Register now for SANS Cyber Defense Initiative 2016 and save $400.

Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume VII - Issue #62

December 16, 2005

TOP OF THE NEWS

EU Parliament Approves Data Retention Directive
State of Information Security 2005 Report Finds Security-Related Events on the Rise

THE REST OF THE WEEK'S NEWS

ARRESTS, CONVICTIONS AND SENTENCES
Owner-Operator of Pirated Software Website Pleads Guilty
HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
Defense Dept. Looks Toward Device Authentication Program
POLICY & LEGISLATION
EU Data Retention Law Angers Industry Bodies
SPYWARE, SPAM & PHISHING
Trojan Spreads in Guise of McAfee Patch
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Adobe Will Move to Monthly Security Updates
Opera Flaw Similar to IE Vulnerability
Microsoft' Patch Tuesday Addresses Flaws in IE and Windows 2000 Kernel
MISCELLANEOUS
Companies Affected by Oil Depot Fire Implement Continuity Plan
Meth Users Turn to Internet Fraud to Fund Their Habit
Versions of Windows Server 2003, Windows XP Receive Common Criteria Certification at EAL 4+


************************ Sponsored by Qualys ****************************
Audit your Network for Security Weaknesses
Are you confident your network is secure? Get a FREE Network Security check from Qualys and find out the necessary fixes to proactively guard your network. No software downloads required. Qualys is the easiest solution to manage vulnerabilities and achieve compliance.

Get a Free Trial today!
http://www.sans.org/info.php?id=967
*************************************************************************

TOP OF THE NEWS

EU Parliament Approves Data Retention Directive (15/14 December 2005)

The European Parliament has approved data retention proposals requiring telecommunications companies in member states to keep records of all phone calls, email and Internet use records for between six months and two years. The government of each member state will decide how long service providers will be required to hold the data. Under the new directive, service providers will be required to provide call records, location data and Internet logs to law enforcement and intelligence agencies upon request. Message content will not be recorded, but call time, duration and other details will be. Governments will not be required to reimburse service providers for the costs incurred by complying with the directive.
-http://www.computerworld.com/printthis/2005/0,4814,107075,00.html
-http://www.theregister.co.uk/2005/12/14/eu_data_retention_vote/print.html
-http://networks.silicon.com/telecoms/0,39024659,39155062,00.htm
-http://www.breakingnews.ie/2005/12/14/story235004.html

State of Information Security 2005 Report Finds Security-Related Events on the Rise (12 December 2005)

The State of Information Security 2005 report from CIO Magazine and PricewaterhouseCoopers found that security-related events have increased 22.4 percent since last year. Just 37 percent of the companies responding to the survey have established a security plan; twenty-four percent plan to implement one in the next year. The number of organizations with a CISO or CIO rose from 31 percent last year to 40 percent this year. Among organizations with a chief information security officer (CISO) or Chief Security Officer (CSO), 62 percent have security plans in place. The study surveyed more than 8,200 IT security executives in 63 countries around the world.
-http://www.enn.ie/frontpage/news-9658009.html
-http://www.siliconrepublic.com/news/news.nv?storyid=single5805
[Editor's Note (Schultz): The fact that only 37 percent of the companies that responded to this survey have a security plan is not a very good sign. I fear that Donn Parker may have been right when he asserted that the practice of information security is more like "folk art" than anything else.]


********************** Sponsored Links **********************************
1) Join us for a Free SANS Webcast - "WhatWorks in Intrusion Prevention and Detection: Law Firm Lays Down the Law on VoIP Security" Tuesday, December 20 at 1:00 PM EST (1800 UTC/GMT)
http://www.sans.org/info.php?id=968

2) Earn your Master's degree from a program that challenges you, but enables you to be proud to be one of the information security elite.
http://www.sans.edu
*************************************************************************

THE REST OF THE WEEK'S NEWS

ARRESTS, CONVICTIONS AND SENTENCES

Owner-Operator of Pirated Software Website Pleads Guilty (14 December 2005)

Nathan Peterson has pleaded guilty to two counts of criminal copyright infringement; Peterson owned and operated iBackups.net, a website that offered pirated software. When he is sentenced in April 2006, Mr. Peterson faces a prison sentence of up to 10 years and a fine of US$500,000. He will also pay restitution of US$5.4 million. Customers of the website were told the products they purchased on iBackups was "backup software" to protect their systems from crashes. Products were sold via download or through the mail. The site was shut down in February.
-http://www.infoworld.com/article/05/12/14/HNpirateguilty_1.html

HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY

Defense Dept. Looks Toward Device Authentication Program (14 December 2005)

The DOD's Public Key Infrastructure (PKI) Program Management Office hopes to establish a PKI system for devices on DOD networks; the Defense Department has released a request for information to create a device authentication program. The vendors' solutions need to comply with the Federal Information Policy Standard (FIPS) 140-2 and meet Common Criteria security standards.
-http://www.fcw.com/article91725-12-14-05-Web

POLICY & LEGISLATION

EU Data Retention Law Angers Industry Bodies (15/14 December 2005)

Telecommunications companies are unhappy with the passage of the EU's data retention legislation. Internet Service Providers Association chief executive Paul Durrant says that retaining massive amounts of data is inefficient; Mr. Durrant says there are more efficient ways of aiding law enforcement and intelligence officials in investigations. Ireland plans to challenge the directive at the European Court of Justice. Ireland's justice minister Michael McDowell believes the directive should not fall under the EU's first pillar. First pillar decisions are made with a majority vote from member state governments and require consent from a majority of the European Parliament; third pillar decisions, where security-related justice decisions normally reside, require unanimous consent by member states and the European parliament provides only an opinion. The directive is seen as an affront on human rights as it implies that every EU citizen is already guilty of a crime.
-http://www.siliconrepublic.com/news/news.nv?storyid=single5817
-http://euobserver.com/9/20548
-http://technology.timesonline.co.uk/article/0,,19509-1927271,00.html

SPYWARE, SPAM & PHISHING

Trojan Spreads in Guise of McAfee Patch (14 December 2005)

A new email attack masquerades as a warning and security update from McAfee for Kongo31.XRW, a fictitious virus. McAfee does not send out virus alerts in this way. The email links to a phony McAfee web site; the download claiming to be to be the patch is actually Trojan-Downloader.Win32.Hanlo.h.
-http://www.zdnet.com.au/news/security/print.htm?TYPE=story&AT=39227707-20000
61744t-10000005c

-http://www.vnunet.com/vnunet/news/2147531/trojan-circulates-fake-mcafee

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES

Adobe Will Move to Monthly Security Updates (15 December 2005)

Adobe will start releasing monthly security patches, just as Microsoft does. Adobe plans to make the move within the next six months. Adrian Ludwig, Adobe's manager of secure software engineering, said the company is responding to customer requests for a more predictable schedule.
-http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5010

Opera Flaw Similar to IE Vulnerability (14 December 2005)

A vulnerability in the Opera web browser could be exploited to trick users into downloading malicious code onto their computers. The flaw is very much like a recently patched flaw in Internet Explorer (IE). The "mouse-click bug" can be used to hide a download dialog box behind another browser window, but will still respond to mouse clicks in the new window. The attackers could even trick people into clicking on an area of the browser page corresponding to the "Run" button in the download dialog box. Opera was informed of the flaw in June 2005 and fixed it the next month. The flaw occurs in Opera version 8.01 and likely to be preset in earlier versions; Opera version 8.02 is unaffected.
-http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5000

Microsoft' Patch Tuesday Addresses Flaws in IE and Windows 2000 Kernel (14/13 December 2005)

Microsoft's Patch Tuesday release for December includes two bulletins. The first, MS05-054, is a cumulative update for Internet Explorer and addresses four flaws in IE including a critical remote code execution vulnerability affecting IE on Windows XP, 2000 and 98. The second bulletin, MS05-055, addresses a privilege elevation vulnerability in the Windows 2000 kernel. Microsoft also released an update to Malicious Software Removal Tool to allow it to disable the Sony XCP rootkit.
-http://www.techworld.com/security/news/index.cfm?RSS&NewsID=4994
-http://www.computerworld.com/printthis/2005/0,4814,107037,00.html
-http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx
-http://www.microsoft.com/technet/security/Bulletin/MS05-055.mspx
-http://www.microsoft.com/technet/security/bulletin/ms05-dec.mspx
ISC:
-http://isc.sans.org/diary.php?storyid=929

MISCELLANEOUS

Companies Affected by Oil Depot Fire Implement Continuity Plan (15/14/12 December 2005)

The headquarters of IT provider Northgate Information Solutions suffered considerable damage to its infrastructure due to the explosions at the Buncefield oil depot. Three employees were injured and the company's computer systems inside the company's headquarters were destroyed. Northgate reportedly suffered minimal data loss because the company creates daily tape backups that are picked up from the building each morning and taken to a storage facility. Northgate is setting up hardware facilities at 25 locations throughout the UK. The head offices of Dixons' and Epson UK are also closed due to the fire. In a separate story, the UK's Financial Services Authority (FSA) has warned that many financial institutions have their back-up sites and critical business functions in the London area, making them vulnerable should the city experience a terrorist attack or natural disaster. The warning follows a resilience benchmarking project focusing on 60 firms.
-http://www.computerworld.com/printthis/2005/0,4814,107073,00.html
-http://news.zdnet.co.uk/business/0,39020645,39241441,00.htm
-http://www.silicon.com/financialservices/0,3800010364,39155054,00.htm

Meth Users Turn to Internet Fraud to Fund Their Habit (15/14 December 2005)

A USA Today investigation revealed that methamphetamine users have turned to the Internet to steal data and commit identity fraud to raise money to feed their addictions. The meth users and traffickers have in the past stolen information from mailboxes and wallets; now they are trading that information on the Internet and conducting elaborate schemes to steal funds and launder money. The investigations involved interviews with more police officers, district attorneys, addicts and Internet security experts.
-http://www.usatoday.com/tech/news/internetprivacy/2005-12-14-meth-online-theft_x
.htm

-http://www.usatoday.com/tech/news/computersecurity/2005-12-14-meth-sidebar_x.htm

Versions of Windows Server 2003, Windows XP Receive Common Criteria Certification at EAL 4+ (14 December 2005)

Six versions of Microsoft Windows Server 2003 and two versions of Microsoft Windows XP have earned Evaluation Assurance Level (EAL) 4+ of the Common Criteria. Meeting the standards set by the Common Criteria is necessary to win federal contracts that involve dealing with classified information.
-http://www.fcw.com/article91728-12-14-05-Web
-http://appserv.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&
story.id=37775

[Editors' Note (Schultz): Achieving EAL 4+ certification is no small feat. Microsoft has truly made a lot of progress when it comes to security in its operating systems.
(Guest Editor (Donald Smith): Microsoft windows evaluation was against the CAPP. From:
-http://niap.nist.gov/cc-scheme/pp/PP_CAPP_V1.d.pdf
"The CAPP provides for a level of protection which is appropriate for an assumed non-hostile and well managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security. The profile is not intended to be applicable to circumstances in which protection is required against determined attempts by hostile and well funded attackers to breach system security."
(Multiple): When a government agency says a product meets a high security standard, and that is a product in which dangerous flaws are continuously discovered and for which the vendor chooses not to release an existing patch while exploits for the flaw are circulating on the Internet, perhaps the standard (Common Criteria) is part of the problem, and should be reconsidered. ]


===end===

NewsBites Editorial Board:
Kathy Bradford, Rohit Dhamankar, Roland Grefer, Richard Hayler, Jaap-Henk Hoepman, Brian Honan, Clint Kreitner, Stephen Northcutt, Alan Paller, John Pescatore, Marcus Ranum, Howard Schmidt, Eugene Schultz, Gal Shpantzer, Koon Yaw Tan

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit
http://portal.sans.org/