To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: February 6 SANS NewsBites

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

**********************************************************************
                           SANS NEWSBITES
                The SANS Weekly Security News Overview
Volume 4, Number 6 February 6, 2002
Editorial Team:
      Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
             Bill Murray, Stephen Northcutt, Alan Paller,
             Marcus Ranum, Howard Schmidt, Eugene Schultz
**********************************************************************

TOP OF THE NEWS
1 February 2002 Passenger Security Screening System
1 February 2002 Microsoft Coding Moratorium
31 January 2002 Lawrence Livermore Bans Wireless LANs
4 February 2002 Improving 802.11b Security

THE REST OF THE WEEK'S NEWS
5 February 2002 Diekman Sentenced to 21 Months
1 February 2002 Pirates Plead Guilty
30 January & 1 February 2002 Windows 2000 Security Fixes Bundled
31 January & 1 February 2002 WEF Site Down
31 January 2002 Windows 2000 and NT 4.0 Trust Vulnerability
30 & 31 January 2002 SEC's Phony Site Gets Over 150,000 Hits
30 January 2002 Corley Will Continue to Fight DMCA
29 January 2002 Navigator Flaw Exposes Cookies
29 January 2002 Alleged Hacker-Extortionist Held
29 January 2002 EPIC Wants States to Investigate Microsoft's Passport
28 January 2002 Myparty Worm
28 January 2002 Security Manager's Journal: Addressing Virus
                 Protection
28 January 2002 Cyberattack Study
24 January 2002 Study Says Most CIOs Not Prepared for Disasters

TRAINING OPPORTUNITIES IN THE NEXT 90 DAYS
SANS 2002 in Orlando (early registration deadline today).
Large conferences in Monterey, San Antonio, London and
Washington. Smaller programs in Seattle, Kansas City, Los Angeles,
Phoenix, and Minneapolis. Details: http://www.sans.org

SANS Monthly Free Web Broadcast: February 6, 2002 1 pm EST (1800 GMT)
Internet Threat Update and How Hackers Use Social Engineering
Register at http://sans.digisle.tv/audiocast_020602/brief.htm

******************* Sponsored by Tripwire, Inc. **********************

Worried about the integrity of your data? Rest easy with Tripwire.

Tripwire data integrity assurance solutions tell you if, when, and
how data or business processes have been changed on your system. This
leads to less time consuming & labor intensive assessment and recovery
processes.

Attend a free online seminar to find out more!

http://www.tripwire.com/products/register.cfml?semID=65

**********************************************************************

New Guide For Windows 2000 PRO
The US National Institute for Standards and Technology released
a security guide for Windows 2000 Professional desktop systems in
configurations used by office workers, at home users, or road-warriors.
NIST is inviting comments and suggestions on the guide.
http://csrc.nist.gov/itsec/guidance_W2Kpro.html

TOP OF THE NEWS

 --1 February 2002 Passenger Security Screening System
The U.S. government plans to test an airline security system that uses
data mining and predictive software to generate passenger profiles.
Critics of the system are concerned that it could erode civil
liberties.
http://www.cnn.com/2002/TECH/internet/02/01/rec.airlines.database.reut/index.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO67962,00.html

 --1 February 2002 Microsoft Coding Moratorium
As part of its new Trustworthy Computing Initiative, Microsoft will
not write any new code for one month; instead, the company will use
the time to debug its old code.
http://www.gcn.com/vol1_no1/daily-updates/17874-1.html
[Editor's (Murray) Note: I am all in favor of MS cleaning up its
execution. However, its strategy needs to be cleaned up too.]

 --31 January 2002 Lawrence Livermore Bans Wireless LANs
Lawrence Livermore National Laboratory, a national defense technology
research lab in California, has banned the use of wireless local area
networks (LANs) due to security concerns. A lab spokesman said that
Los Alamos National Laboratory might introduce a wireless network
ban as well.
http://cgi.zdnet.com/slink?169109
[Editor's (Murray) Note: Yesterday I received an ad for a wireless
access point for $130-, down 50% from a year ago. Connectivity
trumps security every time. A ban cannot succeed. The only way
to successfully exclude wireless is to close the network. Get used
to it.]

 --4 February 2002 Improving 802.11b Security
Wireless networking standards 802.11a and 802.11b are both popular and
vulnerable. A new security algorithm, called Temporal Key Integrity
Protocol is being tested. It generates a new encryption key for every
ten kilobytes of data transmitted.
http://www.pcworld.com/news/article/0,aid,82563,00.asp

************************ SPONSORED LINKS *****************************

(1) Solutionary, Inc. FREE WHITE PAPER: A Technical Summary of eV3
and ActiveGuard
http://www.sans.org/cgi-bin/sanspromo/NB3

(2) Looking to implement real time incident response in your security
environment?
http://www.sans.org/cgi-bin/sanspromo/NB2

(3) FREE Web Seminar: "Palm Tightens Grip On Network Security"
http://www.sans.org/cgi-bin/sanspromo/NB1

***********************************************************************

THE REST OF THE WEEK'S NEWS

 --5 February 2002 Diekman Sentenced to 21 Months
Jason Allen Diekman, who went by the names 'Shadow Knight' and 'Dark
Lord,' was ordered to spend 21 months in federal prison and to pay
nearly $88,000 in restitution. On February 4. He had hacked into
NASA computers and also used stolen credit cards to buy goods over
the Internet.
http://www.latimes.com/news/local/la-000009016feb05.story

 --1 February 2002 Pirates Plead Guilty
Two men who pleaded guilty to charges stemming from their involvement
in an Internet piracy group face up to five years in prison and
$250,000 in fines. As part of their plea agreement, the two men
revealed details about how group members hid the illegal software.
http://www.gcn.com/vol1_no1/daily-updates/17875-1.html

 --30 January & 1 February 2002 Windows 2000 Security Fixes Bundled
Microsoft has released the Windows 2000 Security Rollup package, a
collection of all the company's post-Service Pack 2 security patches;
the package requires Service Pack 2 to be installed on the system.
Users who have older versions of Internet Explorer should upgrade to
version 6.0 before installing the security package.
http://news.com.com/2100-1001-826495.html
http://www.gcn.com/vol1_no1/daily-updates/17860-1.html

 --31 January & 1 February 2002 WEF Site Down
The World Economic Forum's (WEF) web site crashed late last week.
Activists claim they targeted the site in a "virtual sit-in"
denial-of-service attack. Last year, a hacker stole personal
information, including credit card numbers, belonging to WEF
participants.
http://www.wired.com/news/politics/0,1283,50159,00.html
http://www.cnn.com/2002/TECH/internet/02/01/worldforum.techtrouble.ap/index.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO67982,00.html

 --31 January 2002 Windows 2000 and NT 4.0 Trust Vulnerability
A flaw in the trust relationships in the Windows 2000 and NT 4.0
environments' network domains could allow people to increase their
access levels.
http://www.computerworld.com/storyba/0,4125,NAV47_STO67865,00.html

 --30 & 31 January 2002 SEC's Phony Site Gets Over 150,000 Hits
The Securities and Exchange Commission (SEC) used on-line investment
scam tactics, including preying on people's fears and offering huge
returns on investment with no risk, on a phony site designed to
educate consumers about investment fraud. People who actually tried
to invest were greeted with a warning message. The site received more
than 150,00 hits in a three-day period; the SEC says it has planted
other phony sites on the Internet in an effort to fight back against
investment fraud.
http://news.com.com/2100-1017-826434.html
http://www.wired.com/news/business/0,1367,50125,00.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO67866,00.html
[Editor's (Ranum) Note: Educating people by telling them "YOU ARE
STUPID!" is an interesting tactic. I guess it's impossible to deliver
a cattle-prod like shock over the Internet effectively.]

 --30 January 2002 Corley Will Continue to Fight DMCA
Eric Corley, who has been barred from posting a DVD descrambling
program under the Digital Millennium Copyright Act (DMCA) has vowed
to continue to fight the controversial law. In November 2001, a
three-judge panel ruled that free speech provisions did not protect
Corley's posting of the program. Corley's attorneys have requested a
rehearing by the full 2nd Circuit Court of Appeals in New York; if that
proves unsuccessful, they intend to take the case to the Supreme Court.
http://news.com.com/2100-1023-826710.html

 --29 January 2002 Navigator Flaw Exposes Cookies
A security hole in Netscape Navigator allows web page operators to
look at site visitors' cookies. The flaw affects Navigator versions
6 through 6.2 and Mozilla versions 0.9.6 and earlier. Netscape is
encouraging all its affected users to upgrade their web browsers.
http://www.computerworld.com/storyba/0,4125,NAV47_STO67803,00.html

 --29 January 2002 Alleged Hacker-Extortionist Held
A Russian hacker, identified as Nikolai, allegedly extorted $10,000
from a U.S. bank; he had threatened to expose account information
he had stolen from a database on a server belonging to a company
that provides online banking and bill payment services to financial
institutions. Nikolai is being detained in Siberia.
http://www.theregister.co.uk/content/55/23861.html

 --29 January 2002 EPIC Wants States to Investigate Microsoft's
                    Passport
The Electronic Privacy Information Center (EPIC) is asking the states'
attorneys general to protect consumers from Microsoft's "unfair
and deceptive trade practices" that accompany the passport online
identity service. EPIC claims that in addition to profiling users'
web habits, Passport does not do an adequate job of protecting users'
credit card information. Microsoft refutes the claims.
http://www.computerworld.com/storyba/0,4125,NAV47_STO67802,00.html
http://zdnet.com.com/2100-1106-825340.html

 --28 January 2002 Myparty Worm
The Myparty worm arrives as an attachment that appears to be an
innocuous web site link. However, those who click on the link will
become infected with the worm, which sends itself out through to
everyone in the machine's address book and leaves a backdoor in the
infected system. It infects computers between January 25 and January
29, and won't infect machines running Russian versions of Windows,
leading to speculation that Myparty is of Russian origin.
http://news.com.com/2100-1001-823959.html
http://www.msnbc.com/news/695292.asp?0dm=T236T
http://www.computerworld.com/storyba/0,4125,NAV47_STO67773,00.html

 --28 January 2002 Security Manager's Journal: Addressing Virus
                    Protection
The security manager discusses ideas protecting his computer network at
the various points of entry used by viruses: external media, e-mail,
web mail, downloads and unpatched operating systems.
http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO67720,00.html

 --28 January 2002 Cyberattack Study
A managed security services company study of cyberattacks on its
customers networks in the second half of 2001 found that nearly 40%
of the attacks targeted a specific company or computer system. In
addition, more attacks originate in the United States than in any
other country; Israel tops the list in attacks launched per capita.
Code Red and Nimda were not included in the study.
http://www.washingtonpost.com/wp-dyn/articles/A46836-2002Jan27.html
http://zdnet.com.com/2100-1105-824448.html

 --24 January 2002 Study Says Most CIOs Not Prepared for Disasters
The results of a survey conducted by the Gartner consultancy and
the Society for Information Management (SIM) indicate that while 88%
of CIOs have back-up power supplies and 70% have back-up plans for
network, software and other such failures, only about one-third have
established business continuity plans that address the possibility
of physical attacks.
http://www.eweek.com/article/0,3658,s%3D701%2526a%3D21681,00.asp

==end==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sanssans.org with the subject: Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.

You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8YS10+LUG5KFpTkYRAhhqAJ9ZxXaZ6g/MnV+0vrqMcQkU7jambACfTvYx
QlGLDSXoQUi9V7WJ5FGM7DU=
=e+8x
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]