Brought to you by our friends at the SANS Institute.


**********************************************************************
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 4, Number 30 July 23, 2002
Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Eugene Schultz
*********************************************************************

TOP OF THE NEWS
22 July 2002 Feds Endorse Security Benchmarks
22 July 2002 Homeland Security Strategy Calls For Widespread
Background Checks.
17 July 2002 Hacking Part of Chinese War Threat
17 July 2002 Student Charged With Hacking To Boost Her Grades
16 July 2002 House Votes To Increase Cybercrime Penalties


THE REST OF THE WEEK'S NEWS
22 July 2002 Congressman Davis Asks For Security Benchmarks In
Homeland Security Act
22 July 2002 PHP Hole Puts Web Servers At Risk
19 July 2002 Movie Industry Tracking Down Individuals Trading
Music Files
19 July 2002 Supova Worm Spreading Through Kazaa Network
15 July 2002 Frethem.K fits worm is spreading.
18 July 2002 Microsoft's Gates Says $100 Million Spent On Security
18 July 2002 Blue Cascades Report Cites Major Response Deficiencies
18 July 2002 Department of Homeland Security: NIST Out, Security
Teams In
18 July 2002 Yahoo Mail Filters Fixed
17 July 2002 European and US Lawmakers Work On Internet
Security/Privacy Issues
17/18 July 2002 National Strategy For Securing Cyberspace Due
September 11
16 July 2002 South Korean Activists Threaten DOS Protest Attack on US
16 July 2002 Liberty Alliance Network Identity Sign-On Standard
Unveiled
16 July 2002 Microsoft Backs SAML Standard
16 July 2002 CERT: Reported Security Flaws Increasing
15 July 2002 Cyberforensics Increasingly Used To Track Down Criminals

--Tutorials on Hacker Tools


TOP OF THE NEWS

--22 July 2002 Feds Endorse Security Benchmarks
A coalition of technology users in industry, academia, and government
joined to publish a Windows 2000 minimum security configuration
benchmark -- the first in a series of benchmarks for strengthening
security on systems.
http://www.fcw.com/fcw/articles/2002...n-07-22-02.asp
http://zdnet.com.com/2100-1105-944801.html
An eWeek evaluation of the testing program:
http://www.eweek.com/article2/0,3959,392579,00.asp
Download the benchmarks and testing tools: http://www.cisecurity.org

--22 July 2002 Homeland Security Strategy Calls For Widespread
Background Checks
The National Strategy for Homeland Security released last week calls
for background checks of people managing IT systems in corporations
that make up the nation's critical infrastructure. The report
specifically says, "Personnel with privileged access to critical
infrastructure, particularly [IT-based] control systems, may serve
as terrorist surrogates by providing information on vulnerabilities,
operating characteristics and protective measures."
http://www.computerworld.com/securit...,72921,00.html
The complete strategy document is posted at
http://www.whitehouse.gov/homeland/book/index.html

--17 July 2002 Hacking Part of Chinese War Threat
A Pentagon assessment of the threat China poses to its neighbors says
that computer hacking may be one of the tools China uses in executing
its goal of surprise, deception and shock. According to the report
China is exploring coercive strategies designed to bring Taipei to
terms quickly.
http://www.cnn.com/2002/WORLD/asiapc...wan/index.html
[Editor's Note (Ranum): Napoleon Bonaparte once commented that "given
the chance, a wise commander would employ lightning bolts if they are
available." Given the choice between hacking and ballistic warheads,
I'm amazed anyone sees hacking as a real concern in this case.]

--17 July 2002 Student Charged With Hacking To Boost Her Grades
Darielle Insler, a 22 year old University of Delaware student,
allegedly changed her grades in a math and a science class from "F's"
to "A's". She apparently fooled the human resources department into
setting new passwords for instructor accounts. She is charged with
multiple counts of identity theft and unauthorized access and misuse
of information on a computer system.
http://www.msnbc.com/news/781682.asp

--16 July 2002 House Votes To Increase Cybercrime Penalties
The US House of Representatives voted 385 to 3 to increase to 20 years
the maximum penalty for knowingly attempting to cause serious injury
through a cyberattack.
http://www.cnn.com/2002/TECH/industr....ap/index.html
http://www.usatoday.com/life/cyber/t...ybercrimes.htm


THE REST OF THE WEEK'S NEWS

--22 July 2002 Congressman Davis Asks For Security Benchmarks In
Homeland Security Act
Rep. Tom Davis (R, VA), who chairs the House Government Reform
Subcommittee on Technology and Procurement Policy, wrote to House
Majority Leader Dick Armey asking him to include minimum security
benchmarks in the Homeland Security Act. Davis' letter said the bill's
provisions would "significantly strengthen federal cyberpreparedness
by requiring all agencies to implement specific, baseline security
standards."
http://www.gcn.com/vol1_no1/daily-updates/19403-1.html

--22 July 2002 PHP Hole Puts Web Servers At Risk
A security hole in the PHP Hypertext Preprocessor (PHP) scripting
language used on many Web servers could allow an attacker to execute
code on affected systems or even take control of them.
http://www.computerworld.com/softwar...,72920,00.html
The advisory, a fixed version of PHP, and a work around for the
problem were released by the PHP Group and are available at:
http://www.php.net/release_4_2_2.php
[Editor's Note (Grefer): PHP is a recursive acronym.]

--19 July 2002 Movie Industry Tracking Down Individuals Trading
Music Files
The Motion Picture Association of America uses a specialized search
engine to track down copyrighted movies, then requests that the
ISP require the user to get rid of the file or lose their Internet
connectivity. MPAA says more than 100,000 users have gotten cease
and desist letters from their ISPs, and most comply.
http://www.siliconvalley.com/mld/sil...ws/3697951.htm
http://www.nando.net/technology/v-te...-3771890c.html

--19 July 2002 Supova Worm Spreading Through Kazaa Network
The Supova worm spreading through the Kazaa music and video file
sharing network. It destroys system files and then launches denial
of service attacks against religious web sites.
http://www.silicon.com/public/door?6...R1=silicon.com
For more a more technical description:
http://www3.ca.com/virusinfo/virus.asp?ID=12565
http://securityresponse.symantec.com...pova.worm.html

--15 July 2002 Frethem.K fits worm is spreading.
Frethem has many of the characteristics of last year's mass-mailing
worms. It uses its own SMTP engine to send itself to email addresses
that it finds in the Microsoft Windows Address Book and in .dbx,
.wab, .mbx, .eml, and .mdb files.
http://www.incidents.org/diary/index.html?id=163
http://www.sophos.com/virusinfo/anal...rethemfam.html

--18 July 2002 Microsoft's Gates Says $100 Million Spent On Security
Microsoft's Chairman Bill Gates claims the cost of its delay in
development to improve security has cost the company $100 million.
Despite these efforts the company continues to release security fixes
weekly, sometimes daily.
http://www.reuters.com/news_article....toryID=1221950
[Editor's Note (Schultz): Let's be fair to Microsoft. Just because
bugs are being found in current and older releases does not mean that
Microsoft's efforts to improve the security of its codes are a failure.
The real test will be new releases which, given what I have heard from
engineers who work at Microsoft, are likely to be less bug-riddled.]

--18 July 2002 Blue Cascades Report Cites Major Response Deficiencies
Blue Cascades was last month's high-level exercise sponsored
by the Pacific Northwest Economic Region (PNWER). It tested the
region's vulnerability to power outages and telecommunications
failures. Among other conclusions, the report said that Blue Cascades
showed that neither corporate nor government officials recognize their
"overwhelming dependency upon IT-related resources to continue business
operations and execute recovery plans."
http://computerworld.com/newsletter/...0.html?nlid=PM
[Editor's Note (Northcutt): This exercise that was cosponsored
by FEMA, The US Navy, and the Canadian Office of Critical
Infrastructure Protection and Emergency Preparedness. The
invitation and additional information about it can be found at
http://www.pnwer.org/pris/invitation.html]

--18 July 2002 Department of Homeland Security: NIST Out, Security
Teams In
The US House Select Committee writing the Department of Homeland
Security Act decided not to include the Computer Security Division
of the National Institutes of Standards and Technology in the
new division. Instead it is to stay at NIST. The House's version
also establishes Information Security Teams to test security
of federal agencies and assist them in improving security.
http://www.govexec.com/dailyfed/0702/071802td1.htm

--18 July 2002 Yahoo Mail Filters Fixed
Yahoo! Has altered the filters it was using to replace words in
malicious scripts. An error in the filters caused them to replace words
throughout messages sent to Yahoo! users, not just in the scripts.
http://www.idg.net/ic_888927_1794_9-10000.html
http://www.reuters.com/news_article....toryID=1215563

--17 July 2002 European and US Lawmakers Work On Internet
Security/Privacy Issues
Members of the European Parliament met with US legislators, regulators
and Vice President Cheney this week to "debate." Arlene McCarthy,
a member of the European Parliament said, "Expectations aren't
that the two approaches to Internet policy will become identical,
but that they can be compatible enough to help facilitate global
commerce and enforcement."
http://computerworld.com/governmentt...,72771,00.html
[Editor's Note (Schultz): Achieving any kind of agreement is going
to be exceptionally difficult. The US and Europe are worlds apart
when it comes to privacy expectation.]

--17/18 July 2002 National Strategy For Securing Cyberspace Due
September 11
Richard Clarke, the President's computer security adviser, said
Wednesday that an upcoming national plan to protect cyberspace will
include expectations for home users, as well as large companies
and the government. The new plan will be the Internet component of
the national strategy for homeland security announced by President
Bush. The CNN article also talks about plans for PC standards and
tools to help users keep their systems secure as part of the strategy.
http://story.news.yahoo.com/news?tmp...er_security_14
http://www.cnn.com/2002/TECH/ptech/0....ap/index.html

--16 July 2002 South Korean Activists Threaten DOS Protest Attack
on US
The White House and military web sites are the targets of a threatened
attack by South Korean activists angry about the deaths of two girls
struck by a US military vehicle on a road north of Seoul. The soldiers
driving the truck have been indicted and could face up to six years
in prison.
http://www.usatoday.com/life/cyber/t...ber-attack.htm

--16 July 2002 Liberty Alliance Network Identity Sign-On Standard
Unveiled
The Liberty Alliance, a Sun-backed consortium, released
technical specifications for federated network identity sign-on
as a secure method for identifying individuals using any manner
of internet-connected devices. Such standards will help Internet
merchants maintain ownership of their client data while sharing lead
information with others. Version 1.0 does not cover personal data,
but provides a format for exchanging authentication information while
holding the identity of the user safe.
http://computerworld.com/newsletter/...0.html?nlid=WK
http://www.theregister.co.uk/content/4/26210.html
The Liberty Alliance is an alternative to Microsoft's Passport
program. Liberty's press release may be found at:
http://www.projectliberty.org/press/...2-07-15-1.html

--16 July 2002 Microsoft Backs SAML Standard
Microsoft architect Kim Cameron said that Microsoft would Security
Assertion Mark-up Language (SAML), which was developed by the
twelve members of OASIS ) Organization for Advancement of Structured
Information Standards). This announcement raises the possibility of
greater interoperability with standards supported by other groups,
including Sun Microsystems.
http://www.theregister.co.uk/content/4/26211.html

--16 July 2002 CERT: Reported Security Flaws Increasing
Larry Rogers of the CERT Coordination Center at Carnegie Mellon
University reports that the number of reported security flaws has
jumped from 2400 for all of last year to more than 1,000 for just
the first three months of this year.
http://news.zdnet.co.uk/story/0,,t269-s2119219,00.html

--15 July 2002 Cyberforensics Increasingly Used To Track Down
Criminals
The FBI recently made a case against a New Jersey gambling operation
using data obtained with a password uncovered through a keystroke
logging program. Police are finding it easier to get electronic
records because of the Patriot Act passed in the aftermath of
September 11. Privacy advocates are concerned police have too much
power to snoop.
http://abcnews.go.com/sections/us/Da...uth020715.html
[Editor's Note (Northcutt): This is a well written article. A very
clear expression of the concerns of privacy advocates is the ACLU
briefing on the subject: http://www.aclu.org/congress/l110101a.html]

--Tutorials on Hacker Tools
These are two excellent articles summarizing hacker tools. The
Symantec article provides foundation knowledge while the article by
Ed Skoudis called "Faster, Stealthier? More Dangerous," in Information
Security magazine, provides a unique look at the newest developments in
hacker techniques. (The following is a shameless plug) Ed is one of the
two lead faculty members for SANS Hacker Exploits hands-on class and
also one of the two highest rated speakers on the topic in the world.
Symantec:
http://enterprisesecurity.symantec.c...12493901&EID=0
Skoudis: http://www.infosecuritymag.com/2002/jul/faster.shtml