OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: SANS NewsBites Vol.2 Num 22
From: The SANS Institute (sanssans.org)
Date: Wed May 31 2000 - 18:23:14 CDT

**********************************************************************
To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: May 31 SANS NewsBites

Tomorrow (June 1) the FBI, Justice Department, GSA, the CIAO and CERT/CC
will join with SANS and two dozen leading security gurus to unveil the
Top Ten Security Threats on the Internet. These are vulnerability
clusters that account for the majority of all successful attacks. At
noon (EST) on Thursday, you'll find the Top Ten posted at
http://www.sans.org along with guidance on how to fix them. This is
one of the most important consensus research projects we've ever
undertaken - an opportunity to make a measurable dent in the
vulnerability of the Internet. Please take a leadership role in your
organization to get these vulnerabilities fixed.

If you attended a major SANS conference you should have received an
early distribution of the Top Ten list. If you didn't get yours, email
infosans.org with the subject "lost alumni" and include your SD number,
first and last name, and the SANS conference (city and year) that you
attended.

All readers will receive a wonderful, completely new wall poster in a
few weeks. But only if your address is correct. Please verify your
address before June 7. Directions at the end of this newsletter.

                                       AP

************************************************************************

                             SANS NEWSBITES

                  The SANS Weekly Security News Overview

Volume 2, Number 22 May 31, 2000

Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray,
   Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
                          <sansrosans.org>

************************************************************************

27 May 2000 Glitches
26 May 2000 PGP Security Flaw
26 May 2000 KAK Worm Infects Just from Reading
26 May 2000 NHL Web Site Suffers DDoS Attack
26 May 2000 Senate Considers Cyber Crime Legislation
26 May 2000 FTC Wants Privacy Legislation
26 May 2000 All-Star Game Balloting to be Closely Watched
26 May 2000 Cybernet Worm
26 May 2000 Australian Criminal Records Site Won't Shut Down
26 May 2000 "Killer Resume" Worm/Virus
25 May 2000 CERT Says to Install Office 2000 Patch
25 May 2000 Grad Student Charged in Web Vulnerability Extortion Case
25 May 2000 Outlook Patch Release Delayed
25 May 2000 UK's RIP Bill
24 May 2000 Some Say Outlook Patch Goes Too Far
24 May 2000 Some Security Experts Say Education is Paramount
23 May 2000 Latest in Flurry of Yahoo Security Bugs
23 May 2000 Microsoft Vulnerabilities
23 May 2000 CIO Council Introduces Best Practices Web Site
23 May 2000 Agencies Should Secure Systems
22 May 2000 Security Tips

****************** Sponsored by AXENT Technologies *********************

FREE Intrusion Detection Webcast

Learn "Everything You Need to Know about Intrusion Detection" to help
keep intruders where they belong - - away from your confidential digital
assets.

Register today for AXENT's Webcast on June 28, 2000 --

www.axent.com/redirect/newsbites05-31

************************************************************************

 -- 27 May 2000 Glitches
A California phone book prints unlisted numbers, UK National Lottery
glitch is responsible for underpayment of winnings, and Yahoo calendar
sends reminders to the wrong people.
http://www.computeruser.com/news/00/05/27/news5.html

 -- 26 May 2000 PGP Security Flaw
A flaw in PGP 5.0 generates relatively unsecure cryptographic keys
because the program does not find appropriately random numbers. Other
versions appear to be unaffected.
http://www.computerworld.com/home/print.nsf/all/000526E30E

 -- 26 May 2000 KAK worm Infects Just from Reading
An e-commerce company inadvertently sent out a new worm, called "KAK"
which infects machines and sends itself on to the entire e-mail address
book. The worm, which does not carry a malicious payload, activates
when the e-mail is opened.
http://www.msnbc.com/news/412717.asp?0m=N13K
[Editor's (Paller) Note: We are calling it a worm because the user does
not have to take any special action - such as opening an attachment -
for the worm to spread. Anti virus tools will not protect you from this
infestation. See: http://www.sans.org/newlook/alerts/virus.htm]

 -- 26 May 2000 NHL Web Site Suffers DDoS Attack
The National Hockey League's (NHL) web site was the target of a
Distributed Denial of Service (DDoS) attack last week, rendering the
site inaccessible from Sunday until Thursday. The NHL has notified the
FBI about the attack.
http://www.computeruser.com/news/00/05/26/news20.html
http://www.nandotimes.com/technology/story/0,1643,500208602-500291854-501589724-0,00.html

 -- 26 May 2000 Senate Considers Cyber Crime Legislation
The Senate is considering legislation that would lower the damage
threshold for federal prosecution in cyber crime cases. The proposed
bill also addresses privacy by requiring commercial web sites to tell
customers when information is being collected and give them opportunity
to "opt out" of having their information shared. The measure has been
criticized for not addressing the issue of customer access to collected
information. Additionally, the bill does not update interstate trap
and trace measures, which are included in another proposed bill.
http://www.computeruser.com/news/00/05/26/news2.html

 -- 26 May 2000 FTC Wants Privacy Legislation
A Federal Trade Commission (FTC) survey found Internet privacy lacking,
and FTC Commissioners voted 3 to 2 to push for legislated privacy
regulations. One detractor said that privacy legislation could be
detrimental to businesses.
http://www.computerworld.com/home/print.nsf/all/000526E3BA
 
 -- 26 May 2000 All-Star Game Balloting to be Closely Watched
Major League Baseball is taking steps to avoid a repeat of last year's
All-Star Game ballot stuffing. Each e-mail address will be allowed only
25 ballots, and the site will perform daily audits. Security experts
say that the measures could be circumvented.
http://www.computerworld.com/home/print.nsf/all/000526E3A2

 -- 26 May 2000 Cybernet Worm
The Cybernet worm infects Word and Excel files, sends itself to the
first 50 addresses in the e-mail book, and tries to format the hard
drive when the computer is next rebooted.
http://www.computeruser.com/news/00/05/26/news4.html

 -- 26 May 2000 Australian Criminal Records Site Won't Shut Down
The operator of an Australian web site containing public records about
criminals says he will not shut down his site despite the fact that a
murder re-trial was aborted because information about the defendant's
first trial was available on the site. The operator may face contempt
of court charges.
http://www.it.fairfax.com.au/breaking/20000526/A19523-2000May26.html
http://www.wired.com/news/politics/0,1283,36587,00.html

 -- 26 May 2000 "Killer Resume" Worm/Virus
The "Killer Resume" spreads through Microsoft Outlook. If a user opens
the infected attachment, the worm sends itself to the entire e- mail
address book. Once the document is closed, the virus portion deletes
files, possibly rendering the computer unusable. Note: The ZDNet
article includes information on recovering files.
http://www.usatoday.com/life/cyber/tech/cth985.htm
http://www.zdnet.com/zdnn/stories/news/0,4586,2578326,00.html?chkpt=zd nnstop
http://www.cnn.com/2000/TECH/computing/05/27/new.virus.resume/index.html

 -- 25 May 2000 CERT Says to Install Office 2000 Patch
The Computer Emergency Response Team (CERT) is encouraging users to
install a patch for a flaw which could allow macro warnings to be
disabled and malicious code to be executed.
http://www.computerworld.com/home/print.nsf/all/000525E2EA

 -- 25 May 2000 Grad Student Charged in Web Vulnerability Extortion
                 Case
A Colorado graduate student has been arrested and charged with extortion
for demanding "hush-money" and other goods in return for keeping quiet
about a security hole in an audio book sales web site. The 36-year-old
man also threatened to publish a story about the vulnerability on MSNBC.
http://www.msnbc.com/news/412311.asp?0m=N218
http://news.cnet.com/news/0-1007-200-1946182.html

 -- 25 May 2000 Outlook Patch Release Delayed
Microsoft will delay the release of the patch for its Outlook e-mail
program in order to add the capability for systems administrators to
customize options.
http://www.techweb.com/wire/story/TWB20000525S0008

 -- 25 May 2000 UK's RIP Bill
The UK's pending Regulation of Investigatory Powers (RIP) Bill would
require Internet Service Providers (ISPs) to provide a direct
connections to an MI5 monitoring center. Critics of the draft
legislation say it would give law enforcement unprecedented snooping
capabilities, but the government says the bill doesn't give law
enforcement agencies any additional powers.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_762000/762514.stm
http://www.wired.com/news/politics/0,1283,36614,00.html

 -- 24 May 2000 Some Say Outlook Patch Goes Too Far
Critics of Microsoft's patch for Outlook say the fix places security
above functionality to the extent that certain files cannot be run from
Outlook at all.
http://www.fcw.com/fcw/articles/2000/0522/web-patch-05-24-00.asp

 -- 24 May 2000 Some Security Experts Say Education is Paramount
Bolstering law enforcement and security programs already in place will
only go so far; according to security experts, the government needs
people who have been schooled in creating secure systems.
http://www.fcw.com/fcw/articles/2000/0522/web-cyber-05-24-00.asp
 
 -- 23 May 2000 Latest in Flurry of Yahoo Security Bugs
Some "My Yahoo" members were shut out of their accounts while other
people innocently registered with their user names. A company
representative says no personal information was exposed. The accounts
can be restored and the user names given back to the original owners.
The glitch is the latest in a string of recent security problems for
Yahoo: Yahoo calendar sent reminders to the wrong members, hundreds of
people were assigned to the same user account, and a bug erased
important e-mail content.
http://news.cnet.com/news/0-1005-200-1933988.html

 -- 23 May 2000 Microsoft Vulnerabilities
The vast majority of viruses in the wild have been written to target
computers running various Windows operating systems. By its very
nature, Windows has features which present security vulnerabilities.
Windows is designed for functionality, not security. Microsoft says
Windows is targeted precisely because it is so widely used.
http://www.usatoday.com/life/cyber/tech/cth950.htm

 -- 23 May 2000 CIO Council Introduces Best Practices Web Site
Government agencies can post security best practices on a new web site
introduced by the CIO Council last week. The goal is to collaborate in
much the same way as do crackers, sharing pertinent information and
ideas.
http://www.gcn.com/vol1_no1/daily-updates/2067-1.html

 -- 23 May 2000 Agencies Should Secure Systems
The National Security Council's senior director for infrastructure
protection says that government agencies should secure their networks
right away; waiting for Congress to act could be irresponsible.
http://www.fcw.com/fcw/articles/2000/0522/web-cipo-05-23-00.asp

 -- 22 May 2000 Security Tips
Agencies working with sensitive information need to fix security holes
in a timely fashion, establish security policies, and make sure
sensitive data, such as that on laptops computers, is physically
protected.
http://www.gcn.com/vol19_no12/com/2013-1.html

******************** Also sponsored by Trend Micro *********************

Ironclad Antivirus and Content Security Filtering From Trend Micro!

Stop LOVEBUG viruses and other problematic content at the Internet
Gateway.

Trend Micro's award-winning InterScan family includes:

 --- VirusWall... stops viruses and malicious code,
 --- eManager... blocks SPAM and inappropriate content,
 --- WebManager... prevents unproductive URL access.

http://www.antivirus.com/SANSLOVELETTER.htm

== End ==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sanssans.org with the subject: Subscribe NewsBites

To change your subscription, address, or other information, visit
http:///www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.
        
You may also email <sanssans.org> with complete instructions and your
SD number for subscribe, unsubscribe, change address, add other digests,
or any other comments.