OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: SANS NewsBites Vol. 2 Num. 23
From: The SANS Institute (sanssans.org)
Date: Wed Jun 07 2000 - 12:51:29 CDT

************************************************************************
To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: June 7 SANS NewsBites

Computerworld and SANS have been running a wonderful column called the
Security Manager's Journal for several months. The author just got a
huge promotion and won't be able to continue. If you are building a
security program inside a large user organization and would like to keep
a journal and share it (anonymously) with the community, send us an 800
word sample by Monday June 12. Email <sansroclark.net> with subject:
Security Manager's Journal. We're also open to other journal ideas.

                                  AP

************************************************************************

                             SANS NEWSBITES

                  The SANS Weekly Security News Overview

Volume 2, Number 23 June 7, 2000

Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray,
    Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
                          <sansrosans.org>

************************************************************************

 1 June 2000 Security Community Agrees on Top Ten Internet
              Security Threats
 2 June 2000 Federal CIOs to Use Top Ten List
 2 June 2000 Security Firm Says Top Ten List is Misleading
 2 June 2000 Mitnick Recommends Hiring Crackers
 1 June 2000 FireBurn ILOVEYOU Variant
 1 June 2000 Pennsylvania Law Criminalizes Computer Viruses
 1 June 2000 Returning the Attack
 1 June 2000 Russian Crackers
 1 June 2000 Road Runner Cable Subscribers Need to Change Passwords
 1 June 2000 Barnesandnoble.com Flaw
31 May 2000 EU Approves Safe Harbor
31 May 2000 Web JetAdmin Vulnerabilities
31 May 2000 Domain Names Stolen
30 May 2000 Resume Dwindles; Other Worms Appear
30 May 2000 Gauntlet Buffer Overflow Vulnerability
30 May 2000 Washington DC's Metro Site Defaced

********** Sponsored by VeriSign - The Internet Trust Company **********

Protect your servers with 128-bit SSL encryption!

Get VeriSign's FREE guide, "Securing Your Web Site for Business." You
will learn everything you need to know about using SSL to encrypt your
e-commerce transactions for serious online security. Click here!

http://www.verisign.com/cgi-bin/go.cgi?a=n016005080008000

************************************************************************

-- 1 June 2000 Security Community Agrees on Top Ten Internet Security
                Threats
Thirty organizations (including the NSA, FBI, DoD, CERT/CC and SANS)
released. a top-ten list of security vulnerabilities, giving system
administrators a starting point for securing their systems and giving
auditors a list of high-priority controls to put in place.
http://www.zdnet.com/zdnn/stories/news/0,4586,2580728,00.html?chkpt=zdnnstop
http://www.computerworld.com/home/print.nsf/all/000601E4B6
http://www.newsbytes.com/pubNews/00/149948.html
The most current version of the Top Ten Threats and Fixes is at
http://www.sans.org/topten.htm
 
-- 2 June 2000 Federal CIOs to Use Top Ten List
The Federal CIO Council asks all federal CIOs to find and fix the
security vulnerabilities on the consensus list of the top ten Internet
security threats.
http://www.fcw.com/fcw/articles/2000/0529/web-topten-06-02-00.asp

-- 2 June 2000 Security Firm Says Top Ten List is Misleading
A computer security company says it is concerned that others who fix
the ten vulnerabilities in the Top Ten list will think they are
protected from cyber attacks, when there are still many more security
holes to be mended.
http://www.newsbytes.com/pubNews/00/150023.html
[Editor's (Paller) Note: Several of the Top Ten project participants
had similar concerns initially, but concluded that no one is stupid
enough to think that the Top Ten are the only threats. The Top Ten
project offers an opportunity to fix the problems that are most
critical, right now, and allows security people to gain management
support by demonstrating excellence in practice.]

-- 2 June 2000 Mitnick Recommends Hiring Crackers
Convicted cracker Kevin Mitnick says hiring crackers would benefit
corporate security. Of course, chief information officers (CIOs) should
always do background checks, check for certification, and evaluate an
individual's ethics before hiring a cracker.
http://biz.yahoo.com/prnews/000602/ma_cx0_med.html
[Editor's (Murray) Note: People who take advice from Mitnick will hire
almost anyone.]

-- 1 June 2000 FireBurn ILOVEYOU Variant
A variant of the ILOVEYOU virus, called I-Worm.FireBurn spreads as a
.vbs attachment through outlook. It installs itself into the infected
machines system, and sends itself to the entire address book. Its
payload is activated on June 20th, when it displays a message and
disables the keyboard and mouse.
http://www.computeruser.com/news/00/06/01/news7.html

-- 1 June 2000 Pennsylvania Law Criminalizes Computer Viruses
A newly enacted Pennsylvania law criminalizes spreading computer
viruses, clearly defining what is meant by "virus." Those found guilty
of the felony could face up to 15 years in prison, and a $15,000 fine
in addition to being required to pay restitution.
http://www.newsbytes.com/pubNews/00/149883.html
http://www.civic.com/civic/articles/2000/0529/web-1penn-05-31-00.asp

-- 1 June 2000 Returning the Attack
While an attack on the WTO's web site last December was averted and
turned back on the perpetrator, most IT executives say they would not
strike back in a way that might target an innocent, hijacked IP address.
But while launching a counter-attack may be every bit as illegal as the
initial attack, rejecting and returning mail might not qualify as an
actual attack.
http://www.cnn.com/2000/TECH/computing/06/01/hack.back.idg/index.html
[Editor's (Murray) Note: These are complicated issues that have not been
fully adjudicated.]

-- 1 June 2000 Russian Crackers
Cracking and software piracy are reported to be rampant in Russia;
intellectual property theft has only recently begun to be recognized as
equivalent to real property theft.
http://www.usatoday.com/usatonline/20000601/2318474s.htm

-- 1 June 2000 Road Runner Cable Subscribers Need to Change Passwords
After a cracker broke into an e-mail server, Houston subscribers to Road
Runner cable Internet service were advised to change their passwords.
Technicians plan to upgrade the system and tighten security.
http://www.chron.com/cs/CDA/story.hts/business/568293

-- 1 June 2000 Barnesandnoble.com Flaw
A flaw at the Barnesandnoble.com site exposed one customer's personal
information to another.
http://news.cnet.com/news/0-1007-200-1997618.html

-- 31 May 2000 EU Approves Safe Harbor
The European Union (EU) has approved the US's "safe harbor" privacy
practice, allowing for continued transfer of data between the EU and
US-based e-commerce companies that adhere to the principles.
http://www.computerworld.com/home/print.nsf/all/000531E486

-- 31 May 2000 Web JetAdmin Vulnerabilities
Two bugs have been found to affect Hewlett-Packard's Web JetAdmin
printer management tool; one can lock up the program, while the other
could expose files. Both involve the use of a specially crafted URL.
http://www.msnbc.com/news/414589.asp?0m=T22A

-- 31 May 2000 Domain Names Stolen
The domain names of two web sites, Web.net and Bali.com, were
surreptitiously taken over, leaving the sites "broken" and people
wondering at the perpetrator's motives.
http://www.wired.com/news/politics/0,1283,36715,00.html
http://www.msnbc.com/news/414587.asp?0m=N12J

-- 30 May 2000 Resume Dwindles; Other Worms Appear
The "Killer Resume" worm appears to have been largely thwarted; two
other virus-carrying worms, Notepad and FireBurn, have been identified.
Some newer viruses are managing to hide the .vbs extension.
http://www.newsbytes.com/pubNews/00/149785.html

-- 30 May 2000 Gauntlet Buffer Overflow Vulnerability
A flaw in the way that Gauntlet software communicates with certain
filtering software could crash the application and allow malicious code
to run when it is restarted.
http://news.cnet.com/news/0-1005-200-1983181.html
[Editor's (Murray) Note: The "trouble with Gauntlet" is that it lacks
a fundamental strategy for protecting itself from its traffic.]

-- 30 May 2000 Washington DC's Metro Site Defaced
Washington DC's Metro web site was defaced last Monday by crackers
evidently upset with recording artists who have sued to stop people from
sharing music files on the Internet. The site was back to normal by
mid-afternoon.
http://www.washingtonpost.com/wp-dyn/articles/A27868-2000May29.html

*************** ALSO SPONSORED BY AXENT TECHNOLOGIES *******************

How to detect Denial of Service attacks in real-time.

Protect yourself against Denial of Service (DoS) attacks by
transparently monitoring traffic in real-time and reacting instantly
with AXENT's NetProwler and Intruder Alert. Until June 13, learn about
DoS attacks with your FREE guide, "Everything You Need to Know About
Intrusion Detection," at: http://www.axent.com/netprowler

== End ==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sanssans.org with the subject: Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the headers.)
You will receive your personal URL via email.
        
You may also email <sanssans.org> with complete instructions and your
SD number for subscribe, unsubscribe, change address, add other digests,
or any other comments.