SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.
Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.
Volume III - Issue #7
February 14, 2001
In Orlando in April (at the Spring Break SANS) SANS will unveil two new
hands-on courses - one for NMAP and one for Forensics. You may take the
very popular Security Essentials track and the two hands on programs or
take the hands-on programs alone. The Firewalls and Perimeter
Protection track and the Windows 2000 Security track will also be
presented in Orlando. Details: http://www.sans.org/springbreak.htm
TOP OF THE NEWS12 & 13 February 2001 AnnaKournikova Worm Spreading; Dutch Author Arrested
9 February 2001 Student Privacy Legislation Proposed
5 & 6 February 2001 Wireless Cryptographic Flaw
5 February 2001 DSA Flaw
THE REST OF THE WEEK'S NEWS12 February 2001 Davos Data Theft Update
9 February 2001 Castro a Cyber Threat
9 February 2001 Heckencamp Update
8 February 2001 Data Theft Potential for Gnutella Users
8 February 2001 HTML Tags
6 & 8 February 2001 Hacktivism Tactics
7 & 9 February 2001 Cartolina: Italian Love Bug Variant
6 & 7 February 2001 Extremist Groups Posting Info on Bulletin Boards
6 February 2001 Survey Finds People Will Open Suspicious E-Mail
6 February 2001 Hacking/Cracking Hall of Fame
6 February 2001 IT ISAC to Begin Sharing Info Next Month
5 & 6 February 2001 E-Mail Wiretapping Feature Causes Privacy Concern
5 February 2001 CIA Firm Funds New Info Technologies
5 February 2001 IRS VPN
5 February 2001 Single Sign-On
5 February 2001 Critical Infrastructure Organization
1 February 2001 Proposal for Consolidating Critical Infrastructure Security
5 February 2001 Competitive Intelligence
5 February 2001 Going Public with the BIND Vulnerabilities
Sponsored by VeriSign - The Internet Trust Company
Secure your servers with 128-bit SSL encryption! Grab your copy of
VeriSign's FREE Guide, "Securing Your Web site for Business" and you'll
learn everything you need to know about using 128-bit SSL to encrypt
your e-commerce transactions, secure your corporate intranets and
authenticate your Web sites. 128-bit SSL is serious security for your
Get it now! http://www.verisign.com/cgi-bin/go.cgi?a=n094410560008000
TOP OF THE NEWS
13 & 14 February 2001 AnnaKournikova Worm Spreading; Dutch Author ArrestedA fast spreading e-mail worm carries the subject "Here you have, ;o)" and a message of "Hi: Check This!" along with an e-mail attachment titled AnnaKournikova.jpg.vbs. Opening the attachment causes the worm to be sent as an email to all entries in the user's Outlook address book. A Dutch hacker calling himself OnTheFly turned himself in to police and admitted building the worm using a hacker tool called a Worm Generator.
9 February 2001 Student Privacy Legislation ProposedProposed legislation would require that schools obtain parental consent before collecting children's personal data to be used for commercial purposes. The schools would also be required to make known who is getting the information, how it will be used, and the amount of class time used for data gathering.
5 & 6 February 2001 Wireless Cryptographic FlawA research group at the University of California, Berkeley, has found serious cryptographic flaws in the Wired Equivalent Privacy (WEP) algorithm that could let crackers intercept and modify wireless transmissions and gain access to networks.
5 February 2001 DSA FlawA Bell Labs research scientist discovered that the Digital Signature Algorithm's (DSA) random number generator is twice as likely to select a set of numbers from one range than from another. The flaw is not a major threat because enormous computing power is required to exploit it. DSA was designed by the National Security Agency (NSA) for generating and verifying digital signatures.
*********** Also sponsored by Network-1 Security Solutions ***********
Host Resident Firewall for Windows NT/2000 Servers and Desktops
CyberwallPLUS is a firewall for NT/ 2000 servers and desktops. It
protects against attacks with an ICSA-certified packet filter that
provides network access controls, intrusion detection and traffic logs.
Local and central management facilities make it ideally suited for
Free 30-day evaluation: http://www.network-1.com/support/download.html
THE REST OF THE WEEK'S NEWS
12 February 2001 Davos Data Theft UpdateThe cracker group claiming responsibility for the theft of personal information from the World Economic Forum's (WEF) registration database in Davos, Switzerland said that the data was not protected and that they stole the information not to use it, but to prove that they had infiltrated the computer system.
9 February 2001 Castro a Cyber ThreatThe head of the Defense Intelligence Agency told the Senate Intelligence Committee that Fidel Castro might be plotting a cyber attack against the US military. While Cuba's military is not as strong as the US military, the country's intelligence operations have the potential to employ asymmetric tactics against the US.
9 February 2001 Heckencamp UpdateJerome Heckencamp, the man accused of cracking eBay and other prominent Internet companies, was freed on $50,000 bond last week.
8 February 2001 Data Theft Potential for Gnutella UsersGnutella users could expose themselves to data theft if they have not been careful about specifying exactly which files, folders, and drives they make available to other users of the file-swapping network. Unscrupulous users could download private documents or even cookies, which could allow them to visit websites in the guise of the cookie's rightful owner.
8 February 2001 HTML TagsE-Mail tracking services use hidden HTML tags to tell you when e-mail you've sent has been read. Recipients are able to opt out of having the information transmitted back to the sender.
8 February 2001 Hacktivism TacticsHacktivists have traditionally sabotaged web sites of organizations and companies whose policies and practices they oppose, but the theft of personal data is emerging as a new tactic for the cyber protesters. The editor of The Hacktivist, an on-line magazine, feels that such activity "discredits the legitimacy of hacktivism."
In a related article, responding to the recent theft of data from a World Economic Forum database, an editor and columnist decries Internet vigilantism, calling it imprudent and cowardly.
[Editor's (Paller) Note: Activists and other groups who feel disenfranchised have already begun to use distributed denial of service attacks. ]
7 & 9 February 2001 Cartolina: Italian Love Bug VariantCartolina, an Italian version of the Love Bug virus has infected computers at ten European companies. The virus changes the home page of Internet Explorer to an Italian music web site and sends itself on to everyone in the infected machine's address book. This particular virus is unlikely to spread widely because it is written in Italian; that could change if it were to be translated into English.
6 & 7 February 2001 Extremist Groups Posting Info on Bulletin BoardsExtremist groups have been posting encrypted messages on Internet bulletin boards. Using free encryption programs, terrorist groups have can send detailed information around the world. One technique, called steganography, embeds messages within other digitized information, like image and audio files.
6 February 2001 Survey Finds People Will Open Suspicious E-MailAn antivirus vendor's survey of business e-mail users in the UK found that as many as 50% would open suspiciously titled e-mail like "Great Joke" and "Special Offer".
6 February 2001 Hacking/Cracking Hall of FameThis article offers a list of hacks/cracks, from John Draper to last year's DDoS attacks. It claims that sometimes the problems have led to good things.
[Editor's (Schultz) Note: The article incorrectly reports that the Morris Worm led to the formation of CERT. CERT had already been formed. ]
6 February 2001 IT ISAC to Begin Sharing Info Next MonthThe IT Information Sharing and Analysis Center (ISAC) will use an anonymizing service when they begin sharing information on attacks and defenses next month. However, many companies are uncomfortable sharing information about their vulnerabilities with each other and with the government.
[Editor's (Murray) Note: The absence of accountability that goes with anonymity invites mischief. ]
5 February 2001 CIA Firm Funds New Info TechnologiesIn-Q-Tel, the CIA's non-profit venture capital firm, looks to fund technology development projects that will benefit both the agency and the commercial arena. In-Q-Tel recently funded enhancements to a search engine that uses natural language processing and can now bring up results in response to compound questions.
5 February 2001 IRS VPNThe Internal Revenue Service (IRS) has established a Virtual Private Network (VPN) that lets 15,000 field agents look up records securely, using smart cards to log in. The VPN performs encryption and authentication functions.
5 February 2001 Single Sign-OnSingle sign-on lets a user log on to a primary domain and have access to secondary domains without separate log-in procedures. Managers can set policies that allow employees' access to specific areas only. Centralized authorization and authentication facilitates changing employees access permissions and removing someone from the system entirely. Drawbacks to single sign-on include the fact that it could be a single point of failure, and it takes considerable work to set up.
5 February 2001 Critical Infrastructure OrganizationSome security experts say that a centralized structure is good for critical infrastructure protection, but others believe that decentralization could disseminate information more quickly, and that the sheer number of interested groups could make centralization difficult.
1 February 2001 Proposal for Consolidating Critical Infrastructure SecurityThe US Commission on National Security has recommended the formation of a National Homeland Security Agency (NHSA) to oversee government and private critical infrastructure security. The proposal includes establishing a National Crisis Action Center and a directorate of critical infrastructure protection. Analysts doubt a new agency will be created, when others are already competing for the same authority and funding.
5 February 2001 Competitive IntelligenceBusinesses can use the web to stay informed of the competition's activities. Some on-line services offer news and analysis of a multitude of companies for those seeking competitive intelligence. Businesses wishing to control what information others can gather about them should keep a close eye on information conduits out of the company while bearing in mind the need to balance security with functionality.
5 February 2001 Going Public with the BIND VulnerabilitiesCERT decided to make a public announcement about the BIND vulnerabilities because they didn't know "what the intruders
." Also, because the software is so widely used, a press conference may have been the best way to alert the community to the problem and the availability a patch.
== End ==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail firstname.lastname@example.org with the subject: Subscribe NewsBites
Kathy Bradford, Crispin Cowan, Roland Grefer, Bill Murray,
Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz