To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: March 20 SANS NewsBites

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The President's Critical Infrastructure Protection Board has released
the first phase of the US National Strategy to Secure Cyberspace - a
list of the key questions to be answered in the Strategy. By releasing
the questions first, the Board hopes to encourage interested parties
to suggest innovative and thoughtful answers to each of the questions.
You'll find the questions and instructions on providing suggested
answers at http://www.sans.org/nationalstrategy.php

Oracle security problems may be more prevalent than previously
reported. Pete Finnegan, with the help of many of the other Oracle
security gurus around the world, has completed a first draft of SANS
new Oracle Security: Step-by-Step guide. We are distributing the
list of Oracle security problems to be sure we have addressed all the
known issues. We'll share the solutions sections with those people who
provide substantive feedback on the problems. If you know a lot about
Oracle security and *will* provide feedback, please email infosans.org
with the subject "Oracle security problems" and we will email you
a copy. Include your name, organization, city, state, and country.

                                Alan

**********************************************************************
                           SANS NEWSBITES
                The SANS Weekly Security News Overview
Volume 4, Number 12 March 20, 2002
Editorial Team:
             Kathy Bradford, Dorothy Denning, Roland Grefer,
             Bill Murray, Stephen Northcutt, Alan Paller,
             Marcus Ranum, Howard Schmidt, Eugene Schultz
*********************************************************************

TOP OF THE NEWS
13 March 2002 Alleged Defacer/Extortionist Charged
12 March 2002 Admin Chastised for Using Vulnerabilities to Warn
               of Infection
11 March 2002 CIA Networks Mapped
15 February 2002 ISPs and DDoS Liability

The REST OF THE WEEK'S NEWS
14 March 2002 PGP Difficult to Use, Says Gartner
14 March 2002 Fbound Worm is Bilingual
14 March 2002 Cable Modem Vulnerability
13 March 2002 More Security Professionals Needed
11 & 12 March 2002 Zlib Compression Library Vulnerability
14 & 15 March 2002 Zlib Vulnerability Affects Other OSes
11 March 2002 Virus Alert Standards Would be Helpful
11 March 2002 Security Manager on SNMP Patching, IM Virus
8 March 2002 DoT Plans to Address GPS Vulnerabilities
8 March 2002 New Issues Facing Corporate Security

TUTORIALS
4 March 2002 Facial Recognition Technology
21 February 2002 Security FAQ

TRAINING OPPORTUNITIES IN THE NEXT 120 DAYS
SANS 2002 Annual Conference, Courses, and Exposition, Orlando April
1-7 (Five tracks are sold out; seven are still available)
Large training programs in Boston, London, Washington, Denver,
New York, Los Angeles, and Toronto. Smaller programs in Phoenix,
Minneapolis, Portland, Colorado Springs, Chicago, Detroit.
Details and registration information: www.sans.org

Two notes for people planning May training: In Toronto, May 13-18
we have an opportunity to offer the training with smaller class
sizes. (http://www.sans.org/Ontario) And in Washington, May 6-11,
we'll be launching the enterprise security management and SANS site
certification initiative. (http://www.sans.org/CapitolHill)

*********** FREE Seminar from Internet Security Systems ************

You have heard about the need for online security. You know your
systems may be at risk. Now it's time to ask the question, "Am I
Vulnerable?" Join Internet Security Systems for our FREE Seminar
Series, "Are You Vulnerable?" and learn how to determine if your
network, servers and desktops are open to attack. Attend this FREE
seminar and learn how to secure your online assets with the latest
protection solutions from Internet Security Systems.

Register Today! http://www.issfeedback.com/areyouvulnerable?SANS

**********************************************************************

TOP OF THE NEWS

 --13 March 2002 Alleged Defacer/Extortionist Charged
A Kansas teenager who in 2000 allegedly offered to help secure a
California city's web site that he had defaced in exchange for a
laptop computer has been charged with felony computer crimes.
http://online.securityfocus.com/news/352

 --12 March 2002 Admin Chastised for Using Vulnerabilities to Warn
                  of Infection
An Australian systems administrator has been criticized for writing
a script to warn users that their computers had been infected;
his program used the same software flaws exploited by the worms he
warned about.
http://it.mycareer.com.au/news/2002/03/12/FFXEIAXKOYC.html

 --11 March 2002 CIA Networks Mapped
A UK computer security consulting company used entirely legal means to
compile a detailed map of non-classified CIA networks and gather names,
e-mail addresses and phone numbers of a handful of agency employees.
While a CIA spokesperson discounted the significance of the study,
others say the information could be used to gain access to classified
information.
http://www.computerworld.com/storyba/0,4125,NAV47_STO68961,00.html

 --15 February 2002 ISPs and DDoS Liability
This article describes the liability ISPs could face as a result
of distributed denial of service (DDoS) attacks. ISPs need to be
especially careful about claims they make when marketing and promoting
their services. ISPs need to be especially careful about claims they
make when marketing and promoting their services; they should also
employ effective security practices that are continually monitored
and updated as necessary.
http://www.tisc2001.com/newsletters/43.html
[Editor's (Murray) Note: The problem here is that the contracts
are being drafted by the vendors and the buyers are not asking, do
not even know how to ask, for security. Even if the ISP thinks he
is doing a good job of security, he will try to disclaim it in the
contract if he can get away with it. He knows that he cannot protect
the user from everything and, particularly, from his own errors.
A good contract will describe what the user can rely upon the ISP to
do and what the ISP relies upon the user to do. The emphasis should be
on agreed actions, not on responsibility and certainly not on results.]

************************ SPONSORED LINKS *****************************

(1) Stop Hackers DEAD with Continuous Intrusion Prevention provided
by ActiveGuard(tm)
http://www.sans.org/cgi-bin/sanspromo/NB15

(2) Dorian Software Creations: Automate Event Log Archiving, Analysis,
and Detection!
http://www.sans.org/cgi-bin/sanspromo/NB16

**********************************************************************
THE REST OF THE WEEK'S NEWS

 --14 March 2002 PGP Difficult to Use, Says Gartner
Gartner believes that the main reason Network Associates had trouble
selling PGP encryption to businesses is that they did not make the
product easy to use.
http://zdnet.com.com/2100-1107-859781.html
[Editor's (Schultz) Note: The Gartner Group has once again missed the
real point, namely that security products in general are deficient
when it comes to useability.]

 --14 March 2002 Fbound Worm is Bilingual
The Fbound worm spreads itself through Outlook and deletes itself;
the worm carries no malicious payload, but can arrive either in
English or Japanese, depending upon the recipient's e-mail address
or computer language setting.
http://news.com.com/2100-1001-860409.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO69081,00.html
http://zdnet.com.com/2100-1105-860094.html

 --14 March 2002 Cable Modem Vulnerability
A man who fiddled with the settings in his cable modem when he felt
his service was too slow says he has discovered a vulnerability in
DOCSIS-compliant cable modems that could expose their configuration
files.
http://online.securityfocus.com/news/353

 --13 March 2002 More Security Professionals Needed
Experts say a dearth of experienced security professionals is the
greatest threat to the security of the country's computer networks.
http://www.eweek.com/article/0,3658,s=701&a=23973,00.asp

 --11 & 12 March 2002 Zlib Compression Library Vulnerability
A "double-free" vulnerability in the Linux zlib
compression/decompression library could allow malicious code onto
an affected machine. No exploits have been reported, and patches
are available.
http://www.gzip.org/zlib/advisory-2002-03-11.txt
http://www.cert.org/advisories/CA-2002-07.html
http://news.com.com/2100-1001-857265.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO69013,00.html
http://www.theregister.co.uk/content/55/24387.html

 --14 & 15 March 2002 Zlib Vulnerability Affects Other OSes
The security hole in the zlib compression/decompression library
affects not only Linux but all operating systems that use zlib code.
http://news.com.com/2100-1001-860328.html
http://www.computerworld.com/storyba/0,4125,NAV47_STO69167,00.html

 --11 March 2002 Virus Alert Standards Would be Helpful
When a new virus begins making the rounds, users are faced with a
bevy of warnings and alert ratings from various anti-virus vendors.
http://www.computerworld.com/storyba/0,4125,NAV47_STO68980,00.html

 --11 March 2002 Security Manager on SNMP Patching, IM Virus
The security manager plans to install patches for the SNMP
vulnerability because he expects that someone will soon write code to
exploit it; he also confesses to being impressed with the MSN Instant
messenger virus
http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO68932,00.html

 --8 March 2002 DoT Plans to Address GPS Vulnerabilities
The Transportation Department's (DoT) plan to address security
vulnerabilities found in the Global Positioning System (GPS) includes
maintaining GPS backup systems, using anti-jamming technology, and
educating state and local agencies about the vulnerabilities.
http://www.govexec.com/dailyfed/0302/030802gsn1.htm

 --8 March 2002 New Issues Facing Corporate Security
As security has become more complex, corporations need to integrate
information security throughout the enterprise, address the convergence
of physical and information security and prepare to deal with
biometrics and the attendant privacy concerns.
http://zdnet.com.com/2100-1107-855323.html
[Editor's (Schultz) Note: Has security really become more complex, or
do consultancies make it appear more complex to the point that demand
for their services grows? Perhaps if we began viewing security as not
so complex, we would actually make some headway in improving defenses.]

TUTORIALS

 --4 March 2002 Facial Recognition Technology
This article describes how facial recognition systems work, their
attendant privacy concerns, and the four main types of facial
recognition technology. Organizations considering using facial
recognition need to consider not only the implementation costs,
but also whether the system will be used for access control or
surveillance. Finally, the article reviews several different products.
http://www.fcw.com/geb/articles/2002/0311/web-face-03-04-02.asp
[Editor's (Murray) Note: The big growth in the application of this
technology is not in I&A but in automated surveillance. In the short
run this application relies upon the fact that the database of targets
is small. In this application the concern is false positives.]

 --21 February 2002 Security FAQ
This article offers a primer of information security advice, answering
questions about firewalls, outsourcing, insurance, and reporting
security incidents. It also lists ten important elements of good
information security, which includes identifying risks, developing
and implementing a security policy, and hiring an independent third
party to conduct a security audit.
http://www.cio.com/security/edit/security_abc.html

==end==

Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) e-mail sanssans.org with the subject:
Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.

You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8mN81+LUG5KFpTkYRAv94AJ0e6s/J+2hOVkqlIYhyBAZryeNOjgCeIJkZ
PpRYSQvTrHpqbDHbvwNN4uE=
=LRvD
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]