|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (sans_at_sans.org)
Date: Wed Jul 10 2002 - 10:51:10 CDT
To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: July 10 SANS NewsBites
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good news on two important security projects
Oracle Security
Pete Finnegan and a global team of Oracle security wizards just
finished an amazing step-by-step guide for securing Oracle, and we
now need three sites to bench-test the document. If you have a test
system and are willing to test the guide, email sans
sans.org with
the subject: Oracle Bench Test
The Richter Scale Project For Rating Vulnerabilities
Many system administrators are overwhelmed by the number
of vulnerabilities - finding it difficult to tell which must be
acted upon immediately and which can be put aside to wait for
the next service pack. A new SANS project is providing the needed
information by collating the decisions of a "Security Council" whose
members describe exactly what they did (completely confidentially) to
respond to each of the highest priority vulnerabilities (as collated
by Neohapsis and Tipping Point). We need additional members of this
council. If you are the person who makes the security decision on what
to do for at least 5,000 users, and you want to participate, email
your qualifications to sanssans.org with the subject Richter Project.
Today is the last day for the early registration discount
for SANS Beyond Firewalls conference and training program in
Denver. (www.sans.org)
Alan
**********************************************************************
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 4, Number 28 July 10, 2002
Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Eugene Schultz
*********************************************************************
TOP OF THE NEWS
3 July 2002 Netcraft Survey Says Web Servers More Vulnerable
7 July 2002 Kowbot Virus/Worm Spreading Through Kazaa
3 July 2002 Congressional Action On Cybersecurity Now Focuses on
Homeland Security Bill
27 June 2002 White House Boosting Cyber Insurance
THE REST OF THIS WEEK'S NEWS
7/8 July 2002 Falun Gong Hacks Chinese Satellite TV
7 July 2002 Virus Blocks Access To News Site From Infected Systems
8 July 2002 Attacks on Power Companies Growing
3 July 2002 Microsoft RAS Patch has Flaw; New Patch Issued
3 July 2002 DEA Agent Accused of Selling Law Enforcement Data
2 July 2002 Forensics Tools Not Up To The Task
2 July 2002 Singapore Police Believe They Know Identity of On
2 July 2002 Police Break Up On Line Pornography Ring
1 July 2002 Scarfo Receives Sentence; Keystroke Logging Software
Evidence Allowed
1 July 2002 InfraGard Hopes More Businesses Will Share Information
1 July 2002 Security Manager's Journal: Losing Staff
1 July 2002 Add a Variety of Operating Systems to Bolster Security
1 July 2002 Secure Computing Consortium to Frame Standard
IN-DEPTH TECHNICAL SECURITY TRAINING (AND SECURITY MANAGEMENT COURSES)
IN THE NEXT 120 DAYS
*If you are planning to attend any security conference this fall, make
it SANS Network Security 2002 - the largest security conference.
http://www.sans.org/NS2002
*More Large SANS Training programs: Denver, Marina Del Ray (CA),
Ottawa, New York
*Smaller SANS programs: Detroit, St. Louis, San Diego, Vienna, VA,
Omaha, London, Vancouver, Kuala Lumpur.
*Online and mentor-led programs starting up in August/September
in 40 cities.
*Windows 2000 Security Gold Standard training starts in DC August 28
Details and registration information for all programs: www.sans.org
******* This Issue Sponsored by VeriSign - The Value Of Trust ********
Secure your servers with 128-bit SSL encryption! Grab your copy of
VeriSign's FREE Guide, "Securing Your Web site for Business," and
you'll learn everything you need to know about using 128-bit SSL to
encrypt your e-commerce transactions, secure your corporate intranets
and authenticate your Web sites. 128-bit SSL is serious security for
your online business.
Get it now! http://www.verisign.com/cgi-bin/go.cgi?a=n09440091010057000
**********************************************************************
TOP OF THE NEWS
--3 July 2002 Netcraft Survey Says Web Servers More Vulnerable
Netcraft says, based upon its survey results, that a greater number of
web servers are vulnerable now than ever before. Recently disclosed
vulnerabilities in Apache and Microsoft's IIS servers are pervasive
within the installed base and, because of lags in installing patches,
leave a greater number of systems exposed.
http://www.theregister.co.uk/content/55/26049.html
[Editor's Note (Northcutt): Thousands of companies run their businesses
on Apache servers, so securing them is critical. The Center for
Internet Security has just completed a consensus benchmark on securing
Apache. SANS will begin a series of one day hands-on Securing Apache
courses in many cities beginning with one in the Washington DC area
on August 28, 2002.
Data on the course: http://www.sans.org/CIS_Apache
Register at:
https://registration.sans.org/cgi-bin/SecuringApache_register/
(Grefer) Actually the vulnerability is the same as it was before
disclosure (the hole was there). The risk of attack has increased.]
--7 July 2002 Kowbot Virus/Worm Spreading Through Kazaa
A new virus/worm is spreading by masquerading as a popular mp3 media
file to trick users into downloading it. It then replicates itself
150 times in the Kazaa shared files directory. Kowbot takes control
of the user's computer and is the second worm to attack Kazaa users
in the past two months.
http://www.vnunet.com/News/1133129
--3 July 2002 Congressional Action On Cybersecurity Now Focuses on
Homeland Security Bill
Both the US House of Representatives and the US Senate are reshaping
initiatives to fit into the Homeland Security Bill, thereby increasing
the chances of passage this year.
http://www.govexec.com/dailyfed/0702/070302td1.htm
--27 June 2002 White House Boosting Cyber Insurance
The White House is establishing a joint public/private working group
to identify obstacles that may be preventing insurers from writing
more cybersecurity policies.
http://www.washingtonpost.com/wp-dyn/articles/A55719-2002Jun27.html
************************ SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.
Digital Immunity: take full control over Application Execution and
Plug & Play devices http://www.sans.org/cgi-bin/sanspromo/NB51
***********************************************************************
THE REST OF THE WEEK'S NEWS
--1 July 2002 Attacks on Power Companies Growing
Power companies are increasingly being targeted by hackers, according
to data gathered by RipTech. FBI spokespersons expressed concern
http://www.cbsnews.com/stories/2002/07/08/tech/main514426.shtml
http://www.latimes.com/business/la-sci-hackers8jul08.story
Editor's Note: The LA Times site requires free registration
[Editor's Note (Denning): It isn't just power companies. Attack
activity averaged over all companies during the 6-month period
Jan-June 2002 was 28% higher than over the preceding 6-month period
(Jul-Dec 2001), leading to a projected annual growth rate of 64%.
(Bill Murray's brief analysis of hackers v. terrorists is included
at the end of this issue.)]
--7/8 July 2002 Falun Gong Hacks Chinese Satellite TV
TV viewers in China saw a banner reading "Falun Gong is good" on their
TV screens during prime time. Peoples Republic of China government
sources confirmed that the satellite carrying Central Chinese TV's
ten stations was hacked, and vowed to fight back.
http://www.washingtonpost.com/wp-dyn/articles/A41297-2002Jul8.html
http://www.msnbc.com/news/777515.asp#BODY
--7 July 2002 Virus Blocks Access To News Site From Infected Systems
The Gunsan mass-mailing virus deletes files needed by antivirus
and firewall products and blocks the infected computer's access
to a British technology news service, The Register. It spreads by
emailing itself to all email addresses found on the infected machine
and comes with a subject of a single blank character and an attachment
of test.exe.
http://www.theregister.co.uk/content/56/26079.html
--3 July 2002 Microsoft RAS Patch has Flaw; New Patch Issued
A security patch released June 12 for a buffer overflow flaw in
Microsoft's Remote Access Service (RAS) in Windows NT 4.0, 2000 and XP
has a flaw itself that can prevent users from connecting to virtual
private networks (VPNs). Microsoft has removed the patch from its
Update service and provided a new one.
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,72441,00.html
http://www.microsoft.com/technet/security/bulletin/MS02-029.asp
--3 July 2002 DEA Agent Accused of Selling Law Enforcement Data
A former US Drug Enforcement Administration (DEA) agent who skipped
bail was found in Mexico and sent back to Los Angeles to face a number
of charges, including violating the Computer Fraud and Abuse Act.
Emilio Calatayud allegedly sold information from three law enforcement
databases, including the FBI's National Crime Information Center
(NCIC), the California Law Enforcement Telecommunications System
(CLETS) and the DEA's Narcotics and Dangerous Drug Information System
(NADDIS). The case underscores the problem of law enforcement data
being too easily accessible.
http://online.securityfocus.com/news/510
[Editor's Note (Ranum): The case underscores the problem that
computers, to be useful, must be useful to humans - and humans aren't
trustworthy. We must always remember cases like this when we're asked
to design security systems: there is no wall so high that money cannot
buy the keys to its door.]
--2 July 2002 Forensics Tools Not Up To The Task
FBI special agents and other security experts report that increasing
complexity of software and larger numbers of vulnerabilities are
too much for many of the rudimentary forensics tools available to
cyber defenders.
http://www.businessweek.com/technology/content/jul2002/tc2002072_9216.htm
--2 July 2002 Singapore Police Believe They Know Identity of On
Line Account Theft Culprit
Police in Singapore have identified the man they believe is responsible
for a rash of thefts from on line banking accounts at DBS and POSB
banks. The alleged thief stole varying amounts between $200 and
$4,999. Police recommend that online banking customers use firewalls
and anti-virus software and that they do not access their accounts
from public computers. The bank maintains that it was not their
security but the security of individuals' computers that was breached.
http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8449
http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8448
--2 July 2002 Police Break Up On Line Pornography Ring
Law enforcement agents from Europol and the UK's National Hi-Tech
Crime Unit managed to infiltrate and break up a pedophile ring that
was using complex cryptography to send files and proxy servers to
hide members' identities.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_2082000/2082657.stm
--1 July 2002 Scarfo Receives Sentence; Keystroke Logging Software
Evidence Allowed
Nicodemo Scarfo was sentenced to nearly three years in prison
for his role in an illegal gambling (operation). The case is
significant because investigators used a surreptitiously installed
keystroke-logging device to gather evidence. In December, US District
Court Judge Joel Pisano ruled that the evidence was admissible,
after which Scarfo admitted to his role in the crime.
http://www.theregister.co.uk/content/55/25971.html
--1 July 2002 InfraGard Hopes More Businesses Will Share Information
Businesses are still reluctant to share information about computer
attacks and security breaches because they fear the repercussions
the negative PR could generate. The FBI is trying to entice them
to change their stance on this issue by offering anonymity and
information about cyber security. The (offer) comes as part of the
FBI's InfraGard program. It is available to companies with "secure"
memberships in the program.
http://www.msnbc.com/news/774803.asp
http://www.infragard.net/
--1 July 2002 Security Manager's Journal: Losing Staff
The security manager writes about how he plans to manage after losing
two members of his security team. He will have to take on more
responsibilities himself until replacements are hired and trained,
which means he will have to temporarily assign some of his daily
tasks to other areas of the company.
http://computerworld.com/securitytopics/security/story/0,10801,72328,00.html
--1 July 2002 Add a Variety of Operating Systems to Bolster Security
Homogenous computing environments are more susceptible to virus
infections. MIT Police Department information systems manager John
Welch says that deploying servers with alternate operating systems
throughout networks slows down the spread of viruses.
http://www.computerworld.com/securitytopics/security/story/0,10801,72288,00.html
http://researchweb.watson.ibm.com/antivirus/SciPapers/Kephart/ALIFE3/alife3.html;
and http://www.cs.berkeley.edu/~nweaver/warhol.html
[Editor's Note (Ranum): Genetic diversity is _one_ defence against
viruses. Immunity is another. The wise organism will use both.
(Schultz) IT managers will read Welch's comments and cringe. Sure,
having different OSs is better for security, but different OSs create
all kinds of IT challenges. Security professionals need to be careful
about conveying a "security above all else" attitude.]
--1 July 2002 Secure Computing Consortium to Frame Standards for
Software Development
The Sustainable Computing Consortium (SCC) hopes to produce standards
and guidelines for software developers to help them create more
secure and reliable products. NASA, an SCC member, is regarded as
having highly reliable software; the question is how to translate
what NASA has done to the industry in general. Other SCC members
include Carnegie Mellon University, Microsoft, Oracle and Raytheon.
http://www.fcw.com/fcw/articles/2002/0701/tec-nasa-07-01-02.asp
[Editor's Note (Murray): The Romans used to make the engineers stand
under the bridge as the army marched across. Ancient Roman bridges
are still in routine use. It is not that we do not know how to do it
(build safe software) but that programmers, for a variety of reasons,
do not do it.]
Are hackers the moral equivalent of terrorists?
A brief analysis by William Murray
It has been suggested (by the President of the United States, inter
alia) that post 911 there is a moral equivalence between hackers
and terrorists. That is, they both diminish necessary public trust
and confidence. However, for security purposes it is useful to
distinguish. For hackers, the network is both the target and the
means: for terrorists the application is the target and the network
merely the means. The hacker attacks targets of opportunity in a
target-rich environment; the terrorist attacks targets of choice.
The hackers are attacking instances of ubiquitous operating systems
and applications where the necessary special knowledge is essentially
public. The terrorist is after applications (where the money
and the power are); where the necessary special knowledge is more
narrowly held. The hacker succeeds because targets are numerous and
most targets are the same. The terrorist succeeds because his cost of
attack, while higher than that of the hacker, is very low when compared
to the value to him (martyrdom and eternal fame and happiness?) of
his success. There is some limit to what hackers will do.
==end==
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) e-mail sanssans.org with the subject:
Subscribe NewsBites
To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.
You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9LEjz+LUG5KFpTkYRArORAJ9ONJrPJQHJe16BhKNO7IxH/kAY4gCePJ00
s0bul9d76MhD+zhpfCH5+GM=
=laa0
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]