SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume IX - Issue #6
January 19, 2007
TOP OF THE NEWS
US Nets First Conviction Under Can-Spam ActKeystroke Loggers and Phishing Attacks on the Rise
THE REST OF THE WEEK'S NEWS
LEGAL MATTERSMySpace Sued After Assaults
Jail Time for Crooked Detectives and People Who Hired Them
Prosecutors Seek Jail Time for Alleged Botnet and Phishing Perpetrators
Substitute Teacher Convicted After Students See Racy Pop-Ups
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Microsoft Reissues Excel Patch
Oracle's Quarterly Security Update Addresses 51 Flaws
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
Missing Backup File Holds Information of 500,000 Investors
Grade Changing Allegations Under Investigation
Thirty Computers Stolen from Closed Infirmary
TJX Security Breach
Stolen Water District Computers Hold Customer Credit Card Information
Computers Stolen from Univ. of New Mexico Hold Faculty Info.
MISCELLANEOUS
Bad Weather and Unforeseen Damage Delay Undersea Internet Cable Repair
Interim FTC Agreement Allows Site to Install Pop-Up Software
******* Sponsored By Check Point Software Technologies, Inc. ***********
Learn how the industry's most proven VPN security gateways provide a truly integrated solution for simple site-to-site VPN deployment and ensure the VPN does not compromise the security of the entire network in favor of connectivity. Download our FREE whitepaper - "Bridging the Gap Between Connectivity and Security"
http://www.sans.org/info/2996
*************************************************************************
TOP OF THE NEWS
US Nets First Conviction Under Can-Spam Act (17 January 2007)
Jeffrey Brett Goodin has become the first person to be convicted under the US Can-Spam Act. Goodin ran a phishing scam that duped AOL users into divulging credit card information; he was found guilty on charges of wire fraud, unauthorized use of credit cards, misuse of the AOL trademark and attempted witness harassment. Goodin's sentencing is scheduled for June 11; he could receive a prison sentence of up to 101 years.-http://www.zdnet.co.uk/misc/print/0,1000000169,39285508-39001093c,00.htm
Keystroke Loggers and Phishing Attacks on the Rise (16 & 15 January 2007)
A white paper from McAfee noted a 250 percent growth in keystroke logging malware between January 2004 and May 2006. Over that same time period, the Anti-Phishing Working group observed a 100 percent increase in phishing attacks. The UK's Home Office places losses from identity theft at 1.63 billion GBP (US$3.2 billion) over the last three years. The paper also offers tips for protecting sensitive data.-http://www.vnunet.com/computing/news/2172647/id-fraud-taking-toll
-http://www.mcafee.com/us/about/press/corporate/2007/20070115_182020_r.html
-http://www.mcafee.com/us/local_content/white_papers/wp_id_theft_en.pdf
[Editor's Note (Boeckman): The proliferation of keyloggers raises serious questions about the value of software based certificates for client side authentication. It also might warrant keeping a copy of a bootable operating system with you if you want to use someone else's computer for anything important.
(Grefer): The APWG numbers might be misleading. I doubt that too many contributors to APWG will dig through their spam filters and weed out what share of their spam actually were phishing attempts. Therefore, I suspect that the APWG's 100% increase is indicative of a doubling of new phishing attacks that were not already filtered. While this might not be as important for those of us who use spam filters, it could be an additional incentive to those who still haven't jumped on the band wagon, yet. ]
*************************** Sponsored Link: ***************************
1) Do you like to study computer security on your own schedule? Want to save money on travel costs? Learn from the top teachers? Check out SANS OnDemand online training and assessments.
http://www.sans.org/info/3001
*************************************************************************
SECURITY TRAINING UPDATE: Several of the hands-on immersion security training courses at SANS 2007 (San Diego, March 29 - April 4) are starting to fill up. If you want a place, register early. You'll also save hundreds of dollars if you do it in the next few weeks. Full Schedule (53 courses):
http://www.sans.org/sans2007/event.php
*************************************************************************
THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
MySpace Sued After Assaults (18 January 2007)
Four families have filed lawsuits against News Corp. and MySpace after their 14- and 15-year-old daughters were sexually assaulted by predators they met on the social networking site. The suits allege negligence, recklessness, fraud and negligent misrepresentation. MySpace has responded to concerns about predators by bolstering education and establishing partnerships with law enforcement. MySpace has also restricted adults' communication with minors and plans to release a tool that will allow parents to view certain aspects of their children's MySpace profiles. A similar suit was filed last June.-http://www.washingtonpost.com/wp-dyn/content/article/2007/01/18/AR2007011800670_
pf.html
-http://www.informationweek.com/showArticle.jhtml?articleID=196901881&cid=RSS
feed_TechWeb
[Editor's Note (Kreitner): That 14 and 15 year old kids feel free to disclose to strangers what they feel they have to keep secret from their parents isn't particularly encouraging about the current status of family integrity and trust, to say nothing about parental responsibility for and supervision of their kids. In an anonymous environment like the Internet, good luck trying to identify and monitor who is an adult and who is a kid. ]
Jail Time for Crooked Detectives and People Who Hired Them (18 & 17 January 2007)
British multi-millionaire Adrian Kirby, who heads Atlantic Waste Holdings, has been sentenced to six months in jail for hiring people to break into the phones and computers of people he suspected of lodging complaints of illegal dumping. Several employees of the London detective agency he hired received jail time for their roles in various wiretappings and computer intrusions in other cases, as did other clients of the firm.-http://www.thejournalnews.com/apps/pbcs.dll/article?AID=/20070115/BUSINESS01/701
150312/1066
-http://www.theregister.co.uk/2007/01/17/detective_agency_sentencing/print.html
-http://news.independent.co.uk/uk/crime/article2162875.ece
Prosecutors Seek Jail Time for Alleged Botnet and Phishing Perpetrators (17 January 2007)
Dutch prosecutors are seeking jail time for two men accused of being part of a botnet scheme. At least 50,000 computers were infected with the Toxbot worm. The two also allegedly used the Wayphisher Trojan horse program to gather unsuspecting individuals' credit card information. Prosecutors want a two-year sentence for one of the men and a three-year sentence for the other. They also want each man to pay US$38,000 to the Dutch government. A verdict is expected at the end of the month. Four other individuals allegedly involved in the scheme will be tried later this year.-http://news.com.com/2100-7348_3-6150592.html
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9008286&source=rss_topic17
-http://www.vnunet.com/vnunet/news/2172694/botnet-herders-face-jailtime
Substitute Teacher Convicted After Students See Racy Pop-Ups (16 January 2007)
A substitute teacher has been convicted of endangering students when they saw pornographic pop-up advertisements on her computer. A forensic expert testified that spyware surreptitiously installed on the computer while visiting a seemingly innocuous site was responsible for the barrage of pop-ups. Prosecutors question why the teacher did not simply cut off power to the machine once the offensive content appeared. Sentencing is scheduled for early March; the teacher could face up to 40 years in prison.-http://www.securityfocus.com/brief/408
-http://www.norwichbulletin.com/apps/pbcs.dll/article?AID=/20070106/NEWS01/701060
312/1002/NEWS17
[Editor's Note (Multiple): If this isn't a joke, it is ridiculous. ]
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Microsoft Reissues Excel Patch (18 January 2007)
Microsoft has reissued a fix for Excel because the first version of the patch made it impossible for certain Excel 2000 users to open some documents. Users who installed the original patch and "have configured Excel's 'executable mode' to Korean Japanese or Korean" were unable to open some Excel documents. The update, MS07-002, addresses five flaws in Excel and has a severity rating of critical.-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9008478&source=rss_topic17
-http://news.com.com/2102-1012_3-6151252.html?tag=st.util.print
-http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
Oracle's Quarterly Security Update Addresses 51 Flaws (17 January 2007)
Oracle released its quarterly patch update on Tuesday, January 16. The release includes 51 security fixes for a variety of Oracle products. At least 23 of the vulnerabilities are remotely exploitable without authentication. The batch of flaws could be exploited to access sensitive data, cause denial-of-service and launch cross-site scripting and SQL injection attacks.-http://www.theregister.co.uk/2007/01/17/oracle_january_patch_batch/print.html
-http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan20
07.html
-http://www.us-cert.gov/cas/techalerts/TA07-017A.html
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
Missing Backup File Holds Information of 500,000 Investors (18 January 2007)
A backup computer file in transit between offices of CIBC Asset Management is missing. The file contained personally identifiable information of nearly 500,000 Talvest Mutual Funds clients. The data include names, addresses, dates of birth, bank account numbers and Social Insurance Numbers. Affected clients are being notified by letter. Canada' s privacy commissioner Jennifer Stoddart is launching an investigation.-http://www.cbc.ca/canada/story/2007/01/18/cibc.html
Grade Changing Allegations Under Investigation (18 January 2007)
Police in Golden, Colorado are investigating allegations that someone broke into Golden High School's computer system and altered students' grades. Most of the records were able to be reconstructed from teachers' hard copies of student grades. The Jefferson County School District spokesperson said it appears that the intrusion was made through a teacher's computer.-http://www.denverpost.com/broncos/ci_5038470
Thirty Computers Stolen from Closed Infirmary (18 & 17 January 2007)
Thirty computers were stolen from a storeroom at the shuttered Lymington Infirmary in Hampshire, UK earlier this month. It is not believed the computers hold medical records, but could possibly contain the names and addresses of patients and hospital employees. Administrators are conducting an audit to determine exactly what information the computers hold. Hospital staff received a memo in September 2006 and again in December 2006 telling them not to store patient records on PCs. The theft occurred before the computers could be checked for compliance with the guidance.-http://www.theregister.co.uk/2007/01/18/hospital_pc_theft_fear/print.html
-http://www.thisislondon.co.uk/news/article-23382060-details/Patients'%20details
%20stolen%20in%20hospital%20computer%20theft/article.do
TJX Security Breach (18 & 17 January 2007)
Framingham, Massachusetts-based TJX Companies Inc. has acknowledged that a cyber intrusion has compromised a computer system that holds customer information. Specifically, the system contains transaction information, including credit card, debit card, check and merchandise return transactions for TJX stores, which include T.J. Maxx and Marshall's in the US and Winners and HomeSense in Canada. Customers at TJX's T.K. Maxx stores in the UK and Ireland may also be affected. The breach affects customers who shopped at the stores between 2003 and 2006. Law enforcement authorities have been notified and TJX is conducting an investigation with outside help in an effort to determine what information was compromised and help them better secure their systems. TJX has identified and notified "a relatively small number" of credit and debit cardholders whose information was stolen from the system. It is believed the breach is responsible for warnings Massachusetts banks have received from Visa; a number banks have had to reissue credit and debit cards, including Fitchburg Savings Bank. The breach reportedly occurred in December 2006.-http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&am
p;newsId=20070117005971&newsLang=en
-http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1239711,0
0.html
-http://www2.csoonline.com/blog_view.html?CID=28255
-http://www.telegram.com/apps/pbcs.dll/article?AID=/20070117/NEWS/701170343/1002/
BUSINESS
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9008418&source=rss_topic17
Stolen Water District Computers Hold Customer Credit Card Information (17 January 2007)
Two computers stolen from the offices of the Rincon del Diablo Municipal Water District in southern California hold the names and credit card information of approximately 500 water district customers. People whose data were compromised were notified of the situation by phone; all water district customers will receive a letter describing the breach some time this week. The water district said it is working to encrypt the data on its computers and is installing fences around the building.-http://www.signonsandiego.com/news/northcounty/20070117-9999-1mi17rincon.html
Computers Stolen from Univ. of New Mexico Hold Faculty Info. (16 January 2007)
Three computers stolen from the office of the associate provost of University of New Mexico (UNM) earlier this month could hold the names and Social Security numbers (SSNs) of the university's faculty members. The associate provost's office had recently moved from one location to another and could not say if everything was accounted for as not all equipment was set up. Faculty members received email messages on January 9 alerting them to the theft and the possible compromise of their personal information.-http://www.dailylobo.com/home/index.cfm?event=displayArticle&uStory_id=abad7
ee1-3707-450e-acd5-0e7ed80b86b6
MISCELLANEOUS
Bad Weather and Unforeseen Damage Delay Undersea Internet Cable Repair (17 January 2007)
Bad weather and unexpected damage from the December 26 earthquake could delay repairs to Asian Internet services until February. The additional damage beneath the ocean floor means crews must return to the mainland to gather needed materials. Inclement weather could also cost the workers time.-http://www.theage.com.au/news/Technology/New-damage-bad-weather-delay-Asian-Inte
rnet-repairs/2007/01/17/1168709833073.html
Interim FTC Agreement Allows Site to Install Pop-Up Software (15 January 2007)
The Federal Trade Commission (FTC) has reached an interim agreement with Digital Enterprises Inc. that will allow it to install pop-up software on customers' computers. The agreement limits the ads' duration and frequency and requires the sites to let users know what the software will do before it is installed. The original complaint alleged that one of Digital Enterprise's video sites, Movieland.com, inundated people's PCs with pop-ups that could not be closed or minimized. In addition, the ads demanded payment from the users to stop the deluge. According to the terms of the agreement, Digital Enterprise's three video sites may continue to install the pop-up software but limits displays to 40 seconds in length and five times a day. Users will also be able to silence the audio portion of the ads. The software will be installed when users sign up for a free three-day trial; they can avoid the pop-ups if they cancel within those three days. The agreements pre-empts the need for a preliminary hearing in the case, which is scheduled to resume in one year.-http://www.vnunet.com/vnunet/news/2172503/ftc-prunes-site-pay-pop-ads
