SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume VIII - Issue #43
May 30, 2006
Surprising stories are coming to light on how log management systems are improving security: catching insider thieves, finding phishing sites, stopping virus and worm outbreaks and many more. A dozen pioneering users will be sharing the innovative applications they have discovered and lessons they learned at the Log Management Summit in Washington DC in July. Information: http://www.sans.org/logmgtsummit06
TOP OF THE NEWS
House Committee Approves Cybersecurity Enhancement and Data Protection ActSymantec Acknowledges Stack Overflow Flaw in AV Software
Barclays Offers Free AV Software to Online Banking Customers
THE REST OF THE WEEK'S NEWS
ARRESTS, CONVICTIONS AND SENTENCESSuspected Digital Pirates Arrested in Bulgaria
Two Arrested for Attempted MySpace.com Cyber Extortion
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
DOD Report Says China Developing Information Warfare Units
POLICY & LEGISLATION
Lord Says CMA Amendment Goes Too Far
COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
FTC Reaches Settlement with File Sharing Website Operator
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Windows 2000 File Sharing Protocol Flaw was Patched Over a Year Ago
Microsoft Investigating Phony Patch eMail
Microsoft Advises Avoiding Third-Party Word Patch
ATTACKS & INTRUSIONS & DATA THEFT & LOSS
Sacred Heart University Suffers Data Security Breach
************ SPONSORED BY SECURE WEB APPLICATION DEVELOPMENT ************
"Great course. Validates programming practices you currently use but points out many you never thought of." ( Tina Rogerson, SAIC)
She's talking about "Writing Secure Web Applications: Developers Course," the best course in the nation for programmers who want to make sure they create secure software. July 12-14 Washington, DC Registration information: http://www.sans.org/sansfire06/description.php?tid=394
*************************************************************************
TOP OF THE NEWS
House Committee Approves Cybersecurity Enhancement and Data Protection Act (25 May 2006)
The US House of Representatives Judiciary Committee has approved the Cybersecurity Enhancement and Data Protection Act of 2006. If it becomes law, the bill would make the use of botnets a federal crime and provide for sentences of up to 30 years for violations of certain portions of the law. It would also give US$10 million to the FBI, Department of Justice and Secret Service for cybercrime investigation and prosecution. Furthermore, failing to inform the FBI or Secret Service of a security breach that affects 5,000 or more individuals would "be punishable by up to five years in prison."-http://www.scmagazine.com/uk/news/article/561126/stronger+cybersecurity+bill+pas
ses+house+committee/
Symantec Acknowledges Stack Overflow Flaw in AV Software (28/27/26 May 2006)
Symantec has acknowledged the existence of a stack overflow flaw in its antivirus software that could be exploited to steal data, delete files, crash vulnerable system or allow remote execution of arbitrary code with system level rights. According to the reports, the exploits do not require user interaction. The flaws reportedly affect Symantec Antivirus 10.x and Symantec Client Security 3.x. Symantec has released intrusion detection signatures to help customers "detect attempts to exploit the issue."-http://isc.sans.org/diary.php?storyid=1368
-http://www.itp.net/news/print.php?id=20788&prodid=&category=
-http://www.eweek.com/print_article2/0,1217,a=179437,00.asp
-http://money.cnn.com/2006/05/26/technology/symantec.reut/index.htm
-http://us.cnn.com/2006/TECH/internet/05/25/antivirus.flaw.ap/index.html
-http://www.vnunet.com/vnunet/news/2157047/flaw-found-symantec-anti-virus
Barclays Offers Free AV Software to Online Banking Customers (26 May 2006)
Barclay's bank is purchasing antivirus software for all 1.6 million of its online banking customers. The software will update automatically once it is installed. The bank also plans to deploy a text-messaging system to inform customers when funds are transferred with the use of their online banking details. A Barclays' spokesperson said the free antivirus software is not a bid to limit the bank's liability in the event of fraudulent activity.-http://news.bbc.co.uk/2/hi/technology/5019856.stm
[Editor's Note (Honan): Well done to Barclays for taking these two steps to protect their customers. Not only is this a good example of using security as a marketing tool, but it is also shows how implementing security measures may cut costs. Over time, the cost of implementing these measures will probably be recouped from the time and resources that may otherwise have been spent in dealing with security breaches. ]
THE REST OF THE WEEK'S NEWS
ARRESTS, CONVICTIONS AND SENTENCES
Suspected Digital Pirates Arrested in Bulgaria (27 May 2006)
Bulgarian police have arrested two men who have allegedly been making millions of songs and hundreds of movies available for download from a Bulgarian website. Website users were able to download as many songs and files as they chose for a four lev (US$2.50) monthly fee.-http://news.com.com/2102-7348_3-6077699.html?tag=st.util.print
Two Arrested for Attempted MySpace.com Cyber Extortion (25 May 2006)
Undercover detectives from the Electronic Crimes Task Force in Los Angeles arrested two New York State men on charges of illegal computer access, sending a threatening letter for extortion and attempted extortion. Shaun Harrison and Saviero Mondelli allegedly broke into MySpace.com to steal members' personal data; they had threatened to share their intrusion methods unless MySpace.com paid the pair US$150,000. They were arrested in Los Angeles by undercover officers posing as MySpace employees; the pair had traveled to the west coast to collect the money they had demanded. If convicted of charges against them, the men face four years in prison; a hearing is scheduled for June 5.-http://www.theregister.co.uk/2006/05/25/myspace_hack_charges/print.html
-http://www.iht.com/articles/2006/05/25/business/thugs.php
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
DOD Report Says China Developing Information Warfare Units (25 May 2006)
A report from the US Department of Defense says China's "People's Liberation Army (PLA) is developing information warfare reserve and militia units and has begun incorporating them into broader exercises and training." The "Annual Report to Congress: Military Power of the People's Republic of China 2006" says the information warfare units could support physical forces by launching attacks on foreign government and commercial computer networks as well as defending China's own networks. The PLA started incorporating offensive computer network operations into military exercises last year.-http://www.fcw.com/article94650-05-25-06-Web
POLICY & LEGISLATION
Lord Says CMA Amendment Goes Too Far (25 May 2006)
Lord Northesk, a UK Tory peer, said he would fight a proposed amendment to the Computer Misuse Act (CMA) because it could be used to prosecute IT professionals and police. Lord Northesk, who is also a security expert, says Section 41 of the bill would criminalize those who create or distribute tools that could be used for breaking into computer systems. The problem lies in the wording of Section 41, which reads "A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article (a) intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3[of the CMA ]
; or (b) believing that it is likely to be so used."
-http://www.zdnet.co.uk/print/?TYPE=story&AT=39271086-39020375t-10000025c
COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
FTC Reaches Settlement with File Sharing Website Operator (26 May 2006)
The US Federal Trade Commission has reached a settlement with Cashier Myricks who sold memberships to his website, mp3downloadcity.com, with the claim that members would be able to use peer-to-peer file sharing programs to share copyrighted materials without running afoul of copyright law. The terms of the settlement dictates that Myricks refrain from making false claims about P2P services, disclose to people the liabilities inherent in downloading copyrighted content without the owner's permission and refund in excess of US$15,000 to the people who joined his web site.-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9000790
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Windows 2000 File Sharing Protocol Flaw was Patched Over a Year Ago (29 May 2006)
Microsoft says that a vulnerability reported by a third party in the Windows 2000 file sharing protocol is not new and was in fact patched in February 2005. While the method of exploiting the flaw is new, users who have applied the patch from MS05-011 are protected.-http://isc.sans.org/diary.php?storyid=1358
-http://www.itnews.com.au/newsstory.aspx?CIaNID=33094
Microsoft Investigating Phony Patch eMail (29 May 2006)
Microsoft is investigating email messages with spoofed "from" fields that appear to come from patch@microsoft.com and purport to be a patch for a flaw in the WinLogon Service. The email is suspected to be coming from bots. According to a Microsoft spokesperson, there is no such vulnerability and users should ignore the email.-http://isc.sans.org/diary.php?storyid=1370
-http://www.zdnet.com.au/news/security/print.htm?TYPE=story&AT=39257447-20000
61744t-10000005c
[Editor's Note (Schultz): Microsoft's advice is 100 percent correct. Third-party patches spell nothing but trouble. Waiting to install vendor supplied patches is the only way to go. There are always workarounds that provide temporary fixes until vendor supplied patches are available. ]
Microsoft Advises Avoiding Third-Party Word Patch (24 May 2006)
Microsoft is advising customers to steer clear of a third-party patch for a recently disclosed vulnerability in Microsoft Word. Microsoft has promised it will issue a patch for the flaw by June 13, and has suggested workarounds for users to protect themselves from attacks until the patch is available. Microsoft frowns on using outside patches as a rule.-http://www.itnews.com.au/newsstory.aspx?CIaNID=32917
ATTACKS & INTRUSIONS & DATA THEFT & LOSS
Sacred Heart University Suffers Data Security Breach (26 May 2006)
Sacred Heart University in Fairfield, CT has acknowledged that it detected a computer intrusion on May 8. The police and the FBI have been notified and have begun investigating the incident. According to an area television station, the school has notified 135,000 individuals that their personal data may have been exposed. The school has not released any more details about when the breach occurred or what information was exposed. According to a posting on the university's web site, an investigation utilizing school resources and an independent Internet security firm is also underway.-http://news.com.com/2102-7349_3-6077212.html?tag=st.util.print
-http://www.sacredheart.edu/pages/13456_computer_security_alert.cfm
*************************************************************************
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/
