Register now for SANS Cyber Defense Initiative 2016 and save $400.

Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume III - Issue #52

December 27, 2001


We wish everyone in the SANS community around the globe a healthy and happy year in 2002.

AP

TOP OF THE NEWS

20-24 December 2001 Windows UPnP Vulnerabilities Prompt Advice from NIPC
20 December 2001 Oracle's 9i Application Server Has Buffer Overflow Vulnerability
21 December 2001 CCBill Ecommerce Customers Infected
20 December 2001 Man to be Tried for Installing Distributed Computing Clients
19 & 20 December 2001 Universities in NY, Netherlands Targeted in Warez Raids
17 December 2001 Fast Packet Keying Addresses 802.11 Vulnerability

THE REST OF THE WEEK'S NEWS

24 December 2001 Microsoft-SQL Server Holes
24 December 2001 Top Ten Cyber Hoaxes
21 December 2001 Labor Department Addresses Cyber Security
21 December 2001 UCITA Changes Still Don't Satisfy Critics
21 December 21001 Russian Hacker Cuts Deal for Freedom
20 December 2001 PayPal Spam Scam Doesn't Pay Off
20 December 2001 Shoho Worm
20 December 2001 Microsoft Gold Security Program Offers Perks in Return for Delayed Public Disclosure
19 & 20 December 2001 Homeland Defense and Crisis Management Conference: Info Sharing
19 December 2001 Reeezak Worm
18 December 2001 Social Engineering Tactics
18 December 2001 Bill Seeks to Examine Possibility of Cyber-Congress
18 December 2001 Gartner Says Apply Patches and Demand Security
17 & 19 December 2001 Decentralization is a Good Protective Strategy
17 December 2001 Seventeen Year Old Becomes Youngest CISSP
17 December 2001 DES to AES Migration Will be Slow


**************** This issue sponsored by VIGILANTe *******************
Reactive Solutions - One Step Forward And Two Steps Backwards! So far, network and Internet security has revolved around reactive security measures such as firewalls, IDS, and anti-virus software. This is no longer adequate! Step into the 21st century of protection with the SecureScan(tm) offerings by VIGILANTe: State-of-the-art proactive vulnerability assessment solutions that will help you manage your risks instead of taking them!
Find out more! http://www.vigilante.com/info/SANS
***********************************************************************

TOP OF THE NEWS

20 December 2001 Man to be Tried for Installing Distributed Computing Clients

David McOwen, a former DeKalb Technical Institute computer technician, is facing felony computer theft and trespassing charges for installing distributed computing clients for a non-profit project on the school's computers. Under Georgia's stringent computer crime law, McOwen could draw a prison sentence of up to 120 years and a fine of $400,000 in addition to restitution payment.
-http://www.securityfocus.com/news/300

19 & 20 December 2001 Universities in NY, Netherlands Targeted in Warez Raids

The US Justice Department and international law enforcement agencies last week seized over 130 computers belonging to suspected software pirates around the world. Many of the people targeted in the raids have been providing law enforcement officials with information that has resulted in additional search warrants. The Rochester Institute of Technology and the University of Twente in Hilversum, the Netherlands were both targets in the raids.
-http://news.cnet.com/news/0-1005-200-8233279.html?tag=prntfr
-http://news.cnet.com/news/0-1005-200-8244958.html?tag=prntfr

17 December 2001 Fast Packet Keying Addresses 802.11 Vulnerability

RSA and Hifn have developed a technology called Fast Packet Keying which addresses a security vulnerability in the 802.11 wireless standard. The encryption algorithm created closely related keys for successive data packets which enabled hackers to crack the code and access network traffic. The fix, which is available as a software or a firmware patch, generates keys which are less similar.
-http://www.cnn.com/2001/TECH/internet/12/17/rsa.security.reut/index.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO66607,00.html
[Editor's (Murray) Note: While this fix is helpful, it does not address the two big 802.11 vulnerabilities, i.e., encryption not turned on and rogue access points. It does not help much to strengthen a mechanism that no one turns on or that is easily bypassed.
(Northcutt) Wireless Access Points are being deployed rapidly so this is a significant issue. It seems likely the Trojans of the future will include technology to turn infected wireless-equipped systems into sniffers. Fast Keying may prove to be mostly a band-aid type solution, but it could buy the community some needed time. ]

THE REST OF THE WEEK'S NEWS

24 December 2001 Microsoft SQL Server Holes

Microsoft has revealed two flaws in SQL Server 2000 and 7.0. The first flaw is a buffer overflow vulnerability that could allow an attacker to gain control of the server and reconfigure the operating system or reformat the hard drive. The second flaw is a format string vulnerability that could be exploited for a denial-of-service.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO66936,00.html
-http://www.microsoft.com/technet/security/bulletin/MS01-060.asp

24 December 2001 Top Ten Cyber Hoaxes

A list of the top ten Internet hoaxes includes links to debunking and urban myth sites like Vmyths.com, HoaxBusters, and Urban Legends Reference.
-http://www.cnn.com/2001/TECH/internet/12/24/internet.hoaxes.idg/index.html

21 December 2001 Labor Department Addresses Cyber Security

In an effort to protect its employees, the Labor Department is looking into ways to prevent unauthorized people from accessing sensitive information on its computer systems.
-http://www.fcw.com/fcw/articles/2001/1217/web-labor-12-21-01.asp

21 December 2001 UCITA Changes Still Don't Satisfy Critics

The panel drafting the Uniform Computer Information Transactions Act (UCITA) software licensing law have backed away from several controversial provisions, including remote software disabling and reverse-engineering prohibition. UCITA critics say the law is still problematic.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO66888,00.html

21 December 21001 Russian Hacker Cuts Deal for Freedom

Dmitri Sklyarov, arrested in the United States under a controversial digital copyright law, soon will be free to return home to Moscow under a deal reached with prosecutors last week
-http://chicagotribune.com/technology/chi-0112210063dec21.story?coll=chi%2Dtechno
logy%2Dhed

20 December 2001 PayPal Spam Scam Doesn't Pay Off

Not many people appear to have been fooled by a phony PayPal e-mail asking customers to update their information - including credit card details - at a phony web site in return for a $5 account credit.
-http://www.theregister.co.uk/content/6/23479.html

20 December 2001 Shoho Worm

The Shoho worm exploits the automatic execution of embedded MIME types Internet Explorer vulnerability. The attached file appears to be a .txt file but is really an .exe file; it deleted Windows files and self-propagates via e-mail. Patches are available for the security hole.
-http://www.zdnet.com/zdnn/stories/news/0,4586,2834295,00.html?chkpt=zdnnp1tp02
for IE 5.01:
-http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
for Outlook 98:
-http://hotfiles.zdnet.com/cgi-bin/texis/swlib/hotfiles_zdnet/info.html?fcode=001
8YB&b=help

for Outlook 2000:
-http://hotfiles.zdnet.com/cgi-bin/texis/swlib/hotfiles_zdnet/info.html?fcode=001
8YA&b=help

20 December 2001 Microsoft Gold Security Program Offers Perks in Return for Delayed Public Disclosure

Participants in Microsoft's Gold Certified Partner Program for Security Solutions will receive a plethora of security references and links, technical training, software licenses in return for a $1,450 annual fee and adherence to the company's security vulnerability disclosure code.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO66799,00.html

19 & 20 December 2001 Homeland Defense and Crisis Management Conference: Info Sharing

Panelists at the Homeland Defense and Crisis Management conference said local, state and federal law enforcement agencies, intelligence organizations, and government officials at all levels need to share information to forestall future terrorist attacks. Certain obstacles need to be overcome, however; groups use differing methods of communication, radio frequencies and terminology.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO66770,00.html
Local police chiefs may apply to the Department of Justice for national security clearance so they can share information during national emergencies.
-http://www.gcn.com/vol1_no1/daily-updates/17654-1.html

19 December 2001 Reeezak Worm

Reezak is a mass-mailer worm that appears to be a Flash media Christmas card, but carries an additional, malicious payload. Reezak tries to delete the Windows System directory, disables anti-virus software and redirects Internet Explorer to a web site infested with malicious JavaScript. Security patches are available.
-http://www.zdnet.com/zdnn/stories/news/0,4586,2833811,00.html
-http://www.msnbc.com/news/675233.asp?0dm=T22AT

18 December 2001 Social Engineering Tactics

Crackers use a variety of social engineering tactics to obtain access to computer systems. They can exploit the good will of people working the help desk, peer over shoulders to gather PINs and passwords, sift through trash, impersonate network administrators on line, or even pretend to be trusted support personnel to gain physical access to computers. A future installment will address identification and prevention of social engineering attacks.
-http://www.securityfocus.com/infocus/1527
[Editor's (Murray) Note: "Social engineering" is a euphemism for fraud and deceit. ]

18 December 2001 Bill Seeks to Examine Possibility of Cyber-Congress

Representative Jim Langevin (D-Rhode Island) has introduced a bill that would require the National Institutes of Standards and Technology (NIST) to conduct a study to assess the feasibility and cost of a computer system that would allow Congress to convene remotely.
-http://www.fcw.com/fcw/articles/2001/1217/web-econg-12-18-01.asp

18 December 2001 Gartner Says Apply Patches and Demand Security

Companies should apply patches to servers running AIX or Solaris and PCs running IE 5.5 or 6, according to Gartner, because it is likely a worm like Nimda will surface in the next month or two to take advantage of known and dangerous vulnerabilities. In addition, companies should make security an important criterion in their platform purchasing and software upgrading decisions.
-http://news.cnet.com/news/0-1003-201-8209166-0.html?tag=prntfr

17 & 19 December 2001 Decentralization is a Good Protective Strategy

The September 11 attacks have prompted some companies to decentralize their organizations, placing smaller groups of employees in more locations.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO66660,00.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO66774,00.html
[Editor's (Murray) Note: What are really addressed in the article are compartmentalization and diversity more than decentralization. ]

17 December 2001 Seventeen Year Old Becomes Youngest CISSP

A 17-year-old aced the CISSP examination and received his credential after an investigation instigated by his unusually young age. Namit Merchant, who has been working in IT since he was 13 and currently works for a consulting firm while finishing high school, said the test should incorporate "more practical knowledge."
-http://www.securityfocus.com/news/301

17 December 2001 DES to AES Migration Will be Slow

Analysts say the move from the Data Encryption Standard (DES) to the recently adopted Advanced Encryption Standard (AES) is likely to be slow; technology standards bodies need to approve it, products incorporating AES have not yet been developed, and companies will probably wait until low-cost implementations are available.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO66662,00.html


==end==

Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, (and for free posters) e-mail sans@sans.org with the subject: Subscribe NewsBites

Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin, Bill Murray, Stephen Northcutt, Alan Paller, Marcus Ranum, Howard Schmidt, Eugene Schultz