SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume V - Issue #13

April 02, 2003

TOP OF THE NEWS

Al Jazeera Web Site Faces Sustained DoS Attack and DNS Attacks
Sendmail Users Face Second Major Security Flaw
NIPC Says Chinese Hackers Likely To Launch Anti-War Attacks
European Union Requires Standard Cyber Crime Laws

THE REST OF THE WEEK'S NEWS

Bail Reduced For Identity Thief, Son of IBM Cyber Security Executive
Ganda Virus Creator Could Face Up To Four Years In Prison
Cell Phone Flaws Can Thwart Emergency Response
Microsoft Bolstering WiFi Security in Windows XP
Microsoft Refuses To Patch Windows NT4 RPC Vulnerability
Congressman Challenges Bush Administration To Up IT Security Funding
Policy Makers Struggle With Privacy vs. Security
Gartner Lists Top Security Issues for 2003
OMB Says Federal Agencies Doing Better On Security
Hotmail Caps Outgoing Email Messages To Curb Spam

---

*********** Sponsored by VeriSign-The Value Of Trust. ****************
Secure Your Servers
Secure your servers with 128-bit SSL encryption! Grab your copy of
VeriSign's FREE Guide, "Securing Your Web site for Business," and
you'll learn everything you need to know about using 128-bit SSL to
encrypt your e-commerce transactions, secure your corporate intranets
and authenticate your Web sites. 128-bit SSL is serious security for
your online business. Get it now!
http://www.verisign.com/cgi-bin/go.cgi?a=n09440117530057000
***********************************************************************

---

TOP OF THE NEWS

Al Jazeera Web Site Faces Sustained DoS Attack and DNS Attacks (31/28 March 2003)

The Arabic and English language versions of the AlJazeera.net web site for the Arabic satellite news channel were both unavailable for most of the past week. It appears to have been hit by both a denial of service and a DNS attack. The site manager claimed that no normal hacker could accomplish such a feat, but security experts found common security flaws in the sites' upstream internet service providers that would have easily enabled the DNS attack. The DoS attack was also easily accomplished by a single hacker using zombie machines over which he had gained control.
-http://205.180.85.40/w/pc.cgi?mid=17413&sid=11896
-http://www.washingtonpost.com/wp-dyn/articles/A40444-2003Mar28.html
[Editor's Note (Northcutt): A number of the news stories about this event are misleading. This is not super patriot hacker at work exactly. Verisign's Network Solutions the folks that handle domains get tricked from time to time. The PR Newswire folks have a more accurate write up:
-http://www.eedesign.com/pressreleases/prnewswire/65953
You will recall this is not the first case of domain hijacking, in 1998 AOL took a hit:
-http://news.com.com/2100-1023-216813.html?tag=bplst
In 1999, Ricochet networks was hijacked:
-http://news.com.com/2100-1033-235081.html?legacy=cnet
Let's not forget Nike in 2000
-http://zdnet.com.com/2100-11-521718.html?legacy=zdnn
In fact a couple years ago, there was even a Step by Step guide to Hacking Domains:
-http://www.securiteam.com/securitynews/5AP0D000KM.html]

Sendmail Users Face Second Major Security Flaw (31 March 2003)

Most versions of sendmail do not adequately check the length of e-mail addresses, and a carefully crafted address can trigger a stack overflow and potentially allow the attacker to take control of the system. Users are urged to upgrade to version 8.12.9. CERT/CC said most medium to large organizations are likely to have at least one vulnerable sendmail server.
-http://www.infoworld.com/article/03/03/31/HNsendmail_1.html
The CERT Advisory:
-http://www.cert.org/advisories/CA-2003-12.html

NIPC Says Chinese Hackers Likely To Launch Anti-War DDoS Attacks (31 March 2003)

The National Infrastructure Protection Center said that hacker groups in China are planning distributed denial of service attacks on US and UK web sites. The attacks are expected soon in part because today is the anniversary of the collision of the US surveillance plane and the Chinese fighter jet on April 1, 2002. The attacks are expected to be the result of protests against the war in Iraq.
-http://www.washingtonpost.com/wp-dyn/articles/A60363-2003Mar31.html

European Union Requires Standard Cyber Crime Laws (28 March 2003)

The Council of the European Union has agreed on a common approach for anti-hacking regulations. Each member state has until December 31, 2003 to adopt the new rules that make unauthorized access a criminal offense and that call for jail time for serious offenders. Some observers were concerned that email protests could be criminalized.
-http://www.net-security.org/news.php?id=2267
-http://www.iht.com/articles/88499.html
************************ SPONSORED LINKS ******************************

---

THE REST OF THE WEEK'S NEWS

Bail Reduced For Identity Thief, Son of IBM Cyber Security Executive (27 March 2003)

Loren Anderson, the teen accused of using stolen identities to raid bank accounts through ATM machines, saw his bail reduced when his father, a cyber security director at IBM, promised to control his son, and his son's defense attorney promised Loren would have no access to computers.
-http://www.nypost.com/news/regionalnews/72102.htm

Ganda Virus Creator Could Face Up To Four Years In Prison (26 March 2003)

Swedish Police said they had captured the author of the Ganda virus and that he had confessed. He claimed he had been unfairly treated during his school days. The virus played on interest in the Iraq war by using subject lines such as: "Spy pics," "GO USA !!!," "G.W. Bush animation" and "Is USA always number one?"
-http://zdnet.com.com/2100-1105-994148.html
Symantec report on Ganda:
-http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.ganda.a@mm.html

Cell Phone Flaws Can Thwart Emergency Response (30 March 2003)

Using a cell phone to contact emergency services by dialing 911 can take the caller to the wrong jurisdiction (one located far from the caller's location) and delay emergency response. In addition, regulators are not advocating global positioning system (GPS) capability in cell phones that could save lives by pinpointing the location of callers in distress.
-http://www.washingtonpost.com/wp-dyn/articles/A54802-2003Mar30.html

Microsoft Bolstering WiFi Security in Windows XP (31 March 2003)

Microsoft announced today that Windows XP users could download WiFi Protected Access (WPA) to replace the more easily hacked WEP. WPA can work with Remote Authentication Dial-In Services to help determine the identity of users accessing corporate wireless networks.
-http://www.computerworld.com/securitytopics/security/story/0,10801,79897,00.html
?SKC=security-79897

Microsoft Refuses To Patch Windows NT4 RPC Vulnerability (28 March 2003)

Microsoft's statement that it would not offer a version of a security patch for NT 4.0 has called into question an earlier promise to continue supporting the operating system through the end of 2004 and raised concern among its customers. The new vulnerability could expose computers running the operating systems to a denial of service attack, Microsoft warned in its security bulletin, MS03-010, on Wednesday. The bulletin contained patches for Windows 2000 and XP.
-http://www.infoworld.com/article/03/03/28/HNmspatch_1.html
Microsoft's Bulletin:
-http://www.microsoft.com/technet/security/bulletin/MS03-010.asp

Congressman Challenges Bush Administration To Up IT Security Funding (27 March 2003)

Rep. Sherwood Boehlert (R-N.Y.) today said the Bush administration has failed to put its cybersecurity money where its mouth is. He also called for creation of a senior advisory post for IT security within the Homeland Security Department.
-http://www.gcn.com/vol1_no1/daily-updates/21505-1.html

Policy Makers Struggle With Privacy vs. Security (20 March 2003)

A Congressional Internet Caucus meeting focused on the privacy/security tradeoff. Speakers suggested that power was being misused and should be constrained while other speakers said that the security measures being instituted by the U.S. government are much less intrusive than those taken by other wartime Presidents.
-http://www.infoworld.com/article/03/03/20/HNprivacy_1.html
[Editor's Note (Schultz): Unfortunately, privacy has not been very much of a major concern in the U.S. (as opposed to in many European countries) so far, as evidenced by the existence of little privacy protection legislation. Perhaps erosion of what little privacy protection we have will help awaken the public (and ultimately legislators) to the need for better privacy protection. ]

Information Security Magazine Evaluates Five Vulnerability Scanners (March 2003)

Internet Security System's Internet Scanner came in first in a competition with Nessus (2) NetRecon (3) and SAINT and Retina, when judged by the number of common flaws found. Internet Security Magazine's testing also found that none of the vulnerability testers did a good job of mapping the large network and every one of the systems crashed at least one server or application.
-http://www.infosecuritymag.com/2003/mar/cover.shtml
[Editor's Note (Paller): The article is definitely worth reading, but leaving out Qualys, Foundstone and Tenable Security makes it less than useful as a buyer's guide. ]

Gartner Lists Top Security Issues for 2003 (28 March 2003)

Gartner analyst Victor Wheatman lists Web service security, wireless LAN security, identity management, intrusion prevention, event correlation, the next great worm, instant messaging security, homeland security, security engineering throughout the enterprise, intellectual property defense and transaction trustworthiness and auditing.
-http://www.techweb.com/wire/story/TWB20030328S0007
[Editor's Note (Northcutt): I might add sendmail, but from what I interpret from Netcraft survey data, there are still at least 300,000 WebDAV vulnerable IIS Servers, so I certainly agree web service security belongs at the top. If your site runs IIS make sure you are on the patch.
-http://news.netcraft.com/archives/2003/03/18/
three_quarters_of_microsoftiis_sites_have_webdav_enabled.html ]

OMB Says Federal Agencies Doing Better On Security (27 March 2003)

After flunking most agencies last year, OMB is ready to send out better grades this year, claiming progress was made "across the government." OMB is ready to cut off funds to agencies that have not corrected security problems.
-http://www.gcn.com/vol1_no1/daily-updates/21510-1.html

Hotmail Caps Outgoing Email Messages To Curb Spam (27 March 2003)

Microsoft has reduced the number of messages people using its free Hotmail service can send each day to 100 from 500, in an attempt to cut down on spam.
-http://news.bbc.co.uk/1/hi/technology/2890661.stm

---

===end===
NewsBites Editorial Board:
Kathy Bradford, Dorothy Denning, Roland Grefer, Stephen Northcutt,
Alan Paller, Marcus Ranum, Eugene Schultz, Gal Shpantzer
Guest Editors: Bruce Schneier and Hal Pomeranz
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) visit https://portal.sans.org/preferences.php/
To update your address, visit http://www.sans.org/sansurl and enter
your SD number (from the header of this email.) You will receive your
personal URL via email.