From: InfoSec News (isnC4I.ORG)
Date: Sat Apr 07 2001 - 03:46:15 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

UNIX SECURITY --- April 05, 2001
Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
______________________________________________________________________

HIGHLIGHTS

* Human nature remains the most dangerous vulnerability.

COMMUNITY DISCUSSION

* Web Security Q&A: Which OS offers the best security?
______________________________________________________________________

Advisory: Wetware v2001 Still Vulnerable to Common Attacks
By Carole Fennelly and Jay D. Dyson

A security vulnerability exists that affects every computer system in
the world -- regardless of hardware or software. This vulnerability
extends worldwide; it's massive, severe, and just plain scary. Despite
years of modifications and real-time testing, no patch is currently
available. First discovered in a place known as "The Garden of Eden,"
a serpent convinced a woman called Eve that eating an apple would
provide her knowledge of good and evil. While knowledge of good and
evil was indeed imparted, differentiating between the two was
apparently not part of the package.

Consequently, human nature is fallible and cannot be changed. We make
mistakes, and we can be manipulated to circumvent security measures.
No matter what security devices are installed on an infrastructure,
any human can override it. After all, no one wants to court a
Terminator- esque scenario where humans relinquish control to a
machine. Some recent events highlight this fact rather dramatically.

Microsoft Digital Certificates
VeriSign issued two digital certificates in Microsoft's name on
January 30 and January 31. The certificates are used to verify that
Microsoft actually supplied a piece of software, rather than someone
impersonating Microsoft. Unfortunately, VeriSign issued the
certificates to a person pretending to represent Microsoft. D'oh!

VeriSign Alert:
http://www.itworld.com/jump/unxsec_nl/www.verisign.com/developer/notice/authenticode/index.html

Microsoft Security Bulletin
http://www.itworld.com/jump/unxsec_nl/www.microsoft.com/technet/security/bulletin/MS01-017.asp

Microsoft Warns of Hijacked Certificates
http://www.itworld.com/jump/unxsec_nl/news.cnet.com/news/0-1003-200-5222484.html?tag=tp_pr

Sure mistakes happen, but it took six weeks for them to catch this one.
Better late than never, I suppose.

Celebrity Scam
High school dropout Abraham Abdallah used the Web and social
engineering techniques to steal money from celebrities. Unbelievable!
A con artist actually used the Internet to pull off a scam. I suppose
they will be calling this so-called "cyber-criminal" a hacker next.
http://www.itworld.com/jump/unxsec_nl/www.newyorkpost.com/news/regionalnews/26868.htm

Government Accuses Busboy of Internet Fraud Scheme
http://www.itworld.com/jump/unxsec_nl/news.excite.com/news/r/010326/18/net-crime-dc

Ironic, isn't it? Wall St. firms spend millions of dollars on
firewalls and security systems to prevent cyber-fraud, but not even a
hundred firewalls can stop a good con artist. Fortunately, the firms
involved did not rely solely on technical devices to prevent and
detect fraud.

DNS Lion Worm
The SANS Institute recently discovered a new Linux worm that exploits
a known vulnerability in BIND DNS versions 8.2, 8.2-P1, 8.2.1, and
8.2.2- Px (http://www.sans.org/y2k/lion.htm). This very nasty worm
goes though networks looking for vulnerable systems to exploit and
sends user account data to an address in China. Even after the system
is patched, that data still has been compromised.

The BIND vulnerability Lion exploits is not new. In fact, CERT
reported this back on January 29, 2001.

CERT Advisory CA-2001-02, Multiple Vulnerabilities in BIND
http://www.itworld.com/jump/unxsec_nl/www.cert.org/advisories/CA-2001-02.html

CERT considered this so serious, they even held a press conference so
people would pay attention to it. While conscientious administrators
immediately patched their DNS servers, many did not. Men & Mice, a
Nordic company specialising in DNS solutions, queried the DNS servers
of all Fortune 1000 companies on the Internet. As of February 21,
2001, 12.4% were *still* vulnerable!
http://www.itworld.com/jump/unxsec_nl/www.menandmice.com/infobase/mennmys/vefsidur.nsf/index/6.1.2

The Lion worm's success is a direct result of organizations neglecting
to patch their vulnerable servers, relentlessly proving their
incompetence regarding patching. Sure one could argue that these
programming errors should be fixed before software ships, but the fact
remains that a solution has been available for some time now; yet here
we are in April and thousands of servers remain vulnerable.

A security structure is only as secure as the weakest link, and social
engineering remains the easiest way to compromise security. We are a
long way from patching for this one and even when we do, a human would
have to install it.

About the author(s)
-------------------
Carole Fennelly is a partner in Wizard's Keys Corporation, a company
specializing in computer security consulting. She has been a Unix
system administrator for almost 20 years on various platforms, and
provides security consultation to several financial institutions in
the New York City area. Visit her site (http://www.wkeys.com/) or
reach her at carole.fennellyunixinsider.com.

Jay D. Dyson is a senior security consultant for OneSecure, Inc., a
company specializing in managed network and host security services.
He also serves as a part-time consultant on security issues for the
National Aeronautics and Space Administration in Pasadena. He has
been a system administrator for over 15 years on various platforms.
________________________________________________________________________

ADDITIONAL RESOURCES

DoubleClick admits servers were hacked
http://www.itworld.com/jump/unxsec_nl/www.internetnews.com/wd-news/article/0,,10_723761,00.html

Hoaxbusters
CIAC's new hoax page
http://www.itworld.com/jump/unxsec_nl/hoaxbusters.ciac.org/

People Hacking
The Psychology of Social Engineering
http://www.itworld.com/jump/unxsec_nl/vampi.users1.50megs.com/social.html

Microsoft updates Windows to combat VeriSign glitch
http://www.itworld.com/jump/unxsec_nl/www.itworld.com/Sec/4039/CWD01032959065/

Mobile security flaw delivers yet another blow to IPv6
http://www.itworld.com/jump/unxsec_nl/www.itworld.com/News/2001/4/NWW010402mobileip/
__________________________________________________________________________

COMMUNITY DISCUSSION

Web Security Q&A
Delve into the gory technical details of Web security in this
discussion for security pros (and newbies) of all stripes.
http://www.itworld.com/jump/unxsec_nl/forums.itworld.com/webx?14.ee6b67b/149!skip=96
___________________________________________________________________________
CONTACTS

* For editorial comments, write Andrew Santosusso, Associate Editor,
  Newsletters at: andrew_santosussoitworld.com
* For advertising information, write Dan Chupka, Account Executive at:
  dan_chupkaitworld.com
* For recruitment advertising information, write Jamie Swartz, Eastern
  Regional Sales Manager at: jamie_swartzitworld.com or Paul Duthie,
  Western Regional Sales Manager at: paul_duthieitworld.com
* For all other inquiries, write Jodie Naze, Product Manager,
  Newsletters at: jodie_nazeitworld.com
_____________________________________________________________________________

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]