NEWS: This weeks security news
Results 1 to 4 of 4

Thread: NEWS: This weeks security news

  1. #1
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,121

    NEWS: This weeks security news

    Brought to you by our friends at the SANS Institute.

    This weeks highlights:

    • XP SP1 slips in some very critical updates.
    • Apache/mod_ssl worm 10,000+ systems taken over.
    • Modified electronics can affect aircraft control.


    Feel free to bring your ideas to the post and discuss.

    Feel free to bump also. It will die when its ready

    Till next week.

    PS... you can find past news posts at the bottom of the page.



    ***********************************************************************
    SANS NewsBites September 17, 2002 Vol. 4, Num. 38
    ***********************************************************************

    ALERTS
    13 & 14 September 2002 Apache/mod_ssl Worm
    10 & 11 September 2002 SP1 Quietly Addresses Serious XP Vulnerability


    TOP OF THE NEWS
    13 September 2002 Victoria, Australia Legislation Ups Cybercrime
    Penalties
    12 & 13 September 2002 Hole in Word Allows File Theft
    10 September 2002 Security Budgets on the Rise

    THE REST OF THE WEEK'S NEWS
    13 September 2002 Thieves Use e-Merchant's Account to Check Validity
    of Stolen Credit Cards
    12 & 13 September 2002 Outlook Express MFR Vulnerability
    12 August 2002 DNA Fingerprint Developer Doesn't Like Storage
    Practices
    12 September 2002 Taiwan Government to Hold Cyber Intrusion Challenge
    11 September 2002 W32/Chet-A Worm
    11 & 12 September 2002 Conflict with Iraq Likely to Increase Cyber
    Incidents
    11 September 2002 Modified Electronic Devices Could Interfere with
    Plane Controls

    11 September 2002 Disaster Recovery Plans Should Include Current
    Configuration Settings
    10 & 12 September 2002 What The NSSC Won't Include
    10 September 2002 Cisco VPN 3000 Series Vulnerabilities
    10 September 2002 New Version of SQL Server Will be More Secure
    10 August 2002 San Antonio Runs Cyber Attack Drill
    9 September 2002 Schmidt Says Develop IT Security Systems for SCADA
    10 September 2002 TVA Enhances Security
    10 September 2002 Emergency Alert System Vulnerability
    9 September 2002 H1-B Visa Applicants Not Adequately Investigated
    9 September 2002 MS Seeks Engineer to Examine Xbox Chip Modifications
    8 September 2002 Addressing Computer Intrusions




    ALERTS
    --13 & 14 September 2002 Apache/mod_ssl Worm
    CERT/CC has issued an advisory warning of a self-replicating worm
    dubbed Apache/mod_ssl that exploits a vulnerability in OpenSSL to
    create a distributed network that could be used to launch a denial
    of service attack. It is also known as linux.slapper.worm and
    bugtraq.c worm.
    http://news.com.com/2100-1001-957987.html
    http://www.cert.org/advisories/CA-2002-27.html
    [Editor's Note (Paller): Well over 10,000 systems have been taken
    over and are "collected" in controlled attack groups which could
    launch DDOS attacks with substantial power. More systems are falling
    every minute. If you have not fixed this problem, please do it now.
    Guidance is at the CERT site above. More skilled security professionals
    will find additional details at the Internet Storm Center site:
    http://isc.incidents.org/analysis.html?id=167]

    --10 & 11 September 2002 SP1 Quietly Addresses Serious XP
    Vulnerability
    A specially crafted URL could make Windows XP delete entire directories
    from vulnerable machines. Though Microsoft has known about the
    problem since June, it is only in the recently released Windows XP
    Service Pack 1 that the vulnerability is addressed.
    http://www.pcworld.com/news/article/0,aid,104810,00.asp
    http://www.theregister.co.uk/content/4/27074.html
    http://www.jmu.edu/computing/security/info/xphelp.shtml
    http://www.security.nnov.ru/search/d...asp?docid=3370
    http://www.security.nnov.ru/search/d...asp?docid=3370
    [Editor's Note (Northcutt): This is a serious flaw. You should
    probably run Windows Update and install Service 1 as soon as possible.
    The Microsoft update web page said it would take 3 - 5 minutes on DSL,
    but it took me 90 minutes.
    (Paller) If your employer is not allowing you to run XP1 (because
    it has not been fully tested) run Steve Gibson's quick fix at
    http://grc.com/xpdite/xpdite.htm. It works instantly and protects
    you from one of the worst of the XP vulnerabilities- one wfor which
    exploits are already appearing.]

    [xmaddness's note: We actually have a thread by Euclid demonstrating this bug found here:
    Crazy XP Sploit!. Thanks goes to Euclid for bringing this up.




    TOP OF THE NEWS
    --13 September 2002 Victoria, Australia Legislation Ups Cybercrime
    Penalties
    Cyber criminals in Victoria, Australia could receive prison sentences
    of up to ten years for their actions, according to new legislation. The
    Crimes (Property Damage and Computer Offences) Bill repeals older
    laws that provide for more lenient sentencing and it also fills in
    gaps left by the federal Cybercrime Act, which limits its focus to
    Commonwealth computers and cybercrimes committed with phone devices.
    http://www.ds-osac.org/edb/cyber/new...y.cfm?KEY=9008
    http://www.heraldsun.news.com.au/com...0,5478,5085309^2862,00.html

    --12 & 13 September 2002 Hole in Word Allows File Theft
    A security hole in all versions of Microsoft Word can be manipulated
    to steal files. Though the vulnerability is most severe in Word
    97, Microsoft plans to fix it only in the most recent releases.
    The attacker would need to know the name and location of the file he
    was trying to steal.
    http://news.com.com/2100-1001-957786.html
    http://www.cnn.com/2002/TECH/ptech/0....ap/index.html
    http://www.msnbc.com/local/pisea/86882.asp?0dm=T13IT

    --10 September 2002 Security Budgets on the Rise
    A survey of nearly 300 high level IT managers conducted by Vista
    Research along with Harris Interactive found that information security
    budgets increased over the last year. A senior analyst said that
    increased spending is triggered by security breaches in the short
    term and by regulations in the long term.
    http://news.com.com/2100-1001-957364.html



    THE REST OF THE WEEK'S NEWS

    --13 September 2002 Tool Lets XP Pirates Download SP1
    Software pirates have released a tool that will allow people running
    pirated versions of Windows XP to download the recently released
    Service Pack 1.
    http://www.vnunet.com/News/1135007

    --13 September 2002 Thieves Use e-Merchant's Account to Check
    Validity of Stolen Credit Cards
    Credit card thieves apparently broke into an on line e-merchant account
    to test the validity of credit cards that would then be sold on the
    Internet black market. The system processed 140,000 phony charges of
    $5.07 apiece; about 62,000 of the charges were approved for a total
    of more than $300,000, but a large number of those were halted before
    the money was ever credited to the e-merchant's account.
    http://www.msnbc.com/news/807675.asp?0dm=C21BT

    --12 & 13 September 2002 Outlook Express MFR Vulnerability
    The message fragmentation and re-assembly (MFR) feature in Microsoft
    Outlook Express can be exploited to bypass STMP content filtering
    software allowing malicious code to get past the filters.
    http://www.theregister.co.uk/content/55/27095.html
    http://www.pcworld.com/news/article/0,aid,104924,00.asp
    Beyond Security Advisory & Vendor Responses:
    http://www.securiteam.com/securitynews/5YP0A0K8CM.html

    --12 August 2002 DNA Fingerprint Developer Doesn't Like Storage
    Practices
    Professor Sir Alec Jeffreys, the man who invented DNA fingerprinting,
    is uncomfortable with the practice of storing the genetic information
    of crime suspects who have been cleared of wrongdoing; he proposes
    that all UK citizens have their DNA fingerprints held in a database
    to be managed by a specially created body. Then everybody would be
    "in ? the same boat."
    http://news.bbc.co.uk/1/hi/in_depth/...02/2252782.stm

    --12 September 2002 Taiwan Government to Hold Cyber Intrusion
    Challenge
    After witnessing the nation's most severe cyber attacks ever on
    government systems, Taiwanese Premier Yu Shyi-kun proposed a plan to
    allow Taiwan-based computer users to try and break into government
    systems in order to identify vulnerabilities. Successful intrusions
    will be rewarded. The plan is not to have a free-for-all, but to
    give each participant in the exercise a certain amount of time and
    to designate certain systems to be used as targets.
    http://www.securitynewsportal.com/cg...one&id=91&op=t
    [Editor's Note (Schultz): This plan is completely irresponsible.
    It not only is likely to result in unanticipated, negative consequences
    (just like the recent Korean hacking challenge fiasco), but it also
    amounts to still another "hacker challenge," something that ends up
    legitimizing the unethical behavior of the black hat community.
    (Northcutt) While they may gain some benefit from a freestyle hackfest,
    a controlled, systematic approach to security and penetration testing
    will garner better results. In 1999 and 2000 China and Taiwan were
    engaged in a spirited cyberwar primarily going after each other's
    websites. It is harder to get specific current information other than
    "leaked" government reports:
    http://www.siliconvalley.com/mld/sil...ey/3132466.htm
    http://www.cnn.com/2002/WORLD/asiapc.../china.taiwan/
    If we have readers in Taiwan and you have additional information on
    this story, please send what you know to taiwan@sans.org. ]

    --11 September 2002 W32/Chet-A Worm
    The W32/Chet-A worm infects some Windows systems when the recipient
    opens the attached .exe file. The worm is capable of infection and
    self-replication, but the choppy language of the e-mail's body and
    the fact that it arrives as an .exe attachment reduce the likelihood
    that people will be fooled into opening the attachment. The worm also
    has bugs and doesn't work on many systems.
    http://www.computerworld.com/securit...,74153,00.html
    http://news.com.com/2100-1001-957493.html
    http://www.msnbc.com/news/806381.asp

    --11& 12 September 2002 Conflict with Iraq Likely to Increase
    Cyber Incidents
    Security firm mi2g says that a pro-Islamic hacker group calling itself
    Unix Security Guard (USG) has launched attacks on three computer
    systems hosted by AOL TimeWarner. Mi2g believes the incidence of such
    attacks will escalate as the tensions between the US and Iraq increase.
    http://news.bbc.co.uk/2/hi/technology/2250993.stm
    http://www.mi2g.com/cgi/mi2g/press/100902.pdf
    http://www.it-director.com/article.php?id=3191

    --11 September 2002 Modified Electronic Devices Could Interfere
    with Plane Controls
    A technology expert says that terrorists could modify a variety of
    personal electronic devices and use them to interfere with aircraft
    control systems. Speaking at the InfoWar conference in Washington DC,
    Chet Uber maintained that electronic devices should not be allowed
    inside commercial airplanes until it is determined that they are safe.
    http://www.newscientist.com/news/news.jsp?id=ns99992780


    [xmaddness's note: This has actually been brought up before. The newer boeing 777 uses radio controls to control the rear stabilzers, airloins, etc. If someone was to get control of that frequency....]


    --11 September 2002 Disaster Recovery Plans Should Include Current
    Configuration Settings
    Disaster recovery plans often focus on site redundancy and back
    up storage, but neglect to address the need for keeping current
    documentation of all IT configuration settings. IT disaster recovery
    plans need to be updated continuously. Having accurate information
    about the latest configurations can hasten business restoration in
    the event of a disaster. The article also describes the five states
    of a typical disaster recovery.
    http://www.net-security.org/article.php?id=174

    --10 & 12 September 2002 What The NSSC Won't Include
    The National Strategy for Securing Cyberspace, which will be
    released this Wednesday September 18th, will not place any further
    regulations on software companies to create and sell more secure
    products. Broadband companies will not be required to provide firewalls
    for their users, and the NSSC has no enforcement provisions for those
    who do not abide by its guidelines.
    http://www.zdnet.com/anchordesk/stor...879777,00.html
    http://www.washingtonpost.com/wp-dyn...-2002Sep9.html

    --10 September 2002 Cisco VPN 3000 Series Vulnerabilities
    Cisco issued an advisory describing 13 vulnerabilities in its VPN 3000
    series concentrators; some of the security holes could allow hackers
    access to secure networks or the ability to launch denial-of-service
    attacks.
    http://www.computerworld.com/securit...,74122,00.html
    Cisco advisory:
    http://www.cisco.com/warp/public/707...vuln-pub.shtml

    --10 September 2002 New Version of SQL Server Will be More Secure
    SQL Server's design architect says the next version of the database
    management software will have improved security. Among the
    new features are the ability to install fixes with ease, tighter
    administrative control over who gets to see what data and the default
    disabling of public access to tables.
    http://zdnet.com.com/2100-1104-957454.html

    --10 August 2002 San Antonio Runs Cyber Attack Drill
    The city of San Antonio, Texas is beginning a three-phase cyber
    attack disaster drill. As part of Operation Dark Screen, groups of
    government and business leaders will figure out what plans of action
    they would need to take in the event of an attack on the city's
    power grid or financial system. Phase two will involve identifying
    and addressing security holes. Phase three will be in the form of
    a white-hat cyber attack
    http://news.mysanantonio.com/story.c...808815&xld=180

    --9 September 2002 Schmidt Says Develop IT Security Systems for SCADA
    Howard Schmidt, co-chairman of the President's Critical Infrastructure
    Protection Board, maintains research still needs to be done to develop
    IT security systems capable of supporting the Supervisory Control
    and Data Acquisition (SCADA) systems which are used to regulate the
    flow of electricity, natural gas and other elements of the energy
    industry. This is especially important in light of the fact that a
    recent security exercise in the Northwest demonstrated that attacks
    aimed at the area's electric power caused cascading power failures
    throughout the west, which in turn led to disruption in other elements
    of critical infrastructure.
    http://www.computerworld.com/governm...,74077,00.html

    --10 September 2002 TVA Enhances Security
    The Tennessee Valley Authority - tbe largest energy producer in the US
    - - has taken steps to ramp up their IT security. The 700 employees
    have
    had education and training, the TVA has learned from other agencies'
    security efforts, and has staged attacks to test mitigation strategies.
    http://www.eweek.com/article2/0,3959,525968,00.asp

    --10 September 2002 Emergency Alert System Vulnerability
    The Emergency Alert System (EAS), which the president can use to
    take control of US airwaves in the event of a national emergency,
    is vulnerable to spoofing. The data headers, which precede the alert
    tone and spoken message, do not include any sort of authentication.
    Because normal broadcasting doesn't resume until an end-of-message
    indicator is transmitted, the vulnerability could be manipulated to
    keep stations off the air for extended periods of time.
    http://online.securityfocus.com/news/613

    --9 September 2002 H1-B Visa Applicants Not Adequately Investigated
    A General Accounting Office (GAO) report found that the US government
    did not take adequate steps to investigate the backgrounds of
    immigrants applying for H1-B visas; the special visas would allow
    them to work with sensitive information that could be used by other
    countries to develop weapons.
    http://www.washingtonpost.com/wp-dyn...-2002Sep9.html

    --9 September 2002 MS Seeks Engineer to Examine Xbox Chip
    Modifications
    Microsoft is seeking to fill a position dubbed "Software Design
    Engineer;" attendant responsibilities include examining and analyzing
    Xbox modification chips.
    http://www.theregister.co.uk/content/4/27020.html
    http://news.com.com/2100-1040-957160.html

    --8 September 2002 Addressing Computer Intrusions
    Colin Crook, whose former employer, Citigroup, suffered cybertheft
    that nearly cost them $10 million, spoke at the Systems Approach to
    Terrorism Conference. Crook, who is now a senior fellow at Wharton's
    SEI Center for Advanced Studies in Management, said it's important
    to be able to recognize the signs that your systems are suffering
    intrusion attempts; he also described cyber attack risk factors
    including concentration of computing power, interconnectedness and
    standardization.
    http://news.com.com/2009-12-956901.html
    [Editor's Note (Paller): Colin sent us a note summarizing his three
    rules: 1.Never trust a network, 2.Always authenticate the user, 3.The
    Application must always defend itself, even with both of the above.]

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    What it tells me is that the software manufacturers can't keep up with the other guys, or aren't willing to try that hard. Microsoft made a half hearted attempt, but their concern is on their stockholders and profit margin. Why don't they hire the folks doing it to fix their systems?

  3. #3
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,121
    Well, It seems that SP1 for XP takes care of the problem. Can anyone confirm this? The link to the test is in the article. I have heard some people that have had other problems with SP1 for XP, can anyone else tell me if this is true?

    The other day I was speaking with hogfly and he said a friend of his installed XP home on a laptop and it actually installed sound card drivers for the modem. One more reason why I don't trust XP. It seems that MS once again is only there to rush its product onto the market without beta testing it properly first. This IMO is downright unacceptable. MS has done some pretty bad things in the past and this is not helping their PR at all now. MS really needs to rethink its approach to how they test their software, or they face loosing more and more business in the future. They have already lost my business. Once win2kpro is no longer supported, I am moving fully to linux and not looking back.

  4. #4
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    The slapper worm can be detected by downloading: http://www.chkrootkit.org/

    along with a lot of other nasties !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •