Register now for SANS Cyber Defense Initiative 2016 and save $400.

Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume IV - Issue #17

April 24, 2002


Positive security news. In a White House Ceremony last Thursday,
President Bush's Homeland Security and Cyber Security Advisors, Tom
Ridge and Dick Clarke presented plaques and checks to six school
children for their winning entries in the Kids Improving Security
poster contest. Kudos to the White House staff, the National Cyber
Security Alliance, the FBI and its InfraGard program, and the InfraGard
members and SANS alumni who helped publicize the program and judge
the regional entries. The children and their parents won free trips
to Washington, and their schools won $1,500 each. Winning entries
will be converted to screen savers by the US Department of Defense
and are posted at http://www.sans.org/KIS/winners.htm


Alan

TOP OF THE NEWS

22 April 2002 Database Files Posted on Defaced SPAWAR Website
19 April 2002 European Commission Drafts Cybercrime Law
18 April 2002 Florida Bank's Security Breached
17 April 2002 Canada's Auditor General Says Government Security is Lacking

THE REST OF THE WEEK'S NEWS

22 April 2002 Army's Proxy Server
22 April 2002 FBI Security Still Lacking
21 April 2002 Oracle9i Database Server Vulnerability
19 & 22 April 2002 Army to Deploy Automated Vulnerability Scanner
17 & 19 April 2002 Fragroute Fools Intrusion Detection Systems
19 April 2002 Senate Passes $3.2 Billion Border Security Bill
19 April 2002 Higher Ed Organizations Get Behind Cyber Security
19 April 2002 Search Engines Remove Links at Request of Deutsche Bahn
18 & 19 April 2002 Klez Variants on the Loose
17 & 19 April 2002 GovNet Input Reviewed
19 April 2002 Suit Alleges Rival Broke and Posted Pay TV Smart Card Codes
18 April 2002 Default Registry Setting for TCP Port 445 Could Allow DoS Attacks
18 April 2002 Malicious Bots Popping Up in Chat Rooms
18 April 2002 Patch Available for SQL Server Buffer Overflow Vulnerability
17 April 2002 IE Flaw Allows Malicious Script to Execute in Local Zone
17 April 2002 Microsoft Patch for Macintosh Vulnerabilities
17 April 2002 Hacker/Author is Now US Government Consultant
17 April 2002 US Secret Service Establishes Eight Electronic Crimes Task Forces
17 April 2002 Unhappy MBSA Users Misinterpret Results, says Microsoft
15 April 2002 Phony Credit Card Data Experiment Successful


******************* Sponsored by SurfControl, Inc. *******************
ALL Web content your users read, send and receive carries a RISK,
whether it's BROWSING shady neighborhoods, LEAKING confidential data,
SENDING inappropriate jokes, or RECEIVING spam and viruses.
Cover yourself and your company. Download FREE trials of SurfControl
Web Filter and Email Filter now:
http://www.surfcontrol.com/go/zsnb0424
**********************************************************************


TOP OF THE NEWS

22 April 2002 Database Files Posted on Defaced SPAWAR Website

A website at the US Space and Naval Warfare Systems Command was defaced with screenshots of database files from Midwest Express Airlines and a bank. The airline data appeared to include customer names and e-mail addresses.
-http://www.internetnews.com/dev-news/article/0,,10_1013341,00.html

19 April 2002 European Commission Drafts Cybercrime Law

The European Commission has adopted a draft cybercrime law aimed at those who gain unauthorized access to computer systems with malicious intent, as well as those who spread logic bombs, worms, viruses and Trojan horses. If the 15 European Union nation governments back the legislation, cyber criminals could find themselves facing prison sentences of at least 1-4 years.
-http://www.reuters.com/news_article.jhtml?type=internetnews&Storyclass=84734
4

18 April 2002 Florida Bank's Security Breached

A cracker breached security at Florida's Republic Bank (RB), stealing a file that contained names and addresses of 3,600 on line banking customers. RB said no transactions or account balances were accessed. The perpetrator told the bank about the intrusion and data theft. The bank did not tell customers of the events immediately because the FBI asked them not to, though they are being contacted now.
-http://www.newsbytes.com/news/02/175977.html

17 April 2002 Canada's Auditor General Says Government Security is Lacking

Canada's Auditor General Sheila Fraser said citizens' personal data is at risk of exposure and tampering because the government has not been vigilant about electronic security. Of 260 government sites tested, nearly one-third were found to be vulnerable to hackers. Fraser's recommendations include training employees in information security, performing risk assessments and audits, and considering security at networks' development stage.
-http://www.theglobeandmail.com/servlet/ArticleNews/printarticle/gam/20020417/UTE
CHN

-http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=7886
Text of Auditor General's report on Information Technology Security:
-http://www.oag-bvg.gc.ca/domino/reports.nsf/html/0203ce.html


************************* Sponsored Links ****************************
(1) ActiveGuardTM - Monitoring! Alerts! Defense! 24 x 7 Intrusion
Detection & Prevention! http://www.sans.org/cgi-bin/sanspromo/NB28
(2) Plug that perimeter security gap - FREE full-function PestPatrol
evaluation software
http://www.sans.org/cgi-bin/sanspromo/NB29
(3) Dorian Software Creations: Automate Event Log Archiving, Analysis,
and Detection! http://www.sans.org/cgi-bin/sanspromo/NB30
**********************************************************************

THE REST OF THE WEEK'S NEWS

22 April 2002 Army's Proxy Server

The army has set up a proxy server for hosting its public web sites without creating a back door for hackers. The proxy server is "basically an application-level firewall" that can reduce the likelihood of content-altering attacks.
-http://www.fcw.com/fcw/articles/2002/0422/news-army-04-22-02.asp

22 April 2002 FBI Security Still Lacking

Speaking at a Senate Judiciary Committee hearing, FBI Assistant Director for Security Kenneth Senser says security at the FBI is still inadequate, even after steps taken to tighten procedures following the disclosure of the Hanssen case last year. The testimony follows close on the heels of the Webster report, which enumerated problems in the FBI's security infrastructure. A new system designed to enhance case auditing security is due to be deployed soon.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO70310,00.html

21 April 2002 Oracle9i Database Server Vulnerability

A vulnerability in Oracle9i Database Server, version 9.0.1.x, could grant a malicious user unauthorized access to data. A fix is available.
-http://www.securiteam.com/securitynews/5PP0L0A6UO.html

19 & 22 April 2002 Army to Deploy Automated Vulnerability Scanner

The US Army plans to deploy a vulnerability assessment tool called Security Threat Avoidance Technology (STAT) Scanner as part of its efforts to automate vulnerability detection and patch application. The STAT tool will be employed with the intent of centralizing Army network monitoring.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO70379,00.html
-http://www.gcn.com/vol1_no1/daily-updates/18430-1.html
[Editor's (Paller) Note: By focusing only on a limited number of vulnerabilities, the Army is giving its system administrators a real chance to succeed. NASA led the way in targeting a the most important vulnerabilities and proved they could radically reduce the rate number of security incidents. Too many federal agencies run vulnerability scans that find thousands of vulnerabilities - most of which are not critical. The really remedial important work gets lost in the clutter. It would be good for federal security if Federal Inspectors General recognized the need to focus on critical vulnerabilities across all systems. ]

17 & 19 April 2002 Fragroute Fools Intrusion Detection Systems

Fragroute, a new tool posted by Arbor Network's Dug Song, manipulates data packets allowing them to slip past firewalls and intrusion detection systems.
-http://news.com.com/2100-1001-887065.html
-http://www.vnunet.com/News/1130999

19 April 2002 Senate Passes $3.2 Billion Border Security Bill

The Senate passed a $3.2 billion bill that would tighten US border security through the use of biometrics, track foreign students with visas, create a database to help immigration officials identify possible terrorists and require that travel documents for those entering the country include fingerprints or retinal scans.
-http://www.fcw.com/fcw/articles/2002/0415/web-border-04-19-02.asp

19 April 2002 Higher Ed Organizations Get Behind Cyber Security

College and University organizations have given their support to a cyber security framework that cyberspace security advisor Richard Clarke hopes will be a foundation for individual institutions to develop their own cyber security strategies.
-http://www.fcw.com/fcw/articles/2002/0415/web-cyber-04-19-02.asp

19 April 2002 Search Engines Remove Links at Request of Deutsche Bahn

Alta Vista and Google say they have removed links to railway sabotage instructions after Deutsche Bahn, Germany's national railway, asked them to. A Dutch court has ordered an ISP, XS4AII, to remove the documents as well.
-http://news.com.com/2100-1023-885345.html
-http://www.newsbytes.com/news/02/176028.html

18 & 19 April 2002 Klez Variants on the Loose

A new variant of the Klez worm appears to be spreading again. The code has been altered enough to sneak past anti-virus software. The worm can exploit an old Automatic Execution of MIME bug, bypassing the need for the recipient to open it. The worm copies itself to remote disk drives, mails itself out, and tries to disable antivirus software. Klez.h can attach files to the infected e-mails it sends, possibly distributing sensitive information. Klez can also contain a virus called ElKern, which overwrites executables.
-http://news.com.com/2100-1001-887330.html
-http://www.searchsecurity.com/originalContent/0,289142,sid14_gci818032,00.html

17 & 19 April 2002 GovNet Input Reviewed

Richard Clarke says the GSA has finished reviewing input from companies about how GovNet could work and has concluded that the secure system is feasible. The next steps are to determine whether or not GovNet would be cost effective and if so, figuring how it would be set up.
-http://www.govexec.com/dailyfed/0402/041702h1.htm
-http://www.newsbytes.com/news/02/176029.html

19 April 2002 Suit Alleges Rival Broke and Posted Pay TV Smart Card Codes

A lawsuit filed in California claims NDS broke smart card codes belonging to Canal Plus Technologies and then posted the information on the Internet. Canal Plus is suing for over $1 billion in lost revenue. Though NDS issued a statement calling the charges unfounded, an NDS employee allegedly planned to testify in court that his company was in fact responsible for the release of the competitor's information, then decided against the action because he feared for his life.
-http://www.msnbc.com/news/740634.asp?0dm=C11JT

18 April 2002 Default Registry Setting for TCP Port 445 Could Allow DoS Attacks

Default registry settings on both the desktop and server versions of Windows 2000 could allow denial of service (DoS) attacks via TCP port 445. Microsoft has issued a description of the problem along with suggestions for fixing it.
-http://www.vnunet.com/News/1131065
-http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320751

18 April 2002 Malicious Bots Popping Up in Chat Rooms

Bots are small scripts that control how computers respond and act - for example by automating responses to newcomers in chat rooms. They can be used for helpful purposes, but hackers have been using them to disrupt chat rooms: meddling with people's displays, sending phony messages and even booting people out of the room.
-http://news.globetechnology.com/servlet/GAMArticleHTMLTemplate?tf=globetechnolog
y/TGAM/NewsFullStory.html&cf=globetechnology/tech-config-neutral&slug=TW
BOTS&date=20020418

18 April 2002 Patch Available for SQL Server Buffer Overflow Vulnerability

Microsoft released a patch for a buffer overflow vulnerability in its SQL Server 7.0 and 2000 databases. Crackers could exploit the vulnerability to crash the server or run code in its security zone.
-http://www.infoworld.com/articles/hn/xml/02/04/18/020418hnsqlhole.xml
-http://www.microsoft.com/technet/security/bulletin/ms02-020.asp

17 April 2002 IE Flaw Allows Malicious Script to Execute in Local Zone

If users click the back button on Internet Explorer's toolbar, Internet zone security settings will be superseded by local zone settings, and malicious code embedded in URLs will be permitted to execute. Suggested workarounds include disabling active scripting and not using the back button.
-http://www.wired.com/news/technology/0,1282,51899,00.html
-http://www.theregister.co.uk/content/4/24902.html

17 April 2002 Microsoft Patch for Macintosh Vulnerabilities

Microsoft has released a cumulative patch that addresses vulnerabilities in IE 5.1 for Macintosh and Office for Macintosh, including a buffer overflow vulnerability that could allow an attacker to run arbitrary commands or even crash the computer.
-http://zdnet.com.com/2100-1104-884577.html
-http://www.infoworld.com/articles/hn/xml/02/04/17/020417hnmac.xml
-http://www.microsoft.com/technet/security/bulletin/MS02-019.asp

17 April 2002 Hacker/Author is Now US Government Consultant

An Indian teenager who last year wrote a book on ethical hacking is now himself employed as a consultant by a US government agency. At fourteen, he once defaced a magazine's website, then wrote to the editor, offering suggestions for preventing others from doing the same thing.
-http://news.bbc.co.uk/hi/english/world/south_asia/newsid_1934000/1934874.stm
[Editor's (Schultz) Note: A person who has engaged in unethical activities and who then writes a book does not suddenly merit being called an "ethical hacker." We've seen it before, and we will see it again---despite the admonitions by information security professionals, organizations hire hackers, not only sending the wrong message to the hacking underground, but also often resulting in undesirable outcomes for the organizations themselves. ]

17 April 2002 US Secret Service Establishes Eight Electronic Crimes Task Forces

The US Secret Service is establishing Electronic Crimes Task Forces in eight cities across the country. The task forces are composed of federal, state and local law enforcement officials, and experts from private industry and academia, and will work to help prevent cybercrimes and respond to major cyber attacks.
-http://www.miami.com/mld/miamiherald/2002/04/17/business/3077429.htm
-http://www.ectaskforce.org/

17 April 2002 Unhappy MBSA Users Misinterpret Results, says Microsoft

Microsoft says users who are displeased with their Baseline Security Analyzer's (MBSA) performance may be misinterpreting the tool's results.
-http://www.infoworld.com/articles/hn/xml/02/04/17/020417hnmsbsa.xml

15 April 2002 Phony Credit Card Data Experiment Successful

Dan Clements, a fraud investigator, placed a page of phony credit card data on the web to see how quickly the information would spread. He placed links to the page in several chatrooms, and the page had its first visitors within 15 minutes. Over the course of the weekend, 1,600 people looked at the false data. Clements plans to locate the IP addresses of the visitors and inform the associated ISPs.
-http://www.msnbc.com/news/739128.asp


==end==
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) e-mail sans@sans.org with the subject:
Subscribe NewsBites


Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Eugene Schultz