SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume VIII - Issue #10

February 03, 2006

TOP OF THE NEWS

DHS Critical Infrastructure "Cyber Security" Exercise
Massachusetts Newspaper Subscriber Data Exposed

THE REST OF THE WEEK'S NEWS

HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
DHS Seeks Comments on Software Security Draft Documents
SPYWARE, SPAM & PHISHING
Verizon Wins Injunction Against Spammer
Couple Extradited to Israel to Face Charges in Cyber Espionage Trojan Case
COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
Nineteen Indicted in International Piracy Case
Time Warner to Sell Content Via P2P Network
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Mozilla Releases Firefox 1.5.0.1
Flaws Found in IE 7 Beta 2
AMD Discussion Forum Closed Briefly to Address WMF Exploit
Updated Version of Winamp Available
MISCELLANEOUS
Dell Laptop Specs Removed from Web

---

****************** SPONSORED BY SANS TRAINING **************************

World-Class Security Training Opportunities in the Next Few Weeks

SANS 2006 in Orlando (Feb 24 - March 4) 36 tracks of extraordinary training - the best instructors in the world, and a great security tools exposition. Lots of people are bringing their families to Orlando to join them at the end of the program. Plus: San Francisco, Phoenix, St. Louis, Brisbane, Tokyo, Ottawa

Or you can take SANS training anytime, anywhere with the new SANS On Demand. Details on these and other programs: www.sans.org

And the SCADA Security Summit is 76% full. If you want to attend, register this week. An amazing program. If you have any responsibility for control systems in industry or utilities - don't miss this program. http://www.sans.org/scadasummit06/

*************************************************************************

---

TOP OF THE NEWS

DHS Critical Infrastructure "Cyber Security" Exercise (31 January 2006)

The Department of Homeland Security (DHS) will conduct a cyber security exercise February 6-10, 2006. Dubbed "Cyber Storm," the exercise will include the Information Technology Information-Sharing and Analysis Center as well as Cisco Systems, Microsoft, Symantec and others involved in the cyber security industry. The exercise is designed to focus on cyber attacks "on critical infrastructure that is not traditionally evaluated from a cyber perspective" and to see how such attacks "play out and how people react to them."
-http://appserv.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&
story.id=38131
-http://www.fcw.com/article92160-01-31-06-Web&RSS=yes
-http://www.fcw.com/article92177-02-01-06-Web
[Editor's Note (Murray): Dr. Ruth David told a DHS advisory panel (on C-Span) that it was time to stop talking about protecting the infrastructure and start talking about resilience of the infrastructure.
(Schultz): The way this exercise is conducted will make all the difference in the world. Ideally, it will involve simulated incidents that are as close to real-life incidents as possible. In the worst case such an exercise could amount to nothing more than bureaucratic paper shuffling. ]

Massachusetts Newspaper Subscriber Data Exposed (2/1 February 2006)

The credit card and bank routing data belonging to an estimated 240,000 Boston Globe and Worcester (Mass.) Telegram & Gazette subscribers were exposed when recycled internal reports were used to print routing receipts, which are used to label bundles of newspapers. After being alerted to the problem, the Globe sent its delivery force to retrieve the routing slips; as of the printing of the Computerworld article, approximately 1,000 of the 9,000 skips had been recovered. The company has alerted credit card companies and banks to the data compromise and plans to inform customers by letter. There is also a hotline for people to call to find out if their data were among those exposed. A Gartner analyst observes that the incident highlights the importance of having in place a "holistic data security and data classification strategy that includes controls for information stored in backup tapes, storage devices and on paper."
-http://www.computerworld.com/printthis/2006/0,4814,108268,00.html
-http://www.silicon.com/financialservices/0,3800010322,39156120,00.htm
-http://www.theregister.co.uk/2006/02/02/globe_data_security_breach/print.html
[Editor's Note (Kreitner): This episode demonstrates once again that success or failure in security, like most other aspects of enterprise performance, occurs on the shop floor, in the hospital nursing unit, and in the routing slip print shop. This is why it is so important for managers at all levels to understand that operational execution at the lowest levels deserves their attention. Details matter. Credit goes to the Japanese for weaving Kaizen (loosely translated as "always making things better") into the cultural fabric of their enterprises. ]

---

*********************** SPONSORED LINK **********************************

1) Free webcast: Stop attacks that exploit software vulnerabilities, with host-based intrusion prevention. Featuring Gartner. http://www.sans.org/info.php?id=1008

************************************************************************* THE REST OF THE WEEK'S NEWS

---

THE REST OF THE WEEK'S NEWS

HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY

DHS Seeks Comments on Software Security Draft Documents (1 February 2006)

The Department of Homeland Security (DHS) has released two draft documents aimed at improving software security. Developed as part of DHS' Software Assurance Program under the National Strategy to Secure Cyberspace, "Security in the Software Lifecycle" is geared toward helping application developers and project managers create strategies that will increase the security of new products; "Secure Software Assurance - Common Body of Knowledge" is aimed at the private sector and institutions of higher education to help them develop "curricula to train people in software assurance." DHS is accepting public comment on both documents until February 21, 2006.
-http://www.fcw.com/article92172-02-01-06-Web

[Editor's Note (welcome back Bill Murray): One can still hope. However, we have known for decades about parameter checking; incomplete parameter checking still accounts for about 2/3 of the implementation-induced vulnerabilities in wintel and Unix systems. We have known for decades about the value of strongly-typed store; we do not use it. We have known for decades about the dangers of escape mechanisms; we still put them in without necessary controls. Ignorance is not the problem and not likely that pubs will solve it. Our basic model of (late) defect detection and removal is flawed; we have to prevent the defects in the first place. ]

SPYWARE, SPAM & PHISHING

Verizon Wins Injunction Against Spammer (2/1 February 2006)

Verizon Wireless has been granted a permanent injunction against Florida-based Passport Holidays that prevents the company from sending unsolicited text messages to Verizon Wireless customers. The injunction was granted under the Federal Telephone Consumer Protection Act. Passport will also pay Verizon US$10,000 in damages.
-http://news.com.com/2102-1037_3-6034104.html?tag=st.util.print
-http://www.wirelessweek.com/article/CA6304310.html

Couple Extradited to Israel to Face Charges in Cyber Espionage Trojan case (31 January 2006)

Ruth and Michael Haephrati have been extradited from the UK to Israel to face charges stemming from their alleged involvement in developing and distributing a cyber espionage tool used by companies to spy on competitors. The Haephratis, who are Israeli natives, allegedly earned GBP 2,000 (US$3,555) on each installation of the spyware. Twenty other people in the UK and Israel have been arrested in connection with the case.
-http://www.theregister.co.uk/2006/01/31/spyware_suspect_deportation/print.html

-http://today.reuters.co.uk/news/newsArticle.aspx?type=internetNews&storyID=2
006-01-31T114739Z_01_L31454049_RTRIDST_0_OUKIN-UK-CRIME-ISRAEL-SPYWARE.XML

COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT

Nineteen Indicted in International Piracy Case (1 February 2006)

The US Attorney in Chicago has announced indictments against 19 people who are allegedly members of an international underground piracy group. US law enforcement agents are seeking extradition for two members of the group. According to prosecutors, the group's members pirated software, movies and games valued at more than US$6.5 million. The members apparently pirated the content for their own use rather than for profit. Those indicted face charges of conspiracy to commit copyright infringement; if convicted, they could face up to five years in prison, a fine of up to US250,000 and restitution payment.
-http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,10
8288,00.html

Time Warner to Sell Content Via P2P Network (31/30 January 2006)

Time Warner plans to launch a peer-to-peer service to distribute copies of its movies and television programs for purchase. In2Movies will offer consumers movies the same day they are released on DVD for about the same price. When users purchase a film or program they will not download the content from a central server, but from a P2P network. Warner Bros. Home Entertainment group president Kevin Tsujihara said "One of the most effective weapons for defeating online piracy is providing legal, easy-to-use alternatives."
-http://news.bbc.co.uk/2/hi/entertainment/4665438.stm
-http://www.theregister.co.uk/2006/01/30/timewarner_moves_p2p/print.html

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES

Mozilla Releases Firefox 1.5.0.1 (2 February 2006)

Mozilla is urging Firefox users to upgrade to Firefox version 1.5.0.1. The updated version of the browser addresses a number of security flaws including a denial-of-service vulnerability and several "stability" fixes that are aimed at repairing issues of the browser hindering system performance. Firefox 1.5.0.1 is being pushed out as an automatic update; this is the first time Mozilla has used the automatic update feature for Firefox.
-http://www.eweek.com/print_article2/0,1217,a=170592,00.asp

-http://www.computerworld.com/printthis/2006/0,4814,108309,00.html
Internet Storm Center Information:
-http://isc.sans.org/diary.php?storyid=1091

Flaws Found in IE 7 Beta 2 (2/1 February 2006)

Within hours of Microsoft's release of the beta 2 preview of Internet Explorer (IE) 7, a flaw was found in the code that could crash the browser. The flaw could potentially be exploited to execute arbitrary code on vulnerable machines, according to the person who discovered the flaw, though a posting on Microsoft's IE development blog refutes that claim. Microsoft says that they are already developing a fix for the flaw. There have also been reports of installation trouble related to certain anti-spyware and antivirus tools.
-http://www.theregister.co.uk/2006/02/02/ie7beta_vuln/print.html
-http://www.computerworld.com/printthis/2006/0,4814,108279,00.html
-http://www.eweek.com/print_article2/0,1217,a=170549,00.asp
-http://news.com.com/2102-1002_3-6034054.html?tag=st.util.print

AMD Discussion Forum Closed Briefly to Address WMF Exploit (30 January 2006)

Advanced Micro Devices (AMD) closed an AMD discussion forum web site following the discovery of an exploit for the Microsoft Windows Meta File (WMF) flaw on the site. The exploit has been removed and the forums were back up later the same day. The company that maintains the forums apparently did not update its software. In January, Microsoft released a patch for the WMF flaws out of its normal monthly patch cycle.
-http://news.zdnet.com/2102-1009_22-6033068.html?tag=printthis
-http://www.toptechnews.com/story.xhtml?story_id=41307
[Guest Editor's Note (Johannes Ullrich of Storm Center): The AMD story is a good example why the advice to "only browse secure/trusted sites" makes no sense. (Northcutt): Even though this story is being picked up by the media, it isn't really news, there would be many web sites with similar problems. The key is to patch and the patch has been available since Jan 06, 2006:
-http://www.techworld.com/security/news/index.cfm?newsid=5102
For more background on the WMF please see:
-http://isc.sans.org/diary.php?storyid=994
(Honan): This incident does highlight that even if a patch is released to address a security flaw, the security flaw does not go away until everyone applies the patch. ]

Updated Version of Winamp Available (31 January 2006)

A flaw in Winamp version 5.12 could allow attackers to run arbitrary code on vulnerable machines by luring Winamp users into downloading maliciously crafted Winamp playlists. People still using Winamp 5.12 will "be greeted by a pop-up message" urging them to update to the newer version, Winamp 5.13.
-http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5271
-http://www.theregister.co.uk/2006/01/31/winamp_security_flap/print.html
-http://www.winamp.com/player/

MISCELLANEOUS

Dell Laptop Specs Removed from Web (2 February 2006)

Dell has removed content about specifications for future laptop computers from a Dell file transfer protocol (ftp) site and Google's cache after learning that the content was accessible through the Google search engine. Google uses software robots called "spiders" to crawl the web and find sites to ad to its index. The robots follow links from one site to another, so that sites can be placed in Google's index. Webmasters can prevent pages from being indexed and cached through the use of robot.txt documents and specific code.
-http://networks.silicon.com/webwatch/0,39024876,39156123,00.htm
[Editor's Note (Murray): Past time to get rid of ftp servers.]

---

===end===

NewsBites Editorial Board:
Kathy Bradford, Chuck Boeckman, Rohit Dhamankar, Roland Grefer, Brian
Honan, Clint Kreitner, Bill Murray, Stephen Northcutt, Alan Paller, John
Pescatore, Marcus Ranum, Howard Schmidt, Eugene Schultz, Gal Shpantzer,
Koon Yaw Tan

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/