SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume III - Issue #50
December 12, 2001
Following up on the announcement of the new Roadmap to Network
Security poster that's inside the SANS2002 brochure arriving this month
(Orlando April 1-7, http://www.sans.org/SANS2002.php):
(1) SANS recent alumni all over the world (not just North America)
will also be getting the posters via surface mail.
(2) When you get the SANS 2002 program, bend the staples to take out
(3) As part of creating the posters, we persuaded 22 vendors to
supply white papers - many of which are light on promotion and
great on education. You may download any or all of them from
The SANS Weekly Security News Overview
Volume 3, Number 50 December 12, 2001
TOP OF THE NEWS10 December 2001 Israeli Teens Under House Arrest for Goner Worm
10 December 2001 Anti-Virus Companies Won't Accommodate Magic Lantern
6 December 2001 CA Governor Halts Sale of Personal Data
4, 5 & 6 December 2001 New AES Approved
30 November 2001 Wireless Security Advice
THE REST OF THE WEEK'S NEWS8 December 2001 Fleet Security Hole Fixed
7 & 8 December 2001 Dept. of Interior Shut Off From Internet Access
7 December 2001 Online Fraudsters Sentenced
7 December 2001 Outlook Web Access Security Hole
6 & 7 December 2001 Two Sites Expose Customer Information
5, 6 & 7 December 2001 Hacker Discovers, Helps Repair WorldCom Security Holes
6 December 2001 Intrusion Detection Systems
5 December 2001 CERT/CC Hit With Denial-of-Service Attack
5 December 2001 Football Association Computers Stolen
3 December 2001 FBI to Create Cybercrime Division
3 December 2001 Visa's New E-Shopping Security Service
***************** Sponsored By Check Point Software ******************
Feature Pack 1--Simpler and Faster
Check Point Next Generation Feature Pack 1 (FP1), a major release
built on Check Point Next Generation, makes VPNs simple and fast with
its One-Click VPN technology and SecureXL performance.
TOP OF THE NEWS
10 December 2001 Israeli Teens Under House Arrest for Goner WormFour Israeli teenagers have admitted writing and spreading the Goner worm; they are now under house arrest. Due to their age, they face maximum jail sentences of 2.5 years.
10 December 2001 Anti-Virus Companies Won't Accommodate Magic LanternAnti Virus companies say they do not want to write loopholes into their software that would allow the FBI's Magic Lantern keystroke Trojan to pass through undetected. Not only would crackers try to exploit the hole, but companies would lose their credibility in an international market.
6 December 2001 CA Governor Halts Sale of Personal DataCalifornia Governor Gray Davis has imposed a 45-day moratorium on the sale of birth and death records to private companies who were publishing the information on the Internet after state legislators became concerned the information could be used to steal people's identities.
4, 5 & 6 December 2001 New AES ApprovedThe Commerce Department has approved the new Advanced Encryption Standard (AES) for use by the federal government. The new standard uses an algorithm called Rijndael, which was developed by two Belgian cryptographers and employs 128, 192 and 256-bit encryption. The US government will allow export of software that uses AES. The selection of the new AES was the culmination of a nearly 5-year process that included substantial input from the private sector throughout the world. ]
[Editor's (Denning) Note: The standard is not just for the federal government. Anyone can use it and I expect it will be widely adopted. ]
30 November 2001 Wireless Security AdviceDaniel Lange, an IT strategist at BMW Group in Munich, details some wireless security concerns and offers advice, including treating systems using 802.11 as if they are external, being selective about what information is transmitted over wireless LANs, and logging everything.
[Editor's (Murray) Note: Like much of the advice in this space, this is bad. Use end-to-end encryption. All else is wishful thinking. ]
THE REST OF THE WEEK'S NEWS
8 December 2001 Fleet Security Hole FixedA security hole in a Fleet Credit Card services web site exposed sensitive details, including social security numbers and account numbers, for an enormous number of transactions. The customer who discovered the vulnerability contacted MSNBC after Fleet failed to return his calls. A Fleet spokesperson said that a review of the logs shows that fewer than 100 records were viewed, and that all affected customers were being notified. The site was taken down and repaired.
7 & 8 December 2001 Dept. of Interior Shut Off From Internet AccessThe US Department of the Interior's access to the Internet was shut off after a computer security test revealed American Indian trust fund accounts were vulnerable to hackers. A judge presiding over a class action lawsuit alleging mismanagement of the funds ordered all computers with access to the funds be closed off from the Internet.
(please note this site requires free registration)
7 December 2001 Online Fraudsters SentencedFive people who conspired to defraud online banks received sentences ranging from community service to 2.5 years in jail.
7 December 2001 Outlook Web Access Security HoleCrackers can gain control of Outlook Web Access users' mailboxes by embedding malicious code in e-mail messages. While the intruders could delete messages and send messages in the guise of the targeted user, they cannot exploit the hole to launch a mass-mailing attack. A patch for the hole is available from Microsoft.
6 & 7 December 2001 Two Sites Expose Customer InformationA UK sports equipment e-retailer was using a database query string to check orders; the method allowed anyone fiddling with the invoice number in the URL to view other customers' order information. Furthermore, the database used to store the information was not encrypted. Once notified of the security hole, the company moved quickly to fix the problem.
5, 6 & 7 December 2001 Hacker Discovers, Helps Repair WorldCom Security HolesHacker Adrian Lamo discovered security holes in WorldCom Inc.'s network that afforded him access to WorldCom customers' networks. Lamo worked with WorldCom to fix the problems. While a WorldCom spokesperson expressed appreciation for Lamo's guidance, security analysts aren't so sure that's the right reaction.
[Editors' (multiple) Note: People who break into systems without authorization do not deserve any kind of praise. ]
6 December 2001 Intrusion Detection SystemsThis article describes how intrusion detection systems (IDSs) enhance network security infrastructure, explains the difference between host- based and network-based systems and enumerates IDS detection techniques.
5 December 2001 CERT/CC Hit With Denial-of-Service AttackThe Computer Emergency Response Team's Coordination Center (CERT/CC) was the target of a denial-of-service attack last week. While the group was still able to get security incident information to its members, web site access was unreliable. CERT/CC did not release details about the attack.
5 December 2001 Football Association Computers StolenThieves stole laptop computers, hard drives and computer disks from England's Football Association's London headquarters. The information contained on the stolen items includes team travel plans, security arrangements and bank information.
3 December 2001 FBI to Create Cybercrime DivisionAs a part of its current reorganization, the FBI will form a cybercrime division. There was no word on where the Agency's National Infrastructure Protection Center (NIPC) will fit in the new system.
3 December 2001 Visa's New E-Shopping Security ServiceVisa USA's new on-line shopping security program, Verified by Visa, confirms buyers' identities with a password. The purpose of this control is to resist merchant replay attacks.
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail firstname.lastname@example.org with the subject: Subscribe NewsBites
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz