OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: The SANS Institute (sanssans.org)
Date: Wed Feb 20 2002 - 07:57:24 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: Security Express (SD397643)
    From: Alan for the SANS NewsBites service
    Re: February 20 SANS NewsBites

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Note for users of Cisco routers concerned about security: A router
    security audit tool will be announced today, the result of cooperative
    efforts by experts at the US National Security Agency, UUNET, and
    Cable & Wireless, and tested and validated by many of the 170 member
    organizations of the Center for Internet Security. The Router Audit
    Tool performs an impressively comprehensive check of Cisco router
    security, gives an overall score, and points the user to the specific
    corrections for problems found. The tool's authors will conduct a web
    briefing today at 1:00 PM (1800 UTC). Both the tool and the briefing
    are free. Register in advance at: http://www.sans.org/webcasts

                                       Alan

    **********************************************************************
                               SANS NEWSBITES
                    The SANS Weekly Security News Overview
    Volume 4, Number 8 February 20, 2002
    Editorial Team:
          Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
                 Bill Murray, Stephen Northcutt, Alan Paller,
                 Marcus Ranum, Howard Schmidt, Eugene Schultz
    **********************************************************************

    TOP OF THE NEWS
    15 February 2002 SNMP Vulnerability Is Widespread and Important
    14 February 2002 OMB Releases Report Detailing Federal Security
                      Problems
    14 February 2002 Hacking at Japan's Space Agency
    14 February 2002 Cyberattack Could Provoke Military Attack
    11 & 13 February 2002 Info on Web Sites Could Pose Security Risk
    11 & 12 February 2002 Microsoft Issues Cumulative Patch

    THE REST OF THE WEEK'S NEWS
    17 February 2002 Application Security "In Grim State"
    15 February 2002 Hacker's Claims Compel Morningstar to Conduct Audit
    14 & 15 February 2002 Messenger Worm
    14 February 2002 Cloud Nine Hackers Probably Won't be Caught
    14 February 2002 C++ .Net Compiler Buffer Overflow Problems
    12 & 14 February 2002 Anonymous Surfing Technology has Holes
    13 February 2002 ISP Protection Legislation Introduced
    12 February 2002 WYX Virus Found on IBM Memory Keys
    12 February 2002 Chair Named for ICANN Security Committee
    12 February 2002 Sandia is Testing Wireless LANs
    11 February 2002 Global Crossings Former Employee Exposes Data
    11 February 2002 Hotmail Password Reset Vulnerability
    11 February 2002 BlackIce Patches

    TRAINING OPPORTUNITIES IN THE NEXT 120 DAYS
    SANS 2002 in Orlando: SANS' largest conference and exposition.
    Large conferences San Antonio, London and Washington, Toronto, and
    Portland (OR). Smaller programs in Kansas City, Los Angeles, Phoenix,
    and Minneapolis. Details: http://www.sans.org

    ***************** Sponsored by Websense, Inc. ***********************

    Choosing Internet filtering software is never easy, is it?

    Guess again. With Websense Enterprise, the leading solution, you get
    installation and administration that's a breeze. Combine that with
    integrations like Microsoft and Cisco.

    You'll see why 15,000+ organizations use Websense. If only ALL our
    decisions were this simple.

    Try a free, fully-functional 30-day trial.

    http://www.websense.com?id=10209

    **********************************************************************

    TOP OF THE NEWS

     --15 February 2002 SNMP Vulnerability Is Widespread and Important
    A vulnerability in the Simple Network Management Protocol means
    the infrastructure of the Internet is at risk according to the CERT
    Coordination Center at Carnegie Mellon University. A free tool can
    help you find your systems that are running SNMP, so you know where
    patches must be installed.
    http://www.govexec.com/dailyfed/0202/021502j1.htm
    Tool requests: email snmptoolsans.org

     --14 February 2002 OMB Releases Report Detailing Federal Security Problems
    In a report providing detailed reviews of every major Federal agency,
    the US Office of Management and Budget has laid out a scathing
    review of the security status and efforts of Federal government
    agencies. The report is the first annual submission required under
    the Government Information Systems Reform Act (GISRA), and provides
    detailed information on each major agency.
    http://www.gcn.com/vol1_no1/security/17955-1.html
    Download the complete report from:
    http://www.whitehouse.gov/omb/pubpress/2002-05.html
    [Editor's (Paller) Note: GISRA was effective because it woke up
    senior federal managers to the role they must play in fostering
    effective security. That job is done; they are awake. Today, the
    law is being reconsidered. To avoid wasting $100 million or more,
    the new law should be refocused on supporting programs that actually
    improve security at the technical level, measure that improvement,
    and compare it across agencies. Perhaps such testing wasn't feasible
    a year ago; today it is.]

     --14 February 2002 Hacking at Japan's Space Agency
    An employee at one of two Japanese firms working on a satellite
    project with the National Space Development Agency of Japan (NASDA)
    hacked into a NASDA computer to access sensitive data belonging
    to the other company; he was discovered when he bragged about his
    transgression to a mailing list that included a NASDA employee.
    The employee will likely be transferred to another position within
    his company which is barred from submitting bid to NASDA for one month.
    http://dailynews.yahoo.com/h/nm/20020214/sc/japan_space_computer_dc_1.html
    [Editor's (Schultz) Note: The punishment, both for the unethical
    employee and the employee's company, seems like a proverbial "slap
    on the wrist." What kind of message does this send to the cracker
    community? Unless computer crime is dealt with in a serious and
    responsible manner, we're never going to make progress in combating
    it.]

     --14 February 2002 Cyberattack Could Provoke Military Attack
    White House technology adviser Richard Clarke said that a cyberattack
    launched by foreign countries or terrorist groups could prompt a
    retaliatory military attack from the US. Clarke also indicated he
    believes that many critical infrastructure systems have already been
    broken into.
    http://www.usatoday.com/life/cyber/tech/2002/02/14/cyberterrorism.htm

     --11 & 13 February 2002 Info on Web Sites Could Pose Security Risk
    Corporate websites contain floor plans and back-up facility locations,
    telecommunications sites include locations of routers and major network
    nodes, and DOE websites provide sensitive information about plutonium
    storage and nuclear reactor locations. Richard Clarke says there is
    evidence that al-Qaeda used the Internet to gather information about
    US facilities, and that other groups may be doing the same thing.
    http://www.computerworld.com/storyba/0,4125,NAV47_STO68181,00.html
    http://www.computerworld.com/storyba/0,4125,NAV47_STO68182,00.html
    http://www.computerworld.com/storyba/0,4125,NAV47_STO68183,00.html
    http://www.computerworld.com/storyba/0,4125,NAV47_STO68281,00.html

     --11 & 12 February 2002 Microsoft Issues Cumulative Patch
    Microsoft has issued bundled fixes for vulnerabilities in Internet
    Explorer versions 5.01, 5.5 and 6.0.
    http://news.com.com/2100-1001-834826.html
    http://www.computerworld.com/storyba/0,4125,NAV47_STO68224,00.html
    patch: http://www.microsoft.com/technet/security/bulletin/MS02-005.asp

    ************************ SPONSORED LINKS *****************************

    (1) Learn why Sony calls ManHunt 2.0 Internet security's 'crystal ball!'
    http://www.sans.org/cgi-bin/sanspromo/NB4

    (2) Add it up and upgrade... StoneGate firewall 50% upgrade promotion.
    http://www.sans.org/cgi-bin/sanspromo/NB5

    (3) Rainfinity, Inc. Download RainWall High Availability Software for
    E-Business FREE 30 DAY TRIAL http://www.sans.org/cgi-bin/sanspromo/NB6

    ***********************************************************************

    THE REST OF THE WEEK'S NEWS

     --17 February 2002 Application Security "In Grim State"
    A security research company reports that most e-business applications
    have serious security flaws.
    http://www.vnunet.com/News/1129340

     --15 February 2002 Hacker's Claims Compel Morningstar to Conduct
                          Audit
    Morningstar Canada is paying for an outside security company to conduct
    an audit of its investment research website's security after a hacker
    claimed to have broken into the servers and stolen confidential data.
    Despite the fact that the site houses no such data, Morningstar felt
    the audit was necessary to maintain their credibility.
    http://www.computerworld.com/storyba/0,4125,NAV47_STO68375,00.html

     --14 & 15 February 2002 Messenger Worm
    A worm, knows as Menger, Cool Worm, or JS Exploit-Messenger, exploits
    an Internet Explorer vulnerability to spread through MSN Instant
    Messenger. A patch has been released for the IE hole (see story 11&
    12 February). The worm does not appear to carry a malicious payload
    beyond spreading itself to other MSN messenger users in infected
    machines' address books.
    http://zdnet.com.com/2100-1105-837525.html
    http://www.msnbc.com/news/707267.asp?0dm=T217T
    http://www.newsfactor.com/perl/story/16355.html

     --14 February 2002 Cloud Nine Hackers Probably Won't be Caught
    The hackers responsible for taking down the UK ISP Cloud Nine,
    ultimately resulting in its demise, erased web logs that contained
    data that might have helped identify them. Cloud Nine was apparently
    the victim of both hacking and a distributed denial of service attack.
    http://zdnet.com.com/2100-1105-837412.html

     --14 February 2002 C++ .Net Compiler Buffer Overflow Problems
    A feature in Microsoft's Visual C++ .Net compiler called StackGuard,
    which is supposed to guard against buffer overflows, is itself
    vulnerable to the attack. The security consultancy that issued the
    initial warning has been criticized for not giving Microsoft enough
    time to address the problem.
    http://www.computerworld.com/storyba/0,4125,NAV47_STO68315,00.html
    http://www.msnbc.com/news/707130.asp?0dm=C19NT
    http://news.com.com/2100-1001-837428.html
    http://news.com.com/2100-1001-838096.html
    [Editor's (Murray) Note: It is hubris for hackers to believe
    that they have the right to decide how long a vendor has to fix a
    vulnerability that was not a problem before the hacker disclosed
    it. Not all vulnerabilities are problems. Not all problems are of
    the same magnitude.]

     --12 & 14 February 2002 Anonymous Surfing Technology has Holes
    Two researchers published a paper describing flaws in SafeWeb's
    anonymous surfing technology that could allow web sites to gather
    visitors' Internet addresses and other surfing habit information by
    using JavaScript. SafeWeb says it will fix the problems.
    http://www.wired.com/news/politics/0,1283,50371,00.html
    http://www.wired.com/news/business/0,1367,50424,00.html

     --13 February 2002 ISP Protection Legislation Introduced
    Rep. Robert Goodlatte (R-Va.) has introduced a bill that would ensure
    ISPs would not be held liable for illegal content placed on line by
    third-party users.
    http://news.com.com/2100-1023-837137.html

     --12 February 2002 WYX Virus Found on IBM Memory Keys
    The WYX virus has been found in certain IBM Memory Key removable
    storage devices; a fix is available from IBM. Affected devices carry
    a manufacture date earlier than 21 December 2001 or a serial number
    lower than 2320000.
    http://www.theregister.co.uk/content/55/24035.html
    http://www.pc.ibm.com/qtechinfo/MIGR-40980.html?lang=en_US&page=brand&brand=IBM+Options&doctype=Hot+news&subtype=Cat

     --12 February 2002 Chair Named for ICANN Security Committee
    The Internet Corporation for Assigned Names and Numbers (ICANN)
    has appointed Stephen Crocker chairman of the newly formed ICANN
    Security Committee; there has been some concern that the ICANN system
    is vulnerable to distributed denial of service attacks because it
    uses BIND.
    http://www.computerworld.com/storyba/0,4125,NAV47_STO68225,00.html
    [Editor's (Murray) Note: Good choice!!]

     --12 February 2002 Sandia is Testing Wireless LANs
    Sandia National Laboratories is testing wireless LANs outside
    of secure areas. Other DOE labs are taking a different approach:
    Lawrence Livermore National Laboratory has issued a ban on wireless
    LANs and Los Alamos National Laboratory is conducting a security
    review of wireless LANs which may lead to their removal.
    http://www.computerworld.com/storyba/0,4125,NAV47_STO68235,00.html

     --11 February 2002 Global Crossings Former Employee Exposes Data
    A former employee of the telecommunications company Global Crossing
    Holdings Ltd. Has been posting personal data belonging to other
    company employees on the web for the last five months. According to
    a company attorney, the employee allegedly stole a disk containing
    the information. Though Global Crossing became aware of the problem
    in September, it didn't inform its employees until December; former
    employees were not told of the breach at all. Some former employees
    say the company failed to in implement adequate controls over who
    was allowed access to which data.
    http://www.computerworld.com/itresources/rcstory/0,4167,KEY73_STO68168,00.html

     --11 February 2002 Hotmail Password Reset Vulnerability
    A Hotmail vulnerability allows hackers to bypass password resetting
    security measures and jump right to the secret question prompt; once
    authenticated, the hacker can also use other Microsoft services,
    including .Net Passport.
    http://www.newsbytes.com/news/02/174400.html

     --11 February 2002 BlackIce Patches
    There are now patches available for the BlackIce ping flood
    vulnerability.
    http://www.computerworld.com/storyba/0,4125,NAV47_STO68189,00.html
    http://www.iss.net/support/consumer/BI_downloads.php

    ==end==

    Please feel free to share this with interested parties via email (not
    on bulletin boards). For a free subscription, (and for free posters)
    e-mail sanssans.org with the subject: Subscribe NewsBites

    To change your subscription, address, or other information, visit
    http://www.sans.org/sansurl and enter your SD number (from the
    headers.) You will receive your personal URL via email.

    You may also email <sanssans.org> with complete instructions and
    your SD number for subscribe, unsubscribe, change address, add other
    digests, or any other comments.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE8c58O+LUG5KFpTkYRAsm1AJ4tJlN6lQsAMroKb2qK1MPnoQxzUgCeJyE6
    yFBJFbPWOzLrKfRzMaivdEw=
    =PZEW
    -----END PGP SIGNATURE-----