From: Alan for the SANS NewsBites service
Re: October 23 SANS NewsBites

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

***********************************************************************
SANS NewsBites October 23, 2002 Vol. 4, Num. 43
***********************************************************************

TOP OF THE NEWS
22 October 2002 DDoS Attack Targets The Core of The Internet
17 & 18 October 2002 Cybersecurity Funding Bill Passes Senate

THE REST OF THE WEEK'S NEWS
21 October 2002 Chicago Housing Authority Employs Biometrics
21 October 2002 Cytron Trojan
18 & 21 October 2002 Navy Computers Missing
18 October 2002 Cisco Catalyst LAN Switch Vulnerability
18 October 2002 Skeptic Files Defensive Patent Aimed at Preventing
                 Palladium from Enforcing Software Licensing
17 & 18 October 2002 Yahoo Customers Tricked into Exposing Personal
                      Data
17 October 2002 DoJ Response to Questions About Patriot Act Activities
                 are Vague
17 October 2002 Microsoft Issues Three More Vulnerability Warnings
                 and Patches
17 October 2002 ElcomSoft Trial Delayed
16 & 17 October 2002 Microsoft Beta Site Intrusion
16 & 17 October 2002 DOE Launches Digital Signature Software
16 October 2002 Clarke: No Tax Credits for Cyber Security Measures
16 October 2002 UK Businesses need to Address Cybersecurity
16 October 2002 Malware and Anti-Virus FAQ
16 October 2002 UK Corporate Group to Work with Law Enforcement
16 October 2002 Symantec Firewall Vulnerability
16 October 2002 e-Shoppers Concerned About Security
15, 16 & 18 October 2002 Pop-Up Spam
15 & 16 October 2002 Interpol Cybercrime Conference Convenes
15 October 2002 NIPC and Financial Services ISAC Will Share
                 Cyberthreat Info
15 October 2002 ATM Fraudster Draws Jail Time
14 October 2002 Free Still Supports Encryption Restrictions
14 October 2002 FBI to Open Cyber Forensics Lab in CA
10 October 2002 Side Channel Attacks Changing Encryption Software
                 Thinking

SECURITY TRAINING NEWS
*SANS Cyber Defense Initiative conference in San Francisco - Dec. 15-20
Featuring the eight highest rated teacers in the security
field. If you can attend only one conference this winter, try to
get a place in the courses in San Francisco. Also features a free,
evening step-by-step program for implementing a Top 20 vulnerability
remediation program.. San Francisco is often warmer and less crowded
in December than in August.
See: http://www.sans.org for details on San Francisco and other
programs

***************** This Issue Sponsored by NetIQ ***********************

FREE HIPAA Compliance White Paper from NetIQ

Attn Healthcare professionals! Are you ready for HIPAA (The Health
Insurance Portability and Accountability Act of 1996)?
Read NetIQ's FREE White Paper, "HIPAA Readiness," and learn how to
plan for and maintain compliance with HIPAA's security guidelines
and regulations.

Visit http://www.netiq.com/f/form/form.asp?id=1304&origin=NSSANS102302
***********************************************************************

TOP OF THE NEWS

 --22 October 2002 DDoS Attack Targets The Core of The Internet
The thirteen root name servers, effectively the master directory
for the Internet, were subjected to a large-scale distributed
denial of service attack on Monday evening. According to Internet
Software Consortium Inc. Chairman Paul Vixie, only four withstood the
attack. Redundancy designed into the Internet in the system allowed
most traffic to get to its intended destination without delay.
http://www.washingtonpost.com/wp-dyn/articles/A828-2002Oct22.html
[Editor's Note (Paller): The only way to stop such attacks is to fix
the vulnerabilities on the machines that would ultimately get taken
over and used to launch the attacks. There's no defense once the
machines are under the attacker's control. If organizations have not
established vulnerability identification and remediation program for
all their systems - even the "unimportant" ones - it won't be long
before their foot dragging will subject them to economic liability
and community contempt for their negligence.]

 --17 & 18 October 2002 Cybersecurity Funding Bill Passes Senate
The US Senate recently passed S. 2182, which allocates $903 million
over five years for cybersecurity research. The bill would require
the National Institute of Standards and Technology (NIST) to create
security configuration checklists for computers and software purchased
by federal agencies. The bill now moves to the House, where it is
expected to pass easily; the administration has also expressed support
for the legislation.
http://207.27.3.29/dailyfed/1002/101702td1.htm
http://www.reuters.com/news_article.jhtml?type=internetnews&StoryID=1593981
http://www.fcw.com/fcw/articles/2002/1014/web-cyber-10-18-02.asp

************************ SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.

(1) Webinar Series (10/24): Creating an Enterprise
Vulnerability Assessment & Remediation Management Strategy
http://www.sans.org/cgi-bin/sanspromo/NB90

(2) ALERT! "Cross-Site Scripting Attacks on Web Applications- Download
XSS White Paper! http://www.sans.org/cgi-bin/sanspromo/NB91

(3) WEB APPLICATION SECURITY & ROI - A Free Webinar featuring Stake &
Stratum8 - Learn More http://www.sans.org/cgi-bin/sanspromo/NB92

***********************************************************************

THE REST OF THE WEEK'S NEWS

 --21 October 2002 Chicago Housing Authority Employs Biometrics
The Chicago Housing Authority (CHA) is using thumbprint biometric
technology to authenticate user access to its computer network.
It hopes to reduce helpdesk workload and the likelihood of unauthorized
network access.
http://www.fcw.com/geb/articles/2002/1021/web-cha-10-21-02.asp

 --21 October 2002 Cytron Trojan
A Trojan horse program called Cytron is actually a browser plug-in that
serves pop-up advertisements for pornographic web sites. Users are
led to believe they are downloading an e-card viewer plug-in for an
on-line greeting they've received, but what gets downloaded is actually
Cytron, which has a valid certificate. The Trojan is named for the
Canadian company that operates most of the sites on the pop-up ads.
http://online.securityfocus.com/news/1350
[Editor's Note (Schultz): What next? This latest threat once again
highlights the importance of user awareness in preventing undesirable
outcomes.
(Murray) Enterprises should be blocking such plug-ins at the network
gateway. I doubt that one can get it from AOL.]

 --18 & 21 October 2002 Navy Computers Missing
According to an internal Navy report, the Pacific Fleet cannot account
for 595 computers; a spokesman later said that number has been reduced
to 187. Some of the missing computers contain classified information.
All of the computers have removable hard drives.
http://news.com.com/2100-1001-962664.html
http://www.computerworld.com/securitytopics/security/story/0,10801,75295,00.html

 --18 October 2002 Cisco Catalyst LAN Switch Vulnerability
Some Cisco Catalyst LAN switches are vulnerable to buffer overflow
attacks that could result in a denial of service. Switches running
CatOS versions 5.4 to 7.3, inclusive, and which have "cv" in their
image names are affected. Users are encouraged to upgrade their
software or employ a workaround, which entails disabling HTTP on
vulnerable switches.
http://www.theregister.co.uk/content/55/27690.html

 --18 October 2002 Skeptic Files Defensive Patent Aimed at Preventing
                    Palladium from Enforcing Software Licensing
Speaking on a panel at the USENIX Security Symposium, Microsoft
Palladium project manager Peter Biddle said the technology was
designed to protect entertainment content and he didn't see how it
could be used to enforce software licensing. Fellow panelist Lucky
Green wasn't so sure; shortly after the conference he applied for
two patents for techniques for using Palladium for just that purpose.
http://www.wired.com/news/technology/0,1282,55807,00.html

 --17 & 18 October 2002 Yahoo Customers Tricked into Exposing
                         Personal Data
Some Yahoo customers were duped by a fraudulent e-mail into supplying
their credit card and Yahoo account information. Yahoo sent a mass
mailing to its customers advising them not to heed the phony request.
http://www.msnbc.com/news/822693.asp?0dm=T217T
http://www.securitynewsportal.com/cgi-bin/cgi-script/csNews/csNews.cgi?database=JanS.db&command=viewone&id=98&op=t

 --17 October 2002 DoJ Response to Questions About Patriot Act
                    Activities are Vague
The House Judiciary Committee released the Justice Department's answers
to 50 questions regarding its use of new surveillance powers granted
by the Patriot Act.
http://www.pcworld.com/news/article/0,aid,106038,00.asp

 --17 October 2002 Microsoft Issues Three More Vulnerability Warnings
                    and Patches
Microsoft has issued warnings about security vulnerabilities in three
of its products. First, flaw in SQL Server could allow a user to
elevate privileges. SQL Server 200 and SQL Server 7 are affected,
as are Microsoft Data Engine 1.0 and Microsoft Desktop Engine 2000.
Second, a flaw in the way certain versions of Microsoft Word and
Excel handle field codes could allow attacker to steal documents on
vulnerable computers. Word 97, 2000, and 2002 and Excel 2002 are
affected; the flaw also some Word products for Macintosh. Finally,
a security flaw in Windows XP help could allow an attacker to delete
files on vulnerable machines.
http://news.com.com/2100-1001-962409.html
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,75167,00.html
Word and Excel: http://www.microsoft.com/technet/security/bulletin/MS02-059.asp
XP Help:
http://www.microsoft.com/technet/security/bulletin/MS02-060.asp
SQL Server:
http://www.microsoft.com/technet/security/bulletin/MS02-061.asp

 --17 October 2002 ElcomSoft Trial Delayed
A trial in which a Russian software company is being charged with
violating the controversial Digital Millennium Copyright Act (DMCA) has
been delayed 6 and one half weeks because officials at the US embassy
in Russia have denied visas to key witnesses. One of the witnesses,
programmer Dmitry Sklyarov, was arrested in August 2001 after giving
a presentation about software that circumvents e-book cop protection
at a conference in Las Vegas. ElcomSoft's attorney plans to file a
motion to dismiss the case because his clients aren't able to testify.
http://news.com.com/2100-1023-962491.html

 --16 & 17 October 2002 Microsoft Beta Site Intrusion
A hacker broke into BetaPlace.com, Microsoft's web site for beta
testers; evidently someone's log-in credentials were leaked to the
Internet. Microsoft shut down the site after it became aware of the
breach; it also reset user passwords. The site contains unreleased
versions of Windows, other software and activation keys. A spokesman
said the intruder did not access source code. The event has sparked
a criminal investigation.
http://news.com.com/2100-1001-962333.html
http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,75184,00.html

 --16 & 17 October 2002 DOE Launches Digital Signature Software
The Department of Energy (DOE) has launched digital signature software.
DOE Secretary Spencer Abraham used the technology to digitally sign
the department's e-Government Strategic Action Plan: A Road Map for
Delivering Services. The plan will allow DOE and other departments
to put secure documents on the Internet.
http://207.27.3.29/dailyfed/1002/101602t1.htm
http://www.fcw.com/fcw/articles/2002/1014/web-energy-10-17-02.asp
http://www.gcn.com/vol1_no1/daily-updates/20276-1.html
[Editor's Note (Murray): Even those enterprises and agencies that
routinely sign their posts and e-mails are vulnerable to some spoofs
and forgeries. However, those that do not are vulnerable to campaigns
of such spoofs and forgeries and leave their constituents naked to
them and with no defense except to ignore everything.]

 --16 October 2002 Clarke: No Tax Credits for Cyber Security Measures
Richard Clarke says the Bush administration is unlikely to give tax
credits to companies that employ cyber security measures; companies
should be doing so of their own initiative. He also said that the
government should not regulate cyber security; the government should
instead encourage security awareness and information sharing and
stimulate research.
http://www.cio.com/research/security/edit/101602_clarke.html
[Editor's Note (Schultz): Ideally, the US government should regulate
industry, given that industry comprises so much of the national
infrastructure. But the government has trouble regulating itself in
the first place--how could it possibly regulate industry?]

 --16 October 2002 UK Businesses need to Address Cybersecurity
British e-commerce minister Stephen Timms expressed concern that only
27% of businesses in the UK have IT security policies; that figure
was published in a PricewaterhouseCoopers report, and marks a 100%
increase over last year's numbers. The report also asserts that
infections from malware and cyber attacks cost UK businesses billions
of pounds last year. The UK government wants businesses to make IT
security a priority.
http://news.zdnet.co.uk/story/0,,t274-s2123998,00.html
[Editor's Note (Murray): The correct measure is not the percentage of
enterprises that have an IT security policy but what percentage of
enterprises that have any policy at all have an IT security policy.
Most small enterprises rely upon culture rather than written policies.]

 --16 October 2002 Malware and Anti-Virus FAQ
This article describes viruses, worms and Trojans and how they
propagate. It also explains what anti-virus software does, what
to look for when buying the software, and offers basic advice for
preventing and managing infections.
http://techupdate.zdnet.co.uk/story/0,,t481-s2123989,00.html

 --16 October 2002 UK Corporate Group to Work with Law Enforcement
The UK's Corporate IT Forum has established a security group that
hopes to work with the government on cybercrime prosecution. The
group will allow companies to preserve proprietary information and
protect their reputations by not making them go public with intrusion
incident information. The group would like to work with the National
High Tech Crime Unit (NHTCU), which is eager to create partnerships
with such organizations.
http://www.vnunet.com/News/1135990

 --16 October 2002 Symantec Firewall Vulnerability
A security flaw in the web proxy component of Symantec's firewall
technology leaves more than a dozen of the company's products
vulnerable to a denial of service attack. Symantec customers were
notified of the problem at the end of September, and the company
has issued a bulletin and patches for affected products. The Danish
company that issued an advisory about the problem issued a second
advisory about an information leak in Symantec's web server that could
let crackers discern host addresses behind firewalls. Symantec has
known about the problem since 2001 and has issued a patch.
http://www.infoworld.com/articles/hn/xml/02/10/16/021016hnsymantec.xml?s=IDGNS

 --16 October 2002 e-Shoppers Concerned About Security
A survey of Internet consumers indicates that people are apprehensive
about the security of their credit card and other personal information
when making on line purchases. Only 21.2% of those surveyed believed
their information was secure. This lack of confidence could be
detrimental to the growth of e-commerce.
http://www.msnbc.com/news/821649.asp?0dm=C237T

 --15, 16 & 18 October 2002 Pop-Up Spam
A company called DirectAdvertiser offers a tool which exploits
Microsoft Messenger to send "anonymous and untraceable" pop-up ads
to ranges of IP addresses. The Messenger service was designed for
administrator use in contacting network users. Messenger is enabled
by default in most versions of Windows.
http://www.wired.com/news/technology/0,1282,55795,00.html
http://www.theregister.co.uk/content/55/27634.html
http://zdnet.com.com/2100-1105-962506.html
http://www.msnbc.com/news/823007.asp?0dm=C218T

 --15 & 16 October 2002 Interpol Cybercrime Conference Convenes
The fifth Interpol conference on computer crime was held in Seoul,
South Korea. Attendees from 37 countries shared ideas about
information sharing between public and private sectors as well as
the need for international cooperation in cybercrime investigation.
One concern is that more than 100 countries have no laws regarding
cybercrime.
http://www.koreaherald.co.kr/SITE/data/html_dir/2002/10/15/200210150034.asp
http://www.washingtonpost.com/wp-dyn/articles/A33231-2002Oct16.html

 --15 October 2002 NIPC and Financial Services ISAC Will Share
                    Cyberthreat Info
The Financial Services Information Sharing and Analysis Center
(ISAC) has signed an agreement with the FBI's National Infrastructure
Protection Center (NIPC) that says they will communicate with each
other on a weekly basis about cyber security threats. While the
agreement indicates a shift in thinking for the private sector,
companies are still wary of sharing certain information until they
can be assured that it will not be accessible under the Freedom of
Information Act (FOIA). This article also addresses concerns many
private companies have about sharing cyber incident information,
including the fear of information being made public and of computers
being taken away.
http://www.cio.com/archive/101502/fear.html

 --15 October 2002 ATM Fraudster Draws Jail Time
A German man whose encryption scheme for ATMs was deemed too expensive
instead turned to fraud, creating and using phony debit and credit
cards to make withdrawals. The seventy-one-year-old was caught and
sentenced to nearly five years in jail.
http://www.theregister.co.uk/content/55/27610.html

 --14 October 2002 Freeh Still Supports Encryption Restrictions
Former FBI director Louis Freeh has long favored stringent restrictions
on encryption tools, including export restrictions and the inclusion
of back doors so federal officials could access encrypted documents
in criminal cases, but US policy went in the other direction,
allowing the export of strong encryption products without backdoors.
Freeh spoke to the Senate intelligence committee, pointing to the
UK's Regulation of Investigatory Powers (RIP) Act which allows law
enforcement officials to demand encryption keys for intercepted data,
and provides for jail time for those who do not comply.
http://zdnet.com.com/2100-1104-961969.html

 --14 October 2002 FBI to Open Cyber Forensics Lab in CA
The FBI is establishing a Regional Computer Forensics Laboratory in
Menlo Park, CA. The lab is expected to open next year; investigators
will be able to bring seized digital equipment to a team of specialists
for analysis to gather evidence in criminal investigations.
http://www.bayarea.com/mld/bayarea/4284974.htm

 --10 October 2002 Side Channel Attacks Changing Encryption Software
                    Thinking
Instead of examining encrypted and unencrypted versions of a message
to try to discern encryption keys, side channel attacks scrutinize
processing time and power consumption. The head of RSA Laboratories
says the growing presence of side channel attacks is causing a
change in the way encryption software is written. New software may,
for example, vary the amount of time it takes to perform specific
functions.
http://www.vnunet.com/News/1135796

===end===

NewsBites Editorial Board:
Kathy Bradford, Roland Grefer, Bill Murray, Stephen Northcutt, Alan
Paller, Marcus Ranum, Eugene Schultz and Gal Shpantzer

Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) e-mail sanssans.org with the subject:
Subscribe NewsBites

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9tpV8+LUG5KFpTkYRAvt0AKCXOzzdgNYzpLHS82sJ+nFhZ1zfRgCfc76c
n+x6W5ZOkTr/iauVLFbNT1U=
=OF1E
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]