SANS Hackings News Update
Results 1 to 4 of 4

Thread: SANS Hackings News Update

  1. #1
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123

    Post SANS Hackings News Update

    Here is the latest in the hacking and cracking world.

    Taken from SANS E-mail NewsBytes

    **********************************************************************
    SANS NEWSBITES
    The SANS Weekly Security News Overview
    Volume 4, Number 21 May 22, 2002
    Editorial Team:
    Kathy Bradford, Dorothy Denning, Roland Grefer,
    Bill Murray, Stephen Northcutt, Alan Paller,
    Marcus Ranum, Eugene Schultz
    *********************************************************************

    SANS Alert! A Worm Is Attacking Microsoft SQL Server 7 Users
    Microsoft shipped SQL Server 7 so it was automatically configured to
    run without an administrator password. If you are running SQL Server
    7, and are connected to the Internet, set an administrator password
    right away to block the new worm. If the worm infects your system, it
    will steal your account and password file, and force your machine to
    scan for additional targets using as many as 100 threads. The attacker
    can use the stolen account names and passwords to log back in and steal
    other private data. Thousands of systems have already been taken over.
    http://www.vnunet.com/News/1131940
    http://www.reuters.com/news_article....StoryID=991291

    Kudos to Congress
    The Senate Commerce Committee has reported out a bill, unanimously,
    that implements the only effective defense against worms like the
    SQL Worm (above), Code Red and other mass attacks. Senate Bill
    2182 requires government agencies to make sure their computers are
    configured using best security practices appropriate for their use
    (like having a password on every administrator account on SQL Server),
    before the systems are connected to the Internet. The bill implements
    for government the techniques used in-house by computer companies like
    Microsoft and Sun Microsystems, and by many other large organizations
    including most large banks. Extending the practice to all federal
    systems and developing benchmarks agencies can use (and extend),
    will be an enormous contribution to government Internet safety.
    http://www.gcn.com/vol1_no1/security/18706-1.html


    Alan

    TOP OF THE NEWS
    20 May 2002 Hackers' Club May be Aiming to Launch Cyber Attack
    17 May 2002 Second Sentencing in Piracy Ring.
    16 & 17 May 2002 Phony Fingerprints Fool Biometric Readers
    16 May 2002 Facial Recognition Technology Not Highly Accurate
    15, 16 & 17 May 2002 FBI Confiscates Deceptive Duo Equipment; One
    Under House Arrest


    THE REST OF THE WEEK'S NEWS

    20 May 2002 Benjamin Virus Infects Kazaa Network
    20 May 2002 Benjamin's Authors Defend Action
    20 May 2002 State Dept. Sends Klez to Mailing List
    13, 15 & 20 May 2002 Critical Infrastructure Protection Project
    19 May 2002 Falun Gong TV Hackers Sentenced
    17 May 2002 ID Thieves Stole Credit Reports Using Ford's Authorization
    Code
    16 & 17 May 2002 Sustainable Computing Consortium
    16 May 2002 Supermarket Tests Pay-by-Fingerprint System
    16 May 2002 DISA Security Cameras on Unsecured WLAN
    16 May 2002 DoD Must Purchase Only NIAP Certified Products
    16 May 2002 JS.Fortnight Worm
    15 & 16 May 2002 Microsoft Issues Patch for IE Vulnerabilities
    16 May 2002 Media Player Vulnerability Also Addressed by Patch
    16 & 17 May 2002 Researchers Say Microsoft Patch Doesn't Do Its Job
    17 May 2002 Microsoft Says Patch May Illuminate New Vulnerability
    15 May 2002 JDBGMGR.exe Hoax Has Some Basis in Fact
    15 May 2002 Klez Information Site
    17 May 2002 Klez Still Spreading
    15 May 2002 Linux Defacements on the Rise
    15 May 2002 Australia Budgets $25 Million for Cyber Security
    14 May 2002 Border Security Bill Mandates Biometric Data in Visitors'
    Documents
    14 May 2002 Flowgo Pop-up Ad Leads to Surreptitious Downloads
    14 May 2002 Phony Xbox Emulator Not a Trojan, Says Author

    **********************************************************************

    TOP OF THE NEWS

    --20 May 2002 Hackers' Club May be Aiming to Launch Cyber Attack
    The Muslim Hackers Club website offers tutorials on viruses, hacking
    and other sorts of cyber attacks. The FBI and the DIA believe the
    group aims to develop software tools that can be used to launch cyber
    attacks on Western targets.
    http://www.msnbc.com/news/751115.asp

    --17 May 2002 Second Sentencing in Piracy Ring.
    John Sankus, Jr., the ringleader of the software piracy group known
    as DrinkOrDie, was sentenced to 46 months in prison. Another member
    of the group, Barry Erickson, received a 33-month sentence several
    weeks ago.
    http://www.newsbytes.com/news/02/176649.html
    http://www.usatoday.com/life/cyber/t...are-piracy.htm

    --16 & 17 May 2002 Phony Fingerprints Fool Biometric Readers
    Fake fingerprints fashioned from gelatin were able to fool biometric
    fingerprint readers 80% of the time, according to research performed
    by Japanese researchers. The researchers also devised a way to create
    fake fingerprints from fingerprints left on glass surfaces.
    http://news.com.com/2100-1001-915580.html
    http://www.theregister.co.uk/content/55/25300.html
    http://news.bbc.co.uk/hi/english/sci...00/1991517.stm
    [Editor's (Ranum) Note: It is probably worth mentioning that under
    $10 worth of stuff was needed to pull this off - no rocket science
    required.
    (Murray) This attack is a classic replay (or forgery) attack. Nothing
    impressive about it. Replays are not unique to fingerprints.
    Replays are a fundamental vulnerability of all biometrics. That is
    why we insist upon strong authentication, that is, at least two forms
    of evidence (something only one person has, knows, is, or can do) at
    least one of which is implemented in such a way as to resist replay.
    Those who continue to search for the perfect authenticator (easy
    to use, can be reconciled at a distance, easy to enroll, cannot be
    forgotten, lost, stolen or copied) are looking for magic.]

    --16 May 2002 Facial Recognition Technology Not Highly Accurate
    The American Civil Liberties Union (ACLU) says that tests of
    facial recognition technology at the Palm Beach (FL) International
    Airport fail to correctly identify faces more than half of the time.
    The recognition rate went down when people wore glasses, turned their
    heads, or were moving.
    http://www.newsbytes.com/news/02/176621.html
    ACLU report:
    http://www.aclu.org/issues/privacy/FaceRec_data.pdf

    --15, 16 & 17 May 2002 FBI Confiscates Deceptive Duo Equipment;
    One Under House Arrest
    The FBI has confiscated computer equipment from two men believed to be
    responsible for defacing at least 52 US federal and business web sites.
    Calling themselves "the Deceptive Duo," the two maintain they were
    trying to demonstrate the poor state of security on the web sites.
    One of the men, Robert Lyttle, is under house arrest for violating
    his parole; he had been convicted of defacing sites with pro-Napster
    propaganda. Lyttle can use computers only at school and may leave
    home only to attend classes. No charges have been filed yet.
    http://online.securityfocus.com/news/414
    http://www.wired.com/news/business/0,1367,52566,00.html
    http://www.newsbytes.com/news/02/176601.html
    http://news.com.com/2100-1001-914848.html
    http://www.computerworld.com/securit...,71264,00.html

    **********************************************************************

    THE REST OF THE WEEK'S NEWS

    --20 May 2002 Benjamin Virus Infects Kazaa Network
    Members of Kazaa's peer-to-peer file-sharing network have found their
    computers infected with a virus called Benjamin. The virus creates a
    directory on infected machines and copies itself into that directory
    many times with a variety of names. It also manages to vary its size.
    These copies are open to Kazaa members; if a member downloads the file,
    their machine will become infected. Benjamin takes up a lot of file
    space and consumes resources. The worm also opens an anonymous web
    site containing banner ads.
    http://www.washingtonpost.com/wp-dyn...2002May20.html
    http://news.com.com/2100-1001-918132.html
    http://zdnet.com.com/2100-1105-917771.html
    http://news.bbc.co.uk/hi/english/sci...00/1998686.stm
    http://www.viruslist.com/eng/index.h...=1001&id=49822

    --20 May 2002 Benjamin's Authors Defend Action
    The worm's creators say they wrote it to thwart the efforts of people
    seeking pirated software and child pornography.
    http://www.newsbytes.com/news/02/176684.html
    [Editor's (Schultz) Note: The ends do not justify the means. It is
    truly sad that people who write code that does things without proper
    authorization can justify their actions so smugly.
    (Murray) Nice people do not soil their own sandbox.]

    --20 May 2002 State Dept. Sends Klez to Mailing List
    The State Department unwittingly sent the Klez virus to a travel
    advisory mailing list over the weekend, then sent an apology on
    Monday morning. The list software has been reconfigured not to send
    on attachments. The State Department says a third-party vendor bears
    responsibility for the incident.
    http://www.msnbc.com/news/754879.asp?0dm=C21ET

    --13, 15 & 20 May 2002 Critical Infrastructure Protection Project
    George Mason University and James Madison University will establish
    the Critical Infrastructure Protection (CIP) Project, to be housed at
    GMU's School of Law. Funded by a $6.5 million grant from the National
    Institute of Standards and Technology (NIST), the CIP Project aims
    to centralize and organize cyber security research. The program will
    take a three-pronged approach to cyber security, focusing not just
    on technology, but on law and public policy as well. The program
    will also sponsor research and provide training for businesses and
    government.
    http://www.washingtonpost.com/wp-dyn...2002May13.html
    http://www.washingtonpost.com/wp-dyn...2002May14.html
    http://www.fcw.com/fcw/articles/2002...r-05-20-02.asp

    --19 May 2002 Falun Gong TV Hackers Sentenced
    Four Falun Gong followers received prison sentences of between seven
    and sixteen years for their roles in hacking into a cable television
    network to broadcast information about their group.
    http://europe.cnn.com/2002/WORLD/asi....ap/index.html

    --17 May 2002 ID Thieves Stole Credit Reports Using Ford's
    Authorization Code
    Ford Motor Credit Company authorization codes were fraudulently used
    to obtain 13,000 credit reports from Experian. Information on the
    reports, which were stolen over a ten-month period, includes names,
    addresses, social security numbers and bank and credit card account
    information. Ford has sent certified letters to all the people
    affected by the security breach, advising them to get copies of
    their credit reports and check them for unauthorized inquiries or
    incorrect information. The FBI is investigating.
    http://www.computerworld.com/securit...,71267,00.html
    http://www.cnn.com/money/2002/05/17/...edit/index.htm
    http://www.nytimes.com/2002/05/17/te...gy/17IDEN.html
    (Note: This site requires free registration.)

    --16 & 17 May 2002 Sustainable Computing Consortium
    Government agencies, technology companies and academic researchers have
    come together to establish the Sustainable Computing Consortium at
    Carnegie Mellon University in Pittsburgh. The group plans to create
    engineering standards for software and create tools to test software
    for security and reliability prior to its release. The group also
    plans to address issues in public policy and law.
    http://zdnet.com.com/2100-1104-916026.html
    http://www.washingtonpost.com/wp-dyn...2002May16.html

    --16 May 2002 Supermarket Tests Pay-by-Fingerprint System
    Kroger supermarkets in Houston, TX are testing a "biometric electronic
    financial transaction processing system," otherwise described as a
    pay-by-fingerprint shopping system.
    http://www.ananova.com/news/story/sm_588924.html
    [Editor's (Murray) Note: This is a tuning issue. However, in this
    application too many false negatives are better than too many false
    positives.]

    --16 May 2002 DISA Security Cameras on Unsecured WLAN
    The CTO of an intrusion detection services company found that the
    closed circuit security cameras at the Defense Information Systems
    Agency (DISA) in Arlington, VA were connected to an unsecured wireless
    LAN; the network was not using the WEP protocol. A DISA said the
    camera system was not connected to other DISA systems, and that
    encryption would be in place soon.
    http://www.computerworld.com/securit...,71231,00.html

    --16 May 2002 DoD Must Purchase Only NIAP Certified Products
    Starting in July, the Defense Department will be required to purchase
    only the information assurance products that have been certified by
    the National Information Assurance Partnership (NIAP). NIAP, an NSA
    initiative, has certified about two dozen products so far.
    http://www.fcw.com/fcw/articles/2002...p-05-16-02.asp
    [Editor's (Ranum) Note: This is interesting. What about the installed
    base? What about enforcing this? What organizations will be able to
    get waivers? Excuse me if I am cynical but I remember "C2 by 92!" and
    the orange book. I bet this is going to accomplish nothing.]

    --16 May 2002 JS.Fortnight Worm
    The JS.Fortnight worm places an HTML file into the default signatures
    of e-mail sent through Outlook Express; the worm attaches a link to
    an adult site to all the outgoing Outlook e-mail. It also changes
    the browser's home page, and adds sites to the favorites list.
    The worm affects Windows 95, 98, NT, 2000, ME and XP.
    http://www.theregister.co.uk/content/55/25301.html
    http://www.newsbytes.com/news/02/176613.html
    http://www.vnunet.com/News/1131804

    --15 & 16 May 2002 Microsoft Issues Patch for IE Vulnerabilities
    Microsoft has issued a "critical" patch that addresses six new
    security holes, including a cross-site scripting vulnerability, in
    Version 6 of its Internet Explorer web browser. The download also
    fixes flaws in IE 5.01, 5.5, and it changes the "restricted sites"
    zone's default settings to block all frames.
    http://zdnet.com.com/2100-1104-914836.html
    http://www.theregister.co.uk/content/55/25307.html
    http://www.cnn.com/2002/TECH/interne...idg/index.html
    http://www.computerworld.com/securit...,71203,00.html
    Microsoft security bulletin:
    http://www.microsoft.com/technet/sec...n/MS02-023.asp
    Patch:
    http://www.microsoft.com/windows/ie/...32/default.asp

    --16 May 2002 Media Player Vulnerability Also Addressed by Patch
    Microsoft has thanked a Japanese firm for reporting an Internet
    Explorer vulnerability that could allow malicious code to execute
    automatically on computers if Windows Media Player is installed.
    The problem is addressed in the IE patch Microsoft has released.
    http://www.newsbytes.com/news/02/176623.html

    --16 & 17 May 2002 Researchers Say Microsoft Patch Doesn't Do Its Job
    Research indicates that the patch released for the six holes
    in Microsoft's IE browsers 5.01, 5.5 and 6.0 only addresses the
    cross-site scripting vulnerability in one of the browser versions,
    and leaves another vulnerability unaddressed altogether.
    http://www.newsfactor.com/perl/story/17798.html
    http://www.computerworld.com/securit...,71256,00.html
    http://www.theregister.co.uk/content/55/25326.html

    --17 May 2002 Microsoft Says Patch May Illuminate New Vulnerability
    Microsoft says the researchers may have found a new vulnerability
    that closely resembles the one described in the security bulletin
    and for which a patch was issued. They are investigating.
    http://www.computerworld.com/securit...,71269,00.html

    --15 May 2002 JDBGMGR.exe Hoax Has Some Basis in Fact
    One reason the jdbgmgr.exe virus warning hoax is not losing steam is
    the fact that the Magistr-A virus actually does send infected copies
    of the jdbgmer.exe file. If the file is already on your computer,
    it's probably not infected, but if you receive one as an attachment, it
    probably is infected. As always, delete e-mail containing unexpected
    .exe files and don't pass on warnings.
    http://www.theregister.co.uk/content/55/25294.html

    --15 May 2002 Klez Information Site
    This site offers a description of the Klez virus, and links to
    infection statistics and information about removing it from infected
    systems.
    http://www.net-security.org/virus_news.php?id=13

    --17 May 2002 Klez Still Spreading
    Klez continues to spread and to generate traffic due to response and
    refusal mechanisms.
    http://news.com.com/2100-1001-916945.html

    --15 May 2002 Linux Defacements on the Rise
    The number of defacements on computers running Linux is on the rise;
    the number of incidents this year so far is already almost twice that
    of last year's total. The defacements are especially prevalent on
    web sites with domain names of German-speaking countries: Germany
    (.de), Austria (.at) and Switzerland (.ch); many of the defacements
    appear to have been perpetrated by the same group, known as hax0rs lab.
    http://www.vnunet.com/News/1131782

    --15 May 2002 Australia Budgets $25 Million for Cyber Security
    The Australian government plans to spend $25 million to protect the
    country's banks, telecommunications companies and financial concerns
    from cyber criminals. The fact that many of these institutions are
    privately owned will complicate the effort.
    http://www.ds-osac.org/edb/cyber/new...y.cfm?KEY=8100

    --14 May 2002 Border Security Bill Mandates Biometric Data in
    Visitors' Documents
    President George W. Bush signed H.B. 3525 into law. The bill allows a
    $150 million budget for improving border security. Provisions include
    a requirement that all documentation issued to visiting foreigners
    contain biometric data. The bill also provides for creating a database
    of suspected terrorists.
    http://www.govexec.com/dailyfed/0502/051402td1.htm

    --14 May 2002 Flowgo Pop-up Ad Leads to Surreptitious Downloads
    People who clicked on a certain pop-up ad on the Flowgo site were taken
    to another site which appeared to be a digital slot machine and which
    actually exploited a flaw in old versions of Internet Explorer's Java
    engine to download files onto their computers. Researchers are not
    yet entirely sure what the files do; some monitor surfing habits and
    others let more files be sent to the computer. An install program
    also turns off firewalls.
    http://www.vnunet.com/News/1131727

    --14 May 2002 Phony Xbox Emulator Not a Trojan, Says Author
    The man who claims to have written the purported Trojan called "Net
    BUIE" disguised as an Xbox emulator says it is not a Trojan at all,
    but a failed attempt to make money on pay-per-click scheme. He made
    six revisions to the program; people who have downloaded the two
    most recent versions will get a pop-up window with instructions for
    uninstalling the program. The others will continue to get pop-ups,
    but their computers will not be harmed.
    http://www.vnunet.com/News/1131736

  2. #2
    str34m3r
    Guest
    That's cool. I especially liked the part about the kazaa virus. I've heard of all sorts of privacy issues, and various trojans and such, but this is the first I've heard of anything actually exploiting kazaa that wasn't intended by the authors.

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    410
    Ford Motor Credit Company authorization codes were fraudulently used
    to obtain 13,000 credit reports from Experian. Information on the
    reports, which were stolen over a ten-month period, includes names,
    addresses, social security numbers and bank and credit card account
    information. Ford has sent certified letters to all the people
    affected by the security breach, advising them to get copies of
    their credit reports and check them for unauthorized inquiries or
    incorrect information. The FBI is investigating
    Identity thieves should be shot. I live in one of the highest identity theft area's. The person's who identity is stolen, will suffer years of having to deal with it. Especially if the thief, Stole items, ruined the credit, killed someone, etc etc.
    savIRC :: The Multi-Platform IRC Client v. 1.8 [Released 9.04.02]

  4. #4
    Banned
    Join Date
    Mar 2002
    Posts
    520
    Thanks for all that news... Always keeping me posted on News... Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •