From: The SANS Institute (NewsBitessans.org)
Date: Wed Apr 02 2003 - 07:41:12 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

***********************************************************************
SANS NewsBites April 2, 2003 Vol. 5, Num. 13
***********************************************************************

TOP OF THE NEWS
  Al Jazeera Web Site Faces Sustained DoS Attack and DNS Attacks
  Sendmail Users Face Second Major Security Flaw
  NIPC Says Chinese Hackers Likely To Launch Anti-War Attacks
  European Union Requires Standard Cyber Crime Laws

THE REST OF THE WEEK'S NEWS
  Bail Reduced For Identity Thief, Son of IBM Cyber Security Executive
  Ganda Virus Creator Could Face Up To Four Years In Prison
  Cell Phone Flaws Can Thwart Emergency Response
  Microsoft Bolstering WiFi Security in Windows XP
  Microsoft Refuses To Patch Windows NT4 RPC Vulnerability
  Congressman Challenges Bush Administration To Up IT Security Funding
  Policy Makers Struggle With Privacy vs. Security
  Gartner Lists Top Security Issues for 2003
  OMB Says Federal Agencies Doing Better On Security
  Hotmail Caps Outgoing Email Messages To Curb Spam

SECURITY TRAINING UPDATE
Mark your calendar:
Seven security training tracks in Baltimore, MD (April 7-12)
Four security training racks in Portland, OR (May 5-10)
Six security training tracks in Monterey, CA (June 11-16)
Five security training tracks in London, UK (June 23-28)
Plus smaller programs in Raleigh, Atlanta, Melbourne (AU), and San
Francisco.
If you cannot travel, we have local mentor and evening programs in
thirty cities, or ask to schedule a course at your location. Details
at http://www.sans.org

*********** Sponsored by VeriSign-The Value Of Trust. ****************

Secure Your Servers

Secure your servers with 128-bit SSL encryption! Grab your copy of
VeriSign's FREE Guide, "Securing Your Web site for Business," and
you'll learn everything you need to know about using 128-bit SSL to
encrypt your e-commerce transactions, secure your corporate intranets
and authenticate your Web sites. 128-bit SSL is serious security for
your online business. Get it now!

http://www.verisign.com/cgi-bin/go.cgi?a=n09440117530057000

***********************************************************************

TOP OF THE NEWS

 --Al Jazeera Web Site Faces Sustained DoS Attack and DNS Attacks
(31/28 March 2003)
The Arabic and English language versions of the AlJazeera.net web
site for the Arabic satellite news channel were both unavailable
for most of the past week. It appears to have been hit by both a
denial of service and a DNS attack. The site manager claimed that
no normal hacker could accomplish such a feat, but security experts
found common security flaws in the sites' upstream internet service
providers that would have easily enabled the DNS attack. The DoS
attack was also easily accomplished by a single hacker using zombie
machines over which he had gained control.
http://205.180.85.40/w/pc.cgi?mid=17413&sid=11896
http://www.washingtonpost.com/wp-dyn/articles/A40444-2003Mar28.html
[Editor's Note (Northcutt): A number of the news stories about
this event are misleading. This is not super patriot hacker at work
exactly. Verisign's Network Solutions the folks that handle domains
get tricked from time to time. The PR Newswire folks have a more
accurate write up:
http://www.eedesign.com/pressreleases/prnewswire/65953
You will recall this is not the first case of domain hijacking,
in 1998 AOL took a hit:
http://news.com.com/2100-1023-216813.html?tag=bplst
In 1999, Ricochet networks was hijacked:
http://news.com.com/2100-1033-235081.html?legacy=cnet
Let's not forget Nike in 2000
http://zdnet.com.com/2100-11-521718.html?legacy=zdnn
In fact a couple years ago, there was even a Step by Step guide to
Hacking Domains:
http://www.securiteam.com/securitynews/5AP0D000KM.html]

 --Sendmail Users Face Second Major Security Flaw
(31 March 2003)
Most versions of sendmail do not adequately check the length of
e-mail addresses, and a carefully crafted address can trigger a
stack overflow and potentially allow the attacker to take control of
the system. Users are urged to upgrade to version 8.12.9. CERT/CC
said most medium to large organizations are likely to have at least
one vulnerable sendmail server.
http://www.infoworld.com/article/03/03/31/HNsendmail_1.html
The CERT Advisory: http://www.cert.org/advisories/CA-2003-12.html

 --NIPC Says Chinese Hackers Likely To Launch Anti-War DDoS Attacks
(31 March 2003)
The National Infrastructure Protection Center said that hacker groups
in China are planning distributed denial of service attacks on US
and UK web sites. The attacks are expected soon in part because today
is the anniversary of the collision of the US surveillance plane and
the Chinese fighter jet on April 1, 2002. The attacks are expected
to be the result of protests against the war in Iraq.
http://www.washingtonpost.com/wp-dyn/articles/A60363-2003Mar31.html

 --European Union Requires Standard Cyber Crime Laws
(28 March 2003)
The Council of the European Union has agreed on a common approach for
anti-hacking regulations. Each member state has until December 31, 2003
to adopt the new rules that make unauthorized access a criminal offense
and that call for jail time for serious offenders. Some observers
were concerned that email protests could be criminalized.
http://www.net-security.org/news.php?id=2267
http://www.iht.com/articles/88499.html

************************ SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.

(1) FOIL NETWORK ATTACKS BEFORE THEY'RE LAUNCHED! Automatically prevent
      intrusions. FREE DEMO.
http://www.sans.org/cgi-bin/sanspromo/NB152

(2) Maximizing Security ROI with Symark UNIX/Linux solutions.
      Free white paper.
http://www.sans.org/cgi-bin/sanspromo/NB153

(3) FREE White Paper: "How a Hacker Launches a SQL Injection Attack
      Step-by-Step"
http://www.sans.org/cgi-bin/sanspromo/NB154

***********************************************************************

THE REST OF THE WEEK'S NEWS

 --Bail Reduced For Identity Thief, Son of IBM Cyber Security Executive
(27 March 2003)
Loren Anderson, the teen accused of using stolen identities to raid
bank accounts through ATM machines, saw his bail reduced when his
father, a cyber security director at IBM, promised to control his son,
and his son's defense attorney promised Loren would have no access
to computers.
http://www.nypost.com/news/regionalnews/72102.htm

 --Ganda Virus Creator Could Face Up To Four Years In Prison
(26 March 2003)
Swedish Police said they had captured the author of the Ganda virus
and that he had confessed. He claimed he had been unfairly treated
during his school days. The virus played on interest in the Iraq war
by using subject lines such as: "Spy pics," "GO USA !!!," "G.W. Bush
animation" and "Is USA always number one?"
http://zdnet.com.com/2100-1105-994148.html
Symantec report on Ganda:
http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.ganda.amm.html

 --Cell Phone Flaws Can Thwart Emergency Response
(30 March 2003)
Using a cell phone to contact emergency services by dialing 911
can take the caller to the wrong jurisdiction (one located far from
the caller's location) and delay emergency response. In addition,
regulators are not advocating global positioning system (GPS)
capability in cell phones that could save lives by pinpointing the
location of callers in distress.
http://www.washingtonpost.com/wp-dyn/articles/A54802-2003Mar30.html

 --Microsoft Bolstering WiFi Security in Windows XP
(31 March 2003)
Microsoft announced today that Windows XP users could download WiFi
Protected Access (WPA) to replace the more easily hacked WEP. WPA can
work with Remote Authentication Dial-In Services to help determine
the identity of users accessing corporate wireless networks.
http://www.computerworld.com/securitytopics/security/story/0,10801,79897,00.html?SKC=security-79897

 --Microsoft Refuses To Patch Windows NT4 RPC Vulnerability
(28 March 2003)
Microsoft's statement that it would not offer a version of a security
patch for NT 4.0 has called into question an earlier promise to
continue supporting the operating system through the end of 2004 and
raised concern among its customers. The new vulnerability could expose
computers running the operating systems to a denial of service attack,
Microsoft warned in its security bulletin, MS03-010, on Wednesday.
The bulletin contained patches for Windows 2000 and XP.
http://www.infoworld.com/article/03/03/28/HNmspatch_1.html
Microsoft's Bulletin:
http://www.microsoft.com/technet/security/bulletin/MS03-010.asp

 --Congressman Challenges Bush Administration To Up IT Security Funding
(27 March 2003)
Rep. Sherwood Boehlert (R-N.Y.) today said the Bush administration
has failed to put its cybersecurity money where its mouth is. He also
called for creation of a senior advisory post for IT security within
the Homeland Security Department.
http://www.gcn.com/vol1_no1/daily-updates/21505-1.html

 --Policy Makers Struggle With Privacy vs. Security
(20 March 2003)
A Congressional Internet Caucus meeting focused on the privacy/security
tradeoff. Speakers suggested that power was being misused and should
be constrained while other speakers said that the security measures
being instituted by the U.S. government are much less intrusive than
those taken by other wartime Presidents.
http://www.infoworld.com/article/03/03/20/HNprivacy_1.html
[Editor's Note (Schultz): Unfortunately, privacy has not been very
much of a major concern in the U.S. (as opposed to in many European
countries) so far, as evidenced by the existence of little privacy
protection legislation. Perhaps erosion of what little privacy
protection we have will help awaken the public (and ultimately
legislators) to the need for better privacy protection.]

 --Information Security Magazine Evaluates Five Vulnerability Scanners
(March 2003)
Internet Security System's Internet Scanner came in first in a
competition with Nessus (2) NetRecon (3) and SAINT and Retina,
when judged by the number of common flaws found. Internet Security
Magazine's testing also found that none of the vulnerability testers
did a good job of mapping the large network and every one of the
systems crashed at least one server or application.
http://www.infosecuritymag.com/2003/mar/cover.shtml
[Editor's Note (Paller): The article is definitely worth reading,
but leaving out Qualys, Foundstone and Tenable Security makes it less
than useful as a buyer's guide.]

 --Gartner Lists Top Security Issues for 2003
(28 March 2003)
Gartner analyst Victor Wheatman lists Web service security, wireless
LAN security, identity management, intrusion prevention, event
correlation, the next great worm, instant messaging security, homeland
security, security engineering throughout the enterprise, intellectual
property defense and transaction trustworthiness and auditing.
http://www.techweb.com/wire/story/TWB20030328S0007
[Editor's Note (Northcutt): I might add sendmail, but
from what I interpret from Netcraft survey data, there are
still at least 300,000 WebDAV vulnerable IIS Servers, so I
certainly agree web service security belongs at the top.
If your site runs IIS make sure you are on the patch.
http://news.netcraft.com/archives/2003/03/18/three_quarters_of_microsoftiis_sites_have_webdav_enabled.html]

 --OMB Says Federal Agencies Doing Better On Security
(27 March 2003)
After flunking most agencies last year, OMB is ready to send out better
grades this year, claiming progress was made "across the government."
OMB is ready to cut off funds to agencies that have not corrected
security problems.
http://www.gcn.com/vol1_no1/daily-updates/21510-1.html

 --Hotmail Caps Outgoing Email Messages To Curb Spam
(27 March 2003)
Microsoft has reduced the number of messages people using its free
Hotmail service can send each day to 100 from 500, in an attempt to
cut down on spam.
http://news.bbc.co.uk/1/hi/technology/2890661.stm

===end===

NewsBites Editorial Board:
Kathy Bradford, Dorothy Denning, Roland Grefer, Stephen Northcutt,
Alan Paller, Marcus Ranum, Eugene Schultz, Gal Shpantzer
Guest Editors: Bruce Schneier and Hal Pomeranz

Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) visit http://www.sans.org/sansnews/

To update your address, visit http://www.sans.org/sansurl and enter
your SD number (from the header of this email.) You will receive your
personal URL via email.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+itNb+LUG5KFpTkYRAoeLAJ4ofnQuo1t72Q7uPDdR0x323X+PLwCfTMy1
QJaEhVMwgOxA/cZVmTW81qQ=
=xJq4
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]