SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume VI - Issue #42
October 21, 2004
If your employees and business partners access your systems remotely, you are probably already looking into "scan and block" or "quarantine" technology - one of the few practical methods of ensuring remote users have safely configured systems. One company, Partner Re (a huge global reinsurance company) has found a way to use the technology without stopping people from getting their work done. The person responsible for worldwide security at Partner Re will explain how they did it at SANS next "What Works" Webcast, Monday, October 25, 2004 at 1:00 PM EDT (1700 UTC).
If you already have a SANS portal account, you don't have to register in advance, just go to http://www.sans.org/webcasts/show.php?webcastid=90514 at the time of the webcast
If you don't yet have a SANS Portal account, set yours up today so you won't be delayed when you want to get on the webcast. Set up your portal account at: http://portal.sans.org/register.php
TOP OF THE NEWS
NSA Revising DoD Global Info Grid Plan, Establishing Software Research CenterNIST Releases Second Draft of Federal Security Control Guidelines
Oracle Says Exploits for Flaws are Circulating, Urges Customers to Apply Patches
Microsoft's October Security Update Addresses 7 "Critical" Vulnerabilities
THE REST OF THE WEEK'S NEWS
ARRESTS, CONVICTIONS AND SENTENCESNZ Health Ministry Official Sentenced to 3 Years in Jail for Cyber Theft
South Korean Police Arrest Prolific Cyber Criminal
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
IT Trade Groups Urge Cyber Security Chief Position with More Clout
DOT Inspector General Finds Lax Computer Security at Some Air Traffic Control Centers
SPAM & PHISHING
UK Court Charges Four in Large Phishing Scheme
Alleged Spammer Settles Case with Massachusetts AG
COPYRIGHT, PIRACY AND DIGITAL RIGHTS MANAGEMENT
Business Software Alliance Annual Sweep Brings in Millions
DOJ Would Like to See Intellectual Property Laws Revamped
WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES
Funner Worm
STANDARDS AND BEST PRACTICES
IDC: Companies Need to Develop Wireless Technology Strategies
South Korea Offers Cyber Crime Training for Law Enforcement Officers
STATISTICS, STUDIES AND SURVEYS
Asia-Pacific Security Investments Will Grow Significantly Says IDC Study
MISCELLANEOUS
Microsoft and Cisco Will Work Together on Network Access Security Architecture Interoperability
Researchers Find Patterns to Distinguish Printers from One Another
India Urged to Implement Strong Cyber Crime and Information Security Laws
************************ Sponsored by NetIQ *****************************
Optimize the Organization for Agile Security Webcast - Register Now!
Do you know what it takes to get ahead of the curve and proactively manage your IT risks in times of changing threats, vulnerabilities and regulatory requirements?
Join Charles Kolodgy, IDC Research Director, Russell Eubanks of BlueCross BlueShield of Tennessee and NetIQ for a webcast on "Optimizing the Organization for Agile Security Management".
Register Now! http://w.on24.com/r.htm?e=8663&s=1&k=39DD63BA6FCD84847C64DE81A72CA9E8&am
p;partnerref=SANS102104
*************************************************************************
Highlighted Cybersecurity Training Program: CDI South
Back to the Future: Find the Future of Information Security in New Orleans November 1 - 4 at SANS CDI South.
That's where SANS will introduce a program of one and two day intensive technology courses on topics ranging from Cutting Edge Hacking Techniques to Ethics, from Business Law and Computer Security to Auditing Wireless Security. If you cannot afford the time for a full week of training, or if you want to focus on two to four topics important to your security program, you won't find a better security conference anywhere. In particular, if you were thinking about attending one of the twenty or thirty old security conferences run by other organizations, compare the faculty they offer against SANS teachers, the timelines and practicality of the information, and the value you will bring back to your employer (not to mention the weather) and we think it will be easy to choose SANS CDI South in New Orleans over any other security conference.
http://www.sans.org/cdisouth04/ *************************************************************************
TOP OF THE NEWS
NSA Revising DoD Global Info Grid Plan, Establishing Software Research Center (15/13 October 2004)
Speaking at the Microsoft Security Summit East in Washington, DC, National Security Agency Information Assurance director Daniel G. Wolf said his agency is revising the roadmap for the Defense Department's Global Information Grid. The three-phase plan for secure information sharing will be implemented over the next 20 years. Wolf says that information assurance will be "baked into" the GIG from the beginning. Wolf also spoke of the NSA's plan to establish a government-funded research center "devoted to improving the security of commercial software," which he compared to the Manhattan project.-http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&stor
y.id=27627
-http://www.fcw.com/fcw/articles/2004/1011/web-manh-10-15-04.asp
NIST Releases Second Draft of Federal Security Control Guidelines (11 October 2004)
The National Institute of Standards and Technology has released the second draft of Special Publication 800-53 which details the minimum security controls that federal agencies must put in place in order to comply with the Federal Information Security Management Act. The document will be available for public review and comment through November 30, 2004. The guidelines will be the basis for controls which will become mandatory in 2005.-http://www.fcw.com/fcw/articles/2004/1011/web-nist-10-11-04.asp
The report may be found at
-http://csrc.nist.gov/publications/drafts/SP800-53-Draft2nd.pdf
Oracle Says Exploits for Flaws are Circulating, Urges Customers to Apply Patches (15/14 October 2004)
Oracle Corp. is strongly encouraging its customers to apply patches released in August for flaws in Oracle 8i, 9i and 10g database, Application Server and Enterprise Management software. Oracle has become aware of exploits that take advantage of these vulnerabilities circulating on the Internet.-http://www.computerworld.com/printthis/2004/0,4814,96707,00.html
-http://www.eweek.com/print_article/0,1761,a=137189,00.aspf
Microsoft's October Security Update Addresses 7 "Critical" Vulnerabilities (12 October 2004)
Microsoft has released patches for ten vulnerabilities , 7 of which the company has rated "critical." The flaws are in the Windows operating system, Microsoft Office, and Exchange email server. The security updates are MS04-029 through MS04-038 and are available on the Microsoft web site.-http://www.pcworld.com/resource/printable/article/0,aid,118139,00.asp
-http://www.computerworld.com/printthis/2004/0,4814,96610,00.html
Microsoft Security Bulletin Summary for October 2004:
-http://www.microsoft.com/technet/security/bulletin/ms04-oct.mspx
************************** SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.
(1) Free Whitepaper - Roadmap to Risk & Responsibilities for Secure Messaging Strategy http://www.sans.org/info.php?id=619
(2) ALERT: Hacker Proof Your Web Applications - FREE WebInspect Product Trial http://www.sans.org/info.php?id=620
*************************************************************************
THE REST OF THE WEEK'S NEWS
ARRESTS, CONVICTIONS AND SENTENCES
NZ Health Ministry Official Sentenced to 3 Years in Jail for Cyber Theft (16 October 2004)
New Zealand Health Ministry employee John Denison has been sentenced to 3 years in jail for breaching the security of the Ministry's banking system and diverting $2.15 million to his own account, established with fictitious documents. Wellington District Court Judge Robert Kerr has suppressed details of Mr. Denison's attack.-http://australianit.news.com.au/common/print/0,7208,11087415%5E15331%5E%5Enbv%5E
15306%2D15318,00.html
South Korean Police Arrest Prolific Cyber Criminal (11 October 2004)
The Cyber Terror Response Center of South Korea's National Police Agency has arrested a man who allegedly broke into 1,152 computer systems since March 2003. The man, who has been identified only as Lee, used to work at an information security company. Police are investigating the possibility that he may have sold information he accessed through his break-ins.-http://english.chosun.com/w21data/html/news/200410/200410110016.html
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
IT Trade Groups Urge Cyber Security Chief Position with More Clout (15 October 2004)
Five IT trade groups -- the Cyber Security Industry Alliance, the Business Software Alliance, TechNet, the IT Association of America and the Financial Services Roundtable -- have signed a letter asking legislators working to reconcile the two versions of the 9/11 Recommendations Implementation Act to make sure the bill establishes an assistant secretary for cyber security position in DHS. The request echoes a statement made earlier by Homeland Security Secretary Tom Ridge that the role of cyber security chief would be elevated to assistant secretary status. Others in the department maintained the position would be that of deputy assistant secretary. The trade groups feel that would be inadequate.-http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&stor
y.id=27640
[Editor's Note (Ranum): This will matter only if the position has enforcement authority; we've seen consistently that government security czars who only have the power to "recommend" or "coordinate" are quickly dust-binned by the bureaucracy. ]
DOT Inspector General Finds Lax Computer Security at Some Air Traffic Control Centers (14 October 2004)
An audit conducted by the Inspector General of the Department of Transportation found that computer systems at US air traffic control centers were not adequately secured. The Federal Aviation Administration says it will look into the security of the computers at the 20 "en route centers" across the country. The annual review is required of all government agencies by the Federal Information Security Management Act. FAA says it will conduct security certification reviews of all air traffic control systems within three years.-http://www.securityfocus.com/printable/news/9729
SPAM & PHISHING
UK Court Charges Four in Large Phishing Scheme (15 October 2004)
A London court has charged four Eastern European people with phishing, marking the first case in which charges have been brought against people for phishing, according to Britain's National Hi-Tech Crime Unit (NHTCU). The four, who allegedly defrauded banks of a considerable amount of money, are scheduled to appear at a preliminary hearing on October 21.-http://www.theregister.co.uk/2004/10/15/phishing_charges/print.html
-http://www.techweb.com/article/printableArticle.jhtml;jsessionid=EAKHVLIG34ILOQS
NDBGCKHSCJUMEKJVN?articleID=50500137&site_section=700028
Alleged Spammer Settles Case with Massachusetts AG (11 October 2004)
DC Enterprises and its owner William Carson have settled a case brought by Massachusetts Attorney General Tom Reilly alleging that the company and Carson violated the CAN-SPAM Act and the Massachusetts Consumer Protection Act by sending out unsolicited commercial email that did not provide valid opt-out provisions. The case is the first to be brought under CAN-SPAM in the state of Massachusetts. Carson and DC Enterprises will pay US$25,000 and will cease to violate the CAN-SPAM Act and Massachusetts mortgage broker and advertising laws.-http://news.zdnet.com/2102-9588_22-5406062.html?tag=printthis
COPYRIGHT, PIRACY AND DIGITAL RIGHTS MANAGEMENT
Business Software Alliance Annual Sweep Brings in Millions (12 October 2004)
The Business Software Alliance's most recent anti-piracy sweep netted more than US$2.2 million in out-of-court settlements with 25 companies. The watchdog group seeks out companies that are using software in violation of licensing agreements and copyright laws. The money will be put toward educational initiatives, such as a campaign aimed at children to discourage them from using peer-to-peer networks for trading copyrighted material.-http://news.zdnet.com/2102-3513_22-5406668.html?tag=printthis
DOJ Would Like to See Intellectual Property Laws Revamped (12 October 2004)
The US Department of Justice released a report singing the praises of both the Piracy Deterrence and Education Act, which makes it a crime to use certain file sharing products, and the Induce Act, which would allow lawsuits to be brought against companies whose products "induce" people to illegally trade copyrighted materials. The DoJ report calls for significant changes to US intellectual property law, maintaining that piracy through peer-to-peer file sharing networks is a significant problem.-http://news.zdnet.com/2102-9588_22-5406654.html?tag=printthis
WORMS, ACTIVE EXPLOITS, VULNERABILITIES, AND PATCHES
Funner Worm (12/11 October 2004)
The Funner worm spreads by sending itself to contacts it finds in Microsoft's MSN Messenger; it then modifies the registry and overwrites hosts file entries.-http://www.computerworld.com/printthis/2004/0,4814,96606,00.html
-http://www.techweb.com/article/printableArticle.jhtml?articleID=49900742&sit
e_section=700028
STANDARDS AND BEST PRACTICES
IDC: Companies Need to Develop Wireless Technology Strategies (15 October 2004)
Researchers at IDC say that companies that are not deploying wireless technology are putting themselves at risk for security breaches because in some instances, employees are already using the technology. Companies would be well advised to develop strategies for incorporating wireless technology to protect themselves from attacks.-http://www.computerworld.com/printthis/2004/0,4814,96597,00.html
South Korea Offers Cyber Crime Training for Law Enforcement Officers (12 October 2004)
South Korea's strong cyber crime investigation skills and systems have law enforcement officials attending training sessions at the country's Cyber Terror Response Center.-http://times.hankooki.com/lpage/nation/200410/kt2004101216411011960.htm
STATISTICS, STUDIES AND SURVEYS
Asia-Pacific Security Investments Will Grow Significantly Says IDC Study (14 October 2004)
According to an IDC study, investments in security products and services in the Asia-Pacific region should more than double by 2008. The Asia-Pacific security services market was US$1.9 billion last year and is predicted to be US$4.9 billion in 2008. IT security is a top priority for strategic initiative and investment, according to the study.-http://asia.cnet.com/news/security/printfriendly.htm?AT=39197516-39037064t-39000
005c
MISCELLANEOUS
Microsoft and Cisco Will Work Together on Network Access Security Architecture Interoperability (18 October 2004)
Microsoft Corp. and Cisco Systems Inc. have announced that they will work together to improve interoperability between their network access security architectures. They plan to share application programming interfaces (API) and develop protocols "to improve interoperability between Microsoft's Network Access Protection technology and Cisco's Network Admission Control technology."-http://www.computerworld.com/printthis/2004/0,4814,96754,00.html
Researchers Find Patterns to Distinguish Printers from One Another (18/13 October 2004)
A team of scientists from Purdue University in Indiana have discovered "intrinsic signatures" in documents produced by laser printers. The team believes it can use the signatures to identify specific models of laser printers with the use of image processing software and pattern recognition techniques to analyze the way in which the printer lays down bands of ink. The discovery could be helpful in tracking down printers used by counterfeiters to produce phony banknotes, passports and other documents. At this point, the researchers cannot identify individual printers, but they have developed software that could be used to place a "fingerprint" in each printer's firmware.-http://news.bbc.co.uk/2/hi/technology/3753886.stm
-http://www.techweb.com/article/printableArticle.jhtml;jsessionid=XB3UF3S22L1UYQS
NDBGCKHSCJUMEKJVN?articleID=49901439&site_section=700031
India Urged to Implement Strong Cyber Crime and Information Security Laws (12 October 2004)
US Undersecretary of Commerce Kenneth Juster said that India needs to put in place laws that protect information from being stolen, as US companies are increasingly outsourcing work to India. Juster cited the Council of Europe's Convention on Cybercrime as a good example of an initiative that encourages the strengthening of laws against cyber crimes and facilitates international cooperation in prosecuting cyber criminals.-http://www.informationweek.com/showArticle.jhtml?articleID=49901030
===end===
NewsBites Editorial Board: Kathy Bradford, Roland Grefer, Stephen Northcutt, Alan Paller, John Pescatore, Marcus Ranum, Howard Schmidt, Bruce Schneier, Eugene Schultz, Gal Shpantzer, Koon Yaw Tan
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/
