OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: SANS NewsBites Vol. 2 Num. 14
From: The SANS Institute (sanssans.org)
Date: Wed Apr 05 2000 - 11:37:31 CDT

**********************************************************************
To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: April 6 SANS NewsBites

The SOLD-OUT SANS2000 COURSES WILL BE REPEATED on May 10-15 in San
Jose. Hacker Exploits: Step-by-Step, Intrusion Detection Immersion
Curriculum, Firewalls and Perimeter Protection, Windows NT Security and
more. "Best of SANS2000" also includes an opportunity to take
certification tests for technical security skills and a kick-start
program for new security people. Make hotel reservations this week.
See: http://www.sans.org/sj00.htm

                                            AP

**********************************************************************

                             SANS NEWSBITES

                    The SANS Weekly Security News Overview

Volume 2, Number 14 April 6, 2000

Editorial Team:
      Kathy Bradford, Crispin Cowan, Roland Grefer, Stephen Northcutt,
             Alan Paller, Howard Schmidt, Eugene Schultz
                          <sansrosans.org>
*********************************************************************

 3 April 2000 911 Worm Wipes Hard Drives
 3 April 2000 Army Considers Biometrics to Enhance Security
27 March 2000 Cisco Firewall Holes
31 March 2000 FTC Investigates Yahoo!
31 March 2000 Electrohippies Target Biotech Companies
31 March 2000 IROK and KAK Worms Threaten Windows Systems
31 March 2000 King Book Pirated, Book-Reader to Get More Secure
31 March 2000 Cyber Patrol Case a Legal Puzzle
30 March 2000 Former Intel Employee Indicted
30 March 2000 Author of Phony Lucent Press Release Arrested
30 March 2000 Hacker Conference in Israel
28 March 2000 Hackers and Crackers
30 March 2000 ISP Held Responsible for Newsgroup Content
29 March 2000 GlobalHell Ringleader to Plead Guilty
29 March 2000 Man Charged in E-Mail Interception Case
29 March 2000 EU Begins Authorization Process for US Safe Harbor
               Principles
29 March 2000 The Debate Over Linux Security
29 March 2000 FBI Asks for Help To Pursue Cyber Criminals
29 March 2000 Customer Data Not Secure at ISP
29 March 2000 Privacy Advocates Don't Like SEC's Plan to Monitor the
               Internet
28 March 2000 Hotmail Has Trouble with Forwarding
28 March 2000 On Line Brokerage Firm Endures Outages
27 March 2000 Melissa Changed the Way People Look at Security
27 March 2000 Army PC's Microphones to be Disabled
27 March 2000 Census Bureau Takes Security Seriously
27 March 2000 Bill Would Allow FOIA to be Blocked
27 March 2000 Security Consultant Helped Find Curador
27 March 2000 Army Security Training

************** This week's sponsor: AXENT Technologies **************

Too Many Passwords? Free Single Sign-on White Paper.
 
AXENT's PassGo(tm) InSync gives users one single password for universal
access and can be deployed for thousands of users enterprise-wide in as
little as 4 days.

Through April 18, download Free Single Sign-on white paper:
<http://www.axent.com/passgo>

**********************************************************************

-- 3 April 2000 911 Worm Wipes Hard Drives
The FBI's National Infrastructure Protection Center reported that it
had discovered a worm (a virus that spreads without user intervention)
that wipes hard drives and sometimes dials 911.
http://www.msnbc.com/news/390119.asp
http://www.sans.org/newlook/alerts/911worm.htm

-- 3 April 2000 Army Considers Biometrics to Enhance Security
The Army is considering the implications and possibilities of using
biometrics to replace passwords.
http://www.fcw.com/fcw/articles/2000/0403/tec-mouse-04-03-00.asp
[Editors' Note (multiple): Biometrics are as vulnerable as passwords
for NETWORK security, because they can be sniffed and spoofed just as
easily.]

-- 27 March 2000 Cisco Firewall Holes
Two vulnerabilities in Cisco firewalls can be used to transmit
information without authorization.
http://www.computerworld.com/home/print.nsf/all/000327CECA
 
-- 31 March 2000 FTC Investigates Yahoo!
The Federal Trade Commission (FTC) is investigating whether Yahoo! Inc.
violated federal regulations regarding data collection. The
investigation was prompted by a report on Health web sites. Yahoo! is
cooperating with the investigators. Yahoo! is also the target of a
suit filed by three computer game makers who allege the web portal sold
counterfeit games.
http://www.computerworld.com/home/print.nsf/all/000331D00E
http://www.usatoday.com/life/cyber/tech/cth644.htm
http://www.msnbc.com/news/388394.asp?0a=22038UE

-- 31 March 2000 Electrohippies Target Biotech Companies
The hacktivist group "Electrohippies" planned to overwhelm sites
belonging to two companies involved in genetically engineered food.
The strategy was to first inundate the sites with e-mail, then launch a
denial of service attack without the use of zombie machines.
http://www.msnbc.com/news/389408.asp?0m=N11L

-- 31 March 2000 IROK and KAK Worms Threaten Windows Systems
The Irok worm spreads through an e-mail attachment and sends itself out
through Microsoft Outlook. It will eventually try to overwrite the
infected computer's hard drive. The Kak worm is written in Javascript
and arrives as a HTML file which has replaced the user's standard e-
mail signature. Kak displays a message and shuts down Windows, but
does no permanent damage.
http://www.currents.net/newstoday/00/03/31/news2.html

-- 31 March 2000 King Book Pirated, Book-Reader to Get More Secure
With pirated versions of Stephen King's electronic novella popping up
on the Internet, the distributor plans to release a more secure version
of the electronic book reader.
http://www.computerworld.com/home/print.nsf/all/000331D076
http://www.zdnet.com/zdnn/stories/news/0,4586,2487101,00.html

-- 31 March 2000 Cyber Patrol Case a Legal Puzzle
The two men who wrote the programs thwarting Cyber Patrol's filtering
software and exposing a list of blocked sites have turned over their
rights to the software to the company. The judge in the case has issued
a restraining order against sites mirroring the programs, but the
software may have been published under the GNU General Public License,
which allows for unlimited distribution regardless of who holds the
copyright.
http://www.computerworld.com/home/print.nsf/all/000331D072
http://www.zdnet.com/zdnn/stories/news/0,4586,2487024,00.html
Prof. Lawrence Lessig of Harvard Law School discusses the issues at
http://www.thestandard.com/article/display/0,1151,13533,00.html

-- 30 March 2000 Former Intel Employee Indicted
A federal grand jury in San Jose, CA has indicted a man who used to
work for Intel, charging him with stealing proprietary information
about the company's Itanium microprocessor, which has been in
development for the past six years. He is being charged under the
Economic Espionage Act of 1996, which makes stealing trade secrets a
federal crime.
http://www.mercurycenter.com/svtech/news/indepth/docs/theft033100.htm
http://www.zdnet.com/zdnn/stories/news/0,4586,2500220,00.html

-- 30 March 2000 Author of Phony Lucent Press Release Arrested
A day trader who allegedly posted a fake press release regarding Lucent
Technologies Inc. profits has been arrested in Texas. Law enforcement
officials were able to track him down with help from Yahoo!, AOL, and
the perpetrator's ISP.
http://www.usatoday.com/life/cyber/invest/in528.htm
http://news.cnet.com/news/0-1004-200-1615171.html

-- 30 March 2000 Hacker Conference in Israel
Those attending a hacker conference in Israel want to make sure people
know the difference between a "hacker" and a "cracker". Participants
also spoke to Kevin Mitnick on a conference call.
http://www.usatoday.com/life/cyber/tech/cth643.htm

-- 28 March 2000 Hackers and Crackers
"Hackers" are quick to distinguish themselves from "crackers", like
those who wreaked havoc with DDoS attacks and those whose intent it is
to destroy and steal information. However, the line between the two is
becoming blurrier, as hackers with political agendas post techniques,
which can be used to crack systems, in the name of security evolution.
http://www.csmonitor.com/durable/2000/03/28/fp3s1-csm.shtml

-- 30 March 2000 ISP Held Responsible for Newsgroup Content
A British ISP has been found liable for defamatory material posted on
one of its newsgroups.
http://news.cnet.com/news/0-1005-200-1613116.html?tag=st

-- 29 March 2000 GlobalHell Ringleader to Plead Guilty
A 19-year-old cracker who goes by the name MostHateD agreed to plead
guilty to conspiracy in teleconferencing fraud and "computer hacking"
and to cooperate with federal investigators. MostHateD is also a known
street gang member in Houston and was arrested last week on charges of
burglary and car theft.
http://www.msnbc.com/news/388551.asp?0m=N1AL
http://www.wired.com/news/politics/0,1283,35264,00.html

-- 29 March 2000 Man Charged in E-Mail Interception Case
The man who wrote code that caused e-mail to be rerouted and
intercepted has been charged with conspiracy to intercept electronic
communication on the Internet.
http://www.gazettenet.com/03292000/news/23561.htm

-- 29 March 2000 EU Begins Authorization Process for US Safe Harbor
Principles
The European Commission has accepted the United States' safe harbor
principles as adequate standards of privacy protection. The principles
require participating companies to obtain explicit permission before
sharing someone's data with another company, to allow people access to
their information and to correct it, and to "take reasonable
precautions" to safeguard personal data.
http://www.computerworld.com/home/print.nsf/all/000329CF76

-- 29 March 2000 The Debate Over Linux Security
Some computer security experts fear that Linux's open source code will
ultimately make the operating system more difficult to secure; others
aren't sure. (Please note: this site requires free registration)
http://www.nytimes.com/library/tech/00/03/biztech/articles/30tsc-
linux.html
Editor's note (Cowan): A counterpoint is included in the following
article that describes how open source allows defenders to share
information. http://www.techweb.com/wire/story/TWB19981008S0010

-- 29 March 2000 FBI Asks for Help to Pursue Cyber Criminals
FBI Director Louis Freeh spoke in favor of the Cyberspace Electronic
Security Act (CESA) before a Senate subcommittee last week. Freeh
said the number of cyber crimes under investigation more than doubled
from 1998 to 1999, and the FBI needs more resources and updated laws to
pursue cyber criminals with expedience.
http://news.cnet.com/category/0-1005-200-1595429.html
http://www.currents.net/newstoday/00/03/29/news7.html
http://www.computerworld.com/home/print.nsf/all/000329CF82
http://www.fcw.com/fcw/articles/2000/0327/web-fbi-03-29-00.asp

-- 29 March 2000 Customer Data Not Secure at ISP
Customers of a small Seattle ISP were informed by an investigative news
reporter that their confidential information, including credit card
numbers with expiration dates, was easy to access. A company executive
was unsure what type of security was in place.
http://www.msnbc.com/local/KING/633967.asp?0a=229I1A7

-- 29 March 2000 Privacy Advocates Don't Like SEC's Plan to Monitor
the Internet
The Securities and Exchange Commission (SEC) plans to run a web
surveillance system to search for certain words and phrases in order to
combat web fraud. Privacy advocates say that the action would be an
"unconstitutional search-and-seizure issue".
http://www.msnbc.com/news/387655.asp?0a=2335492
http://www.wired.com/news/print/0,1294,35289,00.html

-- 28 March 2000 Hotmail Has Trouble with Forwarding
A glitch in the Hotmail e-mail service confirmed messages were
forwarded when they actually weren't. The trouble occurred when users
tried to forward e-mail sent between Hotmail accounts to a non-Hotmail
address. Microsoft says it has fixed the problem.
http://news.cnet.com/category/0-1005-200-1595739.html

-- 28 March 2000 On Line Brokerage Firm Endures Outages
Datek Online users were unable to access the company's web site for
half an hour last Tuesday.
http://news.cnet.com/news/0-1007-200-1596052.html

-- 27 March 2000 Melissa Changed the Way People Look at Security
The Melissa worm, which first appeared one year ago, was the seeming
catalyst for a sea-change in the way we view electronic security.
http://www.zdnet.com/zdnn/stories/news/0,4586,2474610,00.html?chkpt=zdhpnews01

-- 27 March 2000 Army PC's Microphones to be Disabled
Army PCs and laptops will have their internal microphones disabled with
a plug-in device to thwart crackers who tap into systems and intercept
live conversations. They can reportedly do the same thing with video
cameras.
http://www.fcw.com/fcw/articles/2000/0327/news-army-03-27-00.asp

-- 27 March 2000 Census Bureau Takes Security Seriously
The Census Bureau has taken considerable precautions to ensure the
security of its operations, including installing firewalls, not
allowing e-mail to enter census information servers, encrypting
transmitted data, and hiring the National Security Agency (NSA) to
ensure that the system cannot be penetrated. The bureau also hired an
outside company to try to crack the Internet site where people file on
line.
http://www.fcw.com/fcw/articles/2000/0327/cov-census-03-27-00.asp

-- 27 March 2000 Bill Would Allow FOIA to be Blocked
Proposed legislation would allow private companies to share security
information with federal officials without fear that proprietary
information would be disclosed under the freedom of Information Act
(FOIA). Some privacy advocates say the bill's proposed measures could
be misused by dishonest companies to conceal information about
environmental hazards.
http://www.fcw.com/fcw/articles/2000/0327/news-FOIA-03-27-00.asp

-- 27 March 2000 Security Consultant Helped Find Curador
An Ottawa security consultant began tracking the Welsh teenager
recently arrested for credit card theft in February.
http://www.nationalpost.com/news.asp?f=000327/243399
http://www.msnbc.com/news/386402.asp?0m=A21E

-- 27 March 2000 Army Security Training
The Army is stepping up its systems security through increase training.
It offers CD-ROM courses on information assurance.
http://www.fcw.com/fcw/articles/2000/0327/mgt-survive-03-27-00.asp
http://www.fcw.com/fcw/articles/2000/0327/mgt-survive-sa-03-27-00.asp
http://www.fcw.com/fcw/articles/2000/0327/mgt-survive-ae-03-27-00.asp

******* Also Sponsored by VeriSign - The Internet Trust Company *******

Protect your servers with 128-bit SSL encryption!
Get VeriSign's FREE guide, "Securing Your Web Site
for Business." You will learn everything you need to
know about using SSL to encrypt your e-commerce transactions
for serious online security. Click here!
http://www.verisign.com/cgi-bin/go.cgi?a=n016007810003000

== End ==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, e-mail sanssans.org
with the subject: Subscribe NewsBites

Use this personal URL to change your subscription, address, or other
information:
        http://www.sans.org/sansaddr?hashid=SD397643jFg25PaJ7aa
or email <sanssans.org> with complete instructions and your SD number
(from the headers) for subscribe, unsubscribe, change address, add
other digests, or any other comments.