Here is a GOOD security document.
----- Original Message ----- From: "The SANS Institute" <[EMAIL PROTECTED]> To: "George Tuttle (SD208296)" <[EMAIL PROTECTED]> Sent: Wednesday, October 24, 2001 12:16 PM Subject: SANS NewsBites Vol. 3 Num. 43 > To: George Tuttle (SD208296) > From: Alan for the SANS NewsBites service > Re: October 24 SANS NewsBites > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > A few hours ago, the US National Security Agency made available > a new draft security document for pre-publication technical > review. It is called The 60 Minute Network Security Guide (First > Steps Towards a Secure Network Environment). It is 35 pages of > rich, experienced-based guidance. To help the NSA experts get broad > technical input to identify any errors before final publication, SANS > offered to invite all GIAC certified folks to review it. Others with > in-depth network security expertise are also invited. All we ask is > that if you download it, you agree in advance to provide feedback > within seven days listing errors you have found. To order a copy, > email [EMAIL PROTECTED] with the subject "60 Minute Guide." > > Security local mentoring program planned in countries around the world. > More than 300 organizations have requested that we run SANS courses in > countries outside North America. With the shortage of great security > teachers, and the difficulty of learning when the instructor speaks > a different language, there's no way to effectively accommodate > all those requests. A few months ago, an international security > consulting firm came up with a solution to the problem. They showed > us that by providing local mentoring (in the local language) and > hands-on exercises for students taking SANS on-line classes, they > could provide extraordinarily effective training. Programs are now > being scheduled in seven countries, but we are looking for the top > security consultants in other countries to help us run such programs. > If you are certified and think you have the skills and qualifications, > email [EMAIL PROTECTED] with the subject, "Local Mentoring Details." > > AP > > ********************************************************************** > > SANS NEWSBITES > > The SANS Weekly Security News Overview > > Volume 3, Number 43 October 24, 2001 > > Editorial Team: > Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin, > Bill Murray, Stephen Northcutt, Alan Paller, > Marcus Ranum, Howard Schmidt, Eugene Schultz > > ********************************************************************** > > TOP OF THE NEWS > 18 October 2001 New Worms Could be More Troublesome > 18 October 2001 Microsoft Crash Reports Could Contain Personal > Information > 17 October 2001 Sen. Gregg Backs Off On Encryption Back Doors > 17 October 2001 Russian Cracker/Extortionist Found Guilty > 17 October 2001 Cracker Pleads No Contest > 15 October 2001 Microsoft to Rate Security Warning > > > THE REST OF THIS WEEK'S NEWS > 22 October 2001 Pennsylvania Security Initiative > 19 October 2001 Red Cross Says Trojan Could Steal Personal Data > 19 October 2001 Microsoft Removes Flawed Patch > 19 October 2001 Microsoft Anti-Piracy Protection Cracked > 19 October 2001 Support for FOIA Exemptions is Growing > 18 October 2001 Experts Call for Increased Cybersecurity Funding > 18 October 2001 Redesi Worm > 18 October 2001 New Technique Yields DSL Customer Passwords > 17 & 18 October 2001 Microsoft's Culp Speaks Out Against Full > Disclosure > 16 October 2001 Antrax Worm Errors Curtail its Spread > 16 October 2001 Passwords Still Too Easy to Crack > 15 October 2001 CERT/CC Predicts Incident Reports Will Double in 2001 > 15 October 2001 Review Internal Security, Say Experts > > UPCOMING TRAINING OPPORTUNITIES > **Microsoft IIS Security in multiple cities > **War on Network Worms in multiple cities > **Great Lakes SANS (3 tracks), Chicago, IL, Nov. 5-10 > **Three Rivers SANS (1 track), Pittsburgh, PA, Nov. 15-20 > **North Pacific SANS (1 track), Vancouver, BC, Nov. 15-20 > **SANS Cyber Defense Initiative (6 tracks), Wash. DC, Nov. 27 - Dec. 3 > **SANS Cyber Defense Initiative (3 tracks), San Fran. CA, Dec. 16-22 > **SANS Gateway Asia (2 tracks), Singapore, Jan 10-15 > **SANS Down Under (1 tracks), Melbourne, Jan 10-15 > **SANS Darling Harbour (4 tracks), Sydney, Jan 19-24 > **Plus new, on-line, security training programs. > See www.sans.org for details. > > > *********************** Sponsored by N2H2 **************************** > > DOES YOUR NETWORK HAVE A HOLE - ON THE INSIDE? > > If you're not actively managing Internet use, you're leaving your > organization exposed to wasted bandwidth, lost productivity and worst > of all - potential legal liability. Eliminate these disruptions from > your life with a versatile Internet filtering solution from N2H2. > > http://www.n2h2.com/sans.html > > ********************************************************************** > > TOP OF THE NEWS > > --18 October 2001 New Worms Could be More Troublesome > The advent of the "blended worm," heralded by Code Red and Nimda, > removes the need for human intervention in the spread of infection > and could cause enormous Internet slowdowns. Symantec's Eric Chien > predicts that antivirus and intrusion detection groups will need to > work together in order to keep up with security threats. > http://www.zdnet.com/zdnn/stories/news/0,4586,2818419,00.html > > --18 October 2001 Microsoft Crash Reports Could Contain Personal > Information > A feature in Windows XP and Internet Explorer (IE) 5 that sends data > back to Microsoft in the event of a crash could send back personal > documents along with Digital Product IDs and Internet Protocol > (IP) addresses. The program sends back the current contents of the > computer's memory which could include sensitive information possibly > include passwords and encryption keys. > http://news.cnet.com/news/0-1003-200-7571224.html?tag=prntfr > [Editor's (Paller) note: A discussion group inside Microsoft > carried the following description: "The Program works like this: > when something on XP crashes or reports an error, a dialogue box > appears asking the user if information can be sent back to Microsoft > to determine the reason for the crash/error. (Often, it is not > an OS but an application issue, and therefore, the aggregate data > gathered is shared with the party involved to help them to respond > to the issue, fix a problem, etc.) No information is reported to > Microsoft unless the user clicks "yes" in the dialogue box." There's > a web page that details the information in the crash report at > http://watson.microsoft.com/dw/1033/dcp.asp, including a link to the > detailed data formats on MSDN.] > > --17 October 2001 Sen. Gregg Backs Off On Encryption Back Doors > A few days after the September 11 attack, Sen. Gregg (Republican, > NH) told the Associated Press that he was preparing legislation to > prohibit data-scrambling products to be sold without backdoors allowing > government surveillance. On October 16, a spokesman for the Senator > said he has no intention of introducing such an encryption bill. > http://www.wired.com/news/conflict/0,2100,47635,00.html > > --17 October 2001 Russian Cracker/Extortionist Found Guilty > One of a pair of Russian crackers who allegedly attempted to extort > funds from companies after breaking into their computer systems and > stealing customer data has been found guilty of conspiracy, computer > crimes and fraud. Vasily Gorshkov was arrested after the FBI, tipped > off to the duo's activities, set up a phony business and invited > them to demonstrate their cracking abilities at a job interview; > the FBI used an electronic wiretap to glean password information for > Gorshkov's Russian computer systems and Internet accounts. A judge > rejected a defense motion for dismissal, noting that the two had > "no expectation of privacy." > http://www.wired.com/news/politics/0,1283,47650,00.html > > --17 October 2001 Cracker Pleads No Contest > Armen Oganesyan, a cracker who once worked for a Department of Defense > (DoD) contractor and abused his insider status to break into and > shut down company computers has pleaded no contest to computer access > and fraud. Oganesyan faces up to five years in prison and $250,000 > in restitution. > http://www.msnbc.com/news/643977.asp?0dm=N228T > > --15 October 2001 Microsoft to Rate Security Warning > In an effort to clarify the relative seriousness of its security > warnings, Microsoft will implement a rating system. Bulletins will > be designated critical, moderate, or low, and will be sorted into > categories that include client systems, Internet servers, and internal > servers. > http://www.computerworld.com/storyba/0,4125,NAV47_STO64798,00.html > [Editor's (Murray) Note: While I am satisfied that Microsoft will try > to be objective, I would not encourage my clients to use Microsoft > as their exclusive, or even their primary, source of intelligence.] > > > ***************** Also sponsored by Ecora Corporation **************** > > Tighten Infrastructure Security by Automatically Tracking Configuration > Changes > > Ecora's Configuration Auditor scans your infrastructure on a > scheduled basis and automatically builds a report on precisely what > configurations have changed. Maintain a detailed configuration history > of your IT infrastructure. Available for NT/Win2000/XP, Solaris, > Cisco, Oracle, Exchange, & Domino. > > Try it FREE: https://www.ecora.com/ecora/products/welcome_sans.asp > > ********************************************************************** > > > --22 October 2001 Pennsylvania Security Initiative > The state of Pennsylvania plans to strengthen computer security > and privacy concerns with a three-pronged approach: educating state > employees about security and privacy policies, hiring an ombudsman to > manage policy compliance, and updating the criminal code to reflect > cybercrime concerns, including jurisdictional authority. > http://www.fcw.com/geb/articles/2001/1022/web-penn-10-22-01.asp > > --19 October 2001 Red Cross Says Trojan Could Steal Personal Data > The American Red Cross has issued a warning about the Septer.Trojan > that appears to be an e-mail donation form. When the bogus form > is filled out, the information is sent to a web site that is not > affiliated with the Red Cross. The program does not self-replicate; > the e-mails with the infected attachments must be sent out manually. > http://www.computerworld.com/storyba/0,4125,NAV47_STO64948,00.html > [Editor's (Murray) Note: This is neither a virus nor a Trojan Horse > attack. In spite of the name of the object, this is simply a fraud. > The big advantage that it has over the same fraud on paper is that > the postage cost is lower.] > > --19 October 2001 Microsoft Removes Flawed Patch > Microsoft removed from its website a patch for the RDP security hole > after reports that it was causing system problems once applied. > http://www.computerworld.com/storyba/0,4125,NAV47_STO64947,00.html > > --19 October 2001 Microsoft Anti-Piracy Protection Cracked > A cracker has written code, now circulating on the Internet, that > strips anti-piracy protections from Microsoft's media protection > system. > http://news.cnet.com/news/0-1005-200-7590303.html?tag=prntfr > > --19 October 2001 Support for FOIA Exemptions is Growing > Senator Robert Bennett 's Critical Infrastructure Information Security > Act would relax anti-trust regulations to allow companies to share > critical cyber security information. The act would also exempt the > shared information from disclosure under the Freedom of Information > Act (FOIA). > http://www.wired.com/news/politics/0,1283,47704,00.html > Separately, President Bush has sent a letter to National Security > Telecommunications Advisory Committee chairman Daniel P. Burnham which > says he would support a proposal narrowly restricting FOIA disclosure > of shared cyber security information. > http://www.washingtonpost.com/wp-dyn/articles/A18052-2001Oct18.html > [Editor's (Murray) Note: This is very ill-advised. No one in business > is much worried about their competitors using FOIA to learn about > their vulnerabilities, much less their business strategies.] > > --18 October 2001 Experts Call for Increased Cybersecurity Funding > Speaking at a conference sponsored by the Information Technology > Association of America (ITAA) and the Center for Strategic and > International Studies, ITAA president Harris Miller said that the > US government needs to devote at least $10 billion to cybersecurity > if the country is to be adequately protected from cyber attacks. > The money would be used primarily for training, education, and > upgrading critical systems. > http://www.computerworld.com/storyba/0,4125,NAV47_STO64886,00.html > > --18 October 2001 Redesi Worm > An e-mail attachment purporting to be a Microsoft software security > patch is actually a worm, dubbed Redesi, that spreads through e-mail > and carries a malicious payload; on November 11 (11/11/01) the worm > could reformat the C: drive of infected machines. To avoid being > affected by this worm, set the date to the long (four-digit) format. > People are encouraged to remember that Microsoft does not e-mail > patches. > http://www.zdnet.com/zdnn/stories/news/0,4586,2818442,00.html?chkpt=zdnnp1tp 02 > http://www.theregister.co.uk/content/56/22347.html > > --18 October 2001 New Technique Yields DSL Customer Passwords > Crackers have found a way to glean account names and passwords from > DSL subscribers' routers. The trick affects Cayman Systems' 3220-H > DSL router. > http://www.securityfocus.com/news/268 > [Editor's (Murray) Note: This is a combination of an unsafe default, > administrative access available from the public side of the router > and failure of the user to reset the default password.] > > > --17 & 18 October 2001 Microsoft's Culp Speaks Out Against Full > Disclosure > Decrying "information anarchy," Microsoft security chief Scott > Culp says people should stop publishing step-by-step exploits of > known vulnerabilities because they do not help solve the problem. > A Gartner commentary (the last URL) asserts that the problem is hype. > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/s ecurity/noarch.asp > http://www.zdnet.com/zdnn/stories/news/0,4586,5098438,00.html?chkpt=zdhpnews 01 > http://www.theregister.co.uk/content/55/22332.html > http://news.cnet.com/news/0-1003-201-7573979-0.html?tag=prntfr > [Editor's (Schultz) Note: Microsoft's statement sounds like something > out of the Dark Ages where knowledge was suppressed from the masses. > Until vendors produce better quality code, the best defense we have > is to understand how to exploit vulnerabilities and the effect that > patches have. > (Ranum) Odd position Gartner takes; there's lots of public information > to show that disclosure results in a large number of incidents once > the technique is disclosed - how can someone ignore that? Of course, > Culp's position (coming from Microsoft) just comes off as whining. > (Murray) I agree with Scott. Real "security experts" publish work- > arounds, not exploits.] > > --16 October 2001 Antrax Worm Errors Curtail its Spread > The Antrax worm, which purports to be an attachment depicting the > effects of the disease, has widely received low severity ratings due to > errors which prevent it from spreading. Antrax, which is the Spanish > spelling of the word, was created with the same worm generator used > by the author of the Kournikova worm. Updated anti-virus software > will thus recognize the signature. > http://news.cnet.com/news/0-1003-200-7549706.html?tag=prntfr > > --16 October 2001 Passwords Still Too Easy to Crack > A book written by risk management consultants says that users still > choose passwords that are very easy to crack. Some people choose > easy to guess passwords like names of family members; others use the > same password for a variety of systems. The book points out that > while a four-character password that uses only letters can be broken > within minutes, a seven-character password that incorporates digits > significantly increases the cracking time. > http://it.mycareer.com.au/news/2001/10/16/FFX45L36TSC.html > > --15 October 2001 CERT/CC Predicts Incident Reports Will Double in > 2001 > The Computer Emergency Response Team Coordination Center (CERT/CC) > predicts that the number of Internet attacks reported in 2001 is likely > to be double that of the previous year. The dramatic increase is due > in large part to a growing Internet and heightened security awareness. > Automated vulnerability scans and web site defacements helped boost > this year's numbers; viruses and worms are counted only once even if > the attacks are massive. > http://www.zdnet.com/zdnn/stories/news/0,4586,5098301,00.html > > --15 October 2001 Review Internal Security, Say Experts > In the wake of the September 11 attacks, cybersecurity experts are > encouraging businesses to reexamine their security policies with > special attention paid to internal threats and physical security. No > scenario is too improbable to consider. This article also includes a > list of suggested security measures. > http://www.computerworld.com/storyba/0,4125,NAV47_STO64774,00.html > > ==end== > > > Please feel free to share this with interested parties via email (not > on bulletin boards). For a free subscription, (and for free posters) > e-mail [EMAIL PROTECTED] with the subject: Subscribe NewsBites > > To change your subscription, address, or other information, visit > http://www.sans.org/sansurl and enter your SD number (from the > headers.) You will receive your personal URL via email. > > You may also email <[EMAIL PROTECTED]> with complete instructions and > your SD number for subscribe, unsubscribe, change address, add other > digests, or any other comments. > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE71vSJ+LUG5KFpTkYRAn5jAKCckdnaqEa4F4dsVntL2pWjh6T8qwCfavWe > MwBlVs76SxdYtgGtbWfzJNY= > =37Lz > -----END PGP SIGNATURE----- > --------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/tech-cord@aea5.k12.ia.us/ ---------------------------------------------------------