OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: SANS NewsBites Vol. 2 Num. 31
From: The SANS Institute (sanssans.org)
Date: Wed Aug 02 2000 - 09:38:48 CDT

**********************************************************************

To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: August 2 SANS NewsBites

*************************

Top Ten Internet Threats Update: On Monday, SARA became the first
vulnerability scanner to win certification from the Dartmouth Institute
for Security Technology Studies for accurately and consistently testing
for the presence of the SANS/FBI Top Ten Internet Security Threats.
SARA is free. http://www-arc.com/sara/sara.html

Capitol SANS (December 10-15, Washington DC) registration information
was posted this morning (http://www.sans.org/capsans.htm). In-depth
multi-day training programs leading to certification.

If you would like daily summaries of security news, the redesigned
"What's News" page provides a USA Today-level overview - ready early
each morning. It's impressive. http://www.sans.org/news/080200.htm

                                  AP

**********************************************************************

                             SANS NEWSBITES

                  The SANS Weekly Security News Overview

Volume 2, Number 31 August 2, 2000

Editorial Team:
      Kathy Bradford, Crispin Cowan, Roland Grefer, Bill Murray,
    Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
Contributing Editors:
           Mike McGill, Amy Schoenhals, Chris Smith
                          <sansrosans.org>
                          
**********************************************************************

28 July 2000 Dow Fires Workers for E-Mail Abuse
28 July 2000 DoD to Hackers: Come Work for Us!
28 July 2000 RIAA Site Outage
28 July 2000 Make Security Better: But How?
28 and 27 July 2000 FTC OKs Internet Advertising Self-Regulation
28 July 2000 Cypriot Exam Results Leaked
27 July 2000 Reno Outlines Plan for Carnivore Review
27 July 2000 British Internet Surveillance Bill Becomes Law
26 July 2000 Stop Helping Crackers, Says Ranum
26 July 2000 Linux Developers Begin Ongoing Security Audit
26 July 2000 The Internet Has Weak Spots
26 July 2000 Anatomy of a Security Breach Investigation
25 July 2000 Reformed Crackers are a Security Risk
25 July 2000 North Carolina Politician's Campaign Site Defaced
24 July 2000 IETF Traceback Tool to Fight Denial of Service Attacks
24 July 2000 Spy Files Archive Site Under Attack
24 July 2000 DoD Database Inoperative for Two Weeks
24 July 2000 State Department Replaces Custom Software with Excel
24 July 2000 E-Commerce Data Exposed
23 July 2000 False Positives Put Strain on Security Staff

======================================================================
Sponsored by: Baseline Software
======================================================================

INSTANT, DEFINITIVE, UP-TO-DATE INFORMATION SECURITY POLICIES!

INFORMATION SECURITY POLICIES MADE EASY is a compilation of 1000+
already-written information security policies by internationally known
consultant Charles Cresson Wood. Comes with text and CD/ROM. Save
thousands of dollars developing security policy documents. Visit
http://www.baselinesoft.com .

======================================================================

-- 28 July 2000 Dow Fires Workers for E-Mail Abuse
Fifty Dow Chemical employees were fired for using the company's e-mail
system to send inappropriate images; such activity could constitute an
environment of harassment in the workplace. Two hundred additional
employees were disciplined.
http://www.usatoday.com/life/cyber/tech/cti298.htm

-- 28 July 2000 DoD to Hackers: Come Work for Us!
The Assistant Secretary of Defense and CIO at the Department of Defense
(DoD) warned hackers at last week's Def Con convention that impending
legislation would make cyber attacks on the DoD national security
violations. He then invited hackers without felony convictions to work
for the government and play with "some of the most sophisticated toys
in the world".
http://www.zdnet.com/zdnn/stories/news/0,4586,2609334,00.html?chkpt=zdnnstop
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO47706,00.html

-- 28 July 2000 RIAA Site Outage
The Recording Industry Association of America's (RIAA) web site was
inoperative for a few hours last week, the victim of either a denial of
service attack or unusually heavy traffic.
http://www.zdnet.com/zdnn/stories/news/0,4586,2609154,00.html

-- 28 July 2000 Make Security Better: But How?
The National Security Agency's (NSA) senior technical director says that
security tools aren't doing enough, and that developers should "do
[their] jobs better, please". An anonymous "dot-com" security manager
says that the criticism came without technical specification, and he
predicts nothing will change for a while.
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO47609,00.html

-- 28 and 27 July 2000 FTC OKs Internet Advertising Self-Regulation
The Federal Trade Commission (FTC) approved a plan that would allow
online advertisers to self-regulate consumer profiling data collection.
The draft proposal from the Network Advertising Initiative (NAI) also
calls for Congress to pass legislation so that non-member companies
would be held to the same standards. Under the guidelines, consumers
would be notified that they are being profiled, and have the option to
opt out of data collection. The companies would also agree not to use
sensitive personally identifiable information.
http://www.wired.com/news/politics/0,1283,37853,00.html
http://www.usatoday.com/life/cyber/tech/cti295.htm
http://www.zdnet.com/zdnn/stories/news/0,4586,2609075,00.html
Editor's (Murray) Note: Privacy advocates considered the plan a "sell-
out" on the part of the government.

-- 28 July 2000 Cypriot Exam Results Leaked
Crackers leaked Cypriot university entrance examination results to local
radio stations four hours before they were due to be released on a web
site.
http://www.sjmercurynews.com/svtech/news/breaking/internet/docs/252067l.htm

-- 27 July 2000 Reno Outlines Plan for Carnivore Review
Addressing public concern that the FBI's "Carnivore" e-mail surveillance
system could violate citizens' privacy, Attorney General Janet Reno says
that a group of experts will examine the program's source code and
report their findings to a panel of telecommunications and computer
industry representatives and privacy advocates. Carnivore will continue
to operate while the review is completed.
http://www.wired.com/news/politics/0,1283,37836,00.html

-- 27 July 2000 British Internet Surveillance Bill Becomes Law
The British government says the newly enacted Regulation and
Investigatory Powers Bill merely updates law enforcement authority,
giving them clear guidelines for addressing cyber crime. Interception
warrants would require home secretary approval, and while people could
be required to surrender encryption keys upon demand, the government
says that many would be permitted to hand over hard copies of the
documents in question. Some people are concerned that the legislation
will drive away e-business because of confidentiality concerns.
http://news.cnet.com/news/0-1005-200-2362844.html

======================================================================
Also Sponsored by VeriSign - The Internet Trust Company
======================================================================

Pinpoint the right security solution for your company - FREE Guide from
industry leader VeriSign gives you all the facts.
Learn how to:
* Add the most powerful online encryption - 128-bit
* Quickly authenticate your site
Get your FREE Guide now at:
http://www.verisign.com/cgi-bin/go.cgi?a=n061107810013000

======================================================================

-- 26 July 2000 Stop Helping Crackers, Says Ranum
In order for security to improve, "gray hats" must stop revealing
vulnerabilities and writing exploits that enable script kiddies to
launch attacks, according to Marcus Ranum, the chief technology officer
of an intrusion detection software company. He added that the problem
is social, not technical: "[W]e need to come down hard and fast on these
people."
http://www.zdnet.com/zdnn/stories/news/0,4586,2608077,00.html
Editors' (multiple) note: Many, many security professionals
respectfully disagree with Ranum on this point, advocating instead the
"full disclosure" model. The full disclosure model says that once one
person has discovered a vulnerability, others will discover it too,
and suppressing the information only blinds the good guys.

-- 26 July 2000 Linux Developers Begin Ongoing Security Audit
A group of Linux developers has launched a project designed to identify
security problems with the open source operating system before they
cause trouble for users. Participants in the ongoing Linux Kernel
Auditing Project plan to audit the Linux kernel for security holes and
educate other Linux developers on how to write secure code.
http://vnunet.com/News/1107318
Editors' (multiple) Note: This project complements an even more
important effort called the Linux Security Audit Project
http://www.lsap.org/ The two-year-old LSAP project seeks to audit
applications instead of the kernel, because applications are where most
security vulnerabilities happen.

-- 26 July 2000 The Internet Has Weak Spots
The Internet's reliance on a few key nodes makes it especially
vulnerable to organized attacks by hackers and terrorists, according to
a new study on the Internet's structure reported in the journal Nature.
While the majority of nodes are small enough for the Internet to work
around their occasional outages, an attack on a few of the large nodes
could cripple the system.
http://www.zdnet.com/zdnn/stories/news/0,4586,2607716,00.html?chkpt=zdnnstop

-- 26 July 2000 Anatomy of a Security Breach Investigation
An account published in CNN.com's Technology section records the step-
by-step efforts of computer security professionals to investigate and
deal with an actual security breach. The team of experts used a variety
of tools and their experience to examine suspicious online activity,
before ultimately agreeing that the affected systems should be
reinstalled and the Web site's security policies overhauled.
http://www.cnn.com/2000/TECH/computing/07/26/detect.intruders.idg/index.html

-- 25 July 2000 Reformed Crackers are a Security Risk
Hiring former crackers to ferret out security vulnerabilities will prove
costly in terms of intrusions, warns Fred Ricca, a
PricewaterhouseCoopers (PwC) partner. He adds that criminal hackers
are neither more capable nor more creative than true business security
consultants.
http://www.it.fairfax.com.au/industry/20000725/A26681-2000Jul24.html

-- 25 July 2000 North Carolina Politician's Campaign Site Defaced
Last weekend, a hacker broke into and defaced the campaign web site of
a candidate for a seat in the North Carolina House. The intruders left
messages denouncing the United States and claiming responsibility for
the attack by "Nexus-6." The site has been repaired.
http://www.wilmingtonstar.com/daily/07252000/local_st/21155.htm

-- 24 July 2000 IETF Traceback Tool to Fight Denial of Service
                 Attacks
The Internet Engineering Task Force (IETF) is working to develop ICMP
Traceback Messages to help network managers quickly trace the origin of
denial-of-service attacks on their systems. Itrace, as the initiative
has been nicknamed, identifies only the machine from which the attack
emanates, not the cracker responsible.
http://www.nwfusion.com/news/2000/0724itrace.html

-- 24 July 2000 Spy Files Archive Site Under Attack
A web site that posted secret documents from US and Japanese
intelligence agencies has apparently become the victim of a denial of
service attack. The FBI last week asked the site's publisher to remove
certain documents, but the request was refused.
http://www.wired.com/news/politics/0,1283,37746,00.html

-- 24 July 2000 DoD Database Inoperative for Two Weeks
A Department of Defense (DoD) database used to manage security
investigations was out of commission for two weeks due to system
overloading and subsequent corrupted files.
http://www.gcn.com/vol19_no20a/news/2463-1.html

-- 24 July 2000 State Department Replaces Custom Software with Excel
The State Department has replaced custom computer software with Excel
97 due to concerns that programmers who worked on the budgeting database
program are from a former Soviet-bloc country. The program did not
undergo the usual State Department review; the FBI and National Security
Agency (NSA) are investigating the source code.
http://www.gcn.com/vol19_no20a/news/2469-1.html

-- 24 July 2000 E-Commerce Data Exposed
Credit card and other sensitive order information was open to public
view on the Web site of a failed US-based E-commerce firm. By poking
around in a directory on the now defunct site, visitors could find
credit card information, names, addresses, and lists of items ordered.
http://www.idg.net/ic_204626_2058_1-1474.html

-- 23 July 2000 False Positives Put Strain on Security Staff
Network administrators at many companies and agencies often are
overwhelmed by false-positive alarms generated by some software designed
to detect intrusions by hackers. One ominous result, say some experts,
is that IT staffers ignore some warnings because they have become
exhausted by tracking down what turned out to be innocent traffic.
Administrators could reduce the number of false alarms by hiring more
people to watch the software.
http://www.zdnet.com/zdnn/stories/news/0,4586,2606343,00.html?chkpt=zdhpnews01

== End ==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sanssans.org with the subject: Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the headers.)
You will receive your personal URL via email.

You may also email <sanssans.org> with complete instructions and your
SD number for subscribe, unsubscribe, change address, add other digests,
or any other comments.