002/0226iepatch.html
CERT Advisory:
-http://www.cert.org/advisories/CA-2002-04.html

25 February 2002 Spitzner to Present HoneyNets On The Web

The leader of the HoneyNet project and the nation's top expert on honeypots, Lance Spitzner provides a fast-paced update on this important evolving technology; Fred Kost of Recourse Technology provides tool update. Date: March 6.
-http://www.sans.org/webcasts/honeynets.php

23 February 2002 Bill Would Increase Cybercrime Penalties

The Cyber Security Enhancement Act is likely to be voted on by a House Judiciary subcommittee this week. The bill aims to stiffen penalties for certain cyber disruptions.
-http://www.wired.com/news/politics/0,1283,50620,00.html

20 February 2002 Microsoft Baseline Security Advisor

The Microsoft Baseline Security Advisor (MBSA) scans Windows computers for missing patches, weak passwords, and vulnerabilities in the Microsoft's site in March.
-http://news.com.com/2100-1001-841770.html

19 February 2002 Wake Up and Smell the Coffee, Says Clarke

Cyber security advisor Richard Clarke admonished participants at the RSA conference to take cyber security seriously, pointing out that many companies spend more on coffee than on computer security. Clarke commended Microsoft for its Trustworthy Computing Initiative and encouraged the audience to hold Bill Gates to his word.
-http://news.com.com/2100-1001-840335.html
-http://www.gcn.com/vol1_no1/daily-updates/18013-1.html

18 February 2002 Cybersecurity Information Coordination Center

The Bush administration plans to create a federal cybersecurity response coordination office, much like the Y2K Information Coordination Center; having a physical location where people could gather to share information was very helpful. The center will bring together the Critical Infrastructure Assurance Office (CIAO), the National Infrastructure Protection Center (NIPC) and the office of Richard Clarke, President Bush's cyber security advisor.
-http://www.fcw.com/fcw/articles/2002/0218/news-cyber-02-18-02.asp
-http://www.fcw.com/fcw/articles/2002/0218/news-cyber1-02-18-02.asp

---

*********************** SPONSORED LINKS ******************************
Learn how ManHunt 2.0 is providing real threat management today.
http://www.sans.org/cgi-bin/sanspromo/NB7
ALERT! Hackers gain access to backend data via web applications. FREE
WHITE PAPER: http://www.sans.org/cgi-bin/sanspromo/NB8
Add it up and upgrade... StoneGate firewall 50% upgrade promotion.
http://www.sans.org/cgi-bin/sanspromo/NB9
**********************************************************************

---

THE REST OF THE WEEK'S NEWS

22 February 2002 Gartner Says Focus on Allocating Funds Efficiently

Gartner analyst John Pescatore observes that the recent Office of Management and Budget (OMB) report detailing cyber security weaknesses throughout government agencies' systems found no correlation between quality of security and spending on security which confirms Gartner CEO Michael Fleisher's statement that spending more doesn't make for better security.
-http://news.com.com/2009-1001-843375.html

22 February 2002 Gator Digital Wallet Vulnerability

An ActiveX plug-in in the Gator digital wallet could be exploited to gain control of computers and install backdoors or other malicious software. A demonstration showed that the IE version of Gator was vulnerable to the exploit, but it is not known if the Netscape version is also vulnerable. Richard Smith alerted the company to the problem in January 2000 and says he got no response.
-http://www.newsbytes.com/news/02/174709.html

22 February 2002 Q & A with Stephen Crocker

Stephen Crocker, the head of the Internet Corporation for Assigned Names and Numbers' (ICANN) recently established security committee, discusses BIND and DNS vulnerability, and the need to work with the entities that control the top level domains to establish consistent rules and procedures.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68514,00.html

22 February 2002 Microsoft Patches

Microsoft released patches for security vulnerabilities in IE, Windows XP, SQL Server 2000 and Commerce Server 2000. Two holes could allow attackers to read files on targeted computers; two others are buffer overflow flaws.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68547,00.html
-http://www.theregister.co.uk/content/55/24168.html

21 & 22 February 2002 Vulnerability Reporting Standards Proposal

Steve Christey and Chris Wysopal have released a draft proposal for responsible vulnerability disclosure procedures in an effort to codify the unwritten rules that presently govern the practice. The proposal calls for researchers who find security flaws to notify the vendor or a third party coordinator, like CERT. The vendor would be required to respond within a week in most cases, and would also have to provide the researcher with weekly updates on their progress toward fixing the problem.
-http://zdnet.com.com/2100-1105-842656.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68558,00.html

21 February 2002 UK Passport Office Looks Toward Biometrics

The UK Passport Office plans to have biometric information embedded in passports within four years. In addition to raising concerns about civil rights violations, his proposal could lead to passports being issued to people using false identities and to increased wait times at airport security checkpoints.
-http://news.bbc.co.uk/hi/english/sci/tech/newsid_1833000/1833939.stm
[Editor's (Murray) Note: The US Immigration and Naturalization Service has had INSPass in place for a decade. It may not have produced all the benefits we might have hoped for but it has certainly had none of the downside that the alarmists are concerned about. Frequent Flyers love it. Enrollment requires your cooperation. ]

21 February 2002 Microsoft to Share Windows Source Code with Integrators

Microsoft announced plans to share Windows source code with licensed systems integrators as part of its Shared Source Initiative. The integrators can view the code on a smartcard accessible website accessible; they may not alter or share the code. The announcement has met with skepticism from the community; it could be viewed as a way of satisfying a recent order in the antitrust case requiring the company to reveal its code to nine plaintiff states, or as a defensive gesture in the open source arena.
-http://www.wired.com/news/business/0,1367,50596,00.html
-http://news.com.com/2100-1001-841933.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68500,00.html
-http://www.msnbc.com/news/712896.asp?0dm=C19NT

21 February 2002 FAA Security Holes Fixed, Says FAA CIO

Federal Aviation Administration (FAA) CIO Daniel Mehan said the agency has addressed computer security deficiencies enumerated in a 2000 General Accounting Office (GAO) report. The FAA now maintains redundant systems and separates administrative and control networks from each other. Mehan said his agency needs increased funding to stay on top of its cybersecurity.
-http://online.securityfocus.com/news/337

20 February 2002 Companies Going In-house for Cyber-forensics

A former UK police detective who now teacher classes in cyber-forensics says that there is a growing trend of companies sending their own employees for cyber-forensic training so they can conduct in-house investigations.
-http://zdnet.com.com/2100-1105-840925.html
[SANS Note: SANSFire in Boston at the end of June offers immersion, hands-on forensics training and up-to-date technical briefings. ]

19 February 2002 Yarner Worm

The Yarner worm arrives in the guise of a newsletter from Trojaner Info. When executed, it overwrites the Notepad application in the Windows directory, adds and alters some files, self-replicates via Outlook e-mail, and deletes files in the Windows directory. Outlook 2002 users and Outlook 2000 users who have installed the Security Update should be protected.
-http://zdnet.com.com/2100-1105-840177.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68459,00.html

19 February 2002 Wireless Security Holes

Two security researchers published a paper detailing a pair of security holes in the 802.1X wireless security system. The first allows attackers to hijack a connection; the second allows them to steal access information during authentication. The paper recommends adding symmetric authentication to the standard.
-http://zdnet.com.com/2100-1105-839948.html

19 February 2002 Peekabooty Unveiled

Two software developers presented a working version of Peekabooty, a human rights peer-to-peer distributed proxy network designed to deliver Internet content to people in countries that censor web sites.
-http://zdnet.com.com/2100-1105-840652.html
-http://online.securityfocus.com/news/335

18 February 2002 Alleged Cyber Intruder Arrested in Australia

Police in Sydney, Australia arrested a 21-year-old man in connection with cyber-intrusions at Optus, a telecommunications form; law enforcement authorities were able to bring charges of unauthorized access to a computer and unauthorized modification of data against the man under legislation that passed only last year. Optus Corporate Affairs manager said the intruder did not cause any damage, nor was customer data compromised.
-http://www.newsbytes.com/news/02/174568.html

---

==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites


Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz