To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: January 30 SANS NewsBites

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Demand for GIAC security certification courses shot up in the New
Year. Both the Firewalls and Perimeter Protection track and Auditing
Systems and Networks tracks at Bootcamp in Monterey are sold out as
is Marcus Ranum and Lance Spitzner's new program on How to Deploy
Effective Honeypots. These programs are also being presented in
Orlando in early April at SANS 2002, but they are filling up quickly
there, too, as is the popular new program for Certified Information
Security Officers. Please make your reservations for Orlando within
the next two weeks to ensure you can get a place in the track of
your choice. hppt:/www.sans.org/sans2002.htm

SANS Monthly Free Web Broadcast: February 6, 2002 1 pm
Internet Threat Update and How Hackers Use Social Engineering
Register at http://sans.digisle.tv/audiocast_020602/brief.htm

                                  Alan

**********************************************************************

                           SANS NEWSBITES

                The SANS Weekly Security News Overview

Volume 4, Number 5 January 30, 2002

Editorial Team:
      Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
             Bill Murray, Stephen Northcutt, Alan Paller,
             Marcus Ranum, Howard Schmidt, Eugene Schultz

**********************************************************************

TOP OF THE NEWS
28 January 2002 Senator Introduces Cyber Security Legislation
28 January 2002 NIST to Release Security Guides
24 January 2002 Measuring the Progress Toward Trustworthy Computing
22 January 2002 .Net Depends on Security
23 & 24 January 2002 ISP Hit by DoS, Shuts Down

THE REST OF THE WEEK'S NEWS
25 January 2002 Caution and Responsibility Urged in Using Biometric
                 IDs
24 January 2002 Biometric Tolerances
25 January 2002 Fix Available for Vaio Backdoor
25 January 2002 Successfully Tracking a Stolen Laptop
24 January 2002 Chat with Dutch Royals Hit with DoS
24 January 2002 Patch Available for RealPlayer Buffer Overflow
                 Vulnerability
21 January 2002 Buffer Overflow Attacks
24 January 2002 Icelandic Airport Using Face Recognition System
21 January 2002 Deleted E-mail Can Still Reside on Hard Drive
21 January 2002 Authentication Technologies

SANS Announces 18 Authorized Graders for 2002

********** This issue sponsored by PatchLink Corporation ************

FREE Proactive Protection Against Patch-Related Vulnerabilities

How much do YOU suffer because of unpatched systems? PatchLink
promotes proactive patching with PatchLink Update 3.0 and a limited
time offer of the first ten workstations or servers completely FREE for
one year. Don't let stolen data or network downtime problems continue!

Find out more at: http://www.patchlink.com/promotions/sans.asp

**********************************************************************
TOP OF THE NEWS

 --28 January 2002 Senator Introduces Cyber Security Legislation
Senator John Edwards (D-North Carolina) has introduced two security
bills aimed at enhancing government computer security and security
education. The Cybersecurity Preparedness Act of 2002 would establish
a consortium that would support the creation of cyber security "best
practice" configuration settings and other measures that would be
tested thoroughly, and implemented first on government computers. The
bill would also fund multi-disciplinary, long-term, or high-risk
research and development to improve cyber security, including R&D to
identify best practices and to measure their effectiveness. First year
funding, for 2003, would be $60M. The The Cybersecurity Research and
Education Act of 2002 would fund graduate cybersecurity fellowships
and a research sabbatical program.
http://idg.net/ic_796350_1794_9-10000.html
[Editor's (Schultz) Comment: Sen. Edwards deserves much praise for
his efforts. A national definition of best practices is sorely needed,
as is money for security research and education.]

 --28 January 2002 NIST to Release Security Guides
The National Institute of Standards and Technology's (NIST's) Computer
Security Resource Center plans to release over 30 guides for government
agencies this year. The topics covered will include guidance
on incident handling and security ROI, e-mail security issues and
emerging technology security. The guides will be released for comment.
http://www.fcw.com/fcw/articles/2002/0128/web-nist-01-28-02.asp

 --24 January 2002 Measuring the Progress Toward Trustworthy Computing
Bruce Schneier and Adam Shostack suggest measures Microsoft should
take to move its trustworthy computing initiative beyond PR and into
practice. Customers can also use the measures to track Microsoft's
progress toward realizing the initiative. Among the suggestions:
separating code from data, allowing features to be installed one
by one, making interfaces and protocols public and not disparaging
researchers who bring vulnerabilities to their attention.
http://www.securityfocus.com/news/315
[Editor's (Schultz)Note: Schneier and Shostack's comments are
good, but they missed the by far most critical measure that is
needed---implementing a structured development process designed to
produce high quality code. Without this, the other measures suggested
by Schneier and Shostack will not have nearly as much impact.]

 --22 January 2002 .Net Depends on Security
Gartner analyst John Pescatore says Microsoft has to be serious
about its trustworthy computing initiative because the success of
.Net depends on it. He adds that changing the security culture at
Microsoft will be a difficult and lengthy process, and customers
should keep tabs on the company's progress.
http://zdnet.com.com/2100-1107-819752.html

 --23 & 24 January 2002 ISP Hit by DoS, Shuts Down
Cloud Nine, a UK Internet Service Provider (ISP), closed down after
it was hit with denial of service (DoS) attacks and its insurance
would not cover the necessary costs to get up and running again.
Cloud Nine apparently plans to sell its assets to another ISP, which
has some customers worried about losing data stored on Cloud Nine's
servers and being transferred to another service against their wishes.
http://zdnet.com.com/2100-1105-820708.html
http://zdnet.com.com/2100-1105-822309.html
http://zdnet.com.com/2100-1105-821078.html

***** Also Sponsored by Ranum and Spitzner's Honeypots Course *******

A two day course dedicated to honeypot technologies. Learn what
honeypots are, how they work, and how they apply to security. Learn
how the bad guys are tracked in the wild. The course is hands-on,
intensive, with a full night session dedicated to interacting with
a variety of commercial honeypot solutions.

Students will get a CDROM with a copy of the latest documentation,
whitepapers, utilities, and evaluations copies of software.

(And it is all part of SANS 2002 so you can take certification courses
and seethe exhibits and attend the free technical conference and
birds of a feather sessions, too.)

http://www.sans.org/SANS2002/honeypot.php

*********************************************************************

THE REST OF THE WEEK'S NEWS
 --25 January 2002 Caution and Responsibility Urged in Using
                    Biometric IDs
Panelists at a Cato Institute-sponsored forum said government agencies
need to resolve civil rights issues surrounding the use of biometric
identification for security purposes before the technology is employed.
http://www.gcn.com/vol1_no1/daily-updates/17834-1.html
http://www.fcw.com/fcw/articles/2002/0121/web-bio-01-25-02.asp
[Editor's (Denning) Note: I was on the panel and don't remember
this being a consensus of the panel. My point was that you needed
to look at the application of biometrics to see whether privacy was
threatened, and that for applications where biometrics is used solely
for authentication as a means of access to control, biometrics can
enhance privacy by stopping impersonators from getting access to your
private data.]

 --24 January 2002 Biometric Tolerances
After a fingerprint reader lens gets older and starts generating
errors, some employees figure out how to reset the tolerances on the
identification system.
http://www.computerworld.com/storyba/0,4125,NAV47_STO67639,00.html

 --25 January 2002 Fix Available for Vaio Backdoor
A backdoor in software on certain Sony Vaio notebook computers could
allow crackers to alter or delete data on the machine's hard drive.
A customer alerted Sony to the problem in December and the company
has a software update available. The software is on machines sold
in Asia, South Africa and the Middle East; machines sold in Europe,
Mainland China and the Americas are not affected.
http://www.theregister.co.uk/content/55/23825.html
http://www.cnn.com/2002/TECH/ptech/01/25/sony.security.idg/index.html

 --25 January 2002 Successfully Tracking a Stolen Laptop
A Texas man found his sister's stolen laptop computer by using
remotely controllable software and changing the Internet access
dial-up numbers to his home phone. The police were able to use the
phone number obtained from Caller ID to apprehend the person who had
the stolen machine.
http://www.wired.com/news/mac/0,2125,50025,00.html

 --24 January 2002 Chat with Dutch Royals Hit with DoS
A Dutch newspaper reported that a hacker group based in the Netherlands
is claiming responsibility for launching a denial of service (DoS)
attack on an on-line chat with the Country's Crown Prince and his
fiancee.
http://www.theregister.co.uk/content/55/23815.html

 --24 January 2002 Patch Available for RealPlayer Buffer Overflow
                    Vulnerability
RealNetworks plans to release a patch for a buffer overflow
vulnerability in its RealPlayer 8 that could crash the software
and could potentially be used to execute malicious code. The patch
will be distributed via the company's automated update service. The
vulnerability affects both Windows and Linux versions of RealPlayer 8.
http://www.newsbytes.com/news/02/173936.html

 --21 January 2002 Buffer Overflow Attacks
Buffer overflow attacks are highly effective because they do not rely
on users opening infected attachments to execute. Despite the fact
that such vulnerabilities are easy to prevent - coders can limit the
length of strings the buffer accepts - buffer overflows are ubiquitous.
Until they disappear, users should apply appropriate patches.
http://www.computerworld.com/itresources/rcstory/0,4167,KEY73_STO67572,00.html

 --24 January 2002 Icelandic Airport Using Face Recognition System
Iceland's Keflavik air terminal is using a facial recognition system
as part of its security routine. The system has produced no matches
in the six months since it has been installed; a similar system tested
last year in Florida produced numerous false positives
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1780000/1780150.stm

 --21 January 2002 Deleted E-mail Can Still Reside on Hard Drive
Though Enron-related e-mails were deleted, pieces and entire copies
of the messages can probably be found on the hard drives, according
to a computer forensics expert.
http://www.computerworld.com/storyba/0,4125,NAV47_STO67583,00.html

 --21 January 2002 Authentication Technologies
Authentication methods such as smart cards, tokens and biometrics
offer layers of security that passwords alone cannot. As each method
has benefits and drawbacks, companies should refrain from running
headlong into new authentication systems and instead take time to
match authentication technology with their specific needs.
http://www.computerworld.com/itresources/rcstory/0,4167,KEY73_STO67551,00.html

 -- Eighteen Authorized Graders Named For GIAC Certification
One of the hallmarks the SANS Global Information Assurance
Certification (GIAC) program is that each student completes a
practical assignment. That assignment demonstrates that he or she
not only understands the material to answer test questions but can
use it in the real world. This requires a significant investment of
time and effort on the part of the student with outstanding rewards.
Many students have commented that they learned as much completing
the practical as they did in the course, and indeed that is what the
practical is designed to accomplish. Grading the practicals in a
fair and consistent manner is one of the top priorities of the GIAC
certification. Authorized Graders are selected from the very highest
scoring students that have earned certification. Each must complete a
rigorous training process before they are allowed to grade a student's
practical without direct supervision. SANS enthusiastically applauds
this elite corps and is proud to present the 2002 GAIC Authorized
Graders.

Jeff Campione, Communications Analyst, Federal Reserve Board
Brent Deterding, Security Engineer, TechGuard Security
Clement Dupuis, Senior Security Consultant, CGI Consulting Group in
Montreal, Canada.
Jamie French, Canadian Department of National Defense Computer Incident
Response Team - (DND CIRT) and Whitehats.ca
Peter Giannoulis, Independent Security Consultant
Dan Goldberg, Xerox - The Document Company, Electronic Security
Architect
Bob Grill, California Federal Bank, Audit Project Team Leader
Erik Kamerling, Silver Dollar Optical Corporation, Network Security
Administrator
Brian Kelly, Computer Sciences Corporation, IT Security Analyst
Fred Kerby, Naval Surface Warfare Center, Dahlgren Division
David Koconis, Dartmouth College, Institute for Security Technology
Studies
Robert McMillen, USMC Captain
Greg Owens, Vibren Technologies, Inc.
David Parks, Publix Super Markets, Inc. Infrastructure Architect
Patrick Prue, Fantom Technologies Inc.
Jos Purvis. Veritect
Dan Strom, Kansas Farm Bureau Services, Data Security Manager
Carla Wendt, Internet Security Consultant

==end==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sanssans.org with the subject: Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.

You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8WEaa+LUG5KFpTkYRAmWDAJ41dgAy6at0a3PqUliNp4/yzNTIwACePW6Y
aNIbH6aklzlLzaNPtMXga0o=
=8cSW
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]