[EMAIL PROTECTED]
"Blessed are those who have not seen and yet have faith." - John 20:29
---------- Forwarded message ----------
Date: Wed, 27 Jun 2001 9:57:34 -0600 (MDT)
From: The SANS Institute <[EMAIL PROTECTED]>
To: Zachary Uram <[EMAIL PROTECTED]>
Subject: SANS Newsbites Voo. 3 Num. 26
To: Zachary Uram (SD300323)
From: Alan for the SANS NewsBites service
Re: June 27 SANS NewsBites
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The best new security initiative of 2001 is the early warning system
created by Incidents.Org. It is called Internet Storm Center and has
been surprisingly effective in discovering new worms as they are
launched. It is like the weather service where sensors (more than 2,000
in 45 countries) feed data to analysis centers. Individuals with Zone
Alarm and McAfee and PIX and IPChains and Snort and several other
systems all send log data that provides a real-time map of attacks on
the Internet. Go see it in operation at www.incidents.org,
www.dshield.org (the movie is interesting) and www.mynetwatchman.com.
One of the best features is that they aggregate attack data and "fight
back" by pushing ISPs to inform people whose machine are being used in
attacks. They've had phenomenal success in fixing these sites.
If you want to be part of the program, go to one of the sites, download
a client for your IDS or firewall, and you can be operating today and
getting feedback on who is attacking you and who else they are
attacking.
Congratulations to Lawrence Baldwin of MyNetWatchamn and Johannes
Ullrich of dshield.org for creating this extraordinary service to the
community.
AP
**********************************************************************
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 3, Number 26 June 27, 2001
Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Bill Murray,
Stephen Northcutt, Alan Paller, Eugene Schultz
**********************************************************************
TOP OF THE NEWS
22 June 2001 Microsoft Sites Running IIS Defaced
21 June 2001 Oracle Security Hole Allows DoS Attacks
20 June 2001 Money Bugs Send Credit Card Data to Thieves
19 & 20 June 2001 Social Worker Recommends Jail Time For Canadian Teen
19 June 2001 Former Employee Sentenced to Jail for Revenge Cracking
18 & 19 June 2001 IIS Vulnerability
THE REST OF THE WEEK'S NEWS
22 June 2001 Consumers' Association Chastised for Security Problem
22 June 2001 An Important Application for Encryption
21 June 2001 Cracker Penetrates Credit Card Database
21 June 2001 Kournikova Author to be Tried in Dutch Police Court
21 June 2001 Phone Phreaking Bill Dispute
20 June 2001 On Line World Bank Conference May Face Cyber Attacks
20 June 2001 Lufthansa Defends Against DoS Attack
20 June 2001 Russian Cracker Could Face Prison Sentence
20 June 2001 Jail Time for Satellite TV Access Card Cracker
20 June 2001 Instant Messaging Archiving Privacy Issues
20 June 2001 Financial Institutions, Consumers Urged to Pay Attention
to Security
20 June 2001 Customer Service E-Mail Mistakenly Forwarded to Other
Customers
19 June 2001 Incident Response Plans
18 June 2001 Elements of a Good Security Awareness Program
18 June 2001 ComputerHQ.com Exposed Customer Data
16 June 2001 TVA Employees Violated Policy by Downloading SETI Program
UPCOMING TRAINING OPPORTUNITIES
Rocky Mt. SANS (3 tracks) Denver, CO, Jun. 28 - Jul. 3
Patriot SANS (Hacker Exploits), Boston, MA July 13-17
SANSFIRE (8 tracks), Washington, DC, Jul. 30 - Aug. 4
SANS Security Leadership, Washington, DC, Aug. 1-2
SANS Parliament Hill (5 tracks), Ottawa, Canada, Aug. 8-18
SANS Scandinavia (3 tracks), Stockholm, Sept. 23-28
SANS Network Security 2001, San Diego, CA, Oct. 15-22
SANS Cyber Defense Initiative (CDI), Washington, DC, Nov. 27 - Dec. 3
Plus new, on-line, security training programs.
See www.sans.org for details.
*********************** Sponsored by Websense ************************
WHAT DO CISCO, MICROSOFT AND CHECK POINT HAVE IN COMMON?
They are all integrated with Websense, the leading Internet filtering
software solution. Transparently monitor, manage and report on traffic
from your internal networks to the Internet. Maximize your network
bandwidth, increase productivity and reduce legal liability.
Try Websense free for 30-days.
http://www.websense.com/index.cfm?id=060104
**********************************************************************
--22 June 2001 Microsoft Sites Running IIS Defaced
A cracker has defaced four Microsoft web sites, all of which were
running IIS on a Windows platform. Another group subsequently defaced
one of the sites; the other three were inaccessible as of late last
week.
http://www.theregister.co.uk/content/8/19915.html
--21 June 2001 Oracle Security Hole Allows DoS Attacks
A security hole in Oracle's database software running on Windows NT
could cause a denial of service because the server allocates resources
to the request. The problem was discovered by Internet Security
Systems (ISS) which also identified a number of similar vulnerabilities
affecting Oracle software running on Unix.
http://www.theregister.co.uk/content/8/19881.html
--20 June 2001 Money Bugs Send Credit Card Data to Thieves
Small devices can be planted inside retail terminals where they skim
credit card information and automatically send it to labs where people
make phony credit cards.
http://www.msnbc.com/news/589575.asp?0dm=C12NT
[Editor's (Murray) Note: This is a fundamental vulnerability that
results from the ability to insert an untrusted device. Visa and MC
may protest all they like, but the cost of such devices has fallen to
the tens of dollars, and any merchant and most of their employees can
insert one. The answer is smart cards, and Visa and MC both know it.
We can only hope that they will start to use them before permanent
damage is done to public trust and confidence. Time is critical and it
is not obvious that they have enough.]
--19 & 20 June 2001 Social Worker Recommends Jail Time For Canadian
Teen
A court-appointed social worker said that the Canadian teenager
responsible for major denial-of-service attacks in February 2000 should
spend at least five months in detention. The boy has shown no remorse
for his actions, needs more discipline, and is likely to commit more
cyber crimes, according to the social worker.
http://www.canoe.ca/CNEWSLaw0106/19_mafiaboy-cp.html
http://www.wired.com/news/politics/0,1283,44673,00.html
--19 June 2001 Former Employee Sentenced to Jail for Revenge
Cracking
A man who broke into his former employers computer system, deleted
files, altered records and sent phony e-mails was sentenced to six
months in prison. Patrick McKenna was also ordered to pay more than
$13,000 in restitution, and will be under supervision for two years
following his release.
http://www.boston.com/dailyglobe2/170/business/Ex_tech_worker_gets_jail_term_in_hacking+.shtml
--18 & 19 June 2001 IIS Vulnerability
A security flaw in Microsoft Internet Information Service (IIS) software
on running on Windows 2000, NT or XP beta could allow attackers to gain
system level access. Nearly six million sites are estimated to be
vulnerable to the flaw, and users have been urged to apply a patch that
Microsoft released when it announced the security hole. The problem
lies in the fact that the Indexing Service ISAPI Filter module does not
check for buffer overflows.
http://www.zdnet.com/zdnn/stories/news/0,4586,5092874,00.html?chkpt=zdhpnews01
http://www.msnbc.com/news/588963.asp?0dm=T21BT
http://www.wired.com/news/technology/0,1282,44620,00.html
http://www.computerworld.com/cwi/stories/0,1199,NAV47_STO61466,00.html
********************* Also sponsored by Symantec *********************
Who Gets In? Who Stays Out? Who Decides?
The dilemma every company faces. Symantec(tm) has a solution. With
Managed Intrusion Prevention, security experts assess, monitor and
maintain your company's perimeter security, around the clock. Using
world-class technology, we keep your organization's networked assets
secure and protected.
Find out how at http://www.symantec.com/ses5
**********************************************************************
THE REST OF THE WEEK'S NEWS
--22 June 2001 Consumers' Association Chastised for Security Problem
The Consumers' Association (CA) exposed customer credit card information
on its TaxCalc web site. CA has arranged for an independent assessment
of the web site, which will remain down until the security problem has
been addressed. Experts have been vocally critical of the blunder.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1402000/1402222.stm
--22 June 2001 An Important Application for Encryption
While credit card numbers may also be exposed in the network, attacks
against the merchant's server are usually more efficient. Such attacks
yield more value for successful attacks as compared to the cost of such
attacks. Merchants store credit card numbers because it makes
subsequent purchases easier for the consumer. Where merchants elect to
save credit card numbers they should do so on a back-end database
server. If credit card numbers are stored on the front-end server, they
should be encrypted.
http://www.wired.com/news/ebiz/0,1272,44740,00.html
--21 June 2001 Cracker Penetrates Credit Card Database
A cracker accessed the credit card database of Anacom Communications
Inc., an independent subsidiary of ZixIt Corp. The FBI is
investigating.
http://www.computerworld.com/storyba/0,4125,NAV47_STO61554,00.html
--21 June 2001 Kournikova Author to be Tried in Dutch Police Court
Jan de Witt, the Dutch man who unleashed the Kournikova worm in February
of this year, will be tried in police court, which limits the maximum
possible jail sentence to six months; a fine could go as high as
$38,000.
http://www.zdnet.com/zdnn/stories/news/0,4586,2778887,00.html
--21 June 2001 Phone Phreaking Bill Dispute
Crackers took advantage of a Georgia realty firm's 800 number to make
nearly $90,000 in overseas calls; as no culprits have been caught, the
small company disagrees with AT&T about who should foot the bill.
Businesses can protect themselves from such attacks by using arcane
passwords, changing them habitually, keeping passwords secret, and
blocking international phone service if it is never used.
http://www.accessatlanta.com/partners/ajc/epaper/editions/thursday/business_b3130921445570660025.html
[Editor's (Murray) Note: In the olden days Ma Bell simply treated such
losses as a cost of doing business. In the modern world AT&T owes other
carriers cash for such losses. In the modern world, the customer
manages and configures the APBX. While AT&T and other carriers will
manage it for a fee, it is a little much to ask them to absorb losses
associated with the customers' election to do it themselves.]
--20 June 2001 On Line World Bank Conference May Face Cyber Attacks
In an effort to avoid demonstrations, the World Bank has announced that
it will hold its scheduled conference on line instead of in Barcelona.
However, computer-savvy protesters could prove every bit as disruptive
as flesh and blood demonstrators.
http://www.guardianunlimited.co.uk/globalisation/story/0,7369,509697,00.html
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1398000/1398485.stm
--20 June 2001 Lufthansa Defends Against DoS Attack
Lufthansa claims to have successfully defended against a denial of
service attack launched as a protest. The German airline apparently
learned of plans for the attack beforehand, allowing them time to
prepare.
http://www.computerworld.com/storyba/0,4125,NAV47_STO61541,00.html
[Editor's (Murray) Note: The time one is most likely to learn of such
plans is after they are already in motion. Systems cannot unilaterally
protect themselves from DoS attacks; this requires upstream controls,
for example at the ISP. However, the time to put those controls in
place is now, not when one learns of plans.]
--20 June 2001 Russian Cracker Could Face Prison Sentence
A Russian cracker charged with sending out a virus that destroyed data
on at least one hard drive could receive a prison sentence of up to
three years.
http://www.themoscowtimes.com/stories/2001/06/20/045.html
--20 June 2001 Jail Time for Satellite TV Access Card Cracker
Victor Donell Mason received a 15-month jail sentence for modifying and
selling DirecTV access cards.
http://www.skyreport.com/skyreport/june2001/062001.htm#two
--20 June 2001 Instant Messaging Archiving Privacy Issues
Some instant messaging programs incorporate archiving features which do
not require the consent of both participants; most programs also allow
users to save their real-time on line conversations as text files.
http://news.cnet.com/news/0-1005-200-6333967.html?tag=prntfr
--20 June 2001 Financial Institutions, Consumers Urged to Pay
Attention to Security
The Financial Services Authority (FSA) urged on line financial
institutions not to forget security while they ready new products. The
UK watchdog group also cautioned consumers to be attentive to security
matters while doing business on line; consumers should use obscure
passwords, change them often, and check for encryption when sending
data, suggests an FSA team manager.
http://news.bbc.co.uk/hi/english/business/newsid_1399000/1399401.stm
[Editor's (Murray) Note: The most important and effective security
measure for consumers is timely reconciliation of confirmation and
statements from their financial institutions.]
--20 June 2001 Customer Service E-Mail Mistakenly Forwarded to Other
Customers
Private e-mail sent to the Network Solutions' customer service
department has been sent on to others who have e-mailed for help. A
company representative called the problem a "human error."
http://news.cnet.com/news/0-1003-200-6335782.html?tag=prntfr
--19 June 2001 Incident Response Plans
The recent security breach at Cal-ISO underscores the importance of
having an incident response plan in place. This article lists some
guidelines for such a plan, including recording all actions, preserving
all evidence, and reviewing and revising the plan after each incident.
http://www.zdnet.com/zdnn/stories/comment/0,5859,2777037,00.html?chkpt=zdnn_nbs_hl
--18 June 2001 Elements of a Good Security Awareness Program
A good security awareness program will address social engineering,
passwords, insider threats, and cyber ethics.
http://www.fcw.com/fcw/articles/2001/0618/sec-feat3bx2-06-18-01.asp
--18 June 2001 ComputerHQ.com Exposed Customer Data
A programmer who found a JavaScript flaw on the Computer HQ.com web site
that divulged credit card information and other personal data about
customers tried and tried again to get the company to fix the problem.
While some of the customers contacted by the programmer were shocked at
the lax security, others were angry that the programmer had pried into
their private details.
http://www.wired.com/news/technology/0,1282,44613,00.html
--16 June 2001 TVA Employees Violated Policy by Downloading SETI
Program
Tennessee Valley Authority (TVA) employees violated policy and
compromised computer security when they downloaded the SETIhome
distributed computing program, according to a report from the inspector
general. There is no evidence of unauthorized system access, and the
program has been removed from the computers.
http://dailynews.yahoo.com/h/ap/20010616/us/tva_aliens_1.html
[Editor's (Murray) Note: The use of any program involves some risk. It
is clearly the right of the owner and operator of that system to decide
what risk to take. However, such owners and operators had best be sure
that their decisions are effectively communicated to all of their
employees, surrogates, and agents. Wide spread abuse such as this
suggests ineffective communication. It is likely that this ineffective
communication is not limited to this one issue.]
==end==
Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, (and for free posters)
e-mail [EMAIL PROTECTED] with the subject: Subscribe NewsBites
To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the headers.)
You will receive your personal URL via email.
You may also email <[EMAIL PROTECTED]> with complete instructions and your
SD number for subscribe, unsubscribe, change address, add other digests,
or any other comments.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (BSD/OS)
Comment: For info see http://www.gnupg.org
iD8DBQE7Ofol+LUG5KFpTkYRAlsuAJ9Auq7Ag8p/VC9nuYUM1h5kbIkYHQCfeIdi
Ux8jw3PLZcO27AzxdlYGrQk=
=Aky9
-----END PGP SIGNATURE-----
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
