Last Day for MacBook Air, Dell XPS 13, or $600 Off with Online Training

Newsletters: Newsbites


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume III - Issue #6

February 07, 2001


A clarification about SANS2001 (Baltimore Inner Harbor, May, 2001):
Yes, all of the GIAC certification tracks will be taught at SANS 2001,
and you may take the tracks there without attempting certification.
Several of the tracks are also being taught at regional conferences in
Orlando, Portsmouth, Denver, Dallas, Honolulu, Washington, and London,
where you'll find smaller class sizes. Also at SANS 2001 is the largest
security exposition and 50 highly-rated one-day courses. But what you
may not have noticed is the five-track Technical Conference at SANS 2001
has a wonderful program- with two special bonus tracks - one for
managers featuring a Gartner Group expert speaking on the future of
security and a selection the top rated speakers in the security field,
and a second bonus track specifically for university security managers
and experts. Please encourage your security managers and others who may
want to immerse themselves in advanced training to consider the SANS2001
Technical Conference. Details may be found at: http://www.sans.org/SANS2001.htm

AP

TOP OF THE NEWS

4 February 2001 World Economic Forum Member Data Stolen
2 February 2001 ISC Plans BIND Info Exchange
29 & 31 January 2001 BIND Vulnerabilities
1 February 2001 AOL Password Stealing Trojan
31 January 2001 AOL Fighting ICQ Impersonation Software
29 January 2001 Microsoft Admits Inadequate Security, Makes Deal with Akamai

THE REST OF THE WEEK'S NEWS

2 February 2001 Granick Interview
2 February 2001 Los Alamos Hacker Free Due to Oversight
2 February 2001 Congressional Privacy Caucus
1 February 2001 Trojan Targets NAI
1 February 2001 New Virus Methods
1 February 2001 GAO Report Critical of DC's DPW Security
1 February 2001 NSA Aims to Develop More Secure Computer
1 February 2001 ILOVEYOU Virus May be Product of Cyber Gangs Attacking One Another
30 January 2001 TCPA to Release Security Standard Specifications
29 January 2001 Content Delivery as Defense Against DDoS
28 January 2001 Web Application Security
28 January 2001 Hotmail Not Intercepting Emmanuel Virus
January 2001 Virus Basics



************* This issue sponsored by SurfControl, Inc. **************
WORMS, VIRUSES, TROJAN HORSES...
Relying on your firewall for complete network protection? You're leaving
yourself vulnerable to a host of harmful threats. SurfControl adds an
extra layer of security. Monitor/manage all traffic down to the port
level.
FREE 30-Day Trial: http://www.surfcontrol.com/promo/SNB0207
**********************************************************************

TOP OF THE NEWS

4 February 2001 World Economic Forum Member Data Stolen

Crackers have apparently stolen personal information about members and guests of the World Economic Forum (WEF) in Davos, Switzerland. The compromised computer may have been at the Forum's registration center.
-http://news.bbc.co.uk/hi/english/business/newsid_1152000/1152966.stm
-http://www.msnbc.com/news/526270.asp?0nm=-11O

2 February 2001 ISC Plans BIND Info Exchange

The Internet Software Consortium (ISC) will create a fee-based information exchange to keep its customers abreast of any new security Berkeley Internet Name Domain (BIND) issues as they arise. Members will be required to use encrypted e-mail when discussing BIND software. ISC is reluctant to publish security concerns on a public list because attackers would get the information at the same time as those who need to secure their systems. Critics say that responsible discussion leads to better security.
-http://news.cnet.com/news/0-1003-201-4697364-0.html?tag=prntfr
[Editor's (Cowan) Note: This editor is wondering what kind of drugs the ISC is on. ]

[Editor's (Murray) Note: Are you part of the solution or the problem? Choose. ]

29 & 31 January 2001 BIND Vulnerabilities

Four serious security holes in the Berkeley Internet Name Domain (BIND) server software could allow crackers to gain control of the machines and to plant DDoS code. The Internet Software Consortium (ISC), which makes the BIND software, expected to have a fix ready by Monday, February 5th.
-http://www.gcn.com/vol1_no1/daily-updates/3594-1.html
-http://www.infoworld.com/articles/hn/xml/01/01/29/010129hnhole.xml?0129mnpm
-http://news.bbc.co.uk/hi/english/sci/tech/newsid_1142000/1142572.stm

1 February 2001 AOL Password Stealing Trojan

APStrojan.qa arrives as an attachment called mine.zip to an e-mail with the subject line "hey you". The virus tries to steal screen names and passwords and e-mail them back to the virus' author. The virus also tries to send itself to members of the infected machine's buddy list who are on line. Reports of the virus have doubled in the last few weeks.
-http://www.cnn.com/2001/TECH/computing/02/01/aol.virus.idg/index.html
-http://news.cnet.com/news/0-1005-200-4681471.html?tag=prntfr
[Editor's (Murray) Note: The people who do these things are the same kinds of sociopaths who soil their sandboxes and then play in them. ]

31 January 2001 AOL Fighting ICQ Impersonation Software

AOL is fighting to keep ICQ add-on programs, which could be used to impersonate other members, off the Internet, saying the group that wrote the rogue programs is infringing on the ICQ trademark. The programmers apparently believe they have created a legitimate product.
-http://www.msnbc.com/news/524428.asp?0nm=T21F

29 January 2001 Microsoft Admits Inadequate Security, Makes Deal with Akamai

Microsoft acknowledged that inadequate security precautions allowed the denial-of-service attacks against the company last week. Microsoft has since entered into a deal with Akamai Technologies, Inc. to provide DNS back up servers. Akamai's focus is on hastening download time and alleviating bottlenecks on Internet traffic by placing servers close to end users.
-http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO57054,00.html
-http://news.cnet.com/news/0-1003-200-4637269.html?tag=prntfr
[Editor's (Murray) Note: The choice of a balance of usability against other factors that results in a successful attack is not an error. This is particularly true of DoS attacks. ]


*************** Also sponsored by Symantec Corporation ***************
You're invited to a FREE VPN Webcast
Join Symantec's FREE VPN Webcast-February 22 -"What You Need to Know
About Virtual Private Networks," to learn how to securely and
confidently realize your e-business initiatives using the latest VPN
technologies.
Register today at
http://enterprisesecurity.symantec.com/content/promotions.cfm?promocode=AXE0113
**********************************************************************

THE REST OF THE WEEK'S NEWS

2 February 2001 Granick Interview

Attorney Jennifer Granick, who has worked on behalf of Kevin Mitnick and is presently defending Jerome Heckencamp, the former Los Alamos National Laboratory employee charged with cracking, talks about the goals of Stanford University Law School's Center for Internet and Society, where she was recently appointed head.
-http://www.zdnet.com/zdnn/stories/news/0,4586,2681901,00.html

2 February 2001 Los Alamos Hacker Free Due to Oversight

Jerome Heckencamp, the former Los Alamos National Laboratory employee arrested for breaking into computers at eBay and other companies, is temporarily free because court authorities in New Mexico had not received a warrant from California prosecutors. Heckencamp's attorney says she will try making an arrangement allowing her client to remain free until his next court date, February 21.
-http://siliconvalley.internet.com/news/article/0,2198,3531_578781,00.html

2 February 2001 Congressional Privacy Caucus

The Congressional Privacy Caucus, which will help coordinate the many bills that address privacy, aims to limit ways sites collect and trade personal information. The group plans to hold hearings about web bugs later this month.
-http://www.zdnet.com/zdnn/stories/news/0,4586,2681549,00.html

1 February 2001 Trojan Targets NAI

A Bugtraq posting masquerading as a script to exploit one of the recently revealed BIND flaws turned out to be a Trojan that apparently launched a denial-of-service attack against a Network Associates' name server. Network Associated may have been targeted because the firm was instrumental in sounding the warning about the BIND flaws.
-http://www.wired.com/news/technology/0,1282,41563,00.html
-http://www.zdnet.com/eweek/stories/general/0,11011,2681276,00.html

1 February 2001 New Virus Methods

Viruses are becoming more cunning in their methods of infection. The Davinia virus sends out a link to a web site that contains a Word document containing a macro virus.
-http://www.zdnet.com/zdnn/stories/comment/0,5859,2681099,00.html

1 February 2001 GAO Report Critical of DC's DPW Security

An audit conducted by the General Accounting Office (GAO) turned up lax security practices at the District of Columbia's Department of Public Works. Among the concerns were failure to limit employee access to software libraries, poor user ID and password management, and insufficient protection from unauthorized use of networks. Additionally, intrusion detection systems were found to be on only two of 22 network access points. The District's CTO said they have developed a plan to address the matters.
-http://sg.dailynews.yahoo.com/headlines/technology/article.html?s=singapore/head
lines/010201/technology/newsbytes/Report_Slams_D.C._Agency_s_

Computer_Security_Practices.html
[Editor's (Murray) Note: It is fun for those in business to poke fun at the government because internal auditors in business do not issue press releases and their reports are not public as a matter of law. ]

1 February 2001 NSA Aims to Develop More Secure Computer

The National Security Agency (NSA) is working with VMWare (a private sector software emulation firm spawned from DARPA research) to develop a virtual computer to achieve secure isolation. Presently, the NSA keeps varying levels of classified data on separate systems, a practice that necessitates some workers having as many as six computers on their desks. The new machine would create discrete virtual PCs on a single Linux based computer.
-http://news.cnet.com/news/0-1003-200-4682851.html?tag=prntfr

1 February 2001 ILOVEYOU Virus May be Product of Cyber Gangs Attacking One Another

The ILOVEYOU worm/virus may have been released by accident during an attack on a competing cyber gang in the Philippines last year. Onel de Guzman, the erstwhile computer science student who admits to concocting the virus, had charges against him dismissed when law enforcement realized that there was no good way to prosecute under existing laws. The Philippines has since passed a law allowing prosecution for accessing computer systems without authorization.
-http://chicagotribune.com/news/printedition/article/0,2669,SAV-0102010226,FF.htm
l

30 January 2001 TCPA to Release Security Standard Specifications

A trade group will release a specification for building trusted computing platforms, which will include an IBM-developed security chip that encrypts data. The Trusted Computing Platform Alliance (TCPA) consists of about 145 technology companies.
-http://www.zdnet.com/zdnn/stories/news/0,4586,2680013,00.html

29 January 2001 Content Delivery as Defense Against DDoS

Content delivery services, which place servers close to end users in order to pare down download times, are also designed to handle traffic spikes, which in many ways resemble distributed denial of service (DDoS) attacks. Sites that use this technology could have reduced DDoS risk factors because their content is so widely distributed.
-http://netscape.zdnet.com:80/zdnn/stories/news/0,4586,2679917,00.html

28 January 2001 Web Application Security

Web application security has not kept pace with network security, though web application attacks yield important data, like credit card information. One company has developed software that audits sites for vulnerabilities to web application attacks.
-http://www.zdnet.com/zdnn/stories/news/0,4586,2679177,00.html?chkpt=zdhpnews01
[Editor's (Cowan) Note: The story is basically good, but over-focuses on Sanctum's solution. Other solutions include operating systems least privilege methods such as CGIWrap
-http://cgiwrap.unixtools.org/
, Immunix's SubDomain
-http://www.securityportal.com/closet/closet20000426.html,
Argus' Pitbull
-http://www.businessweek.com/2000/00_43/b3704072.htm
, HP's Virtual Vault
-http://lists.gnac.net/firewalls/mhonarc/firewalls.199703/msg00252.html,
using caching web proxies to keep attackers away from your actual web server, and basic good coding practice
-http://advosys.ca/tips/web-
security.html ]

28 January 2001 Hotmail Not Intercepting Emmanuel Virus

Hotmail apparently does not catch the Emmanuel virus, according to Zdnet.nl (Netherlands). Despite the fact that Microsoft and McAfee have been informed of the situation, the problem still exists.
-http://www.zdnet.com/zdnn/stories/news/0,4586,2679292,00.html

January 2001 Virus Basics

This article describes what a virus is, how it propagates, how it is triggered, how it avoids detection, and how antivirus companies detect viruses.
-http://www.idg.net/go.cgi?id=406873


== End ==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites


Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Bill Murray,
Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz