Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: The SANS Institute (sans_at_sans.org)
Date: Wed Jul 24 2002 - 09:36:10 CDT
To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: July 24 SANS NewsBites
-----BEGIN PGP SIGNED MESSAGE-----
Yesterday, more than 520,000 packages were mailed containing a poster
and a program. Watch for a white envelope with the SANS logo arriving
in your mailbox very soon. The poster is an updated SANS Network
Security roadmap containing an expanded guide to security tools and
services and summary results from the hot-off-the-presses 2002 security
salary survey. The 100 page program invites you to attend the largest
security training conference and exposition ever held: SANS Network
Security 2002 in October in Washington DC. Please watch for the
poster and program and if you get several, please share the extras with
friends. The entire program is posted at http://www.sans.org/NS2002
If you want to be certain your copy was sent to the right address,
use the personal URL at the end of every issue of NewsBites.
A note for all security and networking people involved with US military
systems is attached at the end of this issue.
The SANS Weekly Security News Overview
Volume 4, Number 30 July 23, 2002
Kathy Bradford, Dorothy Denning, Roland Grefer,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Eugene Schultz
TOP OF THE NEWS
22 July 2002 Feds Endorse Security Benchmarks
22 July 2002 Homeland Security Strategy Calls For Widespread
17 July 2002 Hacking Part of Chinese War Threat
17 July 2002 Student Charged With Hacking To Boost Her Grades
16 July 2002 House Votes To Increase Cybercrime Penalties
THE REST OF THE WEEK'S NEWS
22 July 2002 Congressman Davis Asks For Security Benchmarks In
Homeland Security Act
22 July 2002 PHP Hole Puts Web Servers At Risk
19 July 2002 Movie Industry Tracking Down Individuals Trading
19 July 2002 Supova Worm Spreading Through Kazaa Network
15 July 2002 Frethem.K fits worm is spreading.
18 July 2002 Microsoft's Gates Says $100 Million Spent On Security
18 July 2002 Blue Cascades Report Cites Major Response Deficiencies
18 July 2002 Department of Homeland Security: NIST Out, Security
18 July 2002 Yahoo Mail Filters Fixed
17 July 2002 European and US Lawmakers Work On Internet
17/18 July 2002 National Strategy For Securing Cyberspace Due
16 July 2002 South Korean Activists Threaten DOS Protest Attack on US
16 July 2002 Liberty Alliance Network Identity Sign-On Standard
16 July 2002 Microsoft Backs SAML Standard
16 July 2002 CERT: Reported Security Flaws Increasing
15 July 2002 Cyberforensics Increasingly Used To Track Down Criminals
--Tutorials on Hacker Tools
IN-DEPTH TECHNICAL SECURITY TRAINING (AND SECURITY MANAGEMENT COURSES)
IN THE NEXT 120 DAYS
*If you are planning to attend any security conference this fall, make
it SANS Network Security 2002 - the largest security conference.
*Windows Gold Standard Benchmark Training Programs in Seven Cities.
*More Large SANS Training programs: Denver, Ottawa, and New York
*Smaller SANS programs: All over the globe.
*Online and mentor-led programs starting up in August/September
in 40 cities.
Details and registration information for all programs: www.sans.org
******************** Sponsored by CipherTrust, Inc.*******************
Secure the Email Gateway **FREE Email Security White Paper
Stop SPAM, HACKERS, VIRUSES, WORMS and TROJAN HORSES from destroying
or exposing critical data or bringing down Exchange, Notes, GroupWise
or Sendmail. IronMail integrates defenses against these threats,
and secures webmail systems including Outlook Web Access, all in a
hardened gateway appliance.
FREE white paper on email security risks
TOP OF THE NEWS
--22 July 2002 Feds Endorse Security Benchmarks
A coalition of technology users in industry, academia, and government
joined to publish a Windows 2000 minimum security configuration
benchmark -- the first in a series of benchmarks for strengthening
security on systems.
An eWeek evaluation of the testing program:
Download the benchmarks and testing tools: http://www.cisecurity.org
--22 July 2002 Homeland Security Strategy Calls For Widespread
The National Strategy for Homeland Security released last week calls
for background checks of people managing IT systems in corporations
that make up the nation's critical infrastructure. The report
specifically says, "Personnel with privileged access to critical
infrastructure, particularly [IT-based] control systems, may serve
as terrorist surrogates by providing information on vulnerabilities,
operating characteristics and protective measures."
The complete strategy document is posted at
--17 July 2002 Hacking Part of Chinese War Threat
A Pentagon assessment of the threat China poses to its neighbors says
that computer hacking may be one of the tools China uses in executing
its goal of surprise, deception and shock. According to the report
China is exploring coercive strategies designed to bring Taipei to
[Editor's Note (Ranum): Napoleon Bonaparte once commented that "given
the chance, a wise commander would employ lightning bolts if they are
available." Given the choice between hacking and ballistic warheads,
I'm amazed anyone sees hacking as a real concern in this case.]
--17 July 2002 Student Charged With Hacking To Boost Her Grades
Darielle Insler, a 22 year old University of Delaware student,
allegedly changed her grades in a math and a science class from "F's"
to "A's". She apparently fooled the human resources department into
setting new passwords for instructor accounts. She is charged with
multiple counts of identity theft and unauthorized access and misuse
of information on a computer system.
--16 July 2002 House Votes To Increase Cybercrime Penalties
The US House of Representatives voted 385 to 3 to increase to 20 years
the maximum penalty for knowingly attempting to cause serious injury
through a cyberattack.
************************ SPONSORED LINKS *****************************
Privacy notice: These links redirect to non-SANS web pages.
(1) TRUSTWORTHY COMPUTING? Learn How to Stop the 7 Deadly Classes of
IIS Attacks Free Whitepaper: http://www.sans.org/cgi-bin/sanspromo/NB55
(2) Aberdeen Alert! Web Application Attacks-Download FREE Research
Report on Web App Security http://www.sans.org/cgi-bin/sanspromo/NB56
THE REST OF THE WEEK'S NEWS
--22 July 2002 Congressman Davis Asks For Security Benchmarks In
Homeland Security Act
Rep. Tom Davis (R, VA), who chairs the House Government Reform
Subcommittee on Technology and Procurement Policy, wrote to House
Majority Leader Dick Armey asking him to include minimum security
benchmarks in the Homeland Security Act. Davis' letter said the bill's
provisions would "significantly strengthen federal cyberpreparedness
by requiring all agencies to implement specific, baseline security
--22 July 2002 PHP Hole Puts Web Servers At Risk
A security hole in the PHP Hypertext Preprocessor (PHP) scripting
language used on many Web servers could allow an attacker to execute
code on affected systems or even take control of them.
The advisory, a fixed version of PHP, and a work around for the
problem were released by the PHP Group and are available at:
[Editor's Note (Grefer): PHP is a recursive acronym.]
--19 July 2002 Movie Industry Tracking Down Individuals Trading
The Motion Picture Association of America uses a specialized search
engine to track down copyrighted movies, then requests that the
ISP require the user to get rid of the file or lose their Internet
connectivity. MPAA says more than 100,000 users have gotten cease
and desist letters from their ISPs, and most comply.
--19 July 2002 Supova Worm Spreading Through Kazaa Network
The Supova worm spreading through the Kazaa music and video file
sharing network. It destroys system files and then launches denial
of service attacks against religious web sites.
For more a more technical description:
--15 July 2002 Frethem.K fits worm is spreading.
Frethem has many of the characteristics of last year's mass-mailing
worms. It uses its own SMTP engine to send itself to email addresses
that it finds in the Microsoft Windows Address Book and in .dbx,
.wab, .mbx, .eml, and .mdb files.
--18 July 2002 Microsoft's Gates Says $100 Million Spent On Security
Microsoft's Chairman Bill Gates claims the cost of its delay in
development to improve security has cost the company $100 million.
Despite these efforts the company continues to release security fixes
weekly, sometimes daily.
[Editor's Note (Schultz): Let's be fair to Microsoft. Just because
bugs are being found in current and older releases does not mean that
Microsoft's efforts to improve the security of its codes are a failure.
The real test will be new releases which, given what I have heard from
engineers who work at Microsoft, are likely to be less bug-riddled.]
--18 July 2002 Blue Cascades Report Cites Major Response Deficiencies
Blue Cascades was last month's high-level exercise sponsored
by the Pacific Northwest Economic Region (PNWER). It tested the
region's vulnerability to power outages and telecommunications
failures. Among other conclusions, the report said that Blue Cascades
showed that neither corporate nor government officials recognize their
"overwhelming dependency upon IT-related resources to continue business
operations and execute recovery plans."
[Editor's Note (Northcutt): This exercise that was cosponsored
by FEMA, The US Navy, and the Canadian Office of Critical
Infrastructure Protection and Emergency Preparedness. The
invitation and additional information about it can be found at
--18 July 2002 Department of Homeland Security: NIST Out, Security
The US House Select Committee writing the Department of Homeland
Security Act decided not to include the Computer Security Division
of the National Institutes of Standards and Technology in the
new division. Instead it is to stay at NIST. The House's version
also establishes Information Security Teams to test security
of federal agencies and assist them in improving security.
--18 July 2002 Yahoo Mail Filters Fixed
Yahoo! Has altered the filters it was using to replace words in
malicious scripts. An error in the filters caused them to replace words
throughout messages sent to Yahoo! users, not just in the scripts.
--17 July 2002 European and US Lawmakers Work On Internet
Members of the European Parliament met with US legislators, regulators
and Vice President Cheney this week to "debate." Arlene McCarthy,
a member of the European Parliament said, "Expectations aren't
that the two approaches to Internet policy will become identical,
but that they can be compatible enough to help facilitate global
commerce and enforcement."
[Editor's Note (Schultz): Achieving any kind of agreement is going
to be exceptionally difficult. The US and Europe are worlds apart
when it comes to privacy expectation.]
--17/18 July 2002 National Strategy For Securing Cyberspace Due
Richard Clarke, the President's computer security adviser, said
Wednesday that an upcoming national plan to protect cyberspace will
include expectations for home users, as well as large companies
and the government. The new plan will be the Internet component of
the national strategy for homeland security announced by President
Bush. The CNN article also talks about plans for PC standards and
tools to help users keep their systems secure as part of the strategy.
--16 July 2002 South Korean Activists Threaten DOS Protest Attack
The White House and military web sites are the targets of a threatened
attack by South Korean activists angry about the deaths of two girls
struck by a US military vehicle on a road north of Seoul. The soldiers
driving the truck have been indicted and could face up to six years
--16 July 2002 Liberty Alliance Network Identity Sign-On Standard
The Liberty Alliance, a Sun-backed consortium, released
technical specifications for federated network identity sign-on
as a secure method for identifying individuals using any manner
of internet-connected devices. Such standards will help Internet
merchants maintain ownership of their client data while sharing lead
information with others. Version 1.0 does not cover personal data,
but provides a format for exchanging authentication information while
holding the identity of the user safe.
The Liberty Alliance is an alternative to Microsoft's Passport
program. Liberty's press release may be found at:
--16 July 2002 Microsoft Backs SAML Standard
Microsoft architect Kim Cameron said that Microsoft would Security
Assertion Mark-up Language (SAML), which was developed by the
twelve members of OASIS ) Organization for Advancement of Structured
Information Standards). This announcement raises the possibility of
greater interoperability with standards supported by other groups,
including Sun Microsystems.
--16 July 2002 CERT: Reported Security Flaws Increasing
Larry Rogers of the CERT Coordination Center at Carnegie Mellon
University reports that the number of reported security flaws has
jumped from 2400 for all of last year to more than 1,000 for just
the first three months of this year.
--15 July 2002 Cyberforensics Increasingly Used To Track Down
The FBI recently made a case against a New Jersey gambling operation
using data obtained with a password uncovered through a keystroke
logging program. Police are finding it easier to get electronic
records because of the Patriot Act passed in the aftermath of
September 11. Privacy advocates are concerned police have too much
power to snoop.
[Editor's Note (Northcutt): This is a well written article. A very
clear expression of the concerns of privacy advocates is the ACLU
briefing on the subject: http://www.aclu.org/congress/l110101a.html]
--Tutorials on Hacker Tools
These are two excellent articles summarizing hacker tools. The
Symantec article provides foundation knowledge while the article by
Ed Skoudis called "Faster, Stealthier? More Dangerous," in Information
Security magazine, provides a unique look at the newest developments in
hacker techniques. (The following is a shameless plug) Ed is one of the
two lead faculty members for SANS Hacker Exploits hands-on class and
also one of the two highest rated speakers on the topic in the world.
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) e-mail sanssans.org with the subject:
To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.
You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.
Special For US Military Personnel And Others Involved With Military
Systems and Networks
Please Mark Your Calendar Today!
The Second Annual National Information Assurance Leadership (NIAL)
conference will be held October 24-25 at the Washington Convention
Center in Washington, DC. It is a joint conference of the US Army,
US Navy, US Marine Corps, US Air Force, and US Coast Guard. Each
service has a separate track exclusively for the ISSOs and ISSMs who
are responsible for security in that service and the contractors who
help make it successful. The Service Tracks are designed to provide
authoritative and timely answers to key security management and policy
questions as well as technology updates, and offer opportunities to
discuss security issues with top brass in that service. In addition,
joint sessions featuring White House and other speakers, will offer
all attendees the opportunity to gain a larger perspective.
Richard A. Clarke, President Bush's Special Assistant for Cyberspace
Security will present the new National Strategy for Securing Cyberspace
keynote address on October 24th and will also present the National
Information Assurance Leadership awards to organizations - both public
and private - that have set an example of excellence in improving
Ed Skoudis, author of the best selling book, Counter Hack, will
present the Security Threat Update keynote presentation on October
25th. Ed will take you inside the hacker's methods and show you how
they are changing their attack approach and what you can do about it.
Service Track Chairs:
US Air Force, Wanda Heath, Wanda.Heathpentagon.af.mil
US Navy, Russ Marsh, MarshRnctc.navy.mil
US Army, John Quigg, john.quiggus.army.mil
US Coast Guard, Ken Reynolds, KReynoldsTISCOM.uscg.mil
US Marines, Janet Palmer, PalmerJShqmc.usmc.mil
There is a firm limit of 150 persons in each Service Track as the
rooms won't hold any more people. Please reserve a place within the
next few weeks so you won't be left out. The price is $300 for the
two day program and includes a compendium of presentations, breaks,
and access to the largest exhibition of security tools and services
the SANS Institute has ever assembled. In addition, your fee includes
access to a wide variety of evening training and networking programs
where new technologies will be discussed. SANS' contact is Kathy
SANS has extended a 20% discount on all its training programs at
NS2002 exclusively to civilian and military employees and contractors
involved full-time with military systems. You do not have to attend
the NIAL conference to use the discount for the training programs.
Be sure to enter the appropriate code:
Air Force: af
Coast Guard: cg
Marine Corps: usmc
If your email address is not .mil, provide a .mil address in the
comments field that we will use to verify your involvement with
A discounted hotel rate is available through 9.27.02.
An attendee manual, with agenda, is posted online:
The conference is being held in conjunction with SANS Network Security
2002, which features 12 intensive training programs ranging from
Information Security Officer training to Intrusion Detection Analyst
training. The new standards for securing Windows and other systems,
announced by government leaders last week, will also be taught in
courses at NS2002. This program is a unique opportunity to combine
intense award-winning training with a conference specifically aimed
at answering the questions you face each day in helping secure the
information systems on which our military officers and enlisted
persons depend. Don't miss it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----