|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (sans
sans.org)Date: Wed Mar 13 2002 - 11:14:04 CST
To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: March 13 SANS NewsBites
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Consultants and internal groups that perform site security assessments
have experienced major changes in the aftermath of September 11. One
key change is the emerging requirement to test all systems rather
than a sample of systems and to compare the status of security on
those systems with industry benchmarks. To try to help make this job
easier, SANS is completing a consensus standard for auditing security
on Internet-connected systems and networks. If you do a large number
of such audits, and are willing to invest some time in helping make
the consensus better, please email infosans.org with the subject,
Consensus site audit standards.
Alan
**********************************************************************
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 4, Number 11 March 13, 2002
Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Howard Schmidt, Eugene Schultz
**********************************************************************
TOP OF THE NEWS
6 & 7 March 2002 Davis Bill Would Require Compliance with Info Sec
Best Practices
11 March 2002 Air Force CIO Wants Better Security In Microsoft
Products
7 & 8 March 2002 Rough Sets Data Mining Tool Detects Abnormal Activity
7, 8 & 9 March 2002 Flickering Lights May Leak Data
6 March 2002 Man Arrested for Allegedly Trying to Sell Personal Data
THE REST OF THE WEEK'S NEWS
8 March 2002 MyLife Worm
6 & 8 March 2002 Gibe Worm Installs Back Door
6 & 8 March 2002 NAI Drops PGP; Zimmerman Wants Source Released
7 March 2002 DOE and DOD Address Computer Security Issue
6 March 2002 Reporting Web Site Holes is Problematic
6 March 2002 SSA Testing Biometrics
5 March 2002 SSA Testing SSN Authentication Program
5 March 2002 Security Hole In Microsoft's Java Virtual Machine
4 March 2002 Disclosure Proposal Favors Vendors
4 March 2002 Defense Lawyer Argues DMCA Does Not Apply in Elcomsoft
Case
4 March 2002 Financial Companies Move to Preserve Mission Capability
26 February 2002 The Center for Internet Security
TRAINING OPPORTUNITIES IN THE NEXT 120 DAYS
SANS 2002 Annual Conference, Courses, and Exposition, Orlando April
1-7 (Late registration deadline for savings is March 12.)
Large training programs in Boston, London, Washington, and
Toronto. Smaller programs in Kansas City, Los Angeles, Detroit,
Colorado Springs, Portland (OR), Phoenix, and Minneapolis. Details:
http://www.sans.org
************************ Sponsored by NetIQ **************************
Free Security White Paper from NetIQ
Want to simplify, strengthen and speed up security tasks? Download
NetIQ's free white paper, "Strengthen Windows Security." Need to
reduce administration costs, boost security and implement comprehensive
reporting ... and extend the security benefits of Active Directory?
Learn how! http://www.netiq.com/f/form/form.asp?id=800
**********************************************************************
TOP OF THE NEWS
--6 & 7 March 2002 Davis Bill Would Require Compliance with Info
Sec Best Practices
Representative Tom Davis (R-Va.) introduced the Federal Information
Security Management Act (FISMA), legislation that aims to make the
provisions of GISRA permanent and add a requirement that government
agencies adhere to information security best practices developed by
the National Institute of Standards and Technology (NIST).
http://www.gcn.com/vol1_no1/daily-updates/18120-1.html
http://www.fcw.com/fcw/articles/2002/0304/web-gisra-03-07-02.asp
[Editor's (Murray) Note: Be careful what you ask for. New York
State recently removed web sites from the internet completely as an
alternative to restricting access to an appropriate set of people.
"Nothing useful can be said about the security of a practice except
in the context of an application and an environment.
(Paller) People who accept Bill's thinking would avoid running
hardening scripts before deploying systems, because they had not
performed a thorough needs assessment involving in-depth analysis
of the application and the environment. But since most people are
not as skilled as Bill is at risk assessment, they would be left
with completely unprotected systems, available to immediate attack.
Benchmarks make sense, and the Davis Bill, with a few critical changes,
could do a great deal of good.]
--11 March 2002 Air Force CIO Wants Better Security In Microsoft
Products
Air Force CIO John Gilligan says the Air Force will stop using
Microsoft software if the company doesn't improve its products'
security; Gilligan says the Air Force will do business with the
companies that offer the best solutions.
http://www.usatoday.com/life/cyber/tech/2002/03/11/gilligan.htm
[Editor's (Schultz) Note: This is an extremely significant
development. A large customer is standing up to vendors and saying
"We will not buy your products any more if you don't give us better
security." Vendors say they do not provide better security in their
products because customers do not demand it. Now Gilligan is demanding
it. If others like Gilligan follow suit, vendors will for the first
time feel genuine pressure to develop better, more secure software.]
--7 & 8 March 2002 Rough Sets Data Mining Tool Detects Abnormal
Activity
Researchers from Pennsylvania State University and Iowa State
University tested three data mining tools for efficacy as intrusion
detection techniques. The three tools, neural networks, inductive
learning, and rough sets, are all capable of learning from prior
attack examples. Rough sets is the only one of the three capable of
working with incomplete data; it also returned the highest accuracy
in detecting abnormal activity. There are presently no plans for
commercial development of rough sets.
http://unisci.com/stories/20021/0307023.htm
http://abcnews.go.com/sections/scitech/CuttingEdge/cuttingedge020308.html
Abstract: http://www.decisionsciences.org/dsj/Vol32_4/32_4_635.htm
--7, 8 & 9 March 2002 Flickering Lights May Leak Data
Researchers have found that light reflected from computer monitor
screens and the pattern of flickering light emitted from LEDs on some
devices can be captured and translated into readable information.
http://www.wired.com/news/print/0,1294,50893,00.html
http://news.com.com/2100-1001-854946.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO68939,00.html
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1861000/1861656.stm
[Editor's (Murray) Note: This vulnerability is much smaller than
leakage from RF emanations and we do not spend much time worrying
about that one.]
--6 March 2002 Man Arrested for Allegedly Trying to Sell Personal
Data
Federal and local law enforcement agents arrested Donald Matthew
McNeese for allegedly trying to sell personal data belonging to
60,000 Prudential Insurance Company employees. He is charged with
downloading the data while he worked for the company. If convicted,
McNeese could face as much as 45 years in prison and a fine of $750,000
plus restitution.
http://www.computerworld.com/storyba/0,4125,NAV47_STO68850,00.html
*************** Sponsored Links **************************************
(1) Get the SIMPLEST, Highest Availability for Check Point
VPN-1/FireWall-1, only from Resilience.
http://www.sans.org/cgi-bin/sanspromo/NB13
(2) On-time Real Time UNIX auditing with auditGuard from DLI.
http://www.sans.org/cgi-bin/sanspromo/NB14
**********************************************************************
THE REST OF THE WEEK'S NEWS
--8 March 2002 MyLife Worm
The MyLife mass-mailer worm arrives in the guise of a sentimental
photograph to exploit a bug in Microsoft Outlook. It tries to delete
certain Windows files, but a coding bug prevents that from happening.
Outlook 2000 users need to install the Security Update or upgrade to
Outlook 2002 to be protected.
http://zdnet.com.com/2100-1105-855400.html
--6 & 8 March 2002 Gibe Worm Installs Back Door
The Gibe mass-mailer worm arrives as an attachment to what appears to
be a Microsoft security bulletin; if activated, it will mail itself
out and install a back door in the infected system. The infection
occurs only if users open the attachment. Outlook 2000 users need
to install the Security Update or upgrade to Outlook 2002 to protect
their computers.
http://zdnet.com.com/2100-1105-853235.html
http://www.msnbc.com/news/721388.asp?0dm=T18QT
--6 & 8 March 2002 NAI Drops PGP; Zimmerman Wants Source Released
NAI failed to find a buyer for PGP Desktop and wireless encryption
products, which will now be put in "maintenance mode;" current service
contracts will be honored through expiration. Phil Zimmerman wants
NAI to release the source code.
http://www.nwfusion.com/news/2002/0306naipgp.html
http://news.com.com/2100-1023-856132.html
http://online.securityfocus.com/news/348
--7 March 2002 DOE and DOD Officials Address Computer Security Issue
Testifying before a House subcommittee, Department of Energy (DOE)
and Defense Department (DOD) officials described the actions their
agencies are taking to address the problems outlined in a recent
computer security assessment.
http://www.fcw.com/fcw/articles/2002/0304/web-action-03-07-02.asp
--6 March 2002 Reporting Web Site Holes is Problematic
A software developer who found a security hole in the Guess.com
e-commerce web site had a hard time informing the company about the
problem; this sort of difficulty is all too common, leading some who
find vulnerabilities resorting to posting them on security mailing
lists. A standard that could streamline the reporting of problems
to the web site owners would be helpful.
http://online.securityfocus.com/news/346
--6 March 2002 SSA Testing Biometrics
The Social Security Administration (SSA) is testing a variety of
biometric technologies for possible use in guarding against identity
theft; if a biometric program is chosen, the information would be
stored in a database, not identity cards.
http://www.fcw.com/fcw/articles/2002/0304/web-ssa-03-06-02.asp
--5 March 2002 SSA Testing SSN Authentication Program
The Social Security Administration (SSA) plans to test an on-line
Social Security number (SSN) authentication program companies can
use when hiring employees.
http://www.gcn.com/vol1_no1/daily-updates/18116-1.html
--5 March 2002 Security Hole In Microsoft's Java Virtual Machine
A flaw in Microsoft's Java Virtual Machine (JVM) software could allow
a hacker to take control of browsers configured to use proxy servers;
they could then redirect traffic and steal passwords and other
sensitive information. A patch for the vulnerability is available.
http://news.com.com/2100-1001-851711.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO68811,00.html
http://www.theregister.co.uk/content/55/24295.html
http://www.microsoft.com/java/vm/dl_vm40.htm
--4 March 2002 Disclosure Proposal Favors Vendors
Computerworld senior news columnist Frank Hayes says the best practices
vulnerability disclosure proposal recently submitted to the Internet
Engineering Task Force (IETF) gives vendors too much latitude in
dealing with security problems.
http://www.computerworld.com/storyba/0,4125,NAV47_STO68754,00.html
[Editor's (Murray) Note: I do not know what Mr. Hayes' competence
to comment on the matter is. What I do know, with a high degree
of confidence, is that we must fix things in the order of their
importance, not the order of their discovery. It is difficult for the
vendor to decide which problem is most important but it is impossible
for the discoverer of one problem to rank it.]
--4 March 2002 Defense Lawyer Argues DMCA Does Not Apply in
Elcomsoft Case
The lawyer for Elcomsoft, the Russian software company that created
the e-book encryption circumvention software for which Dmitri Sklyarov
was arrested last summer, argued that the company was doing business
on the Internet and is therefore outside US jurisdiction.
http://www.wired.com/news/print/0,1294,50797,00.html
http://news.com.com/2100-1001-851418.html
--4 March 2002 Financial Companies Move to Preserve Mission
Capability
In an effort to mitigate potential losses, financial firms are
distributing offices and IT operations over wider geographical areas.
http://www.computerworld.com/storyba/0,4125,NAV47_STO68769,00.html
--26 February 2002 The Center for Internet Security
The Center for Internet Security (CIS) provides users with preferred
practice benchmarks, easy-to-use tools to test systems' compliance
with those benchmarks, and security ratings to quantify improvements
made in security.
http://www.usatoday.com/life/cyber/tech/2002/02/27/security.htm
==end==
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) e-mail sanssans.org with the subject:
Subscribe NewsBites
To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.
You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8j3mr+LUG5KFpTkYRAuu7AJ9/zRTDvuYfu5pQF0anJw/WNZ8I7gCfYPne
vNG41bcTngKaxRgkjrGeDG4=
=sM5y
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]