To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: February 27 SANS NewsBites

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you have ever wanted to get children involved early in learning
to keep systems more secure, there's something you can do now: tell
the school in your city about the Kids Improving Security poster
contest. SANS and the FBI's National Infrastructure Protection Center
are cosponsoring the (page-sized) poster contest for kids in grades
3-8. Winners' schools earn $1,500 in computer equipment and the six
student winners each earn a trip to Washington for themselves and a
parent. DoD will make the winning posters into screen savers. Deadline
is in three weeks. If you live outside the US, borrow the concept
and the materials and run a poster contest yourself; we'll help tell
people in your country about it. http://www.staysafeonline.org/

                                 Alan

**********************************************************************

                           SANS NEWSBITES
                The SANS Weekly Security News Overview
Volume 4, Number 9 February 27, 2002
Editorial Team:
      Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
             Bill Murray, Stephen Northcutt, Alan Paller,
             Marcus Ranum, Howard Schmidt, Eugene Schultz

**********************************************************************

TOP OF THE NEWS
26 February 2002 Patch Internet Explorer Now CERT Warns
25 February 2002 Spitzner to Present HoneyNets On The Web
23 February 2002 Bill Would Increase Cybercrime Penalties
20 February 2002 Microsoft Baseline Security Advisor
19 February 2002 Wake Up and Smell the Coffee, Says Clarke
18 February 2002 Cybersecurity Information Coordination Center

THE REST OF THE WEEK'S NEWS
22 February 2002 Gartner Says Focus on Allocating Funds Efficiently
22 February 2002 Gator Digital Wallet Vulnerability
22 February 2002 Q & A with Stephen Crocker
22 February 2002 Microsoft Patches
21 & 22 February 2002 Vulnerability Reporting Standards Proposal
21 February 2002 UK Passport Office Looks Toward Biometrics
21 February 2002 Microsoft to Share Windows Source Code with
                  Integrators
21 February 2002 FAA Security Holes Fixed, Says FAA CIO
20 February 2002 Companies Going In-house for Cyber-forensics
19 February 2002 Yarner Worm
19 February 2002 Wireless Security Holes
19 February 2002 Peekabooty Unveiled
18 February 2002 Alleged Cyber Intruder Arrested in Australia

TRAINING OPPORTUNITIES IN THE NEXT 120 DAYS
SANS 2002 in Orlando: SANS' largest conference and exposition.
Large conferences San Antonio, London and Washington, Toronto, and
Portland (OR). Smaller programs in Kansas City, Los Angeles, Phoenix,
and Minneapolis. Details: http://www.sans.org

********************* Sponsored by NetIQ Corp. ***********************

Concerned with Windows Security? FREE NetIQ WHITE PAPER!

Spend wisely to maximize Windows security, minimize risks. Learn key
IT investments for the best ROI and six money-wasters to avoid. Don't
allocate your limited budget and resources to the wrong tools.

Download NetIQ's FREE white paper, "Investing Wisely in Windows
Security"!

http://www.netiq.com/f/form/form.asp?id=547

**********************************************************************

TOP OF THE NEWS

 --26 February 2002 Patch Internet Explorer Now CERT Warns
Internet Explorer users should apply the latest security patch to
address application vulnerabilities. The patch addresses the flaw
in Microsoft Internet Explorer version 5.01 and higher. The buffer
overflow vulnerability enables hackers to execute arbitrary code
on a system that is not patched through malicious code embedded in
HTML documents.
http://www.nwfusion.com/news/2002/0226iepatch.html
CERT Advisory: http://www.cert.org/advisories/CA-2002-04.html

- --25 February 2002 Spitzner to Present HoneyNets On The Web
The leader of the HoneyNet project and the nation's top expert on
honeypots, Lance Spitzner provides a fast-paced update on this
important evolving technology; Fred Kost of Recourse Technology
provides tool update. Date: March 6.
http://www.sans.org/webcasts/honeynets.php

 --23 February 2002 Bill Would Increase Cybercrime Penalties
The Cyber Security Enhancement Act is likely to be voted on by a
House Judiciary subcommittee this week. The bill aims to stiffen
penalties for certain cyber disruptions.
http://www.wired.com/news/politics/0,1283,50620,00.html

 --20 February 2002 Microsoft Baseline Security Advisor
The Microsoft Baseline Security Advisor (MBSA) scans Windows computers
for missing patches, weak passwords, and vulnerabilities in the
Microsoft's site in March.
http://news.com.com/2100-1001-841770.html

 --19 February 2002 Wake Up and Smell the Coffee, Says Clarke
Cyber security advisor Richard Clarke admonished participants at
the RSA conference to take cyber security seriously, pointing out
that many companies spend more on coffee than on computer security.
Clarke commended Microsoft for its Trustworthy Computing Initiative
and encouraged the audience to hold Bill Gates to his word.
http://news.com.com/2100-1001-840335.html
http://www.gcn.com/vol1_no1/daily-updates/18013-1.html

 --18 February 2002 Cybersecurity Information Coordination Center
The Bush administration plans to create a federal cybersecurity
response coordination office, much like the Y2K Information
Coordination Center; having a physical location where people could
gather to share information was very helpful. The center will bring
together the Critical Infrastructure Assurance Office (CIAO), the
National Infrastructure Protection Center (NIPC) and the office of
Richard Clarke, President Bush's cyber security advisor.
http://www.fcw.com/fcw/articles/2002/0218/news-cyber-02-18-02.asp
http://www.fcw.com/fcw/articles/2002/0218/news-cyber1-02-18-02.asp

*********************** SPONSORED LINKS ******************************

Learn how ManHunt 2.0 is providing real threat management today.
http://www.sans.org/cgi-bin/sanspromo/NB7

ALERT! Hackers gain access to backend data via web applications. FREE
WHITE PAPER: http://www.sans.org/cgi-bin/sanspromo/NB8

Add it up and upgrade... StoneGate firewall 50% upgrade promotion.
http://www.sans.org/cgi-bin/sanspromo/NB9

**********************************************************************

THE REST OF THE WEEK'S NEWS

 --22 February 2002 Gartner Says Focus on Allocating Funds Efficiently
Gartner analyst John Pescatore observes that the recent Office of
Management and Budget (OMB) report detailing cyber security weaknesses
throughout government agencies' systems found no correlation between
quality of security and spending on security which confirms Gartner
CEO Michael Fleisher's statement that spending more doesn't make for
better security.
http://news.com.com/2009-1001-843375.html

 --22 February 2002 Gator Digital Wallet Vulnerability
An ActiveX plug-in in the Gator digital wallet could be exploited to
gain control of computers and install backdoors or other malicious
software. A demonstration showed that the IE version of Gator was
vulnerable to the exploit, but it is not known if the Netscape version
is also vulnerable. Richard Smith alerted the company to the problem
in January 2000 and says he got no response.
http://www.newsbytes.com/news/02/174709.html

 --22 February 2002 Q & A with Stephen Crocker
Stephen Crocker, the head of the Internet Corporation for Assigned
Names and Numbers' (ICANN) recently established security committee,
discusses BIND and DNS vulnerability, and the need to work with the
entities that control the top level domains to establish consistent
rules and procedures.
http://www.computerworld.com/storyba/0,4125,NAV47_STO68514,00.html

 --22 February 2002 Microsoft Patches
Microsoft released patches for security vulnerabilities in IE, Windows
XP, SQL Server 2000 and Commerce Server 2000. Two holes could allow
attackers to read files on targeted computers; two others are buffer
overflow flaws.
http://www.computerworld.com/storyba/0,4125,NAV47_STO68547,00.html
http://www.theregister.co.uk/content/55/24168.html

 --21 & 22 February 2002 Vulnerability Reporting Standards Proposal
Steve Christey and Chris Wysopal have released a draft proposal
for responsible vulnerability disclosure procedures in an effort
to codify the unwritten rules that presently govern the practice.
The proposal calls for researchers who find security flaws to notify
the vendor or a third party coordinator, like CERT. The vendor would
be required to respond within a week in most cases, and would also
have to provide the researcher with weekly updates on their progress
toward fixing the problem.
http://zdnet.com.com/2100-1105-842656.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO68558,00.html

 --21 February 2002 UK Passport Office Looks Toward Biometrics
The UK Passport Office plans to have biometric information embedded in
passports within four years. In addition to raising concerns about
civil rights violations, his proposal could lead to passports being
issued to people using false identities and to increased wait times
at airport security checkpoints.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1833000/1833939.stm
[Editor's (Murray) Note: The US Immigration and Naturalization Service
has had INSPass in place for a decade. It may not have produced all
the benefits we might have hoped for but it has certainly had none of
the downside that the alarmists are concerned about. Frequent Flyers
love it. Enrollment requires your cooperation.]

 --21 February 2002 Microsoft to Share Windows Source Code with
                     Integrators
Microsoft announced plans to share Windows source code with licensed
systems integrators as part of its Shared Source Initiative.
The integrators can view the code on a smartcard accessible website
accessible; they may not alter or share the code. The announcement
has met with skepticism from the community; it could be viewed as a
way of satisfying a recent order in the antitrust case requiring the
company to reveal its code to nine plaintiff states, or as a defensive
gesture in the open source arena.
http://www.wired.com/news/business/0,1367,50596,00.html
http://news.com.com/2100-1001-841933.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO68500,00.html
http://www.msnbc.com/news/712896.asp?0dm=C19NT

 --21 February 2002 FAA Security Holes Fixed, Says FAA CIO
Federal Aviation Administration (FAA) CIO Daniel Mehan said the
agency has addressed computer security deficiencies enumerated in a
2000 General Accounting Office (GAO) report. The FAA now maintains
redundant systems and separates administrative and control networks
from each other. Mehan said his agency needs increased funding to
stay on top of its cybersecurity.
http://online.securityfocus.com/news/337

 --20 February 2002 Companies Going In-house for Cyber-forensics
A former UK police detective who now teacher classes in cyber-forensics
says that there is a growing trend of companies sending their own
employees for cyber-forensic training so they can conduct in-house
investigations.
http://zdnet.com.com/2100-1105-840925.html
[SANS Note: SANSFire in Boston at the end of June offers immersion,
hands-on forensics training and up-to-date technical briefings.]

 --19 February 2002 Yarner Worm
The Yarner worm arrives in the guise of a newsletter from Trojaner
Info. When executed, it overwrites the Notepad application in the
Windows directory, adds and alters some files, self-replicates
via Outlook e-mail, and deletes files in the Windows directory.
Outlook 2002 users and Outlook 2000 users who have installed the
Security Update should be protected.
http://zdnet.com.com/2100-1105-840177.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO68459,00.html

 --19 February 2002 Wireless Security Holes
Two security researchers published a paper detailing a pair of
security holes in the 802.1X wireless security system. The first
allows attackers to hijack a connection; the second allows them to
steal access information during authentication. The paper recommends
adding symmetric authentication to the standard.
http://zdnet.com.com/2100-1105-839948.html

 --19 February 2002 Peekabooty Unveiled
Two software developers presented a working version of Peekabooty,
a human rights peer-to-peer distributed proxy network designed to
deliver Internet content to people in countries that censor web sites.
http://zdnet.com.com/2100-1105-840652.html
http://online.securityfocus.com/news/335

 --18 February 2002 Alleged Cyber Intruder Arrested in Australia
Police in Sydney, Australia arrested a 21-year-old man in connection
with cyber-intrusions at Optus, a telecommunications form; law
enforcement authorities were able to bring charges of unauthorized
access to a computer and unauthorized modification of data against the
man under legislation that passed only last year. Optus Corporate
Affairs manager said the intruder did not cause any damage, nor was
customer data compromised.
http://www.newsbytes.com/news/02/174568.html

==end==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail sanssans.org with the subject: Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.

You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8fQAw+LUG5KFpTkYRAjlpAKCGrwO4DLohdVFemI+QGROFJPNXzACglfEI
XuAskCb//nFClpajdAwoWtg=
=HBaO
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]