SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume VI - Issue #31
August 03, 2004
A gift to the security community is attached at the end of this week's NewsBites: the first issue of a new virus, hoax and phishing alert to help you educate your unsophisticated users so they avoid identity theft and avoid infecting themselves and their coworkers. More than 160 organizations helped create it. Clip it and send it to anyone whom you think it will help.
Along the same lines, if you know of someone who has been hit by any of the following, please ask them to email me (paller@sans.org) today. We seek their help in educating people about the threat:
(1) Classic phishing victim, preferably a Citibank customer, or eBay or PayPal (2) Keystroke logging victim, or (3) The mother of all victims: Someone whose PC was not only used for spamming and dDOS attacks but who was defrauded because their personal information on PC was stolen.
Lastly, if you have any role in selecting security software or appliances or services for your organization, the new What Works in Information Security webcasts really help find products that work, and they give you the ammunition you need to persuade your management to invest in the products. Listen to the one from last Wednesday on Intrusion Prevention at http://www.sans.org/webcasts/show.php?webcastid=90514 If you don't already have a SANS portal account get one first at http://portal.sans.org/register.php
What you will hear in the webcasts is experienced users sharing the lessons they have learned when they applied the tools. Then, if you like the approach, let us know if you are using a commercial product that really does improve your defenses while lowering the pain of security. Tell us about the product by emailing info@sans.org with the subject What Works.
Alan
TOP OF THE NEWS
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITYGAO Audit of Government Agencies Finds Certification and Accreditation Problems and Inconsistencies
SPAM & PHISHING
Alleged Spammer Halted, Assets Frozen
STATISTICS, STUDIES AND SURVEYS
Qualys Study: Vulnerability Half-Life is Shrinking
WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES
Microsoft Releases Patch for Critical IE Flaw Out of Cycle
Gambling Sites Pay Extortion To Stop Denial of Service Attacks
DoubleClick Hit with Distributed Denial-of-Service Attack
THE REST OF THE WEEK'S NEWS
ARRESTS, CONVICTIONS AND SENTENCESTwo Arrested in DVD Piracy Case
Company Cannot Use Pop-Ups to Sell Pop-Up Blocking Software
Man Pleads Guilty to Cyber Stalking
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
Web Site's Sensitive Military Content Allegedly Culled From P2P Networks
LEGISLATION
Zambia Seeks to Impose Stiff Cyber Crime Penalties
WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES
CheckPoint Releases patch for ASN.1 Vulnerability
MyDoom.M Installs Back Door; Zindos.A Follows
MyDoom Infection Rate in Asia Pacific is Lower than Expected
Mozilla to Address Digital Certificate Handling Flaws
STATISTICS, STUDIES AND SURVEYS
Survey of Linux Developers Finds Low Incidence of Infections and Intrusions
MISCELLANEOUS
Florida 2002 Primary Election Results Lost, then Found; Citizens' Coalition is Concerned
Apple Unhappy with RealNetworks
RFID Tags are Not Developed with Security in Mind
NEW SECURITY RESOURCES FOR YOU TO USE
Ouch: The Report On Identity Theft and Attacks On Computer Users
************************ Sponsored by Symantec **************************
Managed Security Services by Symantec. Our global intelligence network spans 40 countries and monitors threats 24 hours a day, providing your enterprise with the benefits of a world-class security infrastructure while sparing you the complications of building your own.
Click here to download our free white paper and take a virtual tour. http://www.sans.org/info.php?id=531
*************************************************************************
Featured Security Training Program: SANS Network Security 2004 Las Vegas, NV September 28 - October 6, 2004
The largest training conference in the world with 16 immersion training tracks and a large security exposition. Great courses for security managers and CISOs, for security experts, for auditors, for forensics scientists, and even for those just starting out. And Las Vegas is a great place to visit in the fall.
Register soon to get a seat at your choice of courses. http://www.sans.org/ns2004
*************************************************************************
TOP OF THE NEWS
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
GAO Audit of Government Agencies Finds Certification and Accreditation Problems and Inconsistencies (29/28 July 2004)
The General Accounting Office has released the results of an audit of the 24 largest government agencies regarding their compliance with National Institute of Standards and Technology (NIST) guidelines and Federal Information Security Management Act (FISMA) regulations for systems certification and accreditation. Only seven of the agencies were found to be in compliance. Six of the agencies had fewer than half of their systems certified and accredited, and two agencies had no systems accredited and certified. Two-thirds had difficulty coming up with the funds to accredit and certify their systems. The audit also found inconsistencies between agencies in how the information is reported.-http://www.fcw.com/fcw/articles/2004/0726/web-gao-07-29-04.asp
-http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&stor
y.id=26757
-http://www.govexec.com/story_page.cfm?articleid=29099&printerfriendlyVers=1&
amp;
[Editor's Note (Paller): This is an important study. You'll find the full report at
-http://www.gao.gov/new.items/d04376.pdf
It illuminates the high cost and low value of many certification and accreditation studies - some of which neither test for vulnerabilities nor test the security configuration of the systems they claim to have evaluated. That puts tens of thousands of government systems at risk, and costs a huge amount of money. ]
SPAM & PHISHING
Alleged Spammer Halted, Assets Frozen (31/30 July 2004)
A US District Court judge has issued a temporary restraining order that prohibits Creaghan A. Harry from sending spam and blocks his assets. Harry allegedly sent millions of spam messages advertising human growth hormone products; the Federal Trade Commission received 40,000 complaints about Harry's practices in the first five months of 2004. The FTC filed a complaint against Harry in July, alleging that a number of his actions, including spoofing return addresses and using open proxies, violate the CAN-SPAM Act. Harry has conducted business in Florida under a number of aliases.-http://www.techweb.com/wire/story/TWB20040730S0002
-http://www.bocaratonnews.com/index.php?src=news&prid=9098&category=LOCAL
%20NEWS
STATISTICS, STUDIES AND SURVEYS
Qualys Study: Vulnerability Half-Life is Shrinking (30/29 July 2004)
According to a study from Qualys, network administrators are applying security patches to their networks more quickly this year than they were last year. The average half-life of vulnerabilities -- the amount of time it takes for half of vulnerable systems to be patched -- fell from 30 days in 2003 to 21 days in 2004. The figures apply to Internet-connected systems; the average half-life for patching internal vulnerabilities was 62 days. Qualys CTO Gerhard Eschelbeck urges companies to push that figure down to 40 days.-http://asia.cnet.com/newstech/security/printfriendly.htm?AT=39188665-39001150t-3
9000005c
-http://www.computerworld.com/printthis/2004/0,4814,94903,00.html
[Editor's Note (Schultz): System and network administrators really have no choice. You either install patches in a timely manner or rebuild systems that become compromised.
(Paller) Or you give yourself a little more time to test the patches by deploying network based intrusion prevention. One US government lab reports on its experience at
-http://www.sans.org/webcasts/show.php?webcastid=90514]
WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES
Microsoft Releases Patch for Critical IE Flaw Out of Cycle (2 August/30 July 2004)
Microsoft has released a special cumulative patch for Internet Explorer, out of the company's established monthly patch cycle. The patch addresses three critical vulnerabilities in IE 5.01, 5.5 and 6.0, one of which was exploited by the Scob or Download.Ject Trojan horse program.-http://www.pcworld.com/resource/printable/article/0,aid,117197,00.asp
-http://www.techweb.com/wire/story/TWB20040730S0008
-http://asia.cnet.com/newstech/security/printfriendly.htm?AT=39188869-39001150t-3
9000005c
Gambling Sites Pay Extortion To Stop Denial of Service Attacks (2 August 2004 Magazine Issue Dated 11 August))
Online casinos around the world are paying "protection money" to stop criminals from disabling their sites.-http://www.businessweek.com/magazine/content/04_32/b3895106_mz063.htm
DoubleClick Hit with Distributed Denial-of-Service Attack (27 July 2004)
DoubleClick's DNS servers were the target of a distributed denial-of-service (DDoS) attack on July 27; the attack caused "severe disruptions" for customers of the Internet advertising company. DoubleClick staff "is taking steps to 'resolve the situation permanently.'"-http://www.eweek.com/print_article/0,1761,a=132312,00.asp
-http://www.computerworld.com/printthis/2004/0,4814,94837,00.html
[Editor's Note (Grefer): Good luck to the DoubleClick staff. As far as I know, any "permanent solution" others came up with ultimately turned out to just be a reprieve until attackers had analyzed the approach and found a different angle from which to continue their approach. ]
************************** SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.
(1) CIPHERTRUST EMAIL WHITE PAPER: Prevent fraud, stop spam, ensure
secure messaging systems.
http://www.sans.org/info.php?id=541
(2) Dorian Software Provides Serious Event Log Management.
Without the Bull.
http://www.sans.org/info.php?id=542
(3) ALERT: How Hackers Use LDAP Injection to Steal Your Data and
Bypass Authentication
http://www.sans.org/info.php?id=543
*************************************************************************
THE REST OF THE WEEK'S NEWS
ARRESTS, CONVICTIONS AND SENTENCES
Two Arrested in DVD Piracy Case (2 August 2004)
US and Chinese law enforcement officials worked together on an investigation that led to the arrest of two US nationals in connection with a DVD piracy ring.-http://www.chinatechnews.com/index.php?action=show&type=news&id=1555
Company Cannot Use Pop-Ups to Sell Pop-Up Blocking Software (31 July 2004)
San Diego-based D Squared LLC has settled a civil case with the Federal Trade Commission (FTC). The company will no longer send pop-up advertisements through Microsoft Windows messenger service. It will also cease selling pop-up blocking software and may not send any further advertisements unless recipients are provided the opportunity to opt out of receiving any more. The company's founders face no penalties and admit no wrongdoing as a result of the agreement. Late last year the FTC had asked a judge to bar the company from sending any more ads hawking programs that would stop the very annoyance they were creating, but the request was denied.-http://www.signonsandiego.com/news/computing/20040731-9999-1b31popup.html
Man Pleads Guilty to Cyber Stalking (30 July 2004)
In an agreement with federal prosecutors, Robert James Murphy pleaded guilty to two counts of cyber stalking for harassing a Seattle woman. The case is the first in which someone has been prosecuted under a 1997 amendment to the Federal Telecommunications Act prohibiting online harassment. The case was also the catalyst for the creation of a Washington state law that expressly prohibits cyber stalking. Murphy will be sentenced in October.-http://www.theregister.co.uk/2004/07/30/man_cyber_stalking/print.html
-http://seattlepi.nwsource.com/printer2/index.asp?ploc=t&refer=http://seattle
pi.nwsource.com/local/184213_cyberstalk30.html
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
Web Site's Sensitive Military Content Allegedly Culled From P2P Networks (27 July 2004)
A web site calling itself "See What You Share" has been publishing sensitive US military images it claims to have obtained from peer-to-peer (P2P) networks. The images include a picture of a crashed military jet and a screenshot of a spreadsheet containing what appear to be personal information belonging to US Marines. Site operator Rick Wallace maintains he is trying to demonstrate the dangers of unmonitored P2P networks. Of particular concern are programs that allow users to share the contents of their hard drives rather than just certain types of files. Wallace also says he downloaded a zipped file containing classified information about current US military operations in Iraq.-http://zdnet.com.com/2102-1105_2-5285918.html?tag=printthis
[Editor's Note (Shpantzer): Policy against unauthorized P2P use in your organization should be standard. To effectively enforce it at the enterprise level, you need to have a centralized pest control scanning tool (not just antivirus) that detects P2P applications when they're dormant. Scanning for open ports will find them only when they are running. ]
LEGISLATION
Zambia Seeks to Impose Stiff Cyber Crime Penalties (30 July 2004)
Zambia's parliament will consider legislation that would impose jail sentences of up to 25 years for people convicted of cyber crimes.-http://news.bbc.co.uk/2/hi/africa/3937445.stm
WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES
CheckPoint Releases patch for ASN.1 Vulnerability (29 July 2004)
CheckPoint Software Technologies Ltd. has released a patch for a buffer overflow vulnerability that could let attackers have control of certain VPN products.-http://www.zdnet.co.uk/print/?TYPE=story&AT=39162068-39020375t-10000025c
-http://www.infoworld.com/article/04/07/29/HNcheckpointflaw_1.html
MyDoom.M Installs Back Door; Zindos.A Follows (29/28 July 2004)
The MyDoom.M mass mailing worm (also known as MyDoom.O) opens the Zincite.A back door on port 1034 TCP, creating large groups of zombie computers that can be used for spamming, denial-of-service attacks or spreading other malware. MyDoom.M uses search engines like Google to seek out more email addresses it can use to spread. The Zindos.A worm spreads through computers infected with Zincite.A.-http://www.theregister.co.uk/2004/07/28/ms_worm_uses_mydoom/print.html
-http://asia.cnet.com/newstech/security/printfriendly.htm?AT=39188371-39001150t-3
9000005c
-http://www.computerweekly.com/articles/article.asp?liArticleID=132324&liArti
cleTypeID=1&liCategoryID=6&liChannelID=22&liFlavourID=1&sSearch=
&nPage=1#
MyDoom Infection Rate in Asia Pacific is Lower than Expected (27 July 2004)
The rate of infection by MyDoom.M in the Asia-Pacific Region is lower than would be expected, probably due in part to the fact that the worm began spreading while it was night time in that area, allowing companies to deploy protective measures before the start of business. Normal rates of infection for the area are expected to be 5-10% of global infections, but in this case, the rate is just 1% of global infections.-http://asia.cnet.com/newstech/security/printfriendly.htm?AT=39188180-39001150t-3
9000005c
[Editor's Note (Schultz): Was the fact that the speed of MyDoom.M in the Asia-Pacific Region was slower than expected due to the extra time that companies had to deploy countermeasures? I'd think that the critical factor was virus wall vendors having more time to identify this worm's signature and updating their pattern files accordingly. Virus wall vendors have in the past tended to update their pattern files too slowly, resulting in an unnecessary number of infections. ]
Mozilla to Address Digital Certificate Handling Flaws (28 July 2004)
The Mozilla Foundation has become aware of two flaws in the way its browsers handle digital certificates. One of the vulnerabilities could be exploited by phishers; the other could allow denial-of-service attacks. The flaws will be addressed soon, either with patches or with in versions of the browsers.-http://asia.cnet.com/newstech/security/printfriendly.htm?AT=39188372-39001150t-3
9000005c
STATISTICS, STUDIES AND SURVEYS
Survey of Linux Developers Finds Low Incidence of Infections and Intrusions (28 July 2004)
A survey of 500 Linux developers conducted by Evans Data found that 92% said their systems had never been infected by malware; less than 7% said they'd experienced three or more intrusions. In comparison, a survey of non-Linux developers conducted by the same research firm last spring found that 60% had experienced breaches, and 32% had experienced three or more. Evans' Linux analyst believes the survey results demonstrate that Linux is a more secure operating system than Windows.-http://www.informationweek.com/story/showArticle.jhtml?articleID=26100460
[Editor's Note (Schultz): This study should precipitate some heated "religious debates." In my experience Linux and Windows machines are vulnerable in different ways. Linux machines are more vulnerable to intrusions, whereas Windows machines are a lot more vulnerable to worms. ]
MISCELLANEOUS
Florida 2002 Primary Election Results Lost, then Found; Citizens' Coalition is Concerned (30/28 July 2004)
According to Florida election officials, computer crashes in May and November of 2003 wiped out information from some state elections that used touch screen voting machines. The fact that the information was missing came to light after a citizens' group requested data from the 2002 gubernatorial primary election. The Miami-Dade Election Coalition has demanded an investigation. Election officials now say they have found a disk that contains the 2002 primary election data; the coalition chairwoman, Linda Rodriguez-Taseff, would like to have the disk examined to determine whether or not it has been tampered with.-http://www.cnn.com/2004/ALLPOLITICS/07/28/florida.voting.ap/index.html
-http://www.wired.com/news/print/0,1294,64395,00.html
-http://www.wired.com/news/print/0,1294,64421,00.html
Apple Unhappy with RealNetworks (30/29 July 2004)
Apple says that RealNetworks Inc.'s effort to make its music service compatible with the iPod is tantamount to hacking and is considering the possibility of legal recourse against the company for developing software that circumvents Apple's FairPlay protections. RealNetworks has countered that customers should be allowed to choose what they want to play on their iPods.-http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=5818027
-http://www.vnunet.com/news/1156985
RFID Tags are Not Developed with Security in Mind (28 July 2004)
Speaking at the Black Hat Briefings conference, Lukas Grunwald, CTO of DN-Systems Enterprise Internet Solutions of Germany, demonstrated software that could allow people to read and write to most RFID tags. Presently, RFID tags are not read-protected, and few are write protected. The vulnerability could be exploited by shoplifters.-http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&stor
y.id=26759
-http://zdnet.com.com/2102-1105_2-5287912.html?tag=printthis
NEW SECURITY RESOURCES FOR YOU TO USE
OUCH: The Report On Identity Theft and Attacks On Computer Users
Volume 1, No. 8. August 3, 2004************************************************************************
Every day, thousands of people are fooled by email from criminals trying to steal their identities or infect and take over their computers. This update will help you avoid being a victim. The attacks listed here are the tip of the iceberg. To be safe, don't open email attachments from anyone unless you were expecting the attachment. And don't click on links in emails unless you can guarantee the email came from someone who is not trying to fool you.
*******************************
Contents
Harmful Email Subjects to Avoid
I. Emails from people trying to infect your system and steal your friends' email addresses for spam
I.1. Pictures of Osama Bin Laden hanging or Arnold Schwarzenegger's suicide note
I.2. Email that seems to come from your system administrator or other familiar sender that says your email could not be delivered, or some similar statement.
I.3. Email with subject "Against!" or "Revenge"
I.4. Email with subject Re_ and body with animals or foto or other subjects
II. Emails from people trying to steal your identity (and your money)
II.1. Update Your Billing Information (from eBay)
II.2. Your account at eBay has been suspended
II.3. Your account at Wells Fargo has been suspended
II.4. Notification of US Bank Internet Banking
II.5. Attn: Citibank Update
II.6 Confirm AOL Billing Info
III. Emails from people trying to fool you into hurting yourself or your friends and coworkers
III.1 Subject: "jdbg" Virus: how to detect and remove.
******************************
More Details About Each Attack
I: Emails from people trying to infect your system and steal your friends' names for spam
I.1. Name: Hackarmy
The bait: An email or news article claiming to offer you copies of pictures of Osama Bin Laden being hanged. A second form claims to have a suicide note from Arnold Schwarzenegger.
How it infects your system: You click on a link that downloads a zip file. You execute the file thinking you will see the pictures.
What it does to you: Gives attackers remote control of your computer so they can use it in attacks on other people, or harvest email names for spam.
Where to find detailed information:
-http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hacarmy.d.html
I.2. Name: Mydoom-O
The bait: An email that seems to come from your mail or system administrator or from another familiar sender, with an attachment and with any one of the following subjects: (1) say helo to my litl friend, (2) click me baby, (3) one more time, (4) hello, (5) error, (6) status, (7) test, (8) report, delivery failed, (9) Message could not be delivered, (10) Mail System Error - Returned Mail, (11) Delivery reports about your e-mail, (12) Returned mail: see transcript for details, (13) Returned mail: Data format error.
How it infects your system: You download and open the attachment.
What it does to you: Steals all email addresses from you to be sold to Spammers; spreads to other sites from your machine. It also uses your system to send requests to search engines like Google to look for more email addresses.
Where to find more detailed information:
-http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html
I.3. Name: Atak-C
The bait: An email that arrives with the subject "Attack!" or "Revenge" and a zipped attachment
How it infects your system: You download and open the attachment.
What it does to you: Steals all email addresses from you to be sold to spammers.
Where to find more detailed information:
-http://www.sophos.com/virusinfo/analyses/w32atakc.html
I.4. Name: Beagle
The bait: An email with subject Re_ and body with animals or foto or other subjects, and an attachment.
How it infects your system: You download and open the attachment.
What it does to you: Disables antivirus and other important software, mass mails itself to others, steals email addresses from throughout your files, gives attacker remote control of your computer to use to attack other systems.
Where to find more detailed information:
-http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39641
***********************************************************************
II. Emails from people trying to steal your identity (and your money)
II.1 Update Your Billing Information (from eBay)
The bait: An email that looks as if it comes from eBay saying the company has "detected a slight error in your billing information" and saying that you must fix it within 48 hours to continue to buy or sell on eBay.
What it tries to make you do: Click on a link and tell them your eBay and PayPal username and password, and your credit/debit card information
Where you can see how it actually appears:
-http://www.antiphishing.org/phishing_archive/07-27-04%20Ebay%20(Update%20Your%20
Billing%20Informations).html
II.2 Your account at eBay has been suspended
The bait: An email that looks as if it comes from eBay saying your account has been suspended and "We had to block your eBay account"
What it tries to make you do: Click on a link and tell them your eBay and PayPal username and password, and your credit/debit card information
Where you can see how it actually appears:
-http://www.antiphishing.org/phishing_archive/07-26-04_Ebay_(your_account_at_ebay
_has_been_suspended).html
II.3 Your account at Wells Fargo has been suspended
The bait: An email that looks as if it comes from Wells Fargo saying your account has been suspended and "Your account has been compromised by outside parties."
What it tries to make you do: Click on a link and tell them your username, password, and credit card information.
Where you can see how it actually appears:
-http://www.antiphishing.org/phishing_archive/06-29-04_Wells_Fargo_(Your_account_
at_Wells_Fargo_has_been_suspended).html
II.4. Notification of US Bank Internet Banking
The bait: An email that looks as if it comes from US Bank saying, "as a preventative measure, we have temporarily limited access to some features."
What it tries to make you do: Click on a link and tell them username, password, credit card data or debit card data.
Where you can see how it actually appears:
-http://www.antiphishing.org/phishing_archive/07-23-04_US_Bank_(Notification_of_U
S_Bank_Internet_Banking).html
II.5. Attn: Citibank Update
The bait: "Click here" link in an email that seems to come from Citibank.
What it tries to make you do: Click on a link and tell them personal information and credit card or debit card data.
Where you can see how it actually appears:
-http://www.fraudwatchinternational.com/fraud_alerts/040721_1046_citibank.htm
-http://www.antiphishing.org/phishing_archive/07-21-04_Citibank_(Attn_Citibank_Up
date).html
II.6 Confirm AOL Billing Info
The bait: An email that seems to come from AOL saying your billing information is out of date and asking you to "spend several minutes and update your billing records."
What it tries to make you do: Click on a link and tell them personal information and credit card or debit card data.
Where you can see how it actually appears:
-http://www.antiphishing.org/phishing_archive/07-20-04_AOL_(Confirm_AOL_billing_i
nfo).html
***********************************************************************
III. Emails from people trying to fool you into hurting yourself or your friends and coworkers
III. 1. jdbg Hoax
The bait: An email telling you about a virus and how to remove it.
Example: "Subject: "jdbg" Virus: how to detect and remove." May also talk about finding a teddy bear on the machine - because the file has a bear as a symbol.
What it is trying to make you do: Remove a file that is not harmful.
Where to find more information:
-http://www.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html
***********************************************************************
SANS extends its thanks to the 175 organizations that helped develop the format and content of this alert. Special thanks go to CipherTrust (
-http://www.ciphertrust.com)
for providing lists of the most important threats.
Copyright 2004, The SANS Institute.
-http://www.sans.org
Permission is granted to copy and redistribute this material to whomever it will help.
===end===
NewsBites Editorial Board:
Kathy Bradford, Roland Grefer, Stephen Northcutt, Alan Paller, John Pescatore, Marcus Ranum, Howard Schmidt, Bruce Schneier, Eugene Schultz, Gal Shpantzer, Koon Yaw Tan
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/