Register now for SANS Cyber Defense Initiative 2016 and save $400.

Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume IV - Issue #7

February 13, 2002


The widespread SNMP vulnerabilities appear to be a wake-up call. Many
organizations are following a four-step action plan to fix more than
just the immediate problem:


1.Patch the systems on which you have to run SNMP
2.Turn off SNMP on the systems where you don't.
3.See which of the other "Top Twenty Internet Security Vulnerabilities"
(www.sans.org/top20.htm) your organization has not protected against,
and make it right.
4.Check your Cisco routers for the other important vulnerabilities
uncovered by the NSA and SANS, and correct those flaws.


SANS and the Center for Internet Security are making available a
new free tool to help you find the Cisco vulnerabilities. We have
rescheduled the web broadcast, in which the tool's main authors will
show you what the tool does and how it works, for next Wednesday,
February 20 at 1:00 PM EST (1800 GMT). The change in date is to give
you time to get all your SNMP problems solved before you move on to
the other Cisco security issues.


Alan

TOP OF THE NEWS

12 February 2002 Widespread SNMP Vulnerabilities
8 February 2002 BlackICE Security Flaw
7 & 8 February 2002 Researcher Finds Oracle Security Flaws
7 & 8 February 2002 Security Alliance Helps Home Users
7 February 2002 House Passes Security Bill
5 February 2002 Proposed Budget Includes Information Sharing and Security Programs

THE REST OF THE WEEK'S NEWS

8 February 2002 Telnet Flaw in Windows 2000
8 February 2002 MSN Messenger Vulnerability
7 & 8 February 2002 Comcast Database Exposed
7 February 2002 NIST Network Vulnerability Testing Guide
7 February 2002 Customer Database Theft Thwarted
7 February 2002 How the BSA Works
6 February 2002 Sarah Gordon Interview
6 February 2002 Trojans Might Increase this Year
5 & 6 February 2002 Open Source Review Project
5 February 2002 GAO Report Finds Treasury Computer Security Lacking
5 February 2002 mIRC Vulnerabilities


********************* Sponsored by NetIQ *****************************
FREE Windows Security White Paper from NetIQ!
Want to spend your IT budget wisely to maximize Windows security?
Learn six key investments you should make, and uncover six
money-wasters to avoid. Don't waste your limited security budget and
resources on the wrong tools.
Download NetIQ's FREE white paper today!
http://www.netiq.com/f/form/form.asp?id=528
**********************************************************************

TOP OF THE NEWS

12 February 2002 Widespread SNMP Vulnerabilities

SANS's Flash Alert:
-http://www.sans.org/alerts/SNMP.php
CERT/CC's Advisory:
-http://www.cert.org/advisories/CA-2002-03.html

8 February 2002 BlackICE Security Flaw

A buffer overflow vulnerability in BlackICE Defender and BlackICE Agent running on Windows 2000 and XP could allow an attacker to gain control of a user's computer, steal and alter data and watch the user's net surfing activity.
-http://www.msnbc.com/news/702910.asp?0dm=C13MT
-http://www.eeye.com/html/Research/Advisories/AL20020208.html

7 & 8 February 2002 Researcher Finds Oracle Security Flaws

A security researcher has found a number of vulnerabilities in Oracle's 9i Application Server and database server which had been touted as "unbreakable." Oracle has released fixes for the security flaws.
-http://www.theregister.co.uk/content/55/23979.html
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68105,00.html
-http://www.theregister.co.uk/content/4/23990.html

7 & 8 February 2002 Security Alliance Helps Home Users

The National Cyber Security Alliance, comprised of technology companies and government agencies, has launched the Stay Safe Online Campaign for home computer users. The program includes a website, www.staysafeonline.info, packed with advice on choosing effective passwords, getting and installing security updates and other security matters. Home users lack the infrastructure that corporations have to deploy and maintain security on computers.
-http://www.usatoday.com/life/cyber/tech/2002/02/07/security-group.htm
-http://news.com.com/2100-1001-832644.html

7 February 2002 House Passes Security Bill

The House voted overwhelmingly in favor of the Cyber Security Research and Development Act which provides $880 million over the next five years to National Science Foundation research centers, fellowships and college grants and to various National Institute of Standards and Technology research programs. A similar bill will soon be introduced in the Senate.
-http://www.usatoday.com/life/cyber/tech/2002/02/07/tech-security-spending.htm
-http://www.wired.com/news/business/0,1367,50301,00.html

5 February 2002 Proposed Budget Includes Information Sharing and Security Programs

President Bush has proposed a budget that includes more than $700 million for information technology homeland security programs, including an Information Integration Office at the Department of Commerce, a GovNet feasibility study and increased funding for the Federal Computer Incident Response Center (FedCIRC) and the National Institute of Standards and Technology (NIST) computer security division.
-http://www.fcw.com/fcw/articles/2002/0204/web-ridge-02-05-02.asp

THE REST OF THE WEEK'S NEWS

8 February 2002 Telnet Flaw in Windows 2000

A buffer overflow vulnerability in Windows 2000 Telnet code could be exploited to cause a denial-of-service attack or to run code in Windows 2000 or Interix 2.2. However, the attacker cannot obtain permission greater than that already allowed the Telnet service; furthermore, Telnet is not turned on by default in Windows 2000, nor is it installed by default in Interix.
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68150,00.html

8 February 2002 MSN Messenger Vulnerability

Maliciously constructed JavaScript could be used to filch MSN Messenger nicknames and buddy lists; e-mail addresses could be revealed as well. An update is scheduled for release soon.
-http://zdnet.com.com/2100-1105-833293.html

7 & 8 February 2002 Comcast Database Exposed

A hacker using a proxy hunting program found a Comcast Business Communications corporate database exposed on the Internet. The database, apparently comprised of business leads, was protected with an easily guessed username and password. The company denied any problems when contacted by the hacker; only after he posted the information did they acknowledge the vulnerability.
-http://www.msnbc.com/news/701661.asp?0dm=T229T
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68157,00.html

7 February 2002 NIST Network Vulnerability Testing Guide

The National Institute of Standards and Technology (NIST) has released a draft guide on network security vulnerability testing for administrators. The guide includes links to testing tools and a chart of comparisons of the testing techniques. The goal of the guide is to help administrators establish routine testing.
-http://www.fcw.com/fcw/articles/2002/0204/web-guide-02-07-02.asp
guide:
-http://csrc.nist.gov/publications/drafts/security-testing.pdf

7 February 2002 Customer Database Theft Thwarted

A software salesman helped the FBI nab an employee from a rival firm who tried to sell his company's customer database.
-http://news.bbc.co.uk/hi/english/sci/tech/newsid_1804000/1804290.stm

7 February 2002 How the BSA Works

The Business Software Alliance (BSA) collects fines for unregistered software; the organization gets many of its leads from unhappy former employees. Businesses need to keep software purchase documents because on the event of an investigation, the burden of proof is on the company to show they paid for the software licenses before they were contacted by the BSA.
-http://www.sfgate.com/technology/local/

6 February 2002 Sarah Gordon Interview

Sarah Gordon, Symantec senior research fellow, talks about the differences between virus writers and hackers, the importance of teaching and modeling ethical cyber behavior and how she became involved in cyber ethics.
-http://zdnet.com.com/2100-1105-831095.html

6 February 2002 Trojans Might Increase this Year

Robert Vamosi predicts that 2002 will be "the Year of the Trojan Horse" and advises users to implement firewalls as protection.
-http://zdnet.com.com/2100-1107-830278.html

5 & 6 February 2002 Open Source Review Project

The Sardonix Audit Portal is an open source security review website which tracks code auditing. The project is currently funded by the Defense Advanced Research Projects Agency (DARPA).
-http://www.securityfocus.com/news/322
-http://news.com.com/2100-1001-830130.html

5 February 2002 GAO Report Finds Treasury Computer Security Lacking

A recently released General Accounting Office (GAO) report found that security controls on computer systems at the Treasury Department's Financial Management Service (FMS) were lax: usernames and passwords were easily guessed, employees had access to systems beyond the scope of their jobs and the system lacked a comprehensive security program. FMS commissioner Richard Gregg wrote a letter to the GAO acknowledging problems, but pointing out that the report is based on year-old information that does not take into account changes that they have made.
-http://www.cnn.com/2002/TECH/internet/02/05/security.government.reut/index.html
-http://www.msnbc.com/news/700186.asp?0dm=T239T
-http://www.computerworld.com/storyba/0,4125,NAV47_STO68029,00.html

5 February 2002 mIRC Vulnerabilities

A security consultant published information about two mIRC security flaws. The first is a buffer overflow vulnerability which could allow an attacker to send malicious code to execute on the affected computer. The other vulnerability allows attackers to send users to compromised ICR servers via HTML code on a web page or in Outlook e-mail.
-http://zdnet.com.com/2100-1105-830081.html


==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites


Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz