OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: SANS NewsBites Vol. 2 Num. 9
From: The SANS Institute (sanssans.org)
Date: Thu Mar 02 2000 - 15:35:00 CST

To: Security Express (SD397643)
From: Rob for the SANS NewsBites service
Re: March 2 SANS NewsBites

Together with Network Computing Magazine, we're starting a new, technical
weekly digest called the Security Alert Consensus -- a single source
with pointers to all security attack and patch information. Subscribers
select the platforms they want to watch to personalize the letter -- a
good feature for busy system administrators. It's free! Sign up at
       http://www.sans.org/sansaddr?hashid=SD397643jFg25PaJ7aa
(augment your subscription to include SAC if it does not already).

Web-based Security Essentials Certification (Also known as GIAC LevelOne)
training started last week. Cost is about $70 per short course including
interactive quizzes, half price for recent SANS alumni. Complete data
and registration at http://www.sans.org/giactc.htm .

                                            RK

**********************************************************************

                          SANS NEWSBITES

                  The SANS Weekly Security News Overview

Volume 2, Number 9 March 2, 2000

                           Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray
      Stephen Norhcutt, Alan Paller, Howard Schmidt, Eugene Schultz
                          <sansrosans.org>

*********************************************************************

25 February 2000 The Week in Review
28 February 2000 Universities to Receive SSH Free
26 February 2000 Bernstein May Post Encryption Code
26 February 2000 FBI Web Site Attacked
25 February 2000 Vandals May Use Windows for Future DDoS Attacks
25 February 2000 Microsoft Security Issues
25 February 2000 Have Attack Defense Strategies in Place, Say Expert
24 February 2000 Microsoft Fights Off "Synflood" Attack
24 February 2000 First Windows 2000 Virus: W2K.Infis.4608
24 February 2000 Computer Science Student Charged as Cracker
24 February 2000 ActiveX Security Hole
24 February 2000 NDB.com Suffers Attack, Outage
24 February 2000 CIA Says Cyber Threat from Russia and China is
                  Developing
24 February 2000 ICQ Account Hijacked; Ransom Demanded
23 February 2000 ISPs Form Alliance to Fight DDoS Attacks
23 February 2000 Israeli Legislator Reconsiders Position on Hacker
                  Conference
23 February 2000 Canadian Government Sites Hacked
22 February 2000 Net Healthcare Ethics
21 February 2000 Always On Connections Vulnerable to Infiltration
21 February 2000 Cyber Attacks on US Government Systems Prevalent
21 February 2000 Internet Security Holes
15 February 2000 Cyber Crime on the Rise in the UK
15 February 2000 Virginia DMV Web Site Attacked

******** This week's sponsor: Network-1 Security Solutions ********

Network-1 Security Solutions: Embedded NT Firewalls

Now you can stop denial of service attacks against your critical NT
servers. CyberwallPLUS-SV is the industry's first embedded firewall
for NT servers. It allows you to protect your valuable NT servers from
unwanted access and intrusion by Internet, Intranet and Extranet users.

Visit http://www.network-1.com/eval/eval6992.htm and get your free
CyberwallPLUS evaluation kit.

**********************************************************************

-- 25 February 2000 The Week in Review
An overview of recent computer security news: FBI web site attack,
NDB.com crash, Microsoft's Synflood defense, Windows based DDoS tools,
Ebay not suffering financially from attack, and the FBI's investigation
into the DDoS attacks. http://www.msnbc.com/news/367495.asp
 
-- 28 February 2000 Universities to Receive SSH Free
SSH Communications Security and the SANS Institute will provide free
copies of SSH2.1 server and client (for UNIX and Windows) to all students,
faculty, and staff of accredited universities, under a new license that
eliminates historical impediments. The pair will also make financial
awards for exemplary and innovative methods and tools that help
universities take full advantage of the gift. Editor's Note (Paller):
The story was covered in most online publications and the San Jose
Mercury News; the most complete version may be found at
http://www.ssh.com/about/press/release01032000.html

-- 26 February 2000 Bernstein May Post Encryption Code
The US Commerce Department sent a letter to Daniel Bernstein and his
lawyers, informing them that the new, loosened encryption export
regulations will allow him to post his "Snuffle" encryption software on
his web site. While the Commerce Department clarified several points
to the satisfaction of privacy advocates, Bernstein's legal team is not
sure the fight is over because not all the free speech issues have been
addressed. http://www.currents.net/newstoday/00/02/26/news8.html
http://www.zdnet.com/zdnn/stories/news/0,4586,2448304,00.html

-- 26 February 2000 FBI Web Site Attacked
The FBI's web site suffered a denial of service attack launched from a
single computer. The site was down for more than three hours. The FBI
pointed out that its computers were not infiltrated, and that its web
site is separate from its internal systems.
http://www.washingtonpost.com/wp-dyn/business/A35641-2000Feb25.html
http://news.cnet.com/category/0-1005-200-1558533.html

-- 25 February 2000 Vandals May Use Windows for Future DDoS Attacks
Windows PCs at two universities and a Washington company have been
infected with a new version of DDoS software. Previous attacks have
been carried out using Unix computers. The Windows version of the attack
tool client is transmitted through e-mail attachments. Because Windows
PCs are so prevalent and unprotected, an enormous number of
often-unprotected machines are probably vulnerable to the infection.
http://www.computerworld.com/home/print.nsf/all/000225F16A
http://www.techweb.com/wire/story/TWB20000225S0016
http://news.cnet.com/category/0-1005-200-1555637.html
http://www.usatoday.com/life/cyber/zd/zd3.htm

-- 25 February 2000 Microsoft Security Issues
Microsoft has faced a number of security issues recently, including an
ActiveX flaw (see 24 February story), a Wordpad vulnerability which
could trick the application into executing malicious code, a couple of
vulnerabilities though which servers could steal files, and the appearance
of DDoS tools for the Windows platform.
http://www.msnbc.com/news/374596.asp?0m=T19Q

-- 24 February 2000 Microsoft Fights Off "Synflood" Attack
Microsoft was the object of a "Synflood" attack which disrupts server-
PC communication. Microsoft employees noticed significant traffic spikes
and were able to determine the IP address from which the attack originated
and cut off the attacker's access to Microsoft's web site. The site
never went down, and users suffered only a few slowdowns for a short
while. http://www.computerworld.com/home/print.nsf/all/000224EF56

-- 25 February 2000 Have Attack Defense Strategies in Place, Say Expert
Companies should have plans in place to correct misinformation posted
in an effort to artificially alter the value of the company's stock,
and to guard against cyber attacks of other sorts.
http://www.it.fairfax.com.au/breaking/20000225/A39059-2000Feb25.html
 
-- 24 February 2000 First Windows 2000 Virus: W2K.Infis.4608
The first virus "native" to Windows 2000 debuted last week; it spreads
only among online users logged on with administrative privileges. A
patch should be available this week.
http://www.computerworld.com/home/print.nsf/all/000224EF6E Editor's
Notes: (Murray) Viruses do not spread well if they affect only a sparse
population. (Schultz) Security related bugs in Windows 2000 are being
reported on the web.

-- 24 February 2000 Computer Science Student Charged as Cracker
A computer science student in Boston has been arrested and charged with
three counts of unauthorized access to computer networks including a
NASA computer at Goddard Space Flight Center, an ISP in Seattle, and
the Defense Logistics Agency. He also allegedly broke into a computer
at his school and obtained personal information about students, alumni,
and faculty. http://www.usatoday.com/life/cyber/tech/cth434.htm
http://www.space.com/space/business/nasa_hacker_arrest_000224.html
http://www.computerworld.com/home/print.nsf/all/000223EF12

-- 24 February 2000 ActiveX Security Hole
Microsoft will issue a patch for an ActiveX vulnerability that could
allow software installation without gaining the user's consent.
http://www.computerworld.com/home/print.nsf/all/000224EF5A

-- 24 February 2000 NDB.com Suffers Attack, Outage
An apparent denial of service attack caused the National Discount Brokers
Group web site, NDB.com, to be down for over an hour. No customer data
was compromised, and customers could still make trades by phone.
http://www.usatoday.com/life/cyber/tech/cth439.htm
http://news.cnet.com/category/0-1007-200-1557619.html

-- 24 February 2000 CIA Says Cyber Threat from Russia and China is
                     Developing
The CIA says that there is evidence of "dedicated offensive cyber warfare
programs" in China and Russia. Because they know they would lose in
conventional warfare confrontation, the countries are focusing on honing
their cyber attack capabilities. The US plans to do the same.
http://www.computerworld.com/home/print.nsf/all/000224EF6A
http://www.zdnet.com/zdnn/stories/news/0,4586,2445516,00.html

-- 24 February 2000 ICQ Account Hijacked; Ransom Demanded
An ICQ customer's account was held hostage for two days, the hacker
demanding $100 for the return of the customer's user identification
number (UIN). The UIN was returned to the customer, but the incident
points to the unsecure nature of the software.
http://news.cnet.com/category/0-1005-200-1556634.html

-- 23 February 2000 ISPs Form Alliance to Fight DDoS Attacks
Eight Internet Service Providers (ISPs) have teamed up with a consulting
firm to create an alliance focused on maintaining systems which crackers
cannot use to launch DDoS attacks. Members must promise to secure their
internal systems and use filtering technology to prevent crackers from
forging data source addresses.
http://www.zdnet.com/zdnn/stories/news/0,4586,2445261,00.html?chkpt=zdhpnews01
Editor's Note: A second group of ISPs, convened quietly and effectively
with router manufacturers and government officials in Washington on
February 29. Results will be reported next week.

-- 23 February 2000 Israeli Legislator Reconsiders Position on Hacker
                     Conference
The head of the Knesset's Committee for Scientific and Technological
Research and Development allows her opposition to a hacker conference
to be held in Israel may have been hasty. During a meeting of the
committee, other legislators pointed to the difference between "hackers"
and "crackers." http://www.wired.com/news/politics/0,1283,34504,00.html

-- 23 February 2000 Canadian Government Sites Hacked
An investigation continues into the appearance of DDoS software on a
Canadian federal system. Further, several Canadian government web sites
were defaced in the past year.
http://www.nationalpost.com/news.asp?f=000223/214262&s2=national&s3=coasttocoast

-- 22 February 2000 Net Healthcare Ethics
A proposed code of ethics drafted by a non-profit organization would
set strict standards for gathering and using health information on line.
http://www.computerworld.com/home/print.nsf/all/000222EEB6

-- 21 February 2000 Always On Connections Vulnerable to Infiltration
Computers connected to the Internet through "always on" connections like
cable or digital subscriber line (DSL) are more susceptible to malicious
penetration. One man was alerted to the problem by a "good Samaritan"
hacker who placed a text file on his computer warning him of the
vulnerability. http://www.usatoday.com/life/cyber/tech/cth413.htm

-- 21 February 2000 Cyber Attacks on US Government Systems Prevalent
Computer attacks against US government systems are prevalent, from both
independent crackers and international groups conducting "information
warfare". http://newsweek.com/nw-srv/printed/us/st/a16330-2000feb13.htm

-- 21 February 2000 Internet Security Holes
The Internet is fundamentally fragile, from its beginnings as an open
system for trusted users, to software, which by its very nature contains
bugs, to privacy, to the problem of finding enough talented people to
keep the system running.
http://newsweek.com/nw-srv/printed/us/st/a16376-2000feb13.htm

-- 15 February 2000 Cyber Crime on the Rise in the UK
Computer crime is keeping pace with e-commerce in the UK. The issue
poses the question of how national policy can deal with international
problems. http://vnunet.com/Features/106572

-- 15 February 2000 Virginia DMV Web Site Attacked
The Virginia Department of Motor Vehicles web site was attacked and shut
down for under an hour. The suspect was arrested within a few hours of
the attacks and charged with felony computer trespass. The cracker did
not infiltrate the system, but bombarded it with phony requests for
information.
http://www.washingtonpost.com/wp-srv/WPlate/2000-02/15/126l-021500-idx.html

**************** Also sponsored by: Baseline Software ****************

INSTANT, DEFINITIVE, UP-TO-DATE INFORMATION SECURITY POLICIES!

INFORMATION SECURITY POLICIES MADE EASY is a compilation of 1000+
already-written information security policies by internationally known
consultant Charles Cresson Wood. Comes with text and CD/ROM. Save
thousands of dollars developing security policy documents. Visit
http://www.baselinesoft.com .

== End ==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, e-mail sanssans.org with
the subject: Subscribe NewsBites

Update your own record at your personalized URL:
        http://www.sans.org/sansaddr?hashid=SD397643jFg25PaJ7aa
or email <sanssans.org> with complete instructions and your SD number
(from the headers) for subscribe, unsubscribe, change address, add other
digests, or any other comments.