OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: The SANS Institute (sanssans.org)
Date: Wed Jan 09 2002 - 12:00:31 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: Security Express (SD397643)
    From: Alan for the SANS NewsBites service
    Re: January 9 SANS NewsBite

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    The National Infrastructure Protection Center just released an 84
    page summary of all security vulnerabilities, viruses and Trojans
    identified between December 12, 2000 and December 14, 2001. It is a
    valuable check list that includes risk level, vendor, operating system,
    software and reference to more detailed data in NIPC's CyberNotes.

    http://www.nipc.gov/cybernotes/2001/cyberissue2001-26.pdf

                                             Alan

    **********************************************************************

                                 SANS NEWSBITES

                     The SANS Weekly Security News Overview

    Volume 4, Number 2 January 9, 2002

    Editorial Team:
          Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
                 Bill Murray, Stephen Northcutt, Alan Paller,
                 Marcus Ranum, Howard Schmidt, Eugene Schultz

    **********************************************************************

    TOP OF THE NEWS
    8 January 2002 Virus Found in Macromedia Flash File
    8 January 2002 National Research Council Report: US Firms at Risk
    2, 3 & 4 January 2002 File Sharing Programs Contain Trojan
    2 January 2002 ZaCker Worm
    2 January 2002 IT Insurance Policies Exclude On Line Assets, Acts
                    of Terrorism

    THE REST OF THE WEEK'S NEWS
    4 January 2002 BSA Offers Illegal Software Amnesty Program
    4 January 2002 IE Patch Opens up a Hole
    4 January 2002 Seeker Trojan Tries to Alter IE Settings
    3 & 4 January 2001 Microsoft Encourages Passport Users to Install
                        Patch
    3 & 4 January 2002 Nvidia Nettles Suit with Dutch Hackers
    4 January 2002 Judge Okays Keystroke Logging Evidence
    4 January 2002 College Student Disclosed AIM Vulnerability
    2,3 & 4 January 2002 AOL Patches AIM Hole
    3 January 2002 Home Computer Users are Vulnerable
    3 January 2002 NIPC Revises XP Security Advice
    2 & 3 January 2002 Computer Export Limits Relaxed
    2 January 2002 AOL Says Harvard E-Mails Were Not Treated as Spam

    UPCOMING TRAINING OPPORTUNITIES
    *** SANS Darling Harbour (4 tracks), Sydney, Jan 19-24
    ** SANS Peachtree 2002 (3 tracks), Atlanta, Jan 18-24
    *** SANS Aloha IV (4 tracks), Honolulu, Jan 28-Feb 2
    **** SANS Computer Security Bootcamp (7 tracks), Monterey, CA, Feb 9-14
    * SANS San Diego Info. Sec. Officer (1 track), Feb 25-Mar 1
    * SANS Ottawa Info. Sec. Officer (1 track), Feb 25-Mar 1
    ** SANS Lone Star (3 tracks), San Antonio, March 11-16
    *****SANS 2002 (our largest conference) (12 tracks plus a free
              technical conference for all who attend the tracks),
              Orlando, April 1-7
    See www.sans.org for details.

    ************** Sponsored by the Security Reading Room *****************
    A Quiz
    Where can you find more than 2,000 (that's not a typo) original,
    unique, peer-reviewed reports on a wide range of security topics?
    And where can you find an authoritative summary of the top ten new
    security news stories each week day?

    The Answer
    SANS Security Reading Room has both and gets more than 100 new reports
    every month.

    It's an extraordinary site. More than 35,000 security professionals use
    it every week day to explore new areas of security, to find answers
    to tough questions, and to get a quick news update. We invite you
    try it; it's free.

    http://rr.sans.org/

    ***********************************************************************

    TOP OF THE NEWS
     --8 January 2002 Virus Found in Macromedia Flash File
    Antivirus researchers discovered a virus that infects Macromedia Flash
    files - putting at future users of the many web sites that rely on
    Flash files.
    http://news.cnet.com/news/0-1005-200-8410601.html?tag=lh
    http://investor.cnet.com/investor/news/newsitem/0-9900-1028-8410601-0.html?tag=ats

     --8 January 2002 National Research Council Report: US Firms at Risk
    Summary: "From an operational standpoint, cybersecurity today is far
    worse than what known best practices can provide."
    http://www.cnn.com/2002/TECH/industry/01/08/security.reut/index.html

     --2, 3 & 4 January 2002 File Sharing Programs Contain Trojan
    Three file sharing software products, LimeWire, Grokster and KaZaA,
    have been found to contain W32.DIDer, a Trojan horse program that
    tracks users' web surfing habits without their permission. The Trojan
    was evidently part of an advertising program that came bundled with
    the free software. All three companies have posted new versions of
    their software.
    http://news.cnet.com/news/0-1005-200-8335745.html?tag=prntfr
    http://www.wired.com/news/technology/0,1282,49430,00.html
    http://www.theregister.co.uk/content/4/23532.html
    http://www.cnn.com/2002/TECH/internet/01/04/spy.software.ap/index.html
    [Editor's (Schultz) Note: Programs such as KaZaA are controversial, as
    they are so often used for Warez, distribution of indecent materials,
    etc., and, additionally, because they can bypass perimeter security.
    Where I work these kinds of programs are illegal. I find it ironic
    that now a Trojan has been found in some of these programs. Is the
    real problem the Trojan or the use of these programs in the first
    place?]

     --2 January 2002 ZaCker Worm
    The ZaCker mass-mailer worm, also known as Maldal.D, arrives as an
    attachment which , if opened, tries to delete anti virus files,
    and other files with common extensions such as .exe and .doc.
    ZaCker self-replicates via Microsoft Outlook, sending itself to all
    addresses in the infected machine's address book.
    http://www.zdnet.com/zdnn/stories/news/0,4586,5101163,00.html?chkpt=zdhpnews01
    http://www.nwfusion.com/news/2002/0103zacker.html

     --2 January 2002 IT Insurance Policies Exclude On Line Assets, Acts of Terrorism
    Insurance policies are increasingly moving away from covering online
    assets in their standard policies. Customers who want such coverage
    will have to purchase more expensive supplemental policies. Policies
    covering IT were originally designed to protect against physical loss
    or damage, not denial-of-service attacks and viruses. Some policies
    offer no coverage at all for damage resulting from terrorist activity.
    http://www.informationweek.com/story/IWK20020102S0004
    [Editor's (Murray) Note: How does one distinguish between a rogue
    hacker and a terrorist?]

    THE REST OF THE WEEK'S NEWS
     --4 January 2002 BSA Offers Illegal Software Amnesty Program
    The Business Software Alliance (BSA) is offering amnesty to businesses
    using illegally coped software. Users who own up need only pay
    the necessary licensing fees; they will avoid penalties, which can
    run as high as $150,000. The BSA provides tools to inventory the
    companies' software. The program is available to certain cities,
    including Houston, Norfolk and Richmond VA and the San Francisco Bay
    area, through the end of January.
    http://news.cnet.com/news/0-1003-200-8354860.html?tag=prntfr

     --4 January 2002 IE Patch Opens up a Hole
    Security bug hunter Georgi Guninski has discovered yet another Internet
    Explorer (IE) hole, this one apparently the result of an earlier IE
    patch for versions 5.5 and 6.0. The hole in the GetObject JScript
    function could allow attackers to execute programs on the affected
    computer. Guninski recommends disabling active scripting or simply
    not using IE.
    http://cgi.zdnet.com/slink?167047
    [Editor's (Murray) Note: Given that there is a limited amount of change
    that we can tolerate and given that patches are never applied to all
    systems and rarely even to most, Microsoft should fix things in the
    order of their importance rather than in the order of their discovery.
    (Guninski gets publicity only when MS fails to fix something on
    his schedule.)]

     --4 January 2002 Seeker Trojan Tries to Alter IE Settings
    The JS/Seeker-E Trojan exploits a known ActiveX Internet Explorer (IE)
    hole to try and change IE settings on infected machines. The Trojan
    can arrive via e-mail can or be acquired by visiting a malicious
    web page. A patch for the vulnerability has been available since
    October 2000.
    http://www.zdnet.com/zdnn/stories/news/0,4586,5101254,00.html

     --3 & 4 January 2001 Microsoft Encourages Passport Users to
                           Install Patch
    Microsoft has sent millions of e-mail messages to Passport account
    holders, urging them to apply an Internet Explorer (IE) patch that
    has been available for almost two months. The patch addresses an
    IE vulnerability that could let attackers steal sensitive data from
    cookies on unprotected machines.
    http://news.cnet.com/news/0-1005-200-8355007.html?tag=prntfr
    http://www.computerworld.com/storyba/0,4125,NAV47_STO67090,00.html

     --3 & 4 January 2002 Nvidia Nettles Suit with Dutch Hackers
    Two Dutch hackers posted intellectual property belonging to graphics
    chip designer Nvidia on the website M3DZone. The pair allegedly
    cracked Nvidia's firewall and used social engineering techniques
    to obtain intellectual property information from the graphics chip
    designer. The parties have reached an undisclosed settlement of a
    civil suit the company brought against the hackers.
    http://www.msnbc.com/news/681639.asp
    http://news.cnet.com/news/0-1006-200-8355008.html?tag=prntfr
    http://www.computerworld.com/storyba/0,4125,NAV47_STO67083,00.html

     --4 January 2002 Judge Okays Keystroke Logging Evidence
    A federal judge ruled that evidence the FBI gathered using a
    keystroke-logging device surreptitiously installed on a computer
    (under a court-approved search warrant) is admissible in court.
    The FBI has not released any details about how the device works; last
    summer prosecutors in the case invoked the Classified Information
    Protection Act (CIPA), maintaining that details about the technology
    had to be kept secret to protect national security.
    http://www.wired.com/news/privacy/0,1848,49455,00.html
    http://www.computerworld.com/storyba/0,4125,NAV47_STO67087,00.html

     --4 January 2002 College Student Disclosed AIM Vulnerability
    Matt Conover, the Utah college student who disclosed the AIM security
    hole, says he did it because AOL ignored his attempts to inform them
    of the vulnerability. Though some have called Conover's actions
    "irresponsible," others have defended him, noting that companies
    dismiss threats as theoretical unless an exploit demonstrates
    otherwise.
    http://www.zdnet.com/zdnn/stories/news/0,4586,2836272,00.html

     --2,3 & 4 January 2002 AOL Patches AIM Hole
    AOL has fixed a security hole in its AIM application that could
    have allowed a cracker to exploit a buffer overflow problem to gain
    control of a targeted machine. The hole affected only those using
    the AIM on a Windows operating system, not those who use the built-in
    messaging system. AOL made the fix on its servers; users do not need
    to install patches.
    http://www.wired.com/news/technology/0,1282,49442,00.html
    http://www.searchsecurity.com/qna/0,289202,sid14_gci788890,00.html
    http://www.zdnet.com/zdnn/stories/news/0,4586,5101170,00.html
    http://news.bbc.co.uk/hi/english/sci/tech/newsid_1741000/1741955.stm
    [Editor's (multiple) note: Notice the ease and speed with which AOL
    fixes its software because it controls the client software. Is that a
    safer and better supported model for distributing PC software? Should
    the great majority of people, those without extraordinary security
    skills and the time to patch Microsoft software, be getting more
    of their software from AOL where the purchaser gives AOL the
    responsibility to maintain it?]

     --3 January 2002 Home Computer Users are Vulnerable
    Home users' computers are increasingly becoming cracker targets for a
    number of reasons: many home machines are powerful enough to attract
    the attention of crackers looking at launch denial of service attacks,
    many home machines maintain high-speed, always-on connections that
    increase their vulnerability, and home users tend to neglect security
    measures normally employed by businesses.
    http://www.cnn.com/2002/TECH/ptech/01/04/hacking.home.computers.ap/index.html

     --3 January 2002 NIPC Revises XP Security Advice
    The FBI's National Infrastructure Protection Center (NIPC) has
    revised its advice regarding a recently disclosed security hole in
    Windows XP. Initially, NIPC recommended turning off the universal
    Plug and Play (UPNP) service in addition to applying a patch available
    from Microsoft; now they are saying that the patch alone is adequate.
    http://www.cnn.com/2002/TECH/industry/01/03/hackers.ap/index.html
    http://www.computerworld.com/storyba/0,4125,NAV47_STO67069,00.html

     --2 & 3 January 2002 Computer Export Limits Relaxed
    The Bush administration has eased restrictions on computers exported
    to Tier 3 nations, China, India and Pakistan, from 85,000 millions
    of theoretical operations per second (MTOPS) to 190,000 MTOPS.
    In addition, Latvia will be moved from Tier 3 to Tier 1, enjoying
    the looser restrictions enjoyed by Japan, Canada, Mexico and others.
    Some technology industry representatives say the MTOPS standard is
    not effective because countries can cluster less-powerful machines.
    http://news.cnet.com/news/0-1003-200-8338468.html?tag=prntfr
    http://www.computerworld.com/storyba/0,4125,NAV47_STO67053,00.html
    http://www.wired.com/news/politics/0,1283,49453,00.html

     --2 January 2002 AOL Says Harvard E-Mails Were Not Treated as Spam
    In a correction to previously released data, an AOL spokesman said the
    Harvard admissions e-mails that were bounced back were returned not
    because the ISPs filtering system thought they were spam, but for other
    reasons such as closed accounts and full mailboxes. Between 3 and 4
    percent of the e-mails sent to AOL accounts from Harvard were returned.
    A Harvard spokeswoman said that regular paper notifications were sent
    the same day the e-mails went out.
    http://www.computerworld.com/storyba/0,4125,NAV47_STO67046,00.html

    ==end==

    Please feel free to share this with interested parties via email (not
    on bulletin boards). For a free subscription, (and for free posters)
    e-mail sanssans.org with the subject: Subscribe NewsBites

    To change your subscription, address, or other information, visit
    http://www.sans.org/sansurl and enter your SD number (from the
    headers.) You will receive your personal URL via email.

    You may also email <sanssans.org> with complete instructions and
    your SD number for subscribe, unsubscribe, change address, add other
    digests, or any other comments.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE8PHqp+LUG5KFpTkYRApTRAJ0YIYcTyNlFIeCZmTqcYIlx+btVRwCgi59F
    H0cirbVKL7qMTzFuQzqsugM=
    =mVQB
    -----END PGP SIGNATURE-----