To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: February 13 SANS NewsBites

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The widespread SNMP vulnerabilities appear to be a wake-up call. Many
organizations are following a four-step action plan to fix more than
just the immediate problem:
1.Patch the systems on which you have to run SNMP
2.Turn off SNMP on the systems where you don't.
3.See which of the other "Top Twenty Internet Security Vulnerabilities"
(www.sans.org/top20.htm) your organization has not protected against,
and make it right.
4.Check your Cisco routers for the other important vulnerabilities
uncovered by the NSA and SANS, and correct those flaws.

SANS and the Center for Internet Security are making available a
new free tool to help you find the Cisco vulnerabilities. We have
rescheduled the web broadcast, in which the tool's main authors will
show you what the tool does and how it works, for next Wednesday,
February 20 at 1:00 PM EST (1800 GMT). The change in date is to give
you time to get all your SNMP problems solved before you move on to
the other Cisco security issues.

                                  Alan

**********************************************************************

                           SANS NEWSBITES

                The SANS Weekly Security News Overview

Volume 4, Number 7 February 13, 2002

Editorial Team:
      Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
             Bill Murray, Stephen Northcutt, Alan Paller,
             Marcus Ranum, Howard Schmidt, Eugene Schultz

**********************************************************************

TOP OF THE NEWS
12 February 2002 Widespread SNMP Vulnerabilities
8 February 2002 BlackICE Security Flaw
7 & 8 February 2002 Researcher Finds Oracle Security Flaws
7 & 8 February 2002 Security Alliance Helps Home Users
7 February 2002 House Passes Security Bill
5 February 2002 Proposed Budget Includes Information Sharing and
                 Security Programs

THE REST OF THE WEEK'S NEWS
8 February 2002 Telnet Flaw in Windows 2000
8 February 2002 MSN Messenger Vulnerability
7 & 8 February 2002 Comcast Database Exposed
7 February 2002 NIST Network Vulnerability Testing Guide
7 February 2002 Customer Database Theft Thwarted
7 February 2002 How the BSA Works
6 February 2002 Sarah Gordon Interview
6 February 2002 Trojans Might Increase this Year
5 & 6 February 2002 Open Source Review Project
5 February 2002 GAO Report Finds Treasury Computer Security Lacking
5 February 2002 mIRC Vulnerabilities

TRAINING OPPORTUNITIES IN THE NEXT 120 DAYS
SANS 2002 in Orlando: SANS' largest conference and exposition.
Large conferences San Antonio, London and Washington, Toronto, and
Portland (OR). Smaller programs in Kansas City, Los Angeles, Phoenix,
and Minneapolis. Details: http://www.sans.org

********************* Sponsored by NetIQ *****************************

FREE Windows Security White Paper from NetIQ!

Want to spend your IT budget wisely to maximize Windows security?
Learn six key investments you should make, and uncover six
money-wasters to avoid. Don't waste your limited security budget and
resources on the wrong tools.

Download NetIQ's FREE white paper today!
http://www.netiq.com/f/form/form.asp?id=528

**********************************************************************

 --12 February 2002 Widespread SNMP Vulnerabilities
SANS's Flash Alert: http://www.sans.org/alerts/SNMP.php
CERT/CC's Advisory: http://www.cert.org/advisories/CA-2002-03.html

 --8 February 2002 BlackICE Security Flaw
A buffer overflow vulnerability in BlackICE Defender and BlackICE
Agent running on Windows 2000 and XP could allow an attacker to gain
control of a user's computer, steal and alter data and watch the
user's net surfing activity.
http://www.msnbc.com/news/702910.asp?0dm=C13MT
http://www.eeye.com/html/Research/Advisories/AL20020208.html

 --7 & 8 February 2002 Researcher Finds Oracle Security Flaws
A security researcher has found a number of vulnerabilities in Oracle's
9i Application Server and database server which had been touted as
"unbreakable." Oracle has released fixes for the security flaws.
http://www.theregister.co.uk/content/55/23979.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO68105,00.html
http://www.theregister.co.uk/content/4/23990.html

 --7 & 8 February 2002 Security Alliance Helps Home Users
The National Cyber Security Alliance, comprised of technology
companies and government agencies, has launched the Stay Safe Online
Campaign for home computer users. The program includes a website,
www.staysafeonline.info, packed with advice on choosing effective
passwords, getting and installing security updates and other security
matters. Home users lack the infrastructure that corporations have
to deploy and maintain security on computers.
http://www.usatoday.com/life/cyber/tech/2002/02/07/security-group.htm
http://news.com.com/2100-1001-832644.html

 --7 February 2002 House Passes Security Bill
The House voted overwhelmingly in favor of the Cyber Security Research
and Development Act which provides $880 million over the next five
years to National Science Foundation research centers, fellowships
and college grants and to various National Institute of Standards and
Technology research programs. A similar bill will soon be introduced
in the Senate.
http://www.usatoday.com/life/cyber/tech/2002/02/07/tech-security-spending.htm
http://www.wired.com/news/business/0,1367,50301,00.html

 --5 February 2002 Proposed Budget Includes Information Sharing and
                    Security Programs
President Bush has proposed a budget that includes more than $700
million for information technology homeland security programs,
including an Information Integration Office at the Department of
Commerce, a GovNet feasibility study and increased funding for
the Federal Computer Incident Response Center (FedCIRC) and the
National Institute of Standards and Technology (NIST) computer
security division.
http://www.fcw.com/fcw/articles/2002/0204/web-ridge-02-05-02.asp

THE REST OF THE WEEK'S NEWS

 --8 February 2002 Telnet Flaw in Windows 2000
A buffer overflow vulnerability in Windows 2000 Telnet code could
be exploited to cause a denial-of-service attack or to run code in
Windows 2000 or Interix 2.2. However, the attacker cannot obtain
permission greater than that already allowed the Telnet service;
furthermore, Telnet is not turned on by default in Windows 2000,
nor is it installed by default in Interix.
http://www.computerworld.com/storyba/0,4125,NAV47_STO68150,00.html

 --8 February 2002 MSN Messenger Vulnerability
Maliciously constructed JavaScript could be used to filch MSN Messenger
nicknames and buddy lists; e-mail addresses could be revealed as well.
An update is scheduled for release soon.
http://zdnet.com.com/2100-1105-833293.html

 --7 & 8 February 2002 Comcast Database Exposed
A hacker using a proxy hunting program found a Comcast Business
Communications corporate database exposed on the Internet.
The database, apparently comprised of business leads, was protected
with an easily guessed username and password. The company denied
any problems when contacted by the hacker; only after he posted the
information did they acknowledge the vulnerability.
http://www.msnbc.com/news/701661.asp?0dm=T229T
http://www.computerworld.com/storyba/0,4125,NAV47_STO68157,00.html

 --7 February 2002 NIST Network Vulnerability Testing Guide
The National Institute of Standards and Technology (NIST) has
released a draft guide on network security vulnerability testing
for administrators. The guide includes links to testing tools and
a chart of comparisons of the testing techniques. The goal of the
guide is to help administrators establish routine testing.
http://www.fcw.com/fcw/articles/2002/0204/web-guide-02-07-02.asp
guide: http://csrc.nist.gov/publications/drafts/security-testing.pdf

 --7 February 2002 Customer Database Theft Thwarted
A software salesman helped the FBI nab an employee from a rival firm
who tried to sell his company's customer database.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1804000/1804290.stm

 --7 February 2002 How the BSA Works
The Business Software Alliance (BSA) collects fines for unregistered
software; the organization gets many of its leads from unhappy former
employees. Businesses need to keep software purchase documents
because on the event of an investigation, the burden of proof is on
the company to show they paid for the software licenses before they
were contacted by the BSA.
http://www.sfgate.com/technology/local/

 --6 February 2002 Sarah Gordon Interview
Sarah Gordon, Symantec senior research fellow, talks about the
differences between virus writers and hackers, the importance of
teaching and modeling ethical cyber behavior and how she became
involved in cyber ethics.
http://zdnet.com.com/2100-1105-831095.html

 --6 February 2002 Trojans Might Increase this Year
Robert Vamosi predicts that 2002 will be "the Year of the Trojan Horse"
and advises users to implement firewalls as protection.
http://zdnet.com.com/2100-1107-830278.html

 --5 & 6 February 2002 Open Source Review Project
The Sardonix Audit Portal is an open source security review website
which tracks code auditing. The project is currently funded by the
Defense Advanced Research Projects Agency (DARPA).
http://www.securityfocus.com/news/322
http://news.com.com/2100-1001-830130.html

 --5 February 2002 GAO Report Finds Treasury Computer Security Lacking
A recently released General Accounting Office (GAO) report found that
security controls on computer systems at the Treasury Department's
Financial Management Service (FMS) were lax: usernames and passwords
were easily guessed, employees had access to systems beyond the
scope of their jobs and the system lacked a comprehensive security
program. FMS commissioner Richard Gregg wrote a letter to the GAO
acknowledging problems, but pointing out that the report is based
on year-old information that does not take into account changes that
they have made.
http://www.cnn.com/2002/TECH/internet/02/05/security.government.reut/index.html
http://www.msnbc.com/news/700186.asp?0dm=T239T
http://www.computerworld.com/storyba/0,4125,NAV47_STO68029,00.html

 --5 February 2002 mIRC Vulnerabilities
A security consultant published information about two mIRC security
flaws. The first is a buffer overflow vulnerability which could allow
an attacker to send malicious code to execute on the affected computer.
The other vulnerability allows attackers to send users to compromised
ICR servers via HTML code on a web page or in Outlook e-mail.
http://zdnet.com.com/2100-1105-830081.html

==end==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sanssans.org with the subject: Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.

You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8atCo+LUG5KFpTkYRArhqAJ9Zz+zLayAuykwd0huTyiRD4zJZuACffsxY
B7M97R7Gv8buU3V2FslFk3E=
=uwxM
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]