Newsletters: NewsBites

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume VI - Issue #27

July 07, 2004

TOP OF THE NEWS

EVOTING
eVoting Software Firm Releases Source Code to NIST
PHISHING & SPAM
FTC Considering Spammer Bounties
SPYWARE
Man Loses Job for Installing Spyware on Boss's Computer
TECHNOLOGY
TI and ARM to Embed Security in Cell Phone Chips

THE REST OF THE WEEK'S NEWS

COURT DECISIONS, ARRESTS, CONVICTIONS AND SENTENCES
Court Decides ISPs Can Read Email Of Clients
Hungarian Teen Sentenced for Magold-A Worm
High School Students Arrested, Charged in School System Computer
Intrusion
ATTACKS
UK Betting Site Hit With DDoS Attack
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
DHS Wireless is Weak, Says Inspector General
DHS: Many critical facilities are at risk, but no authority to force fixes
LEGISLATION
UK MP Internet Group Wants Computer Misuse Act Amended to Keep Pace with Cyber Crime
STANDARDS AND BEST PRACTICES
NIST Releases XP Security Recommendations Draft
WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES
Microsoft Releases IE Configuration Change
Vulnerability in Cisco Collaborative Server
Apache Proxy Server Vulnerability
MALWARE
Bankhook.A Trojan Threatens Windows Users


*************************************************************************
THIS WEEK'S HIGHLIGHTED SECURITY TRAINING CONFERENCE SANS largest conference will be in Las Vegas this year - September 28 to October 6 - with seventeen immersion tracks taught by SANS highest-rated teachers, special one day technology update programs, plus a big vendor expo. The brochures will arrive in a week or so. http://www.sans.org/ns2004
*************************************************************************

TOP OF THE NEWS

EVOTING

eVoting Software Firm Releases Source Code to NIST (29 June 2004)

VoteHere Inc. has released source code for its VoteHere Technology inside (VHTi) to the National Institute of Standards and Technology's National Software Reference Library. The move comes in response to a request from Election Assistance Commission chairman DeForest Soaries that software vendors submit their code to NSRL.
-http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&stor
y.id=26430


[Editor's Note (Schultz): This whole electronic voting mess is starting to come around. Victories for those who have pointed out the security problems in electronic voting (who I consider to be true patriots and heros) are slowly but surely occurring. (Tan): Code review will only ensure it is free from vulnerabilities and backdoors. Proper processes, procedures and implementation are as important, if not more, to ensure the whole evoting process is fair. ]

PHISHING & SPAM

FTC Considering Spammer Bounties (30 June 2004)

The Federal Trade Commission is considering offering a bounty on spammers equal to at least 20% of any civil penalties the FTC collects. The FTC will report to Congress in September regarding the plan, after it has time to compile and review expert testimony. The proposal has met with criticism; some say it would promote Internet vigilantism.
-http://www.msnbc.msn.com/id/5326107

SPYWARE

Man Loses Job for Installing Spyware on Boss's Computer (30 June 2004)

Vernon Blake was fired from his job at the Alabama Department of Transportation after he installed spyware on his boss's computer in order to prove the man, George Dobbs, spent most of his time on the job playing computer games. While Dobbs received only a written warning, Blake lost his job. A state personnel hearing is gathering testimony to review the possibility of reinstating Blake, who maintains that his job as computer administrator authorized him to install the spyware on Dobbs's computer. Blake said he also installed spyware on two other computers in the department.
-http://www.zdnet.com.au/news/security/print.htm?TYPE=story&AT=39151920-20000
61744t-10000005c


-http://www.decaturdaily.com/decaturdaily/news/040629/job.shtml
[Editor/s Note (Schultz): This is an extremely interesting case. If Blake ultimately loses this case, it may set a precedent for greatly restricting the kinds of logging that system administrators can use. After all, in some people's eyes, normal logging capabilities are a type of spyware. And what about network traffic capture devices? Stay tuned to this one. ]

TECHNOLOGY

TI and ARM to Embed Security in Cell Phone Chips (29 June 2004)

In the wake of Cabir, the first cell phone virus, Texas Instruments and ARM have teamed up to boost cell phone security; the companies are developing a chip with built-in security, which they hope will make it more difficult for thieves to steal and reprogram the phones. Currently, cell phone security consists of encryption software which is easier to crack and reprogram than are chips.
-http://zdnet.com.com/2102-1105_2-5252194.html?tag=printthis


************************ SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.

(1) CIPHERTRUST WHITE PAPER: Control spam, viruses, phishing.
"Selecting an Email Security Solution" -
http://www.sans.org/info.php?id=508

*************************************************************************

THE REST OF THE WEEK'S NEWS

COURT DECISIONS, ARRESTS, CONVICTIONS AND SENTENCES

Court Decides ISPs Can Read Email Of Clients (6 July 2004)

A federal appeals court in Massachusetts upheld a lower court ruling and ruled that an e-mail provider did not break the law when he copied and read email messages sent to a customer through a server.
-http://www.wired.com/news/privacy/0,1848,64094,00.html%3Ftw%3Dwn_tophead_2

Hungarian Teen Sentenced for Magold-A Worm (1 July/30 June 2004)

A Hungarian court has sentenced the teenage author of the Magold-A worm to two years of probation. Laszlo K told the court he created the malware to prove his skills following a poor showing in some classes in high school. He was also ordered to pay a portion of the court costs. Magold-A disables antivirus software and deletes random image files from the hard disks of infected computers.
-http://www.smh.com.au/articles/2004/07/01/1088488078720.html?oneclick=true

-http://www.securityfocus.com/printable/news/9023

High School Students Arrested, Charged in School System Computer Intrusion (30 June 2004)

Two Long Island high schools students, 18-year old Christopher Kabacinski and 16-year old Ryan Webb, have been arrested on charges they allegedly accessed sensitive information on their school district's computer system. One of the teenagers obtained the school psychologist's computer system password. The District Attorney found nearly 100 files, including some students' psychological evaluations, on Kabacinski's computer. He could face a four-year prison sentence if convicted of all charges brought against him.
-http://www.newsday.com/news/local/longisland/ny-licomp303874189jun30,0,3019489,p
rint.story?coll=ny-linews-headlines

ATTACKS

UK Betting Site Hit With DDoS Attack (1 July/28 June 2004)

Betfair, a UK Internet betting site, said that it was the target of a DDoS (distributed denial-of-service) attack for an hour on the afternoon of June 30, preventing some customers from accessing the site. A German computer magazine says that European soccer sites were being threatened by criminals trying to extort money in exchange for protecting them from DDoS attacks. The groups responsible for the attacks are believed to be based in Eastern Europe and Latin America.
-http://www.zdnet.co.uk/print/?TYPE=story&AT=39159283-39020330t-10000025c

-http://www.theregister.co.uk/2004/06/28/betting_sites_attack/print.html

HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY

DHS Wireless is Weak, Says Inspector General (1 July 2004)

The Department of Homeland Security is not placing tight enough controls on its wireless data, according to a report from the department's Inspector General. Some DHS employees were apparently unaware that some devices were Bluetooth enabled; some departments were apparently unaware of the need to create virtual DMZs between wireless and wired networks. The DHS says it plans to abide by the IG's recommendations, which include adopting standardized wireless system configurations and certifying and accrediting all wireless systems.
-http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&stor
y.id=26454

DHS: Many critical facilities are at risk, but no authority to force fixes 28 June, 2004

The Department of Homeland Security has identified 1,700 facilities at risk in the nation's critical infrastructures, but it lacks the authority to force corrections by corrections by companies or state and local governments.
-http://www.gcn.com/23_16/security/26349-1.html

LEGISLATION

UK MP Internet Group Wants Computer Misuse Act Amended to Keep Pace (1 July/30 June 2004)

The All Party Internet Group, made up of UK Members of Parliament, would like to see changes made to the country's Computer Misuse Act to keep up with the changing nature of computer crimes. Specifically, the group would like to increase sentences for those convicted of cyber crimes, to have the power to extradite cyber criminals to the UK and to have denial-of-service attacks and phishing designated as specific offenses.
-http://news.bbc.co.uk/2/hi/technology/3853059.stm
-http://politics.guardian.co.uk/egovernment/story/0,12767,1251243,00.html
[Editor's Note (Tan): Raising the penalty will not help if you can't catch the culprit. There should be more international effort and cooperation in this area. ]

STANDARDS AND BEST PRACTICES

NIST Releases XP Security Recommendations Draft (29 June 2004)

The National Institute of Standards and Technology has released a draft publication designed to help Windows XP users set security controls . Special Publication 800-68 includes recommendations and security configuration checklists to help government agencies comply with the Federal Information Security Management Act.
-http://www.fcw.com/fcw/articles/2004/0628/web-nist-06-29-04.asp
-http://csrc.nist.gov/itsec/guidance_WinXP.html
NIST has also released the final version of Special Publication 800-63, Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology.
-http://csrc.nist.gov/publications/nistpubs/#sp800-63

WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES

Microsoft Releases IE Configuration Change (2 July 2004)

Microsoft has released a configuration change to protect several of its operating systems from being attacked by Download.Ject. The change "improves system resiliency" in Windows XP, 2000 and Windows Server 2003. Microsoft expects to have patches for the underlying problem in IE available at a later date.
-http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&stor
y.id=26490

-http://www.computerworld.com/printthis/2004/0,4814,94293,00.html
-http://www.theregister.co.uk/2004/07/02/ie_vuln_workaround/print.html
-http://www.microsoft.com/downloads/details.aspx?FamilyID=4D056748-C538-46F6-B7C8
-2FBFD0D237E3&DisplayLang=en

Vulnerability in Cisco Collaborative Server (1 July 2004)

Cisco has released an advisory warning of a "highly critical" flaw in its Collaborative Server (CCS) that could allow attackers to execute malicious code on vulnerable systems. The flaw affects CCS versions earlier than 5.0 using ServletExec version earlier than 3.0E. There is a fix available for those using CCS 4.x; workarounds are also available.
-http://www.internetnews.com/security/print.php/3376121
-http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci991263,0
0.html

Apache Proxy Server Vulnerability (28 June 2004)

A flaw in Apache 1.3.x installations configured to act as proxy servers could allow attackers to execute code on BSD installations or crash systems running other vulnerable installations. Vendors are releasing patches.
-http://www.computerworld.com/printthis/2004/0,4814,94191,00.html

MALWARE

Bankhook.A Trojan Threatens Windows Users (30/29 June 2004)

The Bankhook.A trojan horse program is a keystroke-logger disguised as an image file. It exploits a known Internet Explorer vulnerability to steal data banking and other financial data. Bankhook looks out for HTTP sessions with certain banking and financial services sites and grabs POST or GET data before it is encrypted. Many Windows operating systems are vulnerable, including 2003, XP, 2000, NT, ME, 98 and 95.
-http://www.internetweek.com/shared/printableArticle.jhtml?articleID=22103112
-http://www.eweek.com/print_article/0,1761,a=130496,00.asp


===end===


NewsBites Editorial Board:
Kathy Bradford, Roland Grefer, Stephen Northcutt, Alan Paller, John Pescatore, Marcus Ranum, Howard Schmidt, Bruce Schneier, Eugene Schultz, Gal Shpantzer, Koon Yaw Tan

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/