From: The SANS Institute (NewsBitessans.org)
Date: Wed May 28 2003 - 10:56:43 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the past three weeks, people from four large organizations have
contacted us with almost identical requests. In each case, they have
asked for help in getting all of their system administrators GIAC
certified in security - in part by scheduling in-house classes. When
we asked what triggered the request each told us that their CIO had
decided that every person who has privileged access (root or
administrator logins) to computers must also have at least the technical
security skills required by GIAC's Security Essentials, Windows or UNIX
security certifications.

It is very hard for CIOs to feel confident in assuring their bosses that
they have "sufficient security." It appears they are beginning to view
sysadmin security training and GIAC certification as a necessary step
in meeting minimum standards of due care.

                                  Alan

***********************************************************************
SANS NewsBites May 28, 2003 Vol. 5, Num. 21
***********************************************************************

TOP OF THE NEWS
  California Senate Approves Harsher Anti-Spam Bill
  Proposed Anti-Spam Bill is in Congress
  Cyber Terror Drill Demonstrates Cooperation is Essential
  Air Force Service Evaluates Patches

THE REST OF THE WEEK'S NEWS
  University of Calgary to Offer Malware Writing Course
  Cybersecurity Chief Position and Cyber Security Ops Center to be Part
     of DHS
  StartPage Trojan
  Study: Federal IT Spending Will Rise
  Data Thieves Target PayPal Users
  Data Thieves Target Citibank c2it Customers
  Teen Repeats Internet Scam After First Arrest
  McQueary Questioned About Private Sector Critical Cyber
     Infrastructure Subsidies
  Disgruntled Former Employee Hacking Cases on the Rise
  Spammers Could Exploit Sobig-B (Formerly Palyh) Worm
  Seized PDAs Encrypted with PGP
  Fear of Poor Security Keeps People from Internet Banking
  Man Ordered to Pay More than $500,000 in Internet Stock Manipulation
     Case
  Alleged Cyber Criminal Arrested in Thailand
  Wormhole Attacks on Wireless Networks Could be Mitigated with Help of
     GPS
  Get Legal Advice Before Reverse Engineering Malware
  Demand for Workers with Security Clearances Outstrips Supply

NEW SECURITY TRAINING PROGRAMS ANNOUNCED
SANS has added several cities to its schedule of immersion security
training programs:
  Atlanta, GA, June 2-7 (The auditing track still has seats)
  Monterey, CA, June 11-26 (6 tracks)
  San Francisco, June 18-23 (The new management track still has seats)
  London, UK, June 23-28 (5 tracks)
  Washington, DC, July 14-19 (9 tracks -including new management track)
  Washington, DC, July 21-22 (Nat'l. Info. Assurance Leadership Conf.)
  Melbourne, AU, July 28 - Aug 2 (2 tracks)
  Ottawa, ON, Aug. 11-16 (3 tracks)
  Denver, CO, Aug. 14-19 (6 tracks)
  Plus online courses and local mentor programs in 45 cities.
     See www.sans.org

*************** Sponsored by Internet Security Systems ****************

Discover how state-of-the-art correlation techniques will allow you to
substantially improve enterprise security and dramatically lower overall
costs. Learn more about the latest threat prioritization systems and
how to automatically match threats to known vulnerabilities in this ISS
whitepaper.

Visit: http://www.iss.net/ad/dtp_sansdtpwp052803/

***********************************************************************

TOP OF THE NEWS

 --California Senate Approves Harsher Anti-Spam Bill
(23/26 May 2003)
A bill recently passed by the California State Senate would make sending
unsolicited commercial e-mail a felony and would allow people to sue
spammers $500 for each message sent. Current California law is based
on an "opt-out" model, which can in fact backfire because responding to
a message alerts spammers to live e-mail addresses. The new bill
presents an "opt-in" model, and is based on a federal law against
unsolicited and junk faxes due to the cost incurred by the recipient.
The bill next goes to a vote in the California Assembly, and if approved
there, makes its way to Governor Gray Davis.
http://zdnet.com.com/2100-1105_2-1009411.html
http://www.computerworld.com/printthis/2003/0,4814,81542,00.html

 --Proposed Anti-Spam Bill is in Congress
(24 May 2003)
The Reduction in Distribution of Spam Act is likely to pass through
Congress quickly. The Bill imposes stiff penalties for people who use
false identities to send unsolicited commercial e-mail or fail to honor
people's requests to be removed from their mailing lists. Critics of
the proposed legislation say it does not go far enough; marketers could
still send out unlimited numbers of messages.
http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=2811844

 --Cyber Terror Drill Demonstrates Cooperation is Essential
(19 May 2003)
Preceding last week's Topoff2 exercise, officials in Seattle (WA)
participated in a mock cyber attack. The drill included a variety of
attack types, including viruses and distributed denial-of-service (DDoS)
attacks. They found they were best able to mitigate the effects of the
attack when they cooperated across federal, state and local levels.
http://www.gcn.com/22_11/homeland-security/22099-1.html
[Editor's Note (Schultz): But genuine cooperation between different
entities becomes considerably more difficult in situations other than
mock scenarios. Cooperation in incident response efforts is one of the
most difficult challenges in the information security arena.]

 --Air Force Service Evaluates Patches
(19 May 2003)
The Air Force has established the Enterprise Network Operations Support
Cell (ENOSC), a software patch service. Patches are tested by the Air
Force Computer Emergency Response Team which assesses its effectiveness
and assigns it a number indicating its likelihood of interfering with
other software. The patch along with that information is placed on the
site and administrators can decide if it's an appropriate patch for
their systems. ENOSC supports Windows 9x, NT 4.0, 2000 and XP, as well
as Exchange Server and Internet Explorer. It also supports Sun Solaris
and plans to add Linux and HP-UX.

http://www.gcn.com/22_11/security/22059-1.html

************************ SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.

(1) Instantly stop DDoS attacks. Prevent worm propagation. Hands-on,
     online demo--launch and mitigate live attacks.
http://www.sans.org/cgi-bin/sanspromo/NB174

(2) FREE White Paper: "Outsmart the Top 10 Web Application Hacks"
http://www.sans.org/cgi-bin/sanspromo/NB175

(3) Earn a Norwich University Master's Degree in Information Security
     in 24 months.
http://www.sans.org/cgi-bin/sanspromo/NB176
***********************************************************************

 --University of Calgary to Offer Malware Writing Course
(23/26 May 2003)
This autumn the University of Calgary plans to offer a course called
"Computer Viruses and Malware," in which students will learn to create
viruses, worms and Trojan horse programs. The professor offering the
course says understanding how malware is written will help develop more
effective methods of stopping it. Members of the anti-virus community
disagree with the approach; Sophos' Graham Cluley wonders if the
university will be held liable if malware developed in the course is
used in an actual cyber attack.
http://www.eweek.com/article2/0,3959,1104161,00.asp
http://www.sophos.com/virusinfo/articles/calgary.html
http://www.globetechnology.com/servlet/story/RTGAM.20030526.gtmalwaremay26/BNStory/Technology/

 --Cybersecurity Chief Position and Cyber Security Ops Center to be Part
    of DHS
(23/26 May 2003)
The Bush administration will announce the creation of a cybersecurity
chief position within the Department of Homeland Security. The
cyberchief's responsibilities will include carrying out recommendations
made in the National Strategy to Secure Cyberspace. The cyberchief will
be three levels below DHS Secretary Tom Ridge; former presidential
cybersecurity advisor Richard Clarke says the position is "not ...
senior enough." Candidates for the position are still being sought.
The DHS also plan to announce the establishment of a national
cyber-security center, which brings all the department's information
security assets under one umbrella.
http://www.washingtonpost.com/ac2/wp-dyn/A32736-2003May23?language=printer
http://www.eweek.com/article2/0,3959,1109041,00.asp

 --StartPage Trojan
(22/23 May 2003)
The StartPage Trojan exploits a vulnerability in Exploit.SelfExecHTML
in Internet Explorer's (IE) security system. StartPage arrives as a
Zip-archive containing an HTML file and an EXE file; infection occurs
when the HTML file is opened. The vulnerability affects IE 5.0 for
Windows 2000, 95, 98 and NT 4.0. There is not presently a patch for the
vulnerability.
http://196.37.50.65/sections/internet/2003/0305221102.asp
http://www.theage.com.au/articles/2003/05/23/1053585679689.html

 --Study: Federal IT Spending Will Rise
(22 May 2003)
The findings of a recent market research study indicate that federal
agency spending on information technology security will increase
steadily over the next five years, reaching $6 billion by 2008. The
security sector showed a marked increase after the terrorist attacks in
2001.
http://news.com.com/2102-1009_3-1009139.html?tag=ni_print

 --Data Thieves Target PayPal Users
(22 May 2003)
PayPal customers are being targeted by data thieves intent on obtaining
personal information that can be used to steal identities. Some PayPal
users have received e-mail messages with "PayPal Verification" in the
subject line; the message offers a link to a site that appears to be
official but is not. It asks for users' names, credit card numbers,
mothers' maiden names, bank account numbers and other sensitive
information. The site was registered in the name of someone whose
identity had been stolen.
http://www.securityfocus.com/news/5039

 --Data Thieves Target Citibank c2it Customers
(22 May 2003)
Personal data thieves are also targeting some Citibank customers.
Customers who use the c2it money transfer service have been receiving
e-mails that are HTML messages that contain forms that ask for such
personal data as social security numbers, dates of birth and mothers'
maiden names. The message is well-crafted; only the return address in
the message header gives pause, as it is a Hotmail account rather than
a Citibank address.
http://www.eweek.com/article2/0,3959,1102980,00.asp

 --Teen Repeats Internet Scam After First Arrest
(22 May 2003)
19-year-old Shiva Sharma of Queens (NY) allegedly tricked AOL users into
divulging personal and financial information that he used to purchase
and sell $30,000 worth of electronic equipment on the Internet. Sharma
was arrested on similar charges four months ago; he could face up to
seven years in prison.
http://www.nydailynews.com/front/story/85857p-78336c.html
http://www.nypost.com/news/regionalnews/76372.htm

 --McQueary Questioned About Private Sector Critical
    Cyber-Infrastructure Subsidies
(22 May 2003)
Members of the cyber-security subcommittee of the House Select Committee
on Homeland Security asked Charles McQueary, DHS undersecretary of the
Science and Technology Directorate, if the government should subsidize
privately owned critical cyber-infrastructure security. In his
testimony, McQueary explained that cyber-security is one of seven
priorities for his directorate.
http://www.eweek.com/article2/0,3959,1101707,00.asp
[Editor's Note (Grefer): When too many things become "priorities," none
of them is a priority anymore.]

 --Disgruntled Former Employee Computer Intrusion Cases on the Rise
(22 May 2003)
Approximately 75% of federal computer intrusion cases in Massachusetts
involve former employees, according to Assistant US Attorney Allison D.
Burroughs. The US attorney's office in Boston is presently working on
eleven such cases. They include the case of a fired travel agency
employee who later broke into the company's computers and canceled
customers' airline reservations.
http://www.boston.com/dailyglobe2/142/metro/Workers_vengeance_makes_its_way_on_Web+.shtml

 --Spammers Could Exploit Sobig-B (Formerly Palyh) Worm
(21 May 2003)
The Palyh worm, which has been identified as a variant of the Sobig worm
and hence renamed Sobig-B, could be used by spammers to install proxy
servers on infected machines and use them to send out large quantities
of unsolicited e-mail.
http://www.theregister.co.uk/content/56/30808.html

 --Seized PDAs Encrypted with PGP
(21 May 2003)
Italian police have been unable to access information on 2 PDAs seized
from members of Italy's Red Brigades; the devices are protected by PGP
encryption. Phil Zimmerman, who developed PGP, said investigators would
not be able to break the encryption using traditional techniques. The
situation once again raises the question of encryption and privacy vs.
security.
http://www.infoworld.com/article/03/05/21/HNpdapgp_1.html

 --Fear of Poor Security Keeps People from Internet Banking
(21 May 2003)
An RSA Security-commissioned study found that UK citizens are reluctant
to utilize Internet banking because they do not trust that the on-line
banks employ adequate security. 38% of those who do not use Internet
banking said they might be encouraged to switch if security measures
were improved.
http://www.vnunet.com/News/1141079

 --Man Ordered to Pay More than $500,000 in Internet Stock Manipulation
    Case
(21 May 2003)
Refal Shaoulian has been ordered to pay the US government more than
$500,000 for allegedly posting false stock information on the Internet,
to manipulate the stock's price, while he was a student at the
University of California at Los Angeles (UCLA). Shaoulian allegedly
made profits of more than $400,000.
http://www.nandotimes.com/technology/story/894152p-6229326c.html

 --Alleged Cyber Criminal Arrested in Thailand
(21 May 2003)
A Ukrainian man wanted in the US for alleged software piracy and
Web-spoofing has been arrested in Thailand. Maksym Kovalchuk, also known
as Maksym Vysochanskyy, has denied charges against him. The US is
expected to file an extradition request.
http://www.hindustantimes.com/news/181_258316,00030010.htm

 --Wormhole Attacks on Wireless Networks Could be Mitigated with Help
    of GPS
(20 May 2003)
Researchers from Carnegie Mellon University and Rice University
presented a paper at the Twelfth World Wide Web Conference in Romania
that described how a wormhole attack could adversely affect wireless
networks; the paper also describes a method for remediating the
vulnerability. A wormhole attack would involve intercepting wireless
data packets traveling on one part of a network and inserting them at
a different point. The suggested solution is to tag packets with global
positioning system (GPS) information or timestamps.
http://www.newscientist.com/news/news.jsp?id=ns99993747

 --Get Legal Advice Before Reverse Engineering Malware
(20 May 2003)
In an interview with ZDNet Australia, the Computer Emergency Response
Team's (CERT) Jeff Carpenter said Australian researchers should obtain
legal advice before reverse engineering malware so they can make sure
they are not running afoul of copyright laws like the US's Digital
Millennium Copyright Act (DMCA).
http://www.zdnet.com.au/printfriendly?AT=2000048600-20274678

 --Demand for Workers with Security Clearances Outstrips Supply
(19 May 2003)
The number of people with federal security clearances is lagging far
behind the demand. Background checks can take as long as a year, and
there are 237,816 clearance applications pending at the Defense Security
Service.
http://www.washingtonpost.com/ac2/wp-dyn/A4598-2003May17?language=printer

==end==

NewsBites Editorial Board:
Kathy Bradford, Dorothy Denning, Roland Grefer, Stephen Northcutt, Alan
Paller, Marcus Ranum, Eugene Schultz, Gal Shpantzer
Guest Editor: Bruce Schneier

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+1KhV+LUG5KFpTkYRAhtxAKCL30gVFO3Dh8h6a/URBdN/hobdjgCggaX8
oKhokW/gTlaNMxcjMarI+ZE=
=oUWG
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]