OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: SANS NewsBites Vol.2 Num 21
From: The SANS Institute (sanssans.org)
Date: Wed May 24 2000 - 17:42:20 CDT

************************************************************************
To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: May 24 SANS NewsBites

Alert!

The FBI will release a warning and scanner tomorrow for a new
distributed denial of service tool called mstream, with capabilities
exceeding those in older DDoS attack tools. To make sure your UNIX and
Linux systems are not already infected, use the FBI's new host-base
scanner. It's an updated version of the award-winning tool they
developed in December.
You'll find both at http://www.nipc.gov sometime on Thursday, May 25.

************************************************************************

SANS Windows 2000 security improvement project launched:
http://www.sans.org/newlook/projects/w2k.htm

SANS Parliament Hill (Ottawa) is now open for registrations
http://www.sans.org/PH2000.htm

Places at the SANS Security DC 2000 conference, as well as hotel rooms,
are going quickly. Please register by June 2 if possible. The hotel
is just three blocks from "ground zero" for the July 4th fireworks.
http://www.sans.org/dc2000.htm

                                  AP
************************************************************************

                             SANS NEWSBITES

                  The SANS Weekly Security News Overview

Volume 2, Number 21 May 24, 2000

Editorial Team:
      Kathy Bradford, Crispin Cowan, Roland Grefer, Bill Murray,
    Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
                          <sansrosans.org>

************************************************************************

21 May 2000 A Virus is a Virus is a Virus
19 May 2000 FBI Background Check Database Goes Down
19 May 2000 Security Patch "Burdensome"
17 May 2000 Outlook Patch Aims to Stem Tide of Worms
17 May 2000 Microsoft Releases Cookie Hole Fix
19 May 2000 Newlove Has Destructive Payload
19 May 2000 Cyberattack Warning System Examined
17 May 2000 ILOVEYOU Virus Strain on Seized Disk
19 May 2000 Chinese Web Site Penalized by Government
19 May 2000 To Hype or Not to Hype
18 May 2000 Cracker Pleads Guilty
18 May 2000 Privacy and the Canadian Government Database
18 May 2000 Group May Be Cracking Local ISPs
18 May 2000 Microsoft Fixes
18 May 2000 GAO Says Worm Fallout Points to Possibility of
             "Catastrophic Damage"
18 May 2000 TV Hoax Alert
18 May 2000 State Department Notebook Computer Security
17 May 2000 Office 2000 Paper Clip Hole
17 May 2000 Legislation Enables Backdoors
17 May 2000 Yahoo Calendar Glitch
16 May 2000 Windows 2000 Encryption Not So Strong

************************************************************************

* Sponsored by Sunbelt Software - STAT: NT/2000 Vulnerability Scanner *

Plug NT /2000's over 850 holes before they plug you.

STAT comes with a responsive web-update service and your dedicated Pro
SWAT team. Built by anti-hackers for DOD sites.

Download a demo copy before you become a statistic.
http://www.sunbelt-software.com/product.cfm?id=899

************************************************************************

-- 21 May 2000 A Virus is a Virus is a Virus
Computer viruses bear a striking resemblance to their biological
counterparts.
http://www.washingtonpost.com/wp-dyn/articles/A41594-2000May20.html
http://www.msnbc.com/news/410289.asp?0m=N12J

-- 19 May 2000 FBI Background Check Database Goes Down
The FBI database used to do background checks on people buying guns
failed last week. Gun sales were halted for more than two days while
technicians worked to get the system up and running again. Checks in
progress when the system went down were incomplete.
http://www.computerworld.com/home/print.nsf/all/000519E16A

-- 19 May 2000 Security Patch "Burdensome"
Microsoft's Outlook patch to protect users from e-mail infestations like
the one perpetrated by the ILOVEYOU worm requires that all software be
updated before the patch can be installed. The patch also requires
manual authorization for procedures which were previously automatic,
which could present some problems.
http://www.computerworld.com/home/print.nsf/all/000519E0BE

-- 17 May 2000 Outlook Patch Aims to Stem Tide of Worms
Microsoft has issued a software patch for Outlook e-mail which should
help stop the spread of worms like ILOVEYOU and Melissa, but which may
also impede interoperability with third party software. The patch
favors security over functionality.
http://www.computerworld.com/home/print.nsf/all/000517DFEE
http://www.computeruser.com/news/00/05/17/news1.html
 
-- 17 May 2000 Microsoft Releases Cookie Hole Fix
Microsoft has posted a fix for a security hole which could have allowed
malicious web site operators to steal cookies from unsuspecting users'
computers. The people who publicized the vulnerability say there is no
evidence that the exploit, which requires the use of JavaScript, has
ever been used "in the wild."
http://www.msnbc.com/news/406496.asp?0m=T24B

-- 19 May 2000 Newlove Has Destructive Payload
The "Newlove" worm/virus carries a venomous payload, wiping out all
files on the infected computer and on any connected network drives.
The worm also changes its name when it sends itself to other machines.
While "Newlove" is "in the wild", reports of infection are far fewer
than those resulting from the ILOVEYOU worm.
http://www.msnbc.com/news/409559.asp?0m=N21B
http://news.cnet.com/news/0-1005-200-1899852.html
http://www.washingtonpost.com/wp-dyn/articles/A37433-2000May19.html

-- 19 May 2000 Cyberattack Warning System Examined
Federal agencies did not spread the word about the ILOVEYOU worm quickly
enough to stop infestation.
http://www.fcw.com/fcw/articles/2000/0515/web-love-05-19-00.asp

-- 17 May 2000 ILOVEYOU Virus Strain on Seized Disk
A virus strain similar to that spread by the ILOVEYOU worm was found on
a computer disk taken from the apartment of a previous suspect in the
case.
http://www.computeruser.com/news/00/05/17/news7.html

-- 19 May 2000 Chinese Web Site Penalized by Government
The Chinese government has fined and temporarily shut down a web site
accused of "spreading rumors."
http://www.usatoday.com/life/cyber/tech/cth943.htm

-- 19 May 2000 To Hype or Not to Hype
Virus companies say that spreading the word about worms and viruses is
proactive. One expert says that if ISPs scanned for virus signatures,
outbreaks would not be so massive.
http://www.wired.com/news/technology/0,1282,36464,00.html

-- 18 May 2000 Cracker Pleads Guilty
A Canadian teenager pleaded guilty to breaking into a variety of
computer systems, including those of MIT, Harvard University, and NASA.
He was given the maximum sentence which includes community service,
probation, and restricted computer use.
http://www.usatoday.com/life/cyber/nb/nb3.htm

-- 18 May 2000 Privacy and the Canadian Government Database
Canada's federal government maintains a large database of information
about the country's citizens. The Privacy Commissioner believes that
the citizens should know what kind of information is being collected
about them and how it is being used.
http://www.wired.com/news/politics/0,1283,36435,00.html

-- 18 May 2000 Group May Be Cracking Local ISPs
A cracker group that may be associated with the ILOVEYOU worm once sent
a virus-infected e-mail attachment to customers of a Filipino Internet
Service Provider (ISP).
http://www.computeruser.com/news/00/05/18/news17.html

-- 18 May 2000 Microsoft Fixes
Microsoft has patched five security flaws in response to criticism over
lack of security measures inherent in its software. Four of the flaws
are in the Internet Explorer browser; the other is in the Office 2000
suite.
http://news.cnet.com/news/0-1005-200-1896556.html

-- 18 May 2000 GAO Says Worm Fallout Points to Possibility of
   "Catastrophic Damage"
The ILOVEYOU worm unleashed massive e-mail system problems for many
government agencies. The top General Accounting Office (GAO)
information management expert testified before a Senate subcommittee
that terrorists could use similar tactics to distract government
agencies while simultaneously launching biological attacks.
http://www.wired.com/news/politics/0,1283,36439,00.html

-- 18 May 2000 TV Hoax Alert
A hoax virus alert has been circulating, cautioning users to be wary of
e-mails with the subject line "Let's watch TV." IBM has issued a
warning, advising that people ignore the alert.
http://www.computeruser.com/news/00/05/18/news2.html

-- 18 May 2000 State Department Notebook Computer Security
State Department executive directors will have to provide a report that
lists the types of information stored on all unclassified notebook
computers. Of 1,913 notebooks, 15 are missing, according to an
inventory. All classified notebooks, except the one recently reported
missing, are accounted for.
http://www.gcn.com/vol1_no1/daily-updates/2027-1.html

-- 17 May 2000 Office 2000 Paper Clip Flaw
Security experts have found that the "paper clip" Office Assistant could
be manipulated by malicious crackers to script nearly any action they
wish. Microsoft has issued a patch for this security vulnerability.
http://www.computerworld.com/home/print.nsf/all/000517E012
http://www.msnbc.com/news/408808.asp?0m=T25B
http://news.bbc.co.uk/hi/english/sci/tech/newsid_753000/753922.stm

-- 17 May 2000 Legislation Enables Backdoors
Two states have adopted laws allowing backdoors to be built into
software to enable companies to enforce license agreements by disabling
software that hasn't been paid for. Security experts say it is just a
matter of time before crackers will exploit that capability.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_752000/752180.stm

-- 17 May 2000 Yahoo Calendar Glitch
Some Yahoo Calendar reminders were being sent to the wrong people last
week. The company said that less than 0.1% of all users were affected.
http://news.cnet.com/news/0-1005-200-1888143.html

-- 16 May 2000 Windows 2000 Encryption Not So Strong
Microsoft Windows 2000 lets customers think they are running stronger
encryption than what is actually being used. The company says the
problem is related to export regulations.
http://www.wired.com/news/technology/0,1282,36336,00.html
Editor's (Cowan) Note: Even if administrators configure both ends of a
Windows 2000 Virtual Private Network to use Triple DES encryption, if
export restrictions apply, Windows 2000 uses DES. However, it fails to
warn the administrator or user that encryption has been weakened, other
than by placing a note in a log file.

== End ==

******************** Also Sponsored by Trend Micro *********************

Ironclad Content Filtering and Antivirus from Trend!

Stop problematic content of all types at the Internet Gateway. Trend
Micro's Award-winning InterScan network perimeter protects through:
VirusWall stopping Viruses and Malicious code - eManager blocking SPAM
and inappropriate content - WebManager prevents unproductive URL
access.

http://www.antivirus.com/products/isvw

************************************************************************

Please feel free to share this with interested parties via email (not
on web sites or bulletin boards). For a free subscription, e-mail
sanssans.org with the subject: Subscribe NewsBites

Email <sanssans.org> with complete instructions and your SD number
(from the headers) for subscribe, unsubscribe, change address, add other
digests, or any other comments.