From: Alan for the SANS NewsBites service
Re: August 28 SANS NewsBites

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

***********************************************************************
SANS NewsBites August 28, 2002 Vol. 4, Num. 35
***********************************************************************

TOP OF THE NEWS
26 August 2002 Identity Theft Insurance
21 & 23 August 2002 Feds Raid ForensicTec Offices
23 August 2002 Proposed US Network Operations Center Would Centralize
                Cyber Security Data
27 August 2002 FTC Releases "Safe At Any Speed" Security Guidance
                for Consumers

THE REST OF THE WEEK'S NEWS
27 August 2002 Flying for WiFi
21 August 2002 Wardriving Day
26 August 2002 Hacker Demonstrates SSL Exploit
26 August 2002 Study Advocates Open Source for Governments
22 & 23 August 2002 Duload Worm Targets Kazaa Network
26 August 2002 VA Revamps Computer Disposal Policy
23 August 2002 Liquidated Computers Harbor Sensitive Data
25 & 26 August 2002 Attorney to Appeal Russian Hacker's Case
24 August 2002 OMB Orders IT Spending Freeze to Eliminate Redundant
                 Investments in Homeland Security
23 August 2002 Trillian Buffer Overflow Vulnerability
23 August 2002 Microsoft Releases Cumulative IE Patch
22 August 2002 Office and IE Holes
20 & 21 August 2002 Microsoft FTM Vulnerability
20 August 2002 Apache and Windows 2000 Holes
22 August 2002 Air Force Research Lab to Collaborate on Digital
                Watermarking Technology
22 August 2002 Nine Electronic Crimes Task Forces to be Established
21 August 2002 On Line Court Docs Pose Privacy Problems
21 August 2002 West Virginia DMV Shuts Down NASCAR Plate Site to
                Investigate Hacking
21 August 2002 Software Needs to be Better Secured
20 August 2002 Businesses are Improving Cyber Security
20 August 2002 Networking Information and Technology R&D Program Plans
19 August 2002 Security Event Management Systems
18 August 2002 Virtual Honeynets

TUTORIAL
23 August 2002 Top Ten Worms and Viruses

FREE WEB BROADCAST
Mark your calendar for September 4, 1 PM EDT (1700 UTC).
Visual displays and statistics to help catch intruders featuring David
Marchette. Plus Symantec's Brian Hernacki on Recourse Technology.
Listen live and ask questions, or, once you have an access code,
sign on later to listen to the webcast at your leisure.
http://sans.digisle.tv/audiocast_090402/brief.htm

SECURITY TRAINING NEWS
Gold Standard Training for Securing Windows 2000 using
the new consensus standards and free testing tools - 38
cities. http://www.sans.org/Win2KWorldTour/

SANS Network Security 2002 in October: Largest security conference &
expo: http://www.sans.org/NS2002
For military security managers: click on the National Information
Assurance Leadership Conference.

Microsoft's advertising site, AOL, CNN, and the Recording Industry
Association of America sites have all been taken down by Distributed
Denial of Service (DDoS) attacks over the past 18 months. Your site
could be next. The defenses, the mitigation strategies, and the best
of breed tools are still emerging and the DDOS Symposium is your only
chance to see all of the products and technology at the same time -
with live demos. http://www.sans.org/NS2002/ddos.php

Advanced security training in nineteen additional cities, plus Local
Mentor programs in 35 cities. See: http://www.sans.org

********* This Issue Sponsored by Check Point Software ****************

Get Your FREE White Paper: "Building Secure Wireless LANs"

When building a wireless LAN, you need a solid security
foundation. Learn how with Check Point's white paper, "Building Secure
Wireless LANs." See how you can protect your network's integrity with
proven encryption and authentication while connecting users through
flexible wireless technology.

Get it FREE! Just click here:
http://cgi.us.checkpoint.com/Wireless/wireless.htm

***********************************************************************

TOP OF THE NEWS

 --26 August 2002 Identity Theft Insurance
Identity theft insurance will usually cover expenses incurred by those
who have to endure the ordeal of identity theft. Victims often need
to take time away from work to deal with banks, credit card companies
and other concerns. The policy is usually available as a rider on
homeowner's insurance.
http://www.msnbc.com/news/799425.asp?0dm=C21AT
[Editor's Note (Schultz): I'd dispute any notion that infosec
insurance sales are doing all that well, but I'd be willing to bet
that identity theft insurance will be popular. Identity theft is
simply too prevalent already, it results in terrible inconvenience
for the victim, and it can be purchased as a rider to a home insurance
policy---how perfect!]

 --21 & 23 August 2002 Feds Raid ForensicTec Offices
The FBI raided the offices of ForensicTec, the company that claimed it
had found vulnerable computer networks in the government and military
while conducting a security audit for an unrelated private firm.
The company allegedly peered into scores of files on these computers.
ForensicTec president Brett O'Keefe said their goal was to alert the
government to the need for better security and to gain good PR for
the company. Accessing a computer without permission is a felony in
the United States.
http://www.washingtonpost.com/wp-dyn/articles/A42019-2002Aug20.html
http://www.cnn.com/2002/TECH/internet/08/23/computer.security.ap/index.html
[Editors' Note (multiple): Last week your NewsBites editors decided not
to run this story because we sensed something wrong with a company
hacking a government agency and bragging about it. We included
the story this week because law enforcement involvement rounded it
out. Here are the URLs from last week that we excluded:
http://www.washingtonpost.com/wp-dyn/articles/A24191-2002Aug15.html
http://news.com.com/2100-1001-954179.html
http://www.gcn.com/vol1_no1/daily-updates/19683-1.html]
 
 --23 August 2002 Proposed US Network Operations Center Would
                   Centralize Cyber Security Data
As a part of its National Strategy to Secure Cyberspace, the Bush
Administration is proposing to create a cyber-security Network
Operations Center that would serve as a single point of collection
for security related e-mail and other security data. The center
would bring together data from the National Infrastructure Protection
Center (NIPC), the Critical Infrastructure Assurance Office (CIAO),
the Department of Energy and commercial networks. In addition,
private networks would be encouraged to collect data to share with the
government. Concerns about the center include government agencies'
reluctance to share information with each other and the possibility
of privacy violations.
http://www.eweek.com/article2/0,3959,481112,00.asp

 --27 August 2002 FTC Releases "Safe At Any Speed" Security Guidance
                   for Consumers
The US Federal Trade Commission today released a four page guide
to safety for computers connected to the Internet at high speed
(such as using DSL and cable). It's the first such document that
communicates effectively with the general public. The FTC is making
free printed color copies available to any groups that need them for
classes or handouts to customers or for any other purpose. See the
FTC note at the end of this issue for the address to request copies.
The electronic version is available in text and PDF format at the
new FTC InfoSecurity web site which will soon have a great deal more
useful information.
http://www.ftc.gov/bcp/conline/edcams/infosecurity/

************************ SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.

(1) ACTIVATE your firewall to block as-yet-unknown attacks. FREE
case study. http://www.sans.org/cgi-bin/sanspromo/NB69

(2) STOP SPAM and unwanted email. Take control. FREE WHITE PAPER!!!
http://www.sans.org/cgi-bin/sanspromo/NB70

(3) IDENTIFY AND STOP THE FIVE THREATS TO INTERNET DATA SECURITY!
CLICK HERE! http://www.sans.org/cgi-bin/sanspromo/NB71
***********************************************************************

THE REST OF THE WEEK'S NEWS

 --27 August 2002 Flying for WiFi
The search for accessible wireless networks has taken to the sky.
A group A group calling itself WAFreeNet flew in a small plane
around Perth, Australia, looking for wireless networks. The group
says they want to map out the locations of other wireless networks
so they won't interfere with their own.
http://www.theage.com.au/articles/2002/08/24/1030052995854.html
[Editor's Note (Murray): Yeah, right.]

 --21 August 2002 Wardriving Day
On August 31, hackers plan to come together in Red Deer, Alberta for
the first Alberta International Wardriving Day, a contest to see
who can find the most wireless networks. There are no prizes for
participants; the event's organizer says it raises awareness about
security and privacy needs.
http://rtnews.globetechnology.com/servlet/ArticleNews/tech/RTGAM/20020821/gtwar/Technology/techBN

 --26 August 2002 Hacker Demonstrates SSL Exploit
A Swedish hacker demonstrated for Reuters how he could easily break
into Microsoft server software used at several Swedish banks. He
exploited a vulnerability in Microsoft's implementation of the Secure
Socket Layer (SSL) standard. Microsoft claims it is not possible,
"I can't even see the theoretical possibility for it to happen",
said Mats Lindkvist, responsible for security at Microsoft in Sweden..
http://news.com.com/2100-1001-955442.html

 --26 August 2002 Study Advocates Open Source for Governments
A study from University of Maastricht's International Institute of
Infonomics strongly recommends that governments use open source
software instead of proprietary products. The study argues that
the use of open source software in governments would save money and
increase competition.
http://zdnet.com.com/2100-1104-955282.html
http://www.infonomics.nl/FLOSS/index.htm

 --22 & 23 August 2002 Duload Worm Targets Kazaa Network
A visual basic worm called Duload has been spreading through the
Kazaa file-sharing network. It arrives as an attachment and copies
itself to the system directory, modifies the registry so it loads on
every start, and places itself into a folder in the Windows directory
using a list of phony file names and makes that folder available to
people on the file-sharing network (39 copies). One of the variants
also downloads Trojans to infected computers.
http://www.smh.com.au/articles/2002/08/23/1030052966626.html
http://www.theregister.co.uk/content/55/26794.html
http://zdnet.com.com/2100-1105-954893.html

 --26 August 2002 VA Revamps Computer Disposal Policy
129 computers from the Department of Veterans Affairs (VA)
that contained sensitive information such as health records and
government credit card numbers were given away in Indianapolis.
The VA is revising its computer disposal policy. The VA's CIO says
the agency will buy an enterprise license for software that will erase
data from hard drives and will develop and establish a qualification
and certification program for all VA ISOs.
http://www.fcw.com/fcw/articles/2002/0826/news-va-08-26-02.asp

 --23 August 2002 Liquidated Computers Harbor Sensitive Data
Two used computers bought from a liquidation firm on the Internet
turned out to contain quantities of sensitive information from the
businesses that originally owned them. The author suggests running a
magnet over hard drives before the computers are sold and instituting
legal action against those who expose others' personal information
by allowing it out with discarded computers.
http://www.linuxjournal.com/article.php?sid=6286

 --25 & 26 August 2002 Attorney to Appeal Russian Hacker's Case
A Seattle attorney who is defending one of the two Russian men
nabbed in an FBI sting plans to argue in his appeal that the FBI
agents violated US law when they downloaded the information from
the Russians' computers without a warrant. His line of argument is
similar to that used by Russian FSB officials who have charged the
FBI agent with criminal activity.
http://news.com.com/2100-1001-955251.html
http://online.securityfocus.com/columnists/105
[Editor's Note (Murray): The legitimacy of this investigation turns
on a number of untested legal points including jurisdiction and
timely warrants. Better to have it decided on this case than on
an accusation of hacking against and authorized and supervised law
enforcement officer.]

 --24 August 2002 OMB Orders IT Spending Freeze to Eliminate
                    Redundant Investments in Homeland Security
The US Office of Management and Budget has ordered seven of the
agencies that will become part of the proposed Department of Homeland
Security to halt all IT project spending until it determines whether
or not proposed projects can be combined to save money. The OMB also
wants to make sure new projects will be compatible across the new DHS.
Ongoing projects are not affected by the spending freeze.
http://www.washingtonpost.com/wp-dyn/articles/A55084-2002Aug23.html

 --23 August 2002 Trillian Buffer Overflow Vulnerability
The messenger client Trillian, v. 0.73 is vulnerable to a buffer
overflow attack. Trillian allows users to connect a variety of
instant messaging clients in a single interface. An analyst has
published a proof-of-concept attack for the vulnerability.
http://news.zdnet.co.uk/story/0,,t278-s2121250,00.html

 --23 August 2002 Microsoft Releases Cumulative IE Patch
Microsoft has issued a cumulative patch for Internet Explorer
(IE) that also addresses six vulnerabilities, the most serious of
which could allow attacker to take control of vulnerable machines.
The flaws affect IE versions 5.01, 5.5 and 6.0; older, unsupported
versions of IE may also be vulnerable. The patch also disables two
vulnerable ActiveX controls.
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,73732,00.html
http://www.theregister.co.uk/content/55/26807.html
http://www.microsoft.com/technet/security/bulletin/MS02-047.asp

 --22 August 2002 Office and IE Holes
Critical security holes In Microsoft's Office suite and Internet
Explorer could allow attackers to run programs on vulnerable computers,
possible reading files or even crashing machines. Microsoft has made
a patch for the vulnerability available.
http://www.msnbc.com/news/797978.asp?0dm=C11NT

 --20 & 21 August 2002 Microsoft FTM Vulnerability
Microsoft warned customers of a security flaw in its File Transfer
Manager (FTM) program which is used to download certain software from
the company's web site. FTM users are urged to upgrade to the newest
version of the program which is available on Microsoft's FTM web site.
The flaw could allow an attacker to gain control of vulnerable systems.
http://news.com.com/2100-1001-954590.html
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,73674,00.html
http://www.theregister.co.uk/content/55/26765.html
FTM web site: http://transfers.one.microsoft.com/ftm/install/HomeIE.asp

 --20 August 2002 Apache and Windows 2000 Holes
Security holes affect Apache server software version 2.0.39 and
earlier on Microsoft Windows 2000, IBM OS/2 and Novell Netware.
The Apache flaw, which could allow an attacker to access sensitive
information or execute code, affects only non-Unix platforms.
The Windows flaw, which could allow the attacker to obtain elevated
privileges on vulnerable systems, is in the Network Connection Manager
(NCM) component. There are patches available for both security holes.
http://zdnet.com.com/2100-1105-954502.html
http://www.ciac.org/ciac/bulletins/m-114.shtml
http://www.ciac.org/ciac/bulletins/m-113.shtml
http://httpd.apache.org/info/security_bulletin_20020809a.txt
http://www.microsoft.com/windows2000/downloads/critical/q326886/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D41406%26redirect%3Dno

 --22 August 2002 Air Force Research Lab to Collaborate on Digital
                   Watermarking Technology
The Air Force Research Laboratory (AFRL) Information Directorate will
work with a private sector company on the research and development
of digital watermarking technology. The goal is to develop digital
watermarking technology that will add security to identity documents.
It will also help identify phony documents.
http://www.fcw.com/fcw/articles/2002/0819/web-afrl-08-22-02.asp

 --22 August 2002 Nine Electronic Crimes Task Forces to be Established
The US Secret Service plans to establish nine Electronic Crimes Task
Forces (ECTFs) across the country. Patterned after the one already
established in New York City, will allow IT specialists to share
information about cyber security threats without the risk of publicly
exposing problems. The US Patriot Act mandates the establishment of
an ECTF in every major city.
http://www.computerworld.com/securitytopics/security/story/0,10801,73696,00.html

 --21 August 2002 On Line Court Docs Pose Privacy Problems
States are increasingly putting court documents on line which pits
the right of access to public records against citizens' right to
privacy. Some states have imposed a moratorium on placing their public
records online until they have developed a policy regarding privacy.
Though much sensitive data is deleted, but remaining information,
such as bank account numbers and addresses, could abet identity
theft or other crimes.
http://story.news.yahoo.com/news?tmpl=story2&cid=528&ncid=528&e=2&u=/ap/20020821/ap_on_hi_te/court_records_online_3

 --21 August 2002 West Virginia DMV Shuts Down NASCAR Plate Site to
                   Investigate Hacking
West Virginia's DMV has shut down a web site that was used to sell
NASCAR license plates on line; the FBI is investigating allegations
that a hacker breached the site's security. The FBI has taken the
server, which contains credit card numbers of people who bought NASCAR
plates, as part of its investigation.
http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8794

 --21 August 2002 Software Needs to be Better Secured
According to security experts, bad software is to blame for the
increase in cyber attacks. Consumers need to demand better products
from manufacturers. White House cyber security advisor Richard Clarke
calls for boycotting software that is not secure. The National
Institute of Standards and Technology (NIST) has developed quality
assurance testing tools for software.
http://www.newsfactor.com/perl/story/19104.html

 --20 August 2002 Businesses are Improving Cyber Security
US companies seem to be heeding the warning that the next arena for
a terrorist attack could be their computer systems. According to
a Computer Economics survey of 233 businesses, 77% of the companies
have bolstered their protection against cyber attacks like viruses and
hacker attacks; improvements include updating anti-virus software and
generating daily backups. A survey by SCI and the FBI found that 90%
of large corporations and government agencies discovered security
breaches in the past year.
http://www.usatoday.com/advertising/orbitz/orbitz-window.htm

 --20 August 2002 Networking Information and Technology R&D Program
                   Plans
Plans for the federal Networking Information and Technology R&D (NITRD)
program include research in the areas of encryption and authentication
and high-speed wired and wireless security. The program also offers
graduate fellowships and postdoctoral research funding in areas of
advanced IT training. President Bush has requested $1.8 billion for
the program for fiscal 2003, an increase of $59 million over 2002.
http://www.gcn.com/vol1_no1/daily-updates/19713-1.html

 --19 August 2002 Security Event Management Systems
The abundance of security systems available to administrators,
including firewalls, intrusion detection systems, anti-virus software
and content-filtering systems, can provide too much information to
process effectively and efficiently. The next generation of security
tools aims to address this problem. Called security event management
systems, they analyze and correlate data from a variety of security
systems on a central console.
http://www.informationweek.com/story/IWK20020816S0036

 --18 August 2002 Virtual Honeynets
This article from the Honeynet Project defines and describes the
deployment of self-contained and hybrid virtual honeynets.
http://www.honeynet.org/papers/virtual/
[Editor's Note (Murray): Counter-espionage is not an exercise for
amateurs. One cannot buy it in a kit. If you do not know what you
will do with the results, do not collect them.]

TUTORIAL
 --23 August 2002 Top Ten Worms and Viruses
This article describes the differences between worms, viruses and
Trojan horses, and offers descriptions of the ten worst viruses and
worms of all time. The article also offers advice for protecting
computers from infections: use anti-virus software and update it
regularly, don't open unexpected or suspicious e-mail attachments
and keep up to date with software patches and virus news.
http://www.pcworld.com/features/article/0,aid,103992,00.asp

== end ==

NewsBites Editorial Board:
Kathy Bradford, Dorothy Denning, Roland Grefer, Bill Murray, Stephen
Northcutt, Alan Paller, Marcus Ranum, and Eugene Schultz

Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) e-mail sanssans.org with the subject:
Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.

You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.

HOW TO ORDER PAPER COPIES OF THE FTC PUBLICATION: SAFE AT ANY SPEED

Anyone interested in ordering the publication can do so by sending
their name, organization, address, and telephone and fax numbers,
along with the quantity of publications as follows:
If less than 50 copies:
Consumer Response Center
Federal Trade Commission
600 Pennsylvania, NW, Room H-130
Washington, DC 20580-0001
Or call 1-877-FTC-HELP (877-382-4357)
__________________________________

If more than 50, but less than 500 copies:
Distribution Office
Federal Trade Commission
600 Pennsylvania, NW, Room B-20
Washington, DC 20580-0001
Or fax 202-326-2572 or email publicationsftc.gov
___________________________________________

If anyone is interested in more than 500 publications, they should
contact Erin Malik directly, at emalickftc.gov or (202) 326-2817. The
FTC is more than happy to fill orders larger than 500, but by directly
talking to the orderer, they can be sure they have enough ready for
shipment, and will also be able to give a more accurate prediction
of the shipping timeline.

People are also welcome to make copies of the publications to use
and distribute as they wish. If they do, the FTC would really like
to hear back about how they're being used. Email your comments to
emalickftc.gov

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9bNub+LUG5KFpTkYRAn0yAJ9rS35bBLuo4h9NQESdHnQZWj5HXQCgotIB
soRpcn5nfG5FOZLZJOOw34s=
=mIqs
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]