Brought to you by our friends at the SANS Institute.
SANS NewsBites August 28, 2002 Vol. 4, Num. 35
TOP OF THE NEWS
26 August 2002 Identity Theft Insurance
21 & 23 August 2002 Feds Raid ForensicTec Offices
23 August 2002 Proposed US Network Operations Center Would Centralize
Cyber Security Data
27 August 2002 FTC Releases "Safe At Any Speed" Security Guidance
THE REST OF THE WEEK'S NEWS
27 August 2002 Flying for WiFi
21 August 2002 Wardriving Day
26 August 2002 Hacker Demonstrates SSL Exploit
26 August 2002 Study Advocates Open Source for Governments
22 & 23 August 2002 Duload Worm Targets Kazaa Network
26 August 2002 VA Revamps Computer Disposal Policy
23 August 2002 Liquidated Computers Harbor Sensitive Data
25 & 26 August 2002 Attorney to Appeal Russian Hacker's Case
24 August 2002 OMB Orders IT Spending Freeze to Eliminate Redundant
Investments in Homeland Security
23 August 2002 Trillian Buffer Overflow Vulnerability
23 August 2002 Microsoft Releases Cumulative IE Patch
22 August 2002 Office and IE Holes
20 & 21 August 2002 Microsoft FTM Vulnerability
20 August 2002 Apache and Windows 2000 Holes
22 August 2002 Air Force Research Lab to Collaborate on Digital
22 August 2002 Nine Electronic Crimes Task Forces to be Established
21 August 2002 On Line Court Docs Pose Privacy Problems
21 August 2002 West Virginia DMV Shuts Down NASCAR Plate Site to
21 August 2002 Software Needs to be Better Secured
20 August 2002 Businesses are Improving Cyber Security
20 August 2002 Networking Information and Technology R&D Program Plans
19 August 2002 Security Event Management Systems
18 August 2002 Virtual Honeynets
23 August 2002 Top Ten Worms and Viruses
FREE WEB BROADCAST
Mark your calendar for September 4, 1 PM EDT (1700 UTC).
Visual displays and statistics to help catch intruders featuring David
Marchette. Plus Symantec's Brian Hernacki on Recourse Technology.
Listen live and ask questions, or, once you have an access code,
sign on later to listen to the webcast at your leisure.
TOP OF THE NEWS
--26 August 2002 Identity Theft Insurance
Identity theft insurance will usually cover expenses incurred by those
who have to endure the ordeal of identity theft. Victims often need
to take time away from work to deal with banks, credit card companies
and other concerns. The policy is usually available as a rider on
[Editor's Note (Schultz): I'd dispute any notion that infosec
insurance sales are doing all that well, but I'd be willing to bet
that identity theft insurance will be popular. Identity theft is
simply too prevalent already, it results in terrible inconvenience
for the victim, and it can be purchased as a rider to a home insurance
--21 & 23 August 2002 Feds Raid ForensicTec Offices
The FBI raided the offices of ForensicTec, the company that claimed it
had found vulnerable computer networks in the government and military
while conducting a security audit for an unrelated private firm.
The company allegedly peered into scores of files on these computers.
ForensicTec president Brett O'Keefe said their goal was to alert the
government to the need for better security and to gain good PR for
the company. Accessing a computer without permission is a felony in
the United States.
[Editors' Note (multiple): Last week your NewsBites editors decided not
to run this story because we sensed something wrong with a company
hacking a government agency and bragging about it. We included
the story this week because law enforcement involvement rounded it
out. Here are the URLs from last week that we excluded:
--23 August 2002 Proposed US Network Operations Center Would
Centralize Cyber Security Data
As a part of its National Strategy to Secure Cyberspace, the Bush
Administration is proposing to create a cyber-security Network
Operations Center that would serve as a single point of collection
for security related e-mail and other security data. The center
would bring together data from the National Infrastructure Protection
Center (NIPC), the Critical Infrastructure Assurance Office (CIAO),
the Department of Energy and commercial networks. In addition,
private networks would be encouraged to collect data to share with the
government. Concerns about the center include government agencies'
reluctance to share information with each other and the possibility
of privacy violations.
--27 August 2002 FTC Releases "Safe At Any Speed" Security Guidance
The US Federal Trade Commission today released a four page guide
to safety for computers connected to the Internet at high speed
(such as using DSL and cable). It's the first such document that
communicates effectively with the general public. The FTC is making
free printed color copies available to any groups that need them for
classes or handouts to customers or for any other purpose. See the
FTC note at the end of this issue for the address to request copies.
The electronic version is available in text and PDF format at the
new FTC InfoSecurity web site which will soon have a great deal more
THE REST OF THE WEEK'S NEWS
--27 August 2002 Flying for WiFi
The search for accessible wireless networks has taken to the sky.
A group A group calling itself WAFreeNet flew in a small plane
around Perth, Australia, looking for wireless networks. The group
says they want to map out the locations of other wireless networks
so they won't interfere with their own.
[Editor's Note (Murray): Yeah, right.]
--21 August 2002 Wardriving Day
On August 31, hackers plan to come together in Red Deer, Alberta for
the first Alberta International Wardriving Day, a contest to see
who can find the most wireless networks. There are no prizes for
participants; the event's organizer says it raises awareness about
security and privacy needs.
--26 August 2002 Hacker Demonstrates SSL Exploit
A Swedish hacker demonstrated for Reuters how he could easily break
into Microsoft server software used at several Swedish banks. He
exploited a vulnerability in Microsoft's implementation of the Secure
Socket Layer (SSL) standard. Microsoft claims it is not possible,
"I can't even see the theoretical possibility for it to happen",
said Mats Lindkvist, responsible for security at Microsoft in Sweden..
--26 August 2002 Study Advocates Open Source for Governments
A study from University of Maastricht's International Institute of
Infonomics strongly recommends that governments use open source
software instead of proprietary products. The study argues that
the use of open source software in governments would save money and
--22 & 23 August 2002 Duload Worm Targets Kazaa Network
A visual basic worm called Duload has been spreading through the
Kazaa file-sharing network. It arrives as an attachment and copies
itself to the system directory, modifies the registry so it loads on
every start, and places itself into a folder in the Windows directory
using a list of phony file names and makes that folder available to
people on the file-sharing network (39 copies). One of the variants
also downloads Trojans to infected computers.
--26 August 2002 VA Revamps Computer Disposal Policy
129 computers from the Department of Veterans Affairs (VA)
that contained sensitive information such as health records and
government credit card numbers were given away in Indianapolis.
The VA is revising its computer disposal policy. The VA's CIO says
the agency will buy an enterprise license for software that will erase
data from hard drives and will develop and establish a qualification
and certification program for all VA ISOs.
--23 August 2002 Liquidated Computers Harbor Sensitive Data
Two used computers bought from a liquidation firm on the Internet
turned out to contain quantities of sensitive information from the
businesses that originally owned them. The author suggests running a
magnet over hard drives before the computers are sold and instituting
legal action against those who expose others' personal information
by allowing it out with discarded computers.
--25 & 26 August 2002 Attorney to Appeal Russian Hacker's Case
A Seattle attorney who is defending one of the two Russian men
nabbed in an FBI sting plans to argue in his appeal that the FBI
agents violated US law when they downloaded the information from
the Russians' computers without a warrant. His line of argument is
similar to that used by Russian FSB officials who have charged the
FBI agent with criminal activity.
[Editor's Note (Murray): The legitimacy of this investigation turns
on a number of untested legal points including jurisdiction and
timely warrants. Better to have it decided on this case than on
an accusation of hacking against and authorized and supervised law
--24 August 2002 OMB Orders IT Spending Freeze to Eliminate
Redundant Investments in Homeland Security
The US Office of Management and Budget has ordered seven of the
agencies that will become part of the proposed Department of Homeland
Security to halt all IT project spending until it determines whether
or not proposed projects can be combined to save money. The OMB also
wants to make sure new projects will be compatible across the new DHS.
Ongoing projects are not affected by the spending freeze.
--23 August 2002 Trillian Buffer Overflow Vulnerability
The messenger client Trillian, v. 0.73 is vulnerable to a buffer
overflow attack. Trillian allows users to connect a variety of
instant messaging clients in a single interface. An analyst has
published a proof-of-concept attack for the vulnerability.
--23 August 2002 Microsoft Releases Cumulative IE Patch
Microsoft has issued a cumulative patch for Internet Explorer
(IE) that also addresses six vulnerabilities, the most serious of
which could allow attacker to take control of vulnerable machines.
The flaws affect IE versions 5.01, 5.5 and 6.0; older, unsupported
versions of IE may also be vulnerable. The patch also disables two
vulnerable ActiveX controls.
--22 August 2002 Office and IE Holes
Critical security holes In Microsoft's Office suite and Internet
Explorer could allow attackers to run programs on vulnerable computers,
possible reading files or even crashing machines. Microsoft has made
a patch for the vulnerability available.
--20 & 21 August 2002 Microsoft FTM Vulnerability
Microsoft warned customers of a security flaw in its File Transfer
Manager (FTM) program which is used to download certain software from
the company's web site. FTM users are urged to upgrade to the newest
version of the program which is available on Microsoft's FTM web site.
The flaw could allow an attacker to gain control of vulnerable systems.
FTM web site: http://transfers.one.microsoft.com/f...all/HomeIE.asp
--20 August 2002 Apache and Windows 2000 Holes
Security holes affect Apache server software version 2.0.39 and
earlier on Microsoft Windows 2000, IBM OS/2 and Novell Netware.
The Apache flaw, which could allow an attacker to access sensitive
information or execute code, affects only non-Unix platforms.
The Windows flaw, which could allow the attacker to obtain elevated
privileges on vulnerable systems, is in the Network Connection Manager
(NCM) component. There are patches available for both security holes.
--22 August 2002 Air Force Research Lab to Collaborate on Digital
The Air Force Research Laboratory (AFRL) Information Directorate will
work with a private sector company on the research and development
of digital watermarking technology. The goal is to develop digital
watermarking technology that will add security to identity documents.
It will also help identify phony documents.
--22 August 2002 Nine Electronic Crimes Task Forces to be Established
The US Secret Service plans to establish nine Electronic Crimes Task
Forces (ECTFs) across the country. Patterned after the one already
established in New York City, will allow IT specialists to share
information about cyber security threats without the risk of publicly
exposing problems. The US Patriot Act mandates the establishment of
an ECTF in every major city.
--21 August 2002 On Line Court Docs Pose Privacy Problems
States are increasingly putting court documents on line which pits
the right of access to public records against citizens' right to
privacy. Some states have imposed a moratorium on placing their public
records online until they have developed a policy regarding privacy.
Though much sensitive data is deleted, but remaining information,
such as bank account numbers and addresses, could abet identity
theft or other crimes.
--21 August 2002 West Virginia DMV Shuts Down NASCAR Plate Site to
West Virginia's DMV has shut down a web site that was used to sell
NASCAR license plates on line; the FBI is investigating allegations
that a hacker breached the site's security. The FBI has taken the
server, which contains credit card numbers of people who bought NASCAR
plates, as part of its investigation.
--21 August 2002 Software Needs to be Better Secured
According to security experts, bad software is to blame for the
increase in cyber attacks. Consumers need to demand better products
from manufacturers. White House cyber security advisor Richard Clarke
calls for boycotting software that is not secure. The National
Institute of Standards and Technology (NIST) has developed quality
assurance testing tools for software.
--20 August 2002 Businesses are Improving Cyber Security
US companies seem to be heeding the warning that the next arena for
a terrorist attack could be their computer systems. According to
a Computer Economics survey of 233 businesses, 77% of the companies
have bolstered their protection against cyber attacks like viruses and
hacker attacks; improvements include updating anti-virus software and
generating daily backups. A survey by SCI and the FBI found that 90%
of large corporations and government agencies discovered security
breaches in the past year.
--20 August 2002 Networking Information and Technology R&D Program
Plans for the federal Networking Information and Technology R&D (NITRD)
program include research in the areas of encryption and authentication
and high-speed wired and wireless security. The program also offers
graduate fellowships and postdoctoral research funding in areas of
advanced IT training. President Bush has requested $1.8 billion for
the program for fiscal 2003, an increase of $59 million over 2002.
--19 August 2002 Security Event Management Systems
The abundance of security systems available to administrators,
including firewalls, intrusion detection systems, anti-virus software
and content-filtering systems, can provide too much information to
process effectively and efficiently. The next generation of security
tools aims to address this problem. Called security event management
systems, they analyze and correlate data from a variety of security
systems on a central console.
--18 August 2002 Virtual Honeynets
This article from the Honeynet Project defines and describes the
deployment of self-contained and hybrid virtual honeynets.
[Editor's Note (Murray): Counter-espionage is not an exercise for
amateurs. One cannot buy it in a kit. If you do not know what you
will do with the results, do not collect them.]
--23 August 2002 Top Ten Worms and Viruses
This article describes the differences between worms, viruses and
Trojan horses, and offers descriptions of the ten worst viruses and
worms of all time. The article also offers advice for protecting
computers from infections: use anti-virus software and update it
regularly, don't open unexpected or suspicious e-mail attachments
and keep up to date with software patches and virus news.