OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: SANS NewsBites Vol. 2 Num. 24
From: The SANS Institute (sanssans.org)
Date: Wed Jun 14 2000 - 07:13:14 CDT

************************************************************************

To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: June 14 SANS NewsBites

*************************

SANS Subscribers now get a 20% discount on New Riders technical books!

New Riders, the publisher of technical books on Intrusion Detection,
UNIX/NT Security, and other relevant topics, now offers SANS subscribers
a 20% discount on all its titles. To order, telephone 1-800-428-5331
and quote source code USNX. To view New Riders' book offerings, visit:
http://www.newriders.com

Today is the last day to avoid late fees on SANS Security DC 2000
http://www.sans.org/dc2000.htm

For Canadians and others who like beautiful August weather in Ottawa:
SANS Security Parliament Hill is scheduled for August 21-24.
http://www.sans.org/PH2000.htm

                                  AP

************************************************************************

                             SANS NEWSBITES

                  The SANS Weekly Security News Overview

Volume 2, Number 24 June 14, 2000

Editorial Team:
       Kathy Bradford, Crispin Cowan, Roland Grefer, Bill Murray,
     Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
                          <sansrosans.org>

************************************************************************

11 June 2000 Malaysian Government Web Sites Defaced
11 June 2000 Hong Kong Government Site Shut Down Again
10 June 2000 Serbian Badman Trojan
 9 June 2000 E-mail Credit Card Break-in Hoax
 8 June 2000 Outlook Security Patch
 8 June 2000 Charges Dropped in ILOVEYOU Case
 7 June 2000 Self Regulation or Legislation?
 7 June 2000 Chinese Man Arrested for Web Site Content
 5 June 2000 More Domain Name Hijacking
 7 June 2000 Domain Name Security
 6 June 2000 Internet Explorer Digital Certificate Flaws
 6 June 2000 Mobile Phone Worm/Virus
 6 June 2000 AOL Spam Case
 5 June 2000 CMU Creates Second Security Center, CMISS
 5 June 2000 Off-Shore Data Haven
 5 June 2000 Alert Response Time is Critical

***************** Sponsored by AXENT Technologies *********************

How to protect against application level attacks

Raptor Firewall delivers the most intuitive management interface and
high performance, multi-threaded services, giving you the most secure,
manageable, and flexible solution for enterprise security needs.

Now through June 13, download your FREE guide, "Everything You Need to
Know about Network Security" at

http://www.axent.com/Axent/Products/RaptorFirewall

************************************************************************

-- 11 June 2000 Malaysian Government Web Sites Defaced
Both pro-government and opposition web sites have been defaced in
Malaysia this past week. Both sides have condemned the activity.
http://news.cnet.com/news/0-1005-200-2056489.html

-- 11 June 2000 Hong Kong Government Site Shut Down Again
A Hong Kong government web site was shut down twice in one day due to
cyber vandals defacing the homepage.
http://asia.dailynews.yahoo.com/headlines/technology/afp/article.html?s=asia/headlines/000611/technology/afp/Hackers_force_Hong_Kong_government_website_to_shut_down_for_second_time.html

-- 10 June 2000 Serbian Badman Trojan
A newly discovered Trojan horse program that masquerades as a video clip
appears to have been planted on over 2000 computers connected to the
Internet. The program may alert the crackers to allow them to gain
control of the infected machines and use them to launch distributed
denial of service attacks.
http://www.msnbc.com/news/418248.asp?0m=N12M
http://www.cnn.com/2000/TECH/computing/06/09/hacker.attack.02/index.html
http://dailynews.yahoo.com/htx/ap/20000609/tc/hacker_attack_6.html
[Editors' Note: This virus was not a hoax. However, it accessed a
specific site to fetch malicious code, and once it was discovered, that
site closed down. The virus no longer poses a threat to any new
computers.]

-- 9 June 2000 E-mail Credit Card Break-in Hoax
A cracker managed to send a hoax mass-e-mail to customers of an
electronics dealer telling them their credit card numbers had been
compromised in a database break-in.
http://www.computerworld.com/home/print.nsf/all/000609E71E

-- 8 June 2000 Outlook Security Patch
Microsoft has released a second security patch for Outlook e-mail
systems which should protect them from the likes of Melissa and ILOVEYOU
worms. The fix decreases functionality to the extent that users will
not be able to open certain attachments without administrative action,
and it disables automatic scripting programs. The patch displays a
dialogue box whenever a program tries to access or send e-mail from the
user's address book.
http://www.cnn.com/2000/TECH/computing/06/08/outlook/index.html
http://www.msnbc.com/news/418208.asp?0m=T13M
http://www.zdnet.com/zdnn/stories/news/0,4586,2584667,00.html?chkpt=zdnnstop

-- 8 June 2000 Charges Dropped in ILOVEYOU Case
Charges have been dropped against one suspect in the ILOVEYOU worm case
because in the Philippines; there is no law under which he can be
prosecuted.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_782000/782099.stm

-- 7 June 2000 Self Regulation or Legislation?
A group of e-commerce companies says that industry self-regulation is
better than legislation, but some consumer advocates feel that customers
will not be sufficiently protected. While some of the proposed ideas
may be good, they still need oversight and enforcement.
http://www.wired.com/news/politics/0,1283,36811,00.html

-- 7 June 2000 Chinese Man Arrested for Web Site Content
Chinese authorities have arrested a man for posting on his web site
information about the Tianamen Square military crackdown. If convicted,
he could serve up to ten years in prison.
http://www.wired.com/news/politics/0,1283,36824,00.html

-- 5 June 2000 More Domain Name Hijacking
Crackers tricked a domain name registrar into transferring
Internet.com's domain name by using a forged fax. The problem was
caught quickly and site traffic was not disrupted. Other potentially
valuable domain names have been stolen in recent weeks.
http://www.wired.com/news/politics/0,1283,36783,00.html
http://www.msnbc.com/news/414587.asp?0m=N17N
http://www.zdnet.com/zdnn/stories/news/0,4586,2582092,00.html

-- 7 June 2000 Domain Name Security
The domain name system registrar Network Solutions, Inc., is examining
security measures in the wake of recent domain name hijackings.
http://www.computeruser.com/news/00/06/07/news14.html

 -- 6 June 2000 Internet Explorer Digital Certificate Flaws
CERT recently issued a warning about digital certificate flaws in
Internet Explorer that could allow malicious crackers to obtain personal
data from people thinking they are offering the information to a
legitimate web site.
http://www.computerworld.com/home/print.nsf/all/000606E672

-- 6 June 2000 Mobile Phone Worm/Virus
The press [Ed: inaccurately] reported that security experts have found
a worm that preys not on PCs but on cellular phones. Timofonica
operates by encouraging the recipient to open an attachment, which
triggers a mechanism allowing the worm to send itself to everyone in
the infected user's e-mail address book. It also sends a text message
to a random cellular phone number. There are also reports that
Timofonica leaves behind a file that deletes a machine's basic settings
when it is next restarted.
http://www.usatoday.com/life/cyber/tech/cti031.htm
http://www.zdnet.com/zdnn/stories/news/0,4586,2583104,00.html?chkpt=zdhpnews01
http://www.washingtonpost.com/wp-dyn/articles/A11010-2000Jun6.html
http://www.cnn.com/2000/TECH/computing/06/07/cellphone.virus.ap/index.html
[Editors' note: The cellular phone plays no role in the replication or
propagation of this code. It merely receives a text message.]

-- 6 June 2000 AOL Spam Case
A man who has been arraigned on charges of forgery and computer
tampering for sending millions of unsolicited e-mail messages to AOL
users through someone else's server insists he has done nothing wrong.
http://www.msnbc.com/news/417050.asp?0m=N16N

-- 5 June 2000 CMU Creates Second Security Center, CMISS
Carnegie Mellon University (CMU), home of CERT, has established a second
security center, the Carnegie Mellon Institute for Survivable Systems
or CMISS, that will focus on system development; CERT's efforts are
focused on incident alert and response.
http://www.gcn.com/vol19_no14/news/2125-1.html

-- 5 June 2000 Off-Shore Data Haven
Some cyber entrepreneurs are establishing a "data haven" off Britain's
coast to avoid restrictions some countries place on site content. Some
see the venture as nothing short of money laundering. It is unclear
whether or not the former gun platform being used for the haven falls
under British jurisdiction.
http://www.wired.com/news/politics/0,1283,36756,00.html

-- 5 June 2000 Alert Response Time is Critical
Time is of the essence in spreading the word about viruses and worms.
Federal sites lagged behind private information sharing about the recent
ILOVEYOU worm infestation. Another problem is that when people panic
and shut down their e-mail systems to avoid infection, they also cut
themselves off from an important branch of communication.
http://www.gcn.com/vol19_no14/news/2124-1.html

******** Also Sponsored by VeriSign - The Internet Trust Company *******

Building an intranet or extranet? Protecting your company's confidential
data is critical when designing new Web applications.

Get VeriSign's Guide "Securing Intranet and Extranet Servers" at:

http://www.verisign.com/cgi-bin/go.cgi?a=n033307810150000

== End ==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sanssans.org with the subject: Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the headers.)
You will receive your personal URL via email.

You may also email <sanssans.org> with complete instructions and your
SD number for subscribe, unsubscribe, change address, add other digests,
or any other comments.