OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: SANS NewsBites Vol. 2 Num. 12
From: The SANS Institute (sanssans.org)
Date: Wed Mar 22 2000 - 20:00:55 CST

To: Security Express (SD397643)
From: The SANS NewsBites service
Re: March 22 SANS NewsBites

Linux Security Step-by-Step and Solaris Security: Step-by-Step are now
available http://at www.sansstore.org.

**********************************************************************

                          SANS NEWSBITES

                  The SANS Weekly Security News Overview

Volume 2, Number 12 March 22, 2000

                         Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray,
 Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
                          <sansrosans.org>

*********************************************************************

20 March 2000 Company Sues Crackers Who Posted Software to Bypass
               Content Filter
18 March 2000 WebTV Newsgroup Flooding: Malicious Code or Virus?
17 March 2000 Disgruntled Programmer Arrested for Wall Street DoS
               Attack
17 March 2000 Brazilian Site Attacked
16 March 2000 NASA's Jet Propulsion Lab Sites Attacked
17 March 2000 Credit Card Numbers Stolen, Hidden on Government Web
               Site
17 March 2000 EU to Probe Echelon
16 March 2000 FBI Suffers Denial of Service Attack
16 March 2000 Microsoft Outlook/Melting.worm
16 March 2000 GSA and Vendors Discuss FIDNet
16 March 2000 Amazon.com Outage
16 March 2000 DOE Nuclear Lab Security Focus of Proposed Legislation
16 March 2000 Ethics and the Internet
16 March 2000 Crackers Threaten Army's Web Site
15 March 2000 DOJ Cybercrime Site
15 March 2000 Canadian Government and Military Targets of Computer
               Attacks
15 March 2000 US and EU Data Privacy Agreement
15 March 2000 Industry Needs to Address Privacy and Security
15 March 2000 Government Agencies Receive Help with Compliance
15 March 2000 Stronger Canadian Privacy Proposed
15 March 2000 Secure Payment Methods
15 March 2000 Windows NT Vulnerability Patched
14 March 2000 Security Patch Could Keep Rightful Users Out of Their
               Systems
14 March 2000 DSL Exposes Personal Information
13 March 2000 China Eases Encryption Registration Regulations

************* This week's sponsor: Entrust Technologies **************

Learn how you can use Entrust's award winning e-mail solutions - now
including Entrust/Express(tm) for Lotus(r) Notes(tm) - to streamline
your processes, shorten business transaction cycles, and maximize data
confidentiality by participating in our free Secure E-mail telebriefing,
March 23rd from noon to 1:00 p.m. ET. Register at:
http://www.entrust.com/events/telebriefs/mar23/index.htm

**********************************************************************

-- 20 March 2000 Company Sues Crackers Who Posted Software to Bypass
                  Content Filter
A US Federal District Court Judge in Massachusetts has issued a
restraining order against two crackers, one Canadian, one Swedish, who
stand accused of reverse engineering a content filtering program,
developing software to circumvent its security measures, and posting
the software on the Internet. The two claim their intent was not so
much to circumvent the blocking, but to demonstrate the fact that the
filtering software blocks sites outside the expected realm of violence
and adult content. http://www.currents.net/newstoday/00/03/20/news1.html
http://www.wired.com/news/politics/0,1283,35038,00.html
http://www.currents.net/newstoday/00/03/17/news2.html
Editor's (Cowan) Note: One might also suspect that the law suit is being
pressed to cover up the product vendor's embarrassment at poor content
filtering and poor encryption of the filter list. This law suit may
set a critical precedent for system security: if individuals cannot
publish shortcomings that they discover, then security vulnerabilities
will remain secret, and attackers will be the only people to know about
them. Imagine if every product vendor sued Consumer Reports for saying
bad things about their products; how much valuable content would Consumer
Reports have left?

-- 18 March 2000 WebTV Newsgroup Flooding: Malicious Code or Virus?
Microsoft says that malicious code is responsible for overloading WebTV
newsgroups with phony postings and asserts it is not a virus. It looks
and behaves like a virus, however, self-replicating by altering signatures
on Usenet messages and cross-posts, flooding newsgroups with messages.
http://www.wired.com/news/technology/0,1282,35045,00.html

-- 17 March 2000 Disgruntled Programmer Arrested for Wall Street DoS
                  Attack
An employee at an online securities trading company has been arrested
in connection with a denial of service attack on that company's computer
system. The origins of the attack were traced to machines at a copy
store in Manhattan and at Queens College in Flushing, NY, where witnesses
verified the man had been working on the computer.
http://www.computerworld.com/home/print.nsf/all/000317C9F6
http://dailynews.yahoo.com/htx/ao/20000316/cr/20000316002.html
http://news.cnet.com/category/0-1007-200-1573627.html

-- 17 March 2000 Brazilian Site Attacked
Crackers attacked the web site of Brazil's telecommunications regulatory
agency and shut it down for almost six hours. The traffic emanated from
the US and Canada. Meanwhile NASA Jet Propulsion Lab removed a network
block of Brazil from its web site.
http://www.cnn.com/2000/TECH/computing/03/17/brazil.nasa.hackers/index.html
http://www.currents.net/newstoday/00/03/18/news1.html

-- 16 March 2000 NASA's Jet Propulsion Lab Sites Attacked
NASA's Jet Propulsion Lab was the target of computer attacks seemingly
originating from Brazil; the Lab, as a precautionary measure, blocked
Brazil from site access.
http://www.currents.net/newstoday/00/03/16/news3.html

-- 17 March 2000 Credit Card Numbers Stolen, Hidden on Government Web
                  Site
A foreign cracker stole over 485,000 credit card numbers and saved them
on a US government agency's web site, according to law enforcement
officials. The theft of the numbers occurred more than a year ago.
http://www.computerworld.com/home/print.nsf/all/000317CA1A
http://www.msnbc.com/news/382561.asp
Editors Notes: (Murray) It is worth reminding e-commerce system managers
should check their systems for gratuitous scripts and not store credit
card numbers on the web server or in the clear. (Paller) Hiding credit
card numbers and other sensitive information in "_private" directories
does not protect them at all.

-- 17 March 2000 EU to Probe Echelon
The European Parliament will announce plans to establish a special
inquiry committee to look into allegations that the United States uses
Echelon, a covert electronic surveillance system, for industrial
espionage. http://www.wired.com/news/politics/0,1283,35048,00.html

-- 16 March 2000 FBI Suffers Denial of Service Attack
The FBI's web site was attacked and brought down for most of a day last
week. A spokesperson said that the computers were not broken into, just
overwhelmed with traffic. The attack comes just after the unveiling of
the Justice Department's cybercrime web site (see story).
http://abcnews.go.com/sections/tech/DailyNews/webattack000316.html

-- 16 March 2000 Microsoft Outlook/Melting.worm
The Melting Worm spreads through Microsoft Outlook running on Windows.
It puts itself in a directory and replaces files' .exe extensions with
.bin extensions. These changes could make the operating system unstable.
The worm also propagates by sending itself to every address in the
infected machine's Outlook address book, and it randomly executes .exe
files. http://www.computerworld.com/home/print.nsf/all/000316C9CA

-- 16 March 2000 GSA and Vendors Discuss FIDNet
The General Services Administration (GSA) met with vendors last week to
describe what it needs to implement the Federal Intrusion Detection
Network (FIDNet).
http://www.fcw.com/fcw/articles/2000/0313/web-fidnet-03-16-00.asp

-- 16 March 2000 Amazon.com Outage
Amazon.com suffered a brief outage last week; the site was entirely
inaccessible. http://news.cnet.com/category/0-1007-200-1574930.html

-- 16 March 2000 DOE Nuclear Lab Security Focus of Proposed
                  Legislation
Proposed legislation would increase the frequency of information security
systems inspections at the Department of Energy's nuclear weapons
laboratories.
http://www.fcw.com/fcw/articles/2000/0313/web-doe-03-16-00.asp
Editor's Note: (Murray) When the only tool you have is a hammer, all
the world looks like a nail.

-- 16 March 2000 Ethics and the Internet
The movement to teach Internet ethics to students, especially young
students, is gaining momentum. The Justice Department will this year
put $300,000 toward developing curricula, identifying good programs,
and promote the agenda of computer ethics.
http://www.usatoday.com/usatonline/20000316/2037341s.htm

-- 16 March 2000 Crackers Threaten Army's Web Site
Notes in source material comment tags suggest that a hacker group
responsible for taking down the New York Times' web site in 1998 is
targeting the US Army's web site. The Army has recently taken steps to
improve information systems security: new software scripts, web cache
proxy servers which divert surfers from primary servers, and a protected
domain name system architecture. The absence of pertinent international
laws regarding Internet behavior makes prosecution of those outside the
US difficult.
http://www.fcw.com/fcw/articles/2000/0313/web-armyhac-03-15-00.asp

-- 15 March 2000 DOJ Cybercrime Site
The US Department of Justice (DOJ) has created a cybercrime web site
that includes DOJ reports, information on encryption, and descriptions
of computer crime and how to report it. The USA Today article lists
all twelve sections and their URLs.
http://www.thestandard.com/article/display/0,1151,12912,00.html
http://www.usatoday.com/life/cyber/tech/cth546.htm
http://www.cybercrime.gov

-- 15 March 2000 Canadian Government and Military Targets of Computer
                  Attacks
A study by security experts says Canadian government and military sites
were attacked more than 500 times in two months. Despite the fact that
none of the attacks was "successful", the government and military need
to be vigilant. The study recommends implementing more intrusion
detection systems, and establishing a government attack reporting and
response center.
http://www.theglobeandmail.com/gam/National/20000315/UHACKN.html

-- 15 March 2000 US and EU Data Privacy Agreement
The United States and the European Union (EU) have reached an agreement
regarding data privacy which some say protects Europeans' privacy more
than Americans'. Other critics point out that any legal action will be
brought to court in the plaintiff's home country, and European privacy
laws are much stricter than those in the US.
http://www.computerworld.com/home/print.nsf/all/000315C966
http://www.usatoday.com/life/cyber/tech/cth552.htm

-- 15 March 2000 Industry Needs to Address Privacy and Security
At the Global Internet Summit in Washington, D.C., the Federal Trade
Commissioner said the technology industry needs to get serious about
data privacy or the government will step in with regulations. The
director of the FBI's National Infrastructure Protection Center (NIPC),
said the tech industry also needs to take responsibility for systems
security. http://dailynews.yahoo.com/htx/zd/20000315/tc/20000315792.html

-- 15 March 2000 Government Agencies Receive Help with Compliance
Government security experts are proffering a number of resources to
agencies to help them build security into their information systems and
comply with regulations.
http://www.fcw.com/fcw/articles/2000/0313/web-cipday-03-15-00.asp

-- 15 March 2000 Stronger Canadian Privacy Proposed
A Canadian senator says pending privacy legislation does not go far
enough in recognizing privacy as "a basic human right" and proposes
prohibiting the collection and sharing of personal data without explicit
approval as well as protecting people from surveillance.
http://www.wired.com/news/politics/0,1283,34949,00.html

-- 15 March 2000 Secure Payment Methods
The recent rash of Internet credit card theft could hasten the advent
of smart cards and other methods of securing transactions.
http://www.msnbc.com/news/382141.asp?0m=N11N

-- 15 March 2000 Windows NT Vulnerability Patched
A security hole allows any Windows NT users to force any application to
run at any time. Microsoft posted a patch for the vulnerability on
March 10th. http://www.msnbc.com/news/382794.asp?0m=V17M

-- 14 March 2000 Security Patch Could Keep Rightful Users Out of Their
                  Systems
A security patch for Internet Explorer 5.0 could lock Windows 2000 users
out of their systems. Microsoft is warning administrators about the
problem. http://www.computerworld.com/home/print.nsf/all/000314F756

-- 14 March 2000 DSL Exposes Personal Information
DSL users are finding that their home address is displayed online; the
agency that regulates Internet Protocol (IP) numbers says that policy
is going to change. http://news.cnet.com/category/0-1004-200-1572489.html

-- 13 March 2000 China Eases Encryption Registration Regulations
China has backed off requiring registration of every product that uses
encryption. Wireless telephones, browser software and Windows operating
systems are now exempt from the requirement.
http://news.cnet.com/category/0-1003-200-1570561.html

****** Also sponsored by: VeriSign - The Internet Trust Company ******

Protect your servers with 128-bit SSL encryption today! Get VeriSign's
FREE guide, "Securing Your Web Site for Business". It tells you everything
you need to know about using SSL to encrypt your e-commerce transactions
for serious online security. Click here!
http://www.verisign.com/cgi-bin/go.cgi?a=n016005080008000

== End ==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, e-mail sanssans.org with
the subject: Subscribe NewsBites or visit http://www.sans.org/sansnews
to subscribe instantly to any of several newsletters.

Use this personal URL to change your subscription, address, or other
information:
        http://www.sans.org/sansaddr?hashid=SD397643jFg25PaJ7aa
or email <sanssans.org> with complete instructions and your SD number
(from the headers) for subscribe, unsubscribe, change address, add other
digests, or any other comments.