From: The SANS Institute (NewsBitessans.org)
Date: Fri Jan 20 2006 - 13:46:58 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If your employer is subject to the PCI standard for protecting credit
card information *and* subject to any other information security
requirements (GLB, HIPAA, SOX, state law on disclosure) and you know
something about the PCI, please join the new SANS/CIS standards project
to correct the five fatal flaws in the PCI and expand it to cover other
personally identifiable information. We now have 23 large organizations
on the team and are hoping for 100. Email infosans.org with subject PCI
and include information about your experience with the PCI and what
other standards apply to your organization.

*************************************************************************
SANS NewsBites January 20, 2006 Vol. 8, Num. 6
*************************************************************************

TOP OF THE NEWS
    Cingular Obtains TRO Against Companies Selling Private Cell Phone
       Records
    Emerging Threats Seen in Linux, Mac OS X, iPod
  
THE REST OF THE WEEK'S NEWS
  ARRESTS, CONVICTIONS AND SENTENCES
    Former Medical Office Manager Indicted for Patient Record Theft
  WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
    F-Secure Has Fixes Available for DoS and Code Execution Flaws
    Patches Available for Backup Software Holes
    Visual Basic Worm Spreading
    Windows XP SP3 Due Out in Second Half of 2007
    Cisco Issues Two Fixes
    Oracle's Quarterly Security Update
    Buffer Overflow Flaw in AOL's You've Got Pictures Tool
  ATTACKS & INTRUSIONS & DATA THEFT
    MillionDollarHomepage.com Targeted by Cyber Extortionists
    Privacy Rights Clearinghouse List of Data Security Breaches
  MISCELLANEOUS
    Internet Explorer 7 Will Have History Delete Feature
  
********************** Sponsored by BigFix, Inc. ************************
WEBCAST AND RESEARCH NOTE: "MINIMIZING RISK"
Join BIGFIX, and GARTNER guest speaker, Mark Nicolett, for "Minimizing
Risk with Vulnerability and Security Configuration Management".
Presentations and a customer CASE STUDY illustrate how the right
vulnerability management solution helps BigFix customers worldwide
reduce costs, maintain compliance and increase security - without adding
expensive infrastructure. RESEARCH NOTE for all attendees!

http://www.sans.org/info.php?id=989
*************************************************************************
Training Opportunities in the Next Five Weeks

SANS 2006 in Orlando (Feb 24- March 4) 36 tracks of extraordinary
training - the best instructors in the world, and a great security tools
exposition. Lots of people are bringing their families to Orlando to
join them at the end of the program.

Or you can take SANS training anytime, anywhere with the new SANS On Demand.
   Details on these and other programs: www.sans.org
*************************************************************************

TOP OF THE NEWS

 --Cingular Obtains TRO Against Companies Selling Private Cell Phone Records
(17/16 January 2006)
A federal court in Atlanta has granted Cingular Wireless a temporary
restraining order (TRO) against operators of several web sites that
provide private cellular phone records for a fee. Cingular says the
companies' employees pretend to be cellular phone customers and Cingular
employees to gather confidential information from customer service
representatives. The information offered for sale includes private
phone numbers and call records. In a separate case, on line data
brokers have used devious means to obtain cell phone records of Verizon
Wireless customers, according to court documents filed in a Florida
court.
http://www.usatoday.com/tech/wireless/2006-01-16-cingular-records_x.htm
http://www.theregister.co.uk/2006/01/17/cingular_sues_over_customer_records/print.html
http://www.wired.com/news/technology/1,70027-1.html

 --Emerging Threats Seen in Linux, Mac OS X, iPod
(12 January 2006)
At the recent Cyber Crime Conference sponsored by the US Department of
Defense, intensive courses offered on Mac OS X, Linux and iPods indicate
a growing concern with malicious code running on the operating systems
and the threats posed by iPods and similar devices. As the platforms
become more widely used, malicious code for them is becoming an emerging
threat.
http://www.eweek.com/print_article2/0,1217,a=169104,00.asp

************************ Sponsored Links: *******************************
Note: These links take you outside the SANS site:
1) Email Security Strategies: What to Plan for in 2006 Gartner
analyst featured in this On Demand webinar beginning January 19th
http://www.sans.org/info.php?id=990

2) Free SANS Webcast Next Week - WhatWorks in Penetration Testing:
"Improving System Health with Care New England" Wednesday, January 25
at 1:00 PM EST (1800 UTC/GMT)
http://www.sans.org/info.php?id=991

3) WhatWorks in Intrusion Prevention: "Eliminating Virus Outbreaks with
Sara Lee" a FREE SANS Webcast
Tuesday, January 31 at 1:00 PM EST (1800 UTC/GMT)
http://www.sans.org/info.php?id=992
*************************************************************************

THE REST OF THE WEEK'S NEWS

ARRESTS, CONVICTIONS AND SENTENCES
 --Former Medical Office Manager Indicted for Patient Record Theft
(19 January 2006)
Joseph Nathaniel Harris, who formerly worked as the manager of the San
Jose (California) Medical Group, has been indicted by a federal grand
jury on charges stemming from the theft of computers and DVDs that
contained patient records. Harris allegedly broke into the office after
resigning his position. If convicted of all charges against him, Harris
faces a maximum prison sentence of ten years and a fine of up to
US$250,000.
http://www.eweek.com/print_article2/0,1217,a=169608,00.asp

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
 --F-Secure Has Fixes Available for DoS and Code Execution Flaws
(19 January 2006)
F-Secure has warned of several vulnerabilities in its products that
could be exploited to cause denial-of-service or execute malicious code.
One of the flaws is a boundary error in .zip archive handling that could
allow the execution of arbitrary code; a problem with .rar and .zip
archive processing scanning functionality could allow malware to escape
detection. Attackers could exploit the vulnerabilities with specially
crafted archives. The company has fixes available for the flaws.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1160314,00.html
http://www.zdnet.co.uk/print/?TYPE=story&AT=39248179-39020375t-10000025c
http://www.f-secure.com/security/fsc-2006-1.shtml

 --Patches Available for Backup Software Holes
(18 January 2006)
Backup software from two different companies is vulnerable to attacks.
Patches are available for denial-of-service and hijacking flaws in EMC's
NetWorker. Patches are also available for a Veritas NetBackup buffer
overflow; exploit code for the flaw has been posted to the Internet.
http://news.com.com/2102-1002_3-6028515.html?tag=st.util.print
[Editor's Note (Northcutt): Northcutt, backup software vulnerabilities
were number one in the 2005 SANS Top 20 for cross platform issues:
http://www.sans.org/top20/#c1 ]
[From the Internet Storm Center (Swa Frantzen): It is interesting to
note the spike in scanning for the netbackup software started *after*
publication of the exploit http://isc.sans.org/diary.php?storyid=1055
Seems to invalidate the claims by the FD adepts that it is used before
they publish. (vulnerability and fix were old)]

 --Visual Basic Worm Spreading
(18 January 2006)
A Visual Basic worm known by several names, including Blackmal.e and
MyWife.d, arrives as an attachment and spreads through shared folders.
It tries to disable several different security programs. The attachment
can be an executable file or a MIME file containing an executable file.
http://www.informationweek.com/news/showArticle.jhtml?articleID=177101528

 --Windows XP SP3 Due Out in Second Half of 2007
(18 January 2006)
Microsoft has set a tentative release date of the second half of 2007
for Windows XP Service Pack 3 (SP3) the professional and home editions.
Windows XP SP2 was released in 2004. Microsoft reportedly pushed back
the release date for XP SP3 to allow them to concentrate resources on
Windows Vista, which is scheduled to be released later this year.
http://www.zdnetasia.com/news/software/printfriendly.htm?AT=39305800-39000001c
http://www.theregister.co.uk/2006/01/18/windows_xp_sp3_delay/
http://www.microsoft.com/windows/lifecycle/servicepacks.mspx

 --Cisco Issues Two Fixes
(19/18 January 2006)
Cisco has issued two security advisories and fixes for flaws in Cisco
CallManager. A privilege escalation flaw could be exploited to gain
full administrative privileges; the other flaw could be exploited to
create a denial-of-service condition.
http://news.com.com/2102-1002_3-6028417.html?tag=st.util.print
http://www.vnunet.com/vnunet/news/2148884/cisco-patches-voip-flaws
http://www.cisco.com/en/US/products/products_security_advisory09186a00805e8a55.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a00805e8a5a.shtml
[From the Internet Storm Center (Swa Frantzen): There are three issues, not two:
- - DoS against routers
- - DoS against CallManager
- - privilege escalation by administrative users of the call managers
http://isc.sans.org/diary.php?storyid=1054]

 --Oracle's Quarterly Security Update
(18 January 2005)
Oracle's quarterly security update includes patches for more than 100
flaws. One of the vulnerabilities allows Oracle databases users with
basic access privileges to elevate those privileges to those of the
database administrator. Oracle's quarterly schedule has met with
criticism because some believe it leaves users vulnerable for too long.
Oracle has also been criticized for not providing adequate detail about
the vulnerabilities addressed. Oracle has also released a tool that
allows users to check for default accounts and passwords in an effort
to protect users from the Oracle Voyager worm.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5183
http://www.zdnetasia.com/news/security/printfriendly.htm?AT=39305786-39000005c
[Editor's Note (Schultz): Isn't this the same database product that
Larry Ellison only a few years ago declared was "hackerproof?"]

 --Buffer Overflow Flaw in AOL's You've Got Pictures Tool
(17 January 2006)
A critical buffer overflow flaw in AOL's YGP Picture Finder Tool ActiveX
Control (YGPPicFinder.DLL), which is used by AOL's You've Got Pictures,
could be exploited to execute arbitrary code or cause a
denial-of-service condition. The problem lies in an ActiveX control in
the tool and affects several versions of AOL, including AOL 8.0, 8.0+
and 9.0 Classic. An AOL spokesman said the company became aware of the
issue in July and pushed out a fix to affected members for a few weeks
last fall. Users who did not log in during that period are encouraged
to download a newer version of AOL's client suite or apply a hotfix
patch.
http://www.computerworld.com/printthis/2006/0,4814,107824,00.html
http://www.eweek.com/print_article2/0,1217,a=169374,00.asp
http://www.kb.cert.org/vuls/id/715730

ATTACKS & INTRUSIONS & DATA THEFT
 --MillionDollarHomepage.com Targeted by Cyber Extortionists
(19/18 January 2006)
MillionDollarHomepage.com, the brainchild of UK student Alex Tew, has
been the target of denial-of-service attacks that law enforcement agents
have attributed to people in Russia. Tew created the web page to fund
his schooling; he sold pixels to advertisers and has made more than US$1
million. Tew wrote in his blog that the alleged attackers made demands
for "a substantial amount of money."
http://www.smh.com.au/news/breaking/russian-hackers-hold-website-to-ransom/2006/01/19/1137553695238.html
[Editor's Note (Pescatore): It is not that hard to get denial of service
protection. Trying to put up a $1M web site without doing so is like
putting a $1M painting out in your front yard - it really ought to be
under a roof. ]

 --Privacy Rights Clearinghouse List of Data Security Breaches
(17 January 2006)
The Privacy Rights Clearing house has compiled a list of known data
security breaches that have occurred since ChoicePoint's data breach
acknowledgment on February 15, 2005. The list includes the dates the
breaches were reported, the names of the institutions, the types of
breach and the number of individuals affected in each breach.
http://www.privacyrights.org/ar/ChronDataBreaches.htm
[Editor's Note (Schultz): The soon to be released list of known data
security breaches is much too long for comfort. The fact that suitable
legislation designed to reduce such breaches has not yet been passed in
the US only exacerbates concerns about failure to adequately protect
personal and financial information.
(Honan): This information could be the most valuable metric to put in
front of your senior management when trying to justify budget spend for
security measures. It is certainly a strong argument against the "it
could never happen to us" mentality. Interestingly, the figures show
that of the total 52 million identities that were compromised, 40
million were exposed due to the CardSystems debacle in June. Of the
remaining 12 million breaches, approximately 7.25 million were exposed
on lost mobile media such as laptops and backup tapes.]

MISCELLANEOUS
 --Internet Explorer 7 Will Have History Delete Feature
(17 January 2006)
According to information from a Microsoft program manager Uche Enuha in
the company's browser blog, Internet Explorer 7 will have a "delete
browsing history" feature in the Tools menu that will flush data
accumulated while visiting web sites. The feature will remove data,
including temporary Internet files, cookies, history, form data and
passwords. Users will be able to choose the data they want to delete.
A beta version of IE7 is available for Windows XP SP2 and an enhanced
beta version is available for Windows Vista beta 1.
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=5171

===end===

NewsBites Editorial Board:
Kathy Bradford, Chuck Boeckman, Rohit Dhamankar, Roland Grefer, Brian
Honan, Clint Kreitner, Stephen Northcutt, Alan Paller, John Pescatore,
Marcus Ranum, Howard Schmidt, Eugene Schultz, Gal Shpantzer, Koon Yaw
Tan

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD0S42+LUG5KFpTkYRAnJIAJ9pEtfZATFXdOMFbWx1xCmYhqxasQCfWB/e
r5q8X+tKlWv4r9NVmpPc/OY=
=Yl1R
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]