Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume III - Issue #21

May 23, 2001


The first benchmark for measuring security on servers was published last
week (along with automated tools for instant measurement). Two
surprises: (1) some of the top names in security had systems that got
low scores; and (2) those same folks corrected the problems fast, in
part because the code to correct the problems is delivered along with
the tools. If you have a Solaris system, download the benchmarks and
tools today from www.cisecurity.org. Windows 2000 and other systems will
follow. Because the benchmarks are the consensus product of 140 large
user organizations around the world, they are the best hope yet to
answer the question that top management asks, "What do we need to do to
protect ourselves against legal liability from weakly protected
computers?"

Online versions of Intrusion Detection, Incident Handling and Hacker
Exploits, and Windows NT Security courses have recently been added to
SANS Security Essentials (see http://www.sans.org/giactc/online.htm).
Most people who take online programs tell us the frequent quizzes ensure
mastery and improve their confidence in the material.

AP

TOP OF THE NEWS

23 May 2001 Attrition.org Will No Longer Track Web Defacements
16, 17, & 18 May 2001 Cheese Worm Tries to Repair Lion Damage
17 May 2001 Site Never Got Shopping Cart Software Flaw Notice
14 May 2001 Testing Security
15 & 16 May 2001 Microsoft Will Sign Safe Harbor Agreement

THE REST OF THE WEEK'S NEWS

22 May 2001 National Infrastructure Protection Center Criticized
18 May 2001 e-Commerce Security Problems
17 May 2001 Mawanella Worm
16 & 17 May 2001 Love Bug Variant Tries to Attract Echelon's Attention
16 May 2001 Call Off The Virus Challenge
16 May 2001 Cracker Path Traced Through German University Computer
16 May 2001 UK Conservative Party Web Vulnerabilities Exposed
15 & 16 May 2001 Microsoft Releases IIS Patches
15 May 2001 Worm Poses as Virus Warning
14 & 15 May 2001 Windows XP Build Downloaded
13 May 2001 Suspension for Hacking Has Tragic Results
11 May 2001 Teen Charged with Hacking Emergency Radio System
10 May 2001 Gateway Customer Information Exposed


******************* Sponsored by Guidance Software *******************
ENCASE COMPUTER FORENSIC SOFTWARENEW VERSION ADDS UNIX SUPPORT
Industry-leading forensic software, EnCase v3, adds UFS support,
analysis of striped RAID sets, Timeline Viewer, plus many new features.
EnCase -- a comprehensive, non-invasive Windows-based solution-- images,
searches and analyzes entire drives, recovering even deleted files and
hidden data.
Visit: http://www.EnCase.com
**********************************************************************

TOP OF THE NEWS

23 May 2001 Attrition.org Will No Longer Track Web Defacements

Citing criticism and a workload sometimes exceeding 100 defaced sites a day, the generous volunteers at attrition.org said today, "Maintaining the mirror site has become a thankless chore."
-http://www.nj.com/newsflash/index.ssf?/cgi-free/getstory_ssf.cgi?f0002_BC_Hacker
SiteRetires&&news&newsflash-financial

16, 17, & 18 May 2001 Cheese Worm Tries to Repair Lion Damage

The Cheese worm attempts to repair damage caused by the Lion worm. While the Cheese worm may have good intentions, it nonetheless is an intrusion, and could easily be tweaked to become malicious.
-http://www.theregister.co.uk/content/6/19029.html
-http://www.idg.net/go.cgi?id=477634
-http://www.zdnet.com/zdnn/stories/news/0,4586,5083014,00.html
-http://www.cert.org/incident_notes/IN-2001-05.html
[Editor's (Murray) Note: Whatever the intention, it is rude to attempt to run your program on another's computer without their authorization or permission. It is hubris to believe that you are smart enough to do that without causing loss of trust or other damage. ]

17 May 2001 Site Never Got Shopping Cart Software Flaw Notice

When a serious security vulnerability was found in PDG shopping cart software last month, the company e-mailed all its customers informing them of the problem and also issued a fix. A company that bought the software from a reseller never received the warning, and many of its customers have experienced the fraudulent charges made to their credit cards.
-http://www.msnbc.com/news/574294.asp?0nm=T21B
[Editor's (Paller) Note: This story raises a fundamental issue that may ultimately lead to legislation. To what extent must software vendors be held liable for verifiable notice and correction of critical security vulnerabilities. Is a software package that puts patients at risk in a hospital so different from a crib that puts children at risk in their bedrooms? Why is the software industry allowed to deliver provably unsafe systems when automobile manufacturers are not allowed to deliver cars that are unsafe? ]

14 May 2001 Testing Security

Sm@rt Partner Technology editor David Raikow maintains that conscientious testing is the best way to strengthen application and operating system security. While so-called "hacker challenges" may provide helpful ancillary tests, they are often little more than publicity stunts.
-http://www.zdnet.com/zdnn/stories/comment/0,5859,2760262,00.html
[Editor's (Cowan) Note: Great perspective on the realistic limits to the benefits of "hacker challenges." ]

15 & 16 May 2001 Microsoft Will Sign Safe Harbor Agreement

Microsoft has announced it will sign the US/EU safe harbor agreement that requires adherence to strict data privacy standards. This is especially significant because a large number of other US companies have not signed the agreement.
-http://www.wired.com/news/politics/0,1283,43800,00.html
-http://news.cnet.com/news/0-1005-200-5930589.html?tag=prntfr


******************* Also Sponsored by Trend Micro ********************
TREND MICRO ANTIVIRUS AT YOUR FIREWALL
Your firewall protects against hackers, not against viruses.You need
Trend Micro InterScan VirusWall to prevent viruses from entering your
network. Download a FREE 30-day trial copy NOW:
http://www.antivirus.com/banners/tracking.asp?si=19&bi=223&ul=/products/
isvw

**********************************************************************


THE REST OF THE WEEK'S NEWS

22 May 2001 National Infrastructure Protection Center Criticized

Citing understaffing and lack of support, The US General Accounting Office told Congress that the NIPC often fails to give timely warning of attacks. Despite the problems, the GAO said some alerts had been issued in time to avert damage.
-http://www.computerworld.com/cwi/story/0,1199,NAV47_STO60773,00.html.html
-http://washingtonpost.com/wp-dyn/business/A61449-2001May22.html

18 May 2001 e-Commerce Security Problems

While the absence of privacy or security policies should give online shoppers pause, even sites that do post security policies can have weaknesses. While data may be encrypted during transfer, sites may not always store the data as securely. Additionally, third-party contractors may be vulnerable to data theft.
-http://www.pcworld.com/features/article/0,aid,49929,00.asp

17 May 2001 Mawanella Worm

The Mawanella worm, which arrives as a .vbs attachment, displays a political message after propagating itself via Outlook but does not carry a destructive payload. The message will appear on infected Windows 9X, NT, and 2000 machines even if they are not running Outlook.
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO60640,00.html
-http://www.zdnet.com/zdnn/stories/news/0,4586,5083078,00.html

16 & 17 May 2001 Love Bug Variant Tries to Attract Echelon's Attention

The comments in the code of VBS/LoveLet-CL, a variant of the Love Bug worm, are comprised of a string of terms apparently designed to alert and overwhelm electronic communication monitoring software systems. The journalist at The Register points out that the random conglomeration of words probably would not trigger Echelon's surveillance methods. The worm also overwrites certain files and can replicate via Internet Relay Chat (IRC).
-http://www.theregister.co.uk/content/6/19004.html
-http://www.zdnet.com/zdnn/stories/news/0,4586,5083050,00.html
-http://www.infoworld.com/articles/hn/xml/01/05/17/010517hnsophos.xml

16 May 2001 Call Off The Virus Challenge

Another security company has called for a halt to a virus-writing contest staged by a firewall company, claiming the competition will result in the creation of new viruses.
-http://63.108.181.201/2001/05/16/tww/0000-0220-tww_200105161518581_2.html

16 May 2001 Cracker Path Traced Through German University Computer

The crackers who stole US Navy satellite control software apparently took control of a German University computer to commit the theft, according to law enforcement and university officials.
-http://63.108.181.201/2001/05/16/eca/0186-0609-Germany-Crime..html

16 May 2001 UK Conservative Party Web Vulnerabilities Exposed

A cracker's scan of the UK Conservative Party web site turned up a number of vulnerabilities that revealed security patches had not been applied for more than a year. The information was posted to a Usenet forum and on the cracker's home page.
-http://www.theregister.co.uk/content/6/19000.html
[Editor's (Cowan) Note: Bill Arbaugh's informative paper documents how most security incidents resulted from exploiting known and un-patched security vulnerabilities.
-http://www.cs.umd.edu/~waa/vulnerability.html]

15 & 16 May 2001 Microsoft Releases IIS Patches

Microsoft has released patches for Internet Information Server (IIS) 4.0 and 5.0. The code for each of the patches includes previous patches. The Register points out that the wording of the Microsoft bulletin may be confusing, and that the patch may need to be reinstalled after users upgrade a service pack or reinstall an application.
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO60599,00.html
-http://www.theregister.co.uk/content/4/18976.html
-http://news.cnet.com/news/0-1003-200-5946732.html?tag=prntfr

15 May 2001 Worm Poses as Virus Warning

The VBS.Hard.A@mm worm arrives in the guise of a virus alert from Symantec. The worm, launched when users open a .vbs attachment, changes the default web page to a phony virus information page, propagates via Outlook, alters registry files, and displays a message on November 24.
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO60596,00.html
-http://news.cnet.com/news/0-1003-200-5933461.html?tag=prntfr

14 & 15 May 2001 Windows XP Build Downloaded

Due to a leaked tester logon, a small number of people were able to download an interim build of Windows XP. Microsoft said the site controls limit the number of downloads from one logon, and the software can be used only for two weeks before it needs to be renewed through Microsoft.
-http://www.zdnet.com/zdnn/stories/news/0,4586,2760606,00.html?chkpt=zdhpnews01
-http://news.cnet.com/news/0-1003-200-5924431.html?tag=prntfr

13 May 2001 Suspension for Hacking Has Tragic Results

A New Jersey teenager, suspended for hacking into his school district's computer system, committed suicide, apparently believing he would have gone to jail as punishment for his actions.
-http://www.nj.com/news/times/index.ssf?/news/times/05-13-CCQR1VHB.html

11 May 2001 Teen Charged with Hacking Emergency Radio System

A teenager who allegedly hacked into the Denver police emergency radio system, concocted false emergencies, and interfered with real calls has been charged with wire tapping, eavesdropping, and telecommunications fraud.
-http://www.rockymountainnews.com/drmn/local/article/0,1299,DRMN_15_455095,00.htm
l

10 May 2001 Gateway Customer Information Exposed

A routine request on Gateway's UK site yielded an Excel spreadsheet containing detailed information about the accounts of 449 customers. Gateway has evidently disabled the search function that exposed the data.
-http://www.theregister.co.uk/content/8/18867.html


==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites


Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Bill Murray,
Stephen Northcutt, Alan Paller, Eugene Schultz