--6 & 8 March 2002 Gibe Worm Installs Back Door The Gibe mass-mailer worm arrives as an attachment to what appears to be a Microsoft security bulletin; if activated, it will mail itself out and install a back door in the infected system. The infection occurs only if users open the attachment. Outlook 2000 users need to install the Security Update or upgrade to Outlook 2002 to protect their computers. http://zdnet.com.com/2100-1105-853235.html http://www.msnbc.com/news/721388.asp?0dm=T18QT
____________________________________________________________ \ / Scott Fosseen - Systems Engineer - Arrowhead AEA 5 \ www.aea5.k12.ia.us/aeaphone.nsf/Web/FosseenScott /____________________________________________________________ ----- Original Message ----- From: "The SANS Institute" <[EMAIL PROTECTED]> To: "Scott Fosseen (SD381534)" <[EMAIL PROTECTED]> Sent: Wednesday, March 13, 2002 2:06 PM Subject: SANS NewsBites Vol. 4 Num. 11 > To: Scott Fosseen (SD381534) > From: Alan for the SANS NewsBites service > Re: March 13 SANS NewsBites > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Consultants and internal groups that perform site security assessments > have experienced major changes in the aftermath of September 11. One > key change is the emerging requirement to test all systems rather > than a sample of systems and to compare the status of security on > those systems with industry benchmarks. To try to help make this job > easier, SANS is completing a consensus standard for auditing security > on Internet-connected systems and networks. If you do a large number > of such audits, and are willing to invest some time in helping make > the consensus better, please email [EMAIL PROTECTED] with the subject, > Consensus site audit standards. > > Alan > > ********************************************************************** > SANS NEWSBITES > The SANS Weekly Security News Overview > Volume 4, Number 11 March 13, 2002 > Editorial Team: > Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin, > Bill Murray, Stephen Northcutt, Alan Paller, > Marcus Ranum, Howard Schmidt, Eugene Schultz > ********************************************************************** > > TOP OF THE NEWS > 6 & 7 March 2002 Davis Bill Would Require Compliance with Info Sec > Best Practices > 11 March 2002 Air Force CIO Wants Better Security In Microsoft > Products > 7 & 8 March 2002 Rough Sets Data Mining Tool Detects Abnormal Activity > 7, 8 & 9 March 2002 Flickering Lights May Leak Data > 6 March 2002 Man Arrested for Allegedly Trying to Sell Personal Data > > THE REST OF THE WEEK'S NEWS > 8 March 2002 MyLife Worm > 6 & 8 March 2002 Gibe Worm Installs Back Door > 6 & 8 March 2002 NAI Drops PGP; Zimmerman Wants Source Released > 7 March 2002 DOE and DOD Address Computer Security Issue > 6 March 2002 Reporting Web Site Holes is Problematic > 6 March 2002 SSA Testing Biometrics > 5 March 2002 SSA Testing SSN Authentication Program > 5 March 2002 Security Hole In Microsoft's Java Virtual Machine > 4 March 2002 Disclosure Proposal Favors Vendors > 4 March 2002 Defense Lawyer Argues DMCA Does Not Apply in Elcomsoft > Case > 4 March 2002 Financial Companies Move to Preserve Mission Capability > 26 February 2002 The Center for Internet Security > > TRAINING OPPORTUNITIES IN THE NEXT 120 DAYS > SANS 2002 Annual Conference, Courses, and Exposition, Orlando April > 1-7 (Late registration deadline for savings is March 12.) > Large training programs in Boston, London, Washington, and > Toronto. Smaller programs in Kansas City, Los Angeles, Detroit, > Colorado Springs, Portland (OR), Phoenix, and Minneapolis. Details: > http://www.sans.org > > > ************************ Sponsored by NetIQ ************************** > > Free Security White Paper from NetIQ > > Want to simplify, strengthen and speed up security tasks? Download > NetIQ's free white paper, "Strengthen Windows Security." Need to > reduce administration costs, boost security and implement comprehensive > reporting ... and extend the security benefits of Active Directory? > > Learn how! http://www.netiq.com/f/form/form.asp?id=800 > > ********************************************************************** > > TOP OF THE NEWS > > --6 & 7 March 2002 Davis Bill Would Require Compliance with Info > Sec Best Practices > Representative Tom Davis (R-Va.) introduced the Federal Information > Security Management Act (FISMA), legislation that aims to make the > provisions of GISRA permanent and add a requirement that government > agencies adhere to information security best practices developed by > the National Institute of Standards and Technology (NIST). > http://www.gcn.com/vol1_no1/daily-updates/18120-1.html > http://www.fcw.com/fcw/articles/2002/0304/web-gisra-03-07-02.asp > [Editor's (Murray) Note: Be careful what you ask for. New York > State recently removed web sites from the internet completely as an > alternative to restricting access to an appropriate set of people. > "Nothing useful can be said about the security of a practice except > in the context of an application and an environment. > (Paller) People who accept Bill's thinking would avoid running > hardening scripts before deploying systems, because they had not > performed a thorough needs assessment involving in-depth analysis > of the application and the environment. But since most people are > not as skilled as Bill is at risk assessment, they would be left > with completely unprotected systems, available to immediate attack. > Benchmarks make sense, and the Davis Bill, with a few critical changes, > could do a great deal of good.] > > --11 March 2002 Air Force CIO Wants Better Security In Microsoft > Products > Air Force CIO John Gilligan says the Air Force will stop using > Microsoft software if the company doesn't improve its products' > security; Gilligan says the Air Force will do business with the > companies that offer the best solutions. > http://www.usatoday.com/life/cyber/tech/2002/03/11/gilligan.htm > [Editor's (Schultz) Note: This is an extremely significant > development. A large customer is standing up to vendors and saying > "We will not buy your products any more if you don't give us better > security." Vendors say they do not provide better security in their > products because customers do not demand it. Now Gilligan is demanding > it. If others like Gilligan follow suit, vendors will for the first > time feel genuine pressure to develop better, more secure software.] > > --7 & 8 March 2002 Rough Sets Data Mining Tool Detects Abnormal > Activity > Researchers from Pennsylvania State University and Iowa State > University tested three data mining tools for efficacy as intrusion > detection techniques. The three tools, neural networks, inductive > learning, and rough sets, are all capable of learning from prior > attack examples. Rough sets is the only one of the three capable of > working with incomplete data; it also returned the highest accuracy > in detecting abnormal activity. There are presently no plans for > commercial development of rough sets. > http://unisci.com/stories/20021/0307023.htm > http://abcnews.go.com/sections/scitech/CuttingEdge/cuttingedge020308.html > Abstract: http://www.decisionsciences.org/dsj/Vol32_4/32_4_635.htm > > --7, 8 & 9 March 2002 Flickering Lights May Leak Data > Researchers have found that light reflected from computer monitor > screens and the pattern of flickering light emitted from LEDs on some > devices can be captured and translated into readable information. > http://www.wired.com/news/print/0,1294,50893,00.html > http://news.com.com/2100-1001-854946.html > http://www.computerworld.com/storyba/0,4125,NAV47_STO68939,00.html > http://news.bbc.co.uk/hi/english/sci/tech/newsid_1861000/1861656.stm > [Editor's (Murray) Note: This vulnerability is much smaller than > leakage from RF emanations and we do not spend much time worrying > about that one.] > > --6 March 2002 Man Arrested for Allegedly Trying to Sell Personal > Data > Federal and local law enforcement agents arrested Donald Matthew > McNeese for allegedly trying to sell personal data belonging to > 60,000 Prudential Insurance Company employees. He is charged with > downloading the data while he worked for the company. If convicted, > McNeese could face as much as 45 years in prison and a fine of $750,000 > plus restitution. > http://www.computerworld.com/storyba/0,4125,NAV47_STO68850,00.html > > *************** Sponsored Links ************************************** > (1) Get the SIMPLEST, Highest Availability for Check Point > VPN-1/FireWall-1, only from Resilience. > http://www.sans.org/cgi-bin/sanspromo/NB13 > > (2) On-time Real Time UNIX auditing with auditGuard from DLI. > http://www.sans.org/cgi-bin/sanspromo/NB14 > > ********************************************************************** > > THE REST OF THE WEEK'S NEWS > > --8 March 2002 MyLife Worm > The MyLife mass-mailer worm arrives in the guise of a sentimental > photograph to exploit a bug in Microsoft Outlook. It tries to delete > certain Windows files, but a coding bug prevents that from happening. > Outlook 2000 users need to install the Security Update or upgrade to > Outlook 2002 to be protected. > http://zdnet.com.com/2100-1105-855400.html > > --6 & 8 March 2002 Gibe Worm Installs Back Door > The Gibe mass-mailer worm arrives as an attachment to what appears to > be a Microsoft security bulletin; if activated, it will mail itself > out and install a back door in the infected system. The infection > occurs only if users open the attachment. Outlook 2000 users need > to install the Security Update or upgrade to Outlook 2002 to protect > their computers. > http://zdnet.com.com/2100-1105-853235.html > http://www.msnbc.com/news/721388.asp?0dm=T18QT > > --6 & 8 March 2002 NAI Drops PGP; Zimmerman Wants Source Released > NAI failed to find a buyer for PGP Desktop and wireless encryption > products, which will now be put in "maintenance mode;" current service > contracts will be honored through expiration. Phil Zimmerman wants > NAI to release the source code. > http://www.nwfusion.com/news/2002/0306naipgp.html > http://news.com.com/2100-1023-856132.html > http://online.securityfocus.com/news/348 > > --7 March 2002 DOE and DOD Officials Address Computer Security Issue > Testifying before a House subcommittee, Department of Energy (DOE) > and Defense Department (DOD) officials described the actions their > agencies are taking to address the problems outlined in a recent > computer security assessment. > http://www.fcw.com/fcw/articles/2002/0304/web-action-03-07-02.asp > > --6 March 2002 Reporting Web Site Holes is Problematic > A software developer who found a security hole in the Guess.com > e-commerce web site had a hard time informing the company about the > problem; this sort of difficulty is all too common, leading some who > find vulnerabilities resorting to posting them on security mailing > lists. A standard that could streamline the reporting of problems > to the web site owners would be helpful. > http://online.securityfocus.com/news/346 > > --6 March 2002 SSA Testing Biometrics > The Social Security Administration (SSA) is testing a variety of > biometric technologies for possible use in guarding against identity > theft; if a biometric program is chosen, the information would be > stored in a database, not identity cards. > http://www.fcw.com/fcw/articles/2002/0304/web-ssa-03-06-02.asp > > --5 March 2002 SSA Testing SSN Authentication Program > The Social Security Administration (SSA) plans to test an on-line > Social Security number (SSN) authentication program companies can > use when hiring employees. > http://www.gcn.com/vol1_no1/daily-updates/18116-1.html > > --5 March 2002 Security Hole In Microsoft's Java Virtual Machine > A flaw in Microsoft's Java Virtual Machine (JVM) software could allow > a hacker to take control of browsers configured to use proxy servers; > they could then redirect traffic and steal passwords and other > sensitive information. A patch for the vulnerability is available. > http://news.com.com/2100-1001-851711.html > http://www.computerworld.com/storyba/0,4125,NAV47_STO68811,00.html > http://www.theregister.co.uk/content/55/24295.html > http://www.microsoft.com/java/vm/dl_vm40.htm > > --4 March 2002 Disclosure Proposal Favors Vendors > Computerworld senior news columnist Frank Hayes says the best practices > vulnerability disclosure proposal recently submitted to the Internet > Engineering Task Force (IETF) gives vendors too much latitude in > dealing with security problems. > http://www.computerworld.com/storyba/0,4125,NAV47_STO68754,00.html > [Editor's (Murray) Note: I do not know what Mr. Hayes' competence > to comment on the matter is. What I do know, with a high degree > of confidence, is that we must fix things in the order of their > importance, not the order of their discovery. It is difficult for the > vendor to decide which problem is most important but it is impossible > for the discoverer of one problem to rank it.] > > --4 March 2002 Defense Lawyer Argues DMCA Does Not Apply in > Elcomsoft Case > The lawyer for Elcomsoft, the Russian software company that created > the e-book encryption circumvention software for which Dmitri Sklyarov > was arrested last summer, argued that the company was doing business > on the Internet and is therefore outside US jurisdiction. > http://www.wired.com/news/print/0,1294,50797,00.html > http://news.com.com/2100-1001-851418.html > > --4 March 2002 Financial Companies Move to Preserve Mission > Capability > In an effort to mitigate potential losses, financial firms are > distributing offices and IT operations over wider geographical areas. > http://www.computerworld.com/storyba/0,4125,NAV47_STO68769,00.html > > --26 February 2002 The Center for Internet Security > The Center for Internet Security (CIS) provides users with preferred > practice benchmarks, easy-to-use tools to test systems' compliance > with those benchmarks, and security ratings to quantify improvements > made in security. > http://www.usatoday.com/life/cyber/tech/2002/02/27/security.htm > > > ==end== > > > Please feel free to share this with interested parties via email, > but no posting is allowed on web sites. For a free subscription, > (and for free posters) e-mail [EMAIL PROTECTED] with the subject: > Subscribe NewsBites > > To change your subscription, address, or other information, visit > http://www.sans.org/sansurl and enter your SD number (from the > headers.) You will receive your personal URL via email. > > You may also email <[EMAIL PROTECTED]> with complete instructions and > your SD number for subscribe, unsubscribe, change address, add other > digests, or any other comments. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE8j3mr+LUG5KFpTkYRAuu7AJ9/zRTDvuYfu5pQF0anJw/WNZ8I7gCfYPne > vNG41bcTngKaxRgkjrGeDG4= > =sM5y > -----END PGP SIGNATURE----- > --------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/tech-cord@aea5.k12.ia.us/ ---------------------------------------------------------
