SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume VI - Issue #40
October 06, 2004
** 2004 Computer Security Leader of the Year It is with great sadness that we report that Representative Adam Putnam (R FL) will be leaving the chairmanship of the US House of Representatives subcommittee that oversees information technology and cybersecurity in government. (See final story in this issue.) Despite all the obstacles he faced, Chairman Putnam made significant progress toward his goal of seeing security improve not only within the US government, but also in corporations and other institutions in the US and other countries. His vision, his pragmatism, and his leadership will be sorely missed. At SANS Cyber Defense Initiative Conference in Washington DC in December, the 2004 Computer Security Leader of the Year award will be presented to Congressman Adam Putnam.
** New Security Configuration Benchmarks and Free Testing Tools The Center for Internet Security has just released new security configuration benchmarks and free testing tools for Windows 2003, Solaris (updated), FreeBSD, Cisco PIX, and Apache. They, and all the other CIS configuration benchmarks and free tools, may be downloaded from http://www.cisecurity.org
TOP OF THE NEWS
North Korea Has Trained 500+ in Cyber Warfare, Says ReportHouse Passes Piracy Deterrence and Education Act
Governor Schwarzenegger Signs Anti-Spyware Bill
DOJ Likely to Appeal Judge's Ruling on Patriot Act Provision
Man Pleads Guilty to Spamming Through Hijacked Wireless Accounts
Malicious JPEG File Posted on Newsgroups
THE REST OF THE WEEK'S NEWS
eVOTINGCalifornia Bill Requires Paper Audit Trail on Electronic Voting Machines
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
Yoran Resigns DHS Cyber Security Position
DOE Systems Improving, but Still Show Weaknesses
Nuclear Facility Cyber Security Guidelines in the Works
SPAM & PHISHING
Earthlink Toolbar Warns of Fraudulent Sites
COPYRIGHT, PIRACY AND DIGITAL RIGHTS MANAGEMENT
Judge Says Diebold Misused DMCA
Sony Japan Will Stop Making CDs with Copy Protection
RIAA Files 762 New Suits
UCLA Will Warn Students About Copyright Infringement, but Won't Snoop
WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES
Mozilla Patches Firefox Flaw
New Variant: MyDoom.ac
Patches Available for RealNetworks Vulnerabilities
MISCELLANEOUS
Worldpay Slowed by Denial-of-Service Attack
Putnam Leaves Government Reform Committee, Joins Rules Committee
******** Sponsored by LURHQ Managed Security Services *****************
LURHQ's Managed Security Services provide true protection by integrating scanning, intelligence, management and monitoring processes resulting in each process being more effective and efficient. LURHQ's OPEN Service Delivery keeps you in control and results in a partnership for Threat Management. Download "11 Elements of a Successful MSS Partnership" to see how we empower security professionals.
http://www.lurhq.com/MSS-Partnership.html
*************************************************************************
Highlighted Cybersecurity Training Program: CDI South
Back to the Future: Find the Future of Information Security in New Orleans November 1 - 4 at SANS CDI South.
That's where SANS will introduce a program of one and two day intensive technology courses on topics ranging from Cutting Edge Hacking Techniques to Ethics, from Business Law and Computer Security to Auditing Wireless Security. If you cannot afford the time for a full week of training, or if you want to focus on two to four topics important to your security program, you won't find a better security conference anywhere. In particular, if you were thinking about attending one of the twenty or thirty old security conferences run by other organizations, compare the faculty they offer against SANS teachers, the timelines and practicality of the information, and the value you will bring back to your employer (not to mention the weather) and we think it will be easy to choose SANS CDI South in New Orleans over any other security conference.
http://www.sans.org/cdisouth04/
*************************************************************************
TOP OF THE NEWS
North Korea Has Trained 500+ in Cyber Warfare, Says Report (4 October 2004)
According to a South Korean Defense Ministry report, North Korea has trained more than 500 people in cyber warfare tactics. The cyber troops reportedly went through a five-year training course focusing specifically on infiltrating computers in South Korea, Japan and the US.-http://www.channelnewsasia.com/stories/afp_asiapacific/print/109911/1/.html
House Passes Piracy Deterrence and Education Act (28 September 2004)
The US House of Representatives has passed the Piracy Deterrence and Education Act of 2004, which expands the scope of file traders who may be prosecuted for their actions from those who "willingly" share copyrighted material to those who "knowingly" do so.-http://www.infoworld.com/article/04/09/28/HNusfiletrading_1.html
-http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=6358345
Governor Schwarzenegger Signs Anti-Spyware Bill (28 September 2004)
California Governor Arnold Schwarzenegger has signed a bill which makes it illegal to install spyware on computers without authorization. The legislation would allow people to sue those responsible for installing the software for damages. The bill also prohibits keystroke-logging and software which takes control of others' computers in order to send spam or spread malware. the bill has been criticized for being "toothless."-http://news.zdnet.com/2102-1009_22-5388122.html?tag=printthis
-http://reuters.com/newsArticle.jhtml?type=internetNews&storyID=6394532
[Editor's Note (Schultz): This bill may be toothless, but so was SB1386, yet SB1386 has had a large impact on the practice of IT security here in California and even (perhaps to a lesser degree) outside of this State. ]
DOJ Likely to Appeal Judge's Ruling on Patriot Act Provision (30/29 September 2004)
A US federal judge has ruled that the provision of the USA Patriot Act that allows the FBI to demand information from ISPs without judicial oversight is a violation of the constitution, and has barred the agency from invoking the provision. Until this ruling, ISPs had to comply with national security letters, which also acted as gag orders. The Department of Justice plans to appeal the ruling.-http://news.com.com/2102-1028_3-5388764.html?tag=st.util.print
-http://www.internetnews.com/xSP/article.php/3415501
Man Pleads Guilty to Spamming Through Hijacked Wireless Accounts (29 September 2004)
Nicholas Tombros has pleaded guilty to sending spam through other people's wireless accounts which he accessed without authorization. Tombros pleaded guilty to one felony count; when he is sentenced on December 27, he could face up to six months in jail. The case is believed to be the first criminal conviction under the federal CAN-SPAM Act.-http://www.securityfocus.com/printable/news/9606
Malicious JPEG File Posted on Newsgroups (4 October/28 September 2004)
A malicious JPEG file has been posted on some newsgroups; code embedded in the file attempts to exploit a recently disclosed JPEG flaw which could allow attackers to gain control of infected machines.-http://www.informationweek.com/story/showArticle.jhtml?articleID=49400063&ti
d=6004
-http://www.infoworld.com/article/04/09/28/HNhackerporn_1.html
-http://news.com.com/2102-7355_3-5385995.html?tag=st.util.print
THE REST OF THE WEEK'S NEWS
eVOTING
California Bill Requires Paper Audit Trail on Electronic Voting Machines (28 September 2004)
California Governor Arnold Schwarzenegger has signed a bill requiring paper audit trails for all touchscreen voting machines starting in 2006. Voters would not touch or keep the paper records; instead, they would be placed in a lock box to be used in the event a manual recount is necessary.-http://www.washingtonpost.com/ac2/wp-dyn/A57534-2004Sep28?language=printer
-http://news.zdnet.com/2102-9592_22-5387633.html?tag=printthis
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
Yoran Resigns DHS Cyber Security Position (2/1 October 2004)
DHS National Cyber Security Division director Amit Yoran has resigned his position as of September 30. Yoran, who held the position for one year, said he has achieved his goals: building the division and US-CERT. Some say Yoran's resignation points to the need to elevate the position within DHS.-http://www.washingtonpost.com/ac2/wp-dyn/A64915-2004Oct1?language=printer
-http://www.fcw.com/fcw/articles/2004/0927/web-amit-10-01-04.asp
-http://news.com.com/2102-7348_3-5392501.html?tag=st.util.print
-http://www.computerworld.com/printthis/2004/0,4814,96369,00.html
DOE Systems Improving, but Still Show Weaknesses (1 October 2004)
A report from the Department of Energy's Office of the Inspector General found that DOE computer systems were compromised nearly 200 times in fiscal 2004, in attacks that affected more than 3,500 systems. The report says that despite steps taken to improve cyber security, DOE systems still suffer from weaknesses. Specifically, certification and accreditation of major systems is incomplete, the Department has no contingency plan in place to ensure continuity for mission-critical systems and some sites lacked appropriate security controls. On a more positive note, the fiscal 2002 report found 69 security weaknesses, while this year's report listed only 32.-http://informationweek.com/story/showArticle.jhtml?articleID=49400155
Nuclear Facility Cyber Security Guidelines in the Works (27 September 2004)
The International Atomic Energy Agency is developing guidelines to help protect nuclear facilities from cyber attacks. Spurred by last year's Slammer infection at an idled Ohio nuclear power plant, the Nuclear Regulatory Commission has developed a manual to help plan operators evaluate their cyber security.-http://www.securityfocus.com/printable/news/9592
SPAM & PHISHING
Earthlink Toolbar Warns of Fraudulent Sites (29 September 2004)
In an effort to help people steer clear of phishing scams, Earthlink has released a toolbar that will warn users before they link to known fraudulent sites. While the toolbar does not block email containing links to the sites, the warning will pop up when users click on those links. The toolbar works with Internet Explorer versions 5.0 and later.-http://www.techweb.com/article/printableArticle.jhtml?articleID=48800119&sit
e_section=700028
COPYRIGHT, PIRACY AND DIGITAL RIGHTS MANAGEMENT
Judge Says Diebold Misused DMCA (30 September 2004)
A California district court judge ruled that Diebold Election Systems misused the Digital Millennium Copyright Act when the company threatened legal action against several Swarthmore college students for posting copies of and links to internal Diebold memos. In his Summary Judgment, Judge Jeremy Fogel concluded that Diebold "knowingly materially misrepresented" the fact of copyright infringement regarding certain of the memos in question.-http://www.wired.com/news/print/0,1294,65173,00.html
-http://www.onlinepolicy.org/action/legpolicy/opg_v_diebold/
Sony Japan Will Stop Making CDs with Copy Protection (4/1 October 2004)
Citing an increased awareness of copyright and piracy issues as well as more stringent laws to punish violators, Japan's Sony Music Entertainment will stop incorporating copy protection into their CDs. It is also probable that customer dissatisfaction with the arrangement factored into the company's decision.-http://www.theregister.co.uk/2004/10/01/sony_copy-control_cd/print.html
-http://seattlepi.nwsource.com/printer/ap.asp?category=1700&slug=Japan%20Sony
%20Copy%20Control
RIAA Files 762 New Suits (30/28 September 2004)
The Recording Industry Association of America (RIAA) has filed against 762 people for allegedly trading music over the Internet and violating copyrights. The defendants are unnamed, identified only as "John Doe" and by an IP address; this allows the RIAA to seek subpoenas that would require ISPs to reveal their customers' names. Individuals at 26 universities and colleges across the country have been named as defendants, but the RIAA has not filed suits against the schools themselves.-http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9802911.htm?templa
te=contentModules/printstory.jsp
[Editor's Note (Shpantzer): See this story for raids on P2P in the island nation of Iceland. Bandwidth usage on the island nation apparently dropped 40% as word of the raids spread.
-http://www.theregister.co.uk/2004/09/30/p2p_raids_iceland/]
UCLA Will Warn Students About Copyright Infringement, but Won't Snoop (28 September 2004)
The University of California at Los Angeles (UCLA) is using a system to warn students who have been identified as pirating copyrighted digital content, like movies and music, but the school has chosen to stop short of actually snooping on the students' activity, saying doing so would violate their privacy.-http://news.com.com/2102-1027_3-5387859.html?tag=st.util.print
WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES
Mozilla Patches Firefox Flaw (4 October 2004)
Mozilla has released a patch for a vulnerability in its Firefox browser; the flaw could allow attackers to delete all the files in the Download directory.-http://www.techweb.com/article/printableArticle.jhtml?articleID=49400459&sit
e_section=700028
[Editor's Note (Shpantzer): How can this be? I was told that if we switched away from IE then we'd be totally safe over port 80... ]
New Variant: MyDoom.AC (30 September 2004)
A new MyDoom variant uses infected computers to attempt to launch a distributed denial-of-service attack against the Holocaust History Project website. MyDoom.AC spreads when recipients open infected attachments; it then proceeds to scour the machines for email addresses to which it can send itself. It can also spread through file-sharing networks.-http://www.securitypipeline.com/showArticle.jhtml;jsessionid=YVWN03IRGE4RAQSNDBC
CKH0CJUMEKJVN?articleId=48800526&printableArticle=true
Patches Available for RealNetworks Vulnerabilities (1 October/29 September 2004)
RealNetworks has released patches for flaws in its RealPlayer, RealOne Player and Helix Player software. The flaws could allow attackers to run code on vulnerable machines by tricking users into opening a phony movie file.-http://www.techweb.com/article/printableArticle.jhtml?articleID=48800226&sit
e_section=700028
-http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1010412,0
0.html
-http://news.zdnet.com/2102-1009_22-5393139.html?tag=printthis
MISCELLANEOUS
Worldpay Slowed by Denial-of-Service Attack (4 October 2004)
Worldpay, an Internet payment system, was hit with a denial-of-service attack; while the attack has not shut down business entirely, transactions are proceeding at a significantly slower rate than usual. The attack began on Saturday, October 2; Worldpay did not know when they would be able to get things back to normal. Worldpay was the target of a similar attack in November 2003.-http://news.bbc.co.uk/2/hi/business/3713174.stm
Putnam Leaves Government Reform Committee, Joins Rules Committee (28 September 2004)
Representative Adam Putnam (R-Fla.) will leave his position as chair of the Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census in order to join the Rules Committee. Putnam is noted for his keen focus on IT management and security. The Rules Committee determines the schedule for bills that come up for debate and also decides the length of the debate, which could bode well for IT issues.-http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&stor
y.id=27472
NewsBites Editorial Board: Kathy Bradford, Roland Grefer, Stephen Northcutt, Alan Paller, John Pescatore, Marcus Ranum, Howard Schmidt, Bruce Schneier, Eugene Schultz, Gal Shpantzer, Koon Yaw Tan
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/