From: The SANS Institute (NewsBitessans.org)
Date: Wed Jul 09 2003 - 11:21:08 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dell's announcement this morning that it has begun delivering a new
hardened configuration of Windows 2000 is a defining moment in the
ongoing quest to make security less expensive and more effective. Dell
has proven that vendors can take the initial security configuration load
off of users and that there are standards that vendors can use (from
the Center for Internet Security -www.cisecurity.org) if they want to
deliver safer systems. Users no longer have to settle for wide-open,
unsafe configurations. It may soon be perceived as unwise to order a
system configured unsafely when vendors are delivering safe
configurations. If you want to buy systems from other vendors, it is
now acceptable to require in your specifications that they deliver those
systems configured safely. You'll find the Dell announcement at end of
this issue.

                                     Alan

***********************************************************************
SANS NewsBites July 9, 2003 Vol. 5, Num. 27
***********************************************************************

TOP OF THE NEWS
  Defacing Contest Scheduled for July 6 -- Was A Dud
  CERT/CC Incident Report on Malware Spread Rates and User
     Misconceptions
  RIAA Will Pursue More File Traders

THE REST OF THE WEEK'S NEWS
  Dissertation Makes Sensitive Security Data Available
  Rain Forest Puppy Steps Away From Security Research
  Australian High Tech Crime Center
  Web Application Penetration Testing, Part 2: Input Validation
  Sluter-A Worm Seeks Network Shares With Weak Passwords
  Bloomberg Extortionist Sentenced
  Australian Government to Review Cyber Crime Laws
  The Limitations of Cross-Platform Authentication
  ISS Vulnerability List
  Six-Month Virus Report
  Microsoft Patches for Passport Vulnerability
  Process Systems Security
  Romanian Men Arrested in Connection With Cyber Extortion Scheme

******* Sponsored by the Instructor-Led Online Training of SANS *******
Hacker Exploits Instructor Led On Line - By popular demand one of the
two top rated hacker exploits teachers in the world will teach a live,
online version of this very popular track. No flying away for a week,
convenient hours, lots of time between classes for hands-on work. And
Eric Cole is extraordinary. Begins July 22. More information:
http://www.sans.org//onlinetraining/ilot/track4.php

***********************************************************************
Other Highlighted Training
SANS Rocky Mountain returns to Denver August 14-19 (one month after
SANSFire). Six popular immersion training tracks and a vendor
exposition. Register soon: http://www.sans.org/rockymountain03

Or come to Boston http://www.sans.org/newengland03 or Los Angeles
http://www.sans.org/losangeles03 in September for our two other
six-track programs.

***********************************************************************

TOP OF THE NEWS

 --Defacing Contest Scheduled for July 6 - Was A Dud
(6 and 2/3 July 2003)
Despite warnings from Internet Security Systems about the Defacers'
Challenge scheduled to take place on Sunday, July 6, very few sites were
hacked. The contest awarded points to attackers who compromised
organizations' web servers and defaced their web sites; more points were
awarded for compromising less popular operating systems, such as Mac OS
and Unix variants. The Department of Homeland Security says it received
"credible evidence" about the planned attacks and that it detected
probes looking for vulnerable networks, but it did think the problem
was important enough to issue warnings.
Results:
http://money.cnn.com/2003/07/06/technology/hacking_contest.reut/
Original press coverage:
http://www.computerworld.com/printthis/2003/0,4814,82730,00.html
http://www.gcn.com/vol1_no1/daily-updates/22623-1.html
http://www.msnbc.com/news/934055.asp?0dm=T217T
http://www.cnn.com/2003/TECH/internet/07/03/hacker.warnings.ap/index.html

 --CERT/CC Incident Report on Malware Spread Rates and User Misconceptions
(2 July 2003)
The Computer Emergency Response Team Coordination Center (CERT/CC) has
issued an Incident Note regarding two "chronic problems" evidenced by
recent reports to CERT/CC. First, the speed at which malware spreads
is increasing, and second, users whose systems have been compromised
mistakenly assume that having anti-virus software installed was
sufficient to protect them from all malware attacks. To address these
problems, CERT/CC recommends employing layers of security and access
controls in addition to observing safe computing practices, such as
running and maintaining anti-virus software, disabling or securing file
shares and using firewalls.
http://www.cert.org/incident_notes/IN-2003-01.html

 --RIAA Will Pursue More File Traders
(1 July 2003)
The Recording Industry Association of America's (RIAA) announcement that
they plan to aggressively pursue action against people who trade
copyrighted files on line seems to have little effect on use of the
file-sharing services. Some users have taken precautions, like turning
the file-sharing feature off in their software. Some file-sharing
services have said they plan to employ methods to keep file-sharers'
identities anonymous.
http://www.cnn.com/2003/TECH/internet/07/01/download.music.ap/index.html
http://www.wired.com/news/print/0,1294,59448,00.html

************************ SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.

(1) Best Practices for Incident Response - Sign up for the
     practitioner's guide at
http://www.sans.org/cgi-bin/sanspromo/NB193

(2) ALERT: Test Your Web Apps for SQL Injection Vulnerabilities-Six
     Easy Steps
http://www.sans.org/cgi-bin/sanspromo/NB194

(3) Stop Network Attacks versus just Detecting. Intrusion Prevention
     Essentials White Paper
http://www.sans.org/cgi-bin/sanspromo/NB195

***********************************************************************

THE REST OF THE WEEK'S NEWS

 --Dissertation Makes Sensitive Security Data Available
(8 July 2003)
Sean Gorman, a PhD student at George Mason University outside
Washington, DC, has mapped all US business and industrial sectors and
the fiber-optic lines that connect them. Queries show choke points
and other vulnerabilities.
http://www.washingtonpost.com/wp-dyn/articles/A23689-2003Jul7.html?nav=hptoc_tn

 --Rain Forest Puppy Steps Away From Security Research
(8 July 2003)
One of the industry's most prolific discoverers of security flaws, Rain
Forest Puppy, has called it quits. His reasons make interesting
reading.
http://www.eweek.com/article2/0,3959,1186457,00.asp

 --Australian High Tech Crime Center
(3 July 2003)
The recently launched Australian High Tech Crime Center will unite
police around the country in the fight against cyber crime. The
Center's responsibilities will include "education and prevention of
high-tech crime through cooperation with law enforcement, government
agencies, industry groups and private organizations." The Center, which
is hosted by the Australian Federal Police in Canberra, will initially
have a staff of 13 and is expected to grow.
http://www.ds-osac.org/view.cfm?KEY=7E4452474B50&type=2B170C1E0A3A0F162820
[Guest Editor, Nick Main, a SANS local mentor in Canberra and member of
the Windows 2003 Gold Standard Courseware development team adds: This
has not received a lot of press in Australia, but their web site is
www.ahtcc.gov.au and it looks like a good start for electronic law
enforcement down under.]

 --Web Application Penetration Testing, Part 2: Input Validation
(3 July 2003)
The second article in a three-part series on penetration testing for
web applications addresses issues surrounding input validation, such as
SQL injection vulnerabilities, code and content injection and cross site
scripting.
http://www.securityfocus.com/printable/infocus/1709

 --Sluter-A Worm Seeks Network Shares With Weak Passwords
(2 July 2003)
The Sluter-A worm scans port 445 of random IP addresses for certain
network shares protected by weak passwords; the worm uses a battery of
just 16 passwords. If it is successful in breaking in, Sluter-A will
make a copy of itself with the filename msslut32.exe and schedule itself
to be run; it will also add a registry key to ensure that it is run on
start-up.
http://www.ds-osac.org/view.cfm?KEY=7E4452474254&type=2B170C1E0A3A0F162820

 --Bloomberg Extortionist Sentenced
(1/2 July 2003)
Oleg Zezov, the Ukrainian man convicted of trying to extort $200,000
from Michael Bloomberg, founder of Bloomberg financial news service,
has been sentenced to 51 months in prison, one of the longest sentences
ever for computer intrusion.
http://www.theregister.co.uk/content/55/31517.html
http://www.reuters.com/printerFriendlyPopup.jhtml?type=internetNews&storyID=3022973

 --Australian Government to Review Cyber Crime Laws
(1 July 2003)
The Australian Federal Government plans to review the country's existing
cybercrime laws with an eye to ensuring that those convicted of those
crimes in the future will receive stiff penalties. The review occurred
because federal authorities believe the courts are treating cyber
criminals too leniently. The review will be conducted by the
Attorney-General's Department, which plans to focus on a recent case in
which a man was given a suspended sentence for breaking into OptusNet
and accessing account details belonging to 400,000 customers; an appeal
brought by the prosecutors resulted in a fine and a "two-year good
behaviour bond."
http://www.ds-osac.org/view.cfm?KEY=7E4452464453&type=2B170C1E0A3A0F162820

 --The Limitations of Cross-Platform Authentication
(1 July 2003)
One of the biggest impediments to cross-platform authentication is the
fact that each server platform uses a different schema for the fields
that hold information about user identity, account information and
permissions. Of the many fields each schema contains, only three are
considered standard: user name, password and home directory.
http://www.computerworld.com/printthis/2003/0,4814,82682,00.html
[Editor's Note (Grefer): Third party solution for centralized and/or
cross-platform authentication have been around for a long time. These
serve as an add-on to the operating system and replace the standard
authentication mechanism. Similarly, a wide variety of platforms by now
support LDAP, the Light-weight Directory Access Protocol as an alternate
means for authentication. It is also possible to integrate LDAP with
Microsoft's Active Directory Service (ADS), resulting in a sizeable
amount of systems and platforms that can use LDAP for cross-platform
authentication. http://www.ldapguru.org/]

 --ISS Vulnerability List
(1 July 2003)
Internet Security Systems' (ISS) new tool, the Catastrophic Risk Index,
lists the 30 most important vulnerabilities in the view of its X-Force
security experts.
http://www.idg.net/ic_1325657_9720_1-5072.html
http://documents.iss.net/risksolutions/CRI_FAQ.pdf

 --Six-Month Virus Report
(1 July 2003)
According to a report from anti-virus company Sophos, 3,855 new viruses
were detected during the first six months of 2003, a 17.5% increase over
last year's numbers. The most frequently reported viruses during that
time were Bugbear-B, Sobig-C and Klez-H.
http://www.infoworld.com/article/03/07/01/HNbug_1.html
http://news.bbc.co.uk/1/hi/technology/3033366.stm
http://www.sophos.com/pressoffice/pressrel/uk/20030630topten.html

 --Microsoft Patches for Passport Vulnerability
(30 June/1 July 2003)
Microsoft has patched a vulnerability in Passport's "Secret Question"
feature, which could allow an attacker to reset the password for and
hijack someone else's account. Accounts established prior to August
1999 are vulnerable because the Secret Question feature was not in place
then.
http://news.com.com/2102-1009_3-1023032.html?tag=ni_print
http://www.idg.net/ic_1325611_9677_1-5046.html

 --Process Systems Security
(30 June 2003)
Security problems faced by supervisory control and data acquisition
(SCADA) and other process systems and networks include the "barriers
between IT and the engineers who ... run process networks," customized
applications and a dearth of security software for the applications and
networks. The Instrumentation, Systems and Automation Society is
developing best practices for securing process networks.
http://www.computerworld.com/printthis/2003/0,4814,82505,00.html
http://www.computerworld.com/printthis/2003/0,4814,82506,00.html

 --Romanian Men Arrested in Connection With Cyber Extortion Scheme
(29 June 2003)
Several Romanian men have been arrested for their alleged roles in a
cyber extortion scheme. The group would break into computer systems at
US companies, download client data from company databases and then ask
$50,000 to refrain from posting the information on the Internet. The
FBI worked with the Special Investigations Unit of the Romanian Supreme
Court to track down the alleged perpetrators.
http://www.sundayherald.com/print34961

 --The Dell Announcement

DELL OFFERS MORE SECURE DESKTOP AND NOTEBOOK COMPUTERS
        
ROUND ROCK, Texas, July 9, 2003-Dell is helping customers better protect
their information assets from unauthorized access, control or damage by
giving them the option of a more secure or "hardened" configuration.

The new security service, in which Dell activates more than 50 security
settings on Microsoft Windows 2000, helps customers better secure their
systems without adding time nor complexity to their system
installations.

This service, available on desktops and notebooks, helps public and
private organizations meet a security benchmark established by the
Center for Internet Security (CIS), whose mission is to help
organizations around the world effectively manage risks related to
information security. CIS is made up of leading companies, universities,
auditing organizations and government agencies.

"Dell is taking a leadership position in providing secure systems to
its customers," said Clint Kreitner, president of CIS. "We hope other
vendors will follow Dell's lead." Dell intends to develop a similar
offering for Windows XP after the benchmark is released by CIS later
this year.

"Protecting data from dangers such as hackers and computer viruses is
a challenge for today's organizations," said Tom Buchsbaum, sales vice
president of Dell's federal sector. "Dell is committed to providing our
customers with technology products that provide a high level of
security, and our work with CIS builds on that commitment."

For more information on Dell's security-enabled hardware and security
services, visit www.dell.com/security.

==end==

NewsBites Editorial Board:
Kathy Bradford, Dorothy Denning, Roland Grefer, Stephen Northcutt, Alan
Paller, Marcus Ranum, Eugene Schultz, Gal Shpantzer
Guest Editor: Bruce Schneier

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE/DAMS+LUG5KFpTkYRArWQAJ0Zt+1PRolvEc0M4eB7eO+Iko01GwCdGWY2
kiqazwTep1Ra2xjVxwi3Xsg=
=4xJ5
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]