To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: January 3 SANS NewsBites

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

**********************************************************************

                             SANS NEWSBITES

                 The SANS Weekly Security News Overview

Volume 4, Number 1 January 3, 20012

Editorial Team:
      Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
             Bill Murray, Stephen Northcutt, Alan Paller,
             Marcus Ranum, Howard Schmidt, Eugene Schultz

**********************************************************************

A vulnerability has been discovered in the Windows version of the AOL
Instant Messenger software.(AIM software running on other platforms
such as Linux or the Macintosh do not appear to be vulnerable). If
exploited, an attacker may be able to run programs on your computer
without your permission, much like a worm or virus can. A temporary
fix can be applied that will help to reduce the risk.

   1. Go to your Preferences
   2. Go to the Privacy section
   3. Click "Allow only users on my Buddy List" under "who can
   contact me"

This is not a perfect fix, if someone on your buddy list gets
attacked, you can be attacked by that infected individual. Users
should watch for updated AIM software from AOL. AOL is also
expected to patch it's servers to alleviate the problem. More
information about this vulnerability can be found at
http://www.newsbytes.com/news/02/173320.html

**********************************************************************

TOP OF THE NEWS
1 January 2002  Some Harvard Admissions E-Mail Treated as Spam
31 December 2001  NY Privacy Policy Act Becomes Law
14 December 2001  Cracker/Thief Sentenced
10 December 2001  GAO and State Auditors Release Security Auditing
                  Guide

THE REST OF THE WEEK'S STORIES
31 December 2001  Sklyarov Returns Home
28 December 2001  Banks Support B2B Standard
27 December 2001  Worm Writers are Not Often Caught or Prosecuted
27 December 2001  McAfee Offers AV and Firewall Subscriptions
27 December 2001  Gift Cards Frequently Not Secure
27 December 2001  This Year's Threats May Get More Vicious
26 December 2001  Patching IE Can be Tricky
26 December 2001  IE SSL Authentication Hole
24 December 2001  Gilmore Commission on IT and Homeland Security
20 December 2001  Cyber Law Year in Review
18 December 2001  AmEx Contest Security Gaffe
1 December 2001  The Question of Cyberinsurance
 December 2001  Sieberg's Top Ten Tech Stories of 2001

TUTORIALS
14 December 2001  Rootkit Basics
13 December 2001  Blended Threats

UPCOMING TRAINING OPPORTUNITIES
** SANS South Beach (2 tracks), Miami, Jan. 7-12
** SANS Gateway Asia (2 tracks), Singapore, Jan 10-15
* SANS Down Under (1 tracks), Melbourne, Jan 10-15
*** SANS Darling Harbour (4 tracks), Sydney, Jan 19-24
** SANS Peachtree 2002 (3 tracks), Atlanta, Jan 18-24
*** SANS Aloha IV (4 tracks), Honolulu, Jan 28-Feb 2
**** SANS Computer Security Bootcamp (7 tracks), Monterey, CA, Feb 9-14
* SANS San Diego Info. Sec. Officer (1 track), Feb 25-Mar 1
* SANS Ottawa Info. Sec. Officer (1 track), Feb 25-Mar 1
** SANS Lone Star (3 tracks), San Antonio, March 11-16
*****SANS 2002 (our largest conference) (12 tracks plus a free
            technical conference for all who attend the tracks),
            Orlando, April 1-7
See www.sans.org for details.

***********************Sponsored by SurfControl***********************

Personal Web-Based Email Accounts Spell Trouble for Security

Viruses can enter your network undetected via downloads or accessing
web-based email. This security risk can be eliminated by blocking
access to such accounts and restricting downloads of potentially
damaging files.

Try SuperScout Web Filter FREE:
http://www.surfcontrol.com/promo/zsnb0102

************************************************************************

TOP OF THE NEWS

 --1 January 2002  Some Harvard Admissions E-Mail Treated as Spam
Between 75 and 100 early admission application e-mail messages from
Harvard University's admissions office were bounced back because AOL
identified them as spam.  Hopeful students found out whether or not
they had been admitted by calling the office instead.
http://www.cnn.com/2002/TECH/internet/01/01/harvard.spam.ap/index.html
[Editor's (Murray) Note: Security is a difficult balancing act. 
However, the real villains here are those that initiate the spam that
forces the filtering in the first place.
(Schultz) Later data showed that 1) only acceptance (not rejection)
messages had been emailed, and 2) Harvard snail mailed acceptance
letters after learning about what AOL did.]

 --31 December 2001  NY Privacy Policy Act Becomes Law
New York State's freshly signed Internet Privacy Policy Act prohibits
State agencies from gathering or divulging site visitors' personal
data without their consent.  Visitors are allowed to access any of
their information the sites collect.
http://www.gcn.com/vol1_no1/daily-updates/17664-1.html

 --14 December 2001  Cracker/Thief Sentenced
Markus Lukawinsky received a prison sentence of a year and a day
to be followed by three years of probation. He was sentenced for
stealing computer equipment from and breaking into the computers of
a Connecticut consulting company and downloading encrypted password
files which he used to log in to the system as an employee.  Lukawinsky
must also pay the firm restitution of almost $200,000. 
http://www.usdoj.gov/criminal/cybercrime/LukawinskySent.htm

 --10 December 2001  GAO and State Auditors Release Security Auditing
                     Guide
The US Government Accounting Office and twelve state and local
auditing agencies jointly published a comprehensive and thoughtful
roadmap for security audits.  Among the many important guidelines
was an unequivocal requirement that auditors who audit access
control (including penetration testing) and system software must
have specialized technical skills such as knowledge of security
configuration requirements and how to test for them on both servers
and applications as well as advanced knowledge of network hardware,
software and protocols.
http://www.gao.gov/special.pubs/mgmtpln.pdf
[[Editor's (Paller) Note: This is good advice. With solid technical
skills, security auditors often become the most powerful force for
positive change in improving security. Even before the new report was
issued, we saw a surge in auditors attending very technical courses
at SANS conferences and earning GIAC certifications. Randy Marchany
(at Virginia Tech) is the quintessence of the fusion of technical
skills and auditing. His STAR risk analysis system has been a boon
to hundreds of security auditors:
http://www.security.vt.edu/playitsafe/index.phtml#RiskAnalysis]

THE REST OF THE WEEK'S STORIES

 --31 December 2001  Sklyarov Returns Home
Dmitry Sklyarov, the Russian software programmer who recently reached
an agreement with US authorities to avoid prosecution under the
Digital Millennium Copyright Act (DMCA), has returned to Russia.  He
has agreed to keep authorities apprised of his location and to appear
at legal hearings if he is needed.
http://news.cnet.com/news/0-1005-200-8324114.html?tag=owv

 --28 December 2001  Banks Support B2B Standard
Fourteen banks around the world are running pilot programs of
Project Eleanor, a proposed industry standard that will secure
business-to-business payments by establishing online authentication
methods and reduce payment clearing time to one day.  The standard
has the support of major banks worldwide.
http://www.computerworld.com/storyba/0,4125,NAV47_STO67001,00.html

 --27 December 2001  Worm Writers are Not Often Caught or Prosecuted
Even though some worm and virus writers leave clues to their identities
in their coding, they're not often caught because tracking them down
is not a profitable business.  Cybercrime units tend to focus their
resources on fraud and legal systems around the world are unsure
what to do with cyber criminals.  Russ Cooper says virus writers
should be pursued and prosecuted as an example to the rest of the
virus-writing community.
http://www.wired.com/news/politics/0,1283,49313,00.html

 --27 December 2001  McAfee Offers AV and Firewall Subscriptions
McAfee is offering subscriptions for automatically updated antivirus
software and remotely managed firewall service to Internet users in
the UK and Germany.  The service will be available to a dozen more
countries in 2002.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1723000/1723447.stm

 --27 December 2001  Gift Cards Frequently Not Secure
Some retailers that sell magnetic stripe gift cards are not
taking adequate security precautions to protect the cards from
counterfeiters.  If card account numbers are visible before purchasing
or are shelved sequentially, thieves need only create fraudulent cards
for those accounts and find out the amounts purchased on each card
by using an 800 number.  Stores would be well advised to package the
cards so the account numbers are hidden, use bar codes rather than
magnetic strips, and have their cashiers check that the numbers on
the card and the transaction match.
http://www.msnbc.com/news/598102.asp?0dm=C12OT

 --27 December 2001  This Year's Threats May Get More Vicious
Experts predict that worms and viruses will get nastier in 2002. 
Blended threats, such as Nimda, made a strong appearance in 2001;
blended threats make use of multiple attack methods and don't require
users to click on attachments.  The experts disagree about the threat
of mobile viruses.
http://www.zdnet.com/zdnn/stories/news/0,4586,2834890,00.html

 --26 December 2001  Patching IE Can be Tricky
Fixing the "automatic execution of embedded MIME types" vulnerability
in Internet Explorer (IE) is not a one-size-fits-all, which can
frustrate system administrators who need to patch numerous company
desktops. 
http://www.zdnet.com/zdnn/stories/comment/0,5859,2834787,00.html

 --26 December 2001  IE SSL Authentication Hole
E-matters, a German web development company, found that Microsoft's
Internet Explorer (IE) can be tricked into accepting phony or expired
certificates for accessing e-commerce sites.  Users who check the
certificates before visiting sites will notice that they have expired
or that the domain does not match the site they are accessing, but
most people don't do this.
http://www.newsbytes.com/news/01/173217.html
E-matters' report:  http://security.e-matters.de/advisories/012001.html

 --24 December 2001  Gilmore Commission on IT and Homeland Security
The Gilmore Commission's December 15th report on the response to
terrorism addressed IT aspects of homeland protection.  The report
recommends that the Critical Infrastructure Protection Board include
representatives from all levels of government and that a third party
evaluate agency programs.
http://www.fcw.com/fcw/articles/2001/1217/web-report-12-24-01.asp
Gilmore Commission Site and links to report:
http://www.rand.org/nsrd/terrpanel/

 --20 December 2001  Cyber Law Year in Review
Cyber law experts list significant developments of 2001; among the top
few are the passage of the USA Patriot Act, the Microsoft decision,
and the Digital Millennium Copyright Act (DMCA) prevailing in court
decisions.
http://www.nytimes.com/2001/12/28/technology/28CYBERLAW.html

 --18 December 2001  AmEx Contest Security Gaffe
American Express admitted that it didn't build adequate security into
a web page asking customers to enter personal data, including credit
card numbers, for a chance to win a vacation.  The page in question
caches the data and does not use SSL.
http://www.silicon.com/a50000

 --1 December 2001  The Question of Cyberinsurance
Although cyberinsurance covers events not covered in traditional
policies, some companies still find that their current insurance
policies are adequate.  Additionally, cyberinsurance can be costly,
and companies may wish to spend money on security technology instead. 
While cyberinsurance premium discounts may be for using certain
platforms and security services, some are concerned that organizations
using those products may fall into a false sense of security.
http://www.cio.com/archive/120101/et_article.html
[Editor's (Schultz) The verdict on cyberinsurance is still very
uncertain. It has not had the degree of impact upon the infosec
arena that experts predicted it would only a few years ago.  Some
consultancies based their business strategies on alliances with
insurance companies, with little to show for their efforts.]

 -- December 2001  Sieberg's Top Ten Tech Stories of 2001
CNN.com Science and Technology Editor Daniel Sieberg offers his list of
the top ten technology stories of 2001, including Code Red, the FBI's
Magic Lantern project, Dmitry Sklyarov's arrest under the Digital
Millennium Copyright Act (DMCA) and Richard Clarke's appointment as
"cybersecurity czar."
http://www.cnn.com/SPECIALS/2001/yir/stories/technology/

TUTORIALS
 --14 December 2001  Rootkit Basics
This article describes rootkits and their purposes and activities,
and suggests ways to detect their presence on your system.  The author
also recommends installing firewalls on network-connected machines,
applying software patches as they become available and removing
unnecessary services.
http://linux.oreillynet.com/pub/a/linux/2001/12/14/rootkit.html

  --13 December 2001  Blended Threats
Blended threats make use of multiple methods of propagation, attack
multiple points in a system and require no human action to spread. 
The best defense against blended threats is a comprehensive security
strategy that includes antivirus software, content filtering,
firewalls, intrusion detection and keeping current with patches.
http://enterprisesecurity.symantec.com/article.cfm?articleID=967&PID=9834967&EID=151

==end==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sanssans.org with the subject: Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.

You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8NHkj+LUG5KFpTkYRAqkwAJ4u3xEEz4vcTfM1f9x+F5/jyfE5ywCeIqhA
G2vmTWIfIKsPKrCnM9DaxzA=
=brtW
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]