[ga] FYI Sans security info and report - SANS NewsBites Vol. 3 Num. 45
All assembly members, As I had posted twice before and followed up on by Roeland I
am
============== Copy follows ============== Today is the deadline for the early registration discount for Cyber
Defense West in San Francisco next month (www.sans.org) and both Cyber
Defense East (Washington DC) and West programs will have the full five-day
hands-on hacker exploits course, the nation's highest rated security training
program) as well as other great immersion training tracks. AP **********************************************************************
SANS NEWSBITES The SANS Weekly Security News Overview Volume 3, Number
45 November 7, 2001 Editorial Team: Kathy Bradford, Dorothy Denning, Roland
Grefer, Vicki Irwin, Bill Murray, Stephen Northcutt, Alan Paller, Marcus
Ranum, Howard Schmidt, Eugene Schultz **********************************************************************
TOP OF THE NEWS 5 November 2001 Netcraft Survey Says 130,000 IIS Users
Switched to Apache 2 November 2001 Passport e-Wallet Vulnerability 1 November
2001 California Court Says DeCSS is "Pure Speech" 31 October & 1 November
2001 NY Times Attack Was Nimda, Not DoS 30 October 2001 Nimda-E Still A
Major Problem THE REST OF THE WEEK'S NEWS 1 & 2 November 2001 Aibo
Hacker Threatened With DMCA 1 November 2001 Florida IS Director Wants Critical
Infrastructure Protection Center 1 November 2001 A Place for Hackers to
Work 31 October & 1 November 2001 Virus-Tainted DVD Recalled 31 October
2001 Proposed European Legislation Takes Aim at Cookies 31 October 2001
Sewage spills; Hacker jailed 31 October 2001 Phony WTO Site 31 October
2001 The Human Element of Security 30 October 2001 Plans for a Virtual
Pentagon 30 October 2001 Microsoft Warns Against Installing Pirated Versions
of Windows XP 1 November 2001 Microsoft Admits XP Has Been Cracked UPCOMING
TRAINING OPPORTUNITIES **Microsoft IIS Security in multiple cities **Hackers
Beware: Live! in multiple cities **Three Rivers SANS (1 track), Pittsburgh,
PA, Nov. 15-20 **North Pacific SANS (1 track), Vancouver, BC, Nov. 15-20
**SANS Cyber Defense Initiative (6 tracks), Wash. DC, Nov. 27 - Dec. 3
**SANS Cyber Defense Initiative (3 tracks), San Fran. CA, Dec. 16-22 **SANS
Gateway Asia (2 tracks), Singapore, Jan 10-15 **SANS Down Under (1 tracks),
Melbourne, Jan 10-15 **SANS Darling Harbour (4 tracks), Sydney, Jan 19-24
**Plus new, on-line, security training programs. See www.sans.org for details.
************************ Sponsored by NetIQ **************************
FREE SECURITY GUIDE: Get the in-depth knowledge you need to secure your
enterprise with NetIQ's FREE step-by-step security guide - "Selecting The
Right Security Solution" - at http://www.netiq.com/f/form/form.asp?id=109
NetIQ's security solutions not only identify intruders, but ensure that
threats don't ever become incidents. ***********************************************************************
TOP OF THE NEWS --5 November 2001 Netcraft Survey Says 130,000 IIS Users
Switched to Apache Netcraft's September survey of 33 million web servers
showed 300,000 fewer IIS servers than in August, with 130,000 of those
sites moving to Apache. The survey also reported that 11 percent of all
IIS servers were infected and completely unprotected from exploitation
and use by malicious persons. http://www.cw360.com/bin/bladerunner?REQSESS=Z097P4P&690REQEVENT=&CARTI=107480&CARTT=14&CCAT=2&CCHAN=20&CFLAV=1&CPAGEN=ArticlePage&CPAGET=-99999&CSEARCH=&CSESS=-99999&CTOPIC=
--2 November 2001 Passport e-Wallet Vulnerability A researcher discovered
that by sending specially constructed e-mails to Hotmail accounts, he could
view the contents of that user's Passport e-wallet. Marc Slemko alerted
Microsoft to the vulnerability, and the company temporarily shut users
out of their e-wallets while they fixed the network. http://www.msnbc.com/news/652089.asp?0dm=C219T
[Editor's (Schultz) Note: At least two years ago a number of malicious
Java applets (e.g., "BookMarker," "DemonDialer," and "Pickpocket") that
raid electronic wallets surfaced. These applets are still widely available
at certain web sites. (Irwin) The summary paragraph makes it sound like
Microsoft fixed the problem after being alerted. And, in the most literal
sense, they did. But if you read Mark Slemko's paper, you'll see that there
is a fundamental design flaw in the Passport "single sign-on" implementation
... specifically (quoting the paper) "The Hotmail HTML filtering hole and
this particular cross-site scripting issue on passport.com will quickly
be fixed, making this particular exploit stop working. But unless the deeper
issues are addressed, it is still fairly trivial to come up with a new
exploit using slightly different techniques. The key problems here are
that the cookies go to all passport.com servers, broadening the attack
space, and that when the user uses a password to authenticate for one purpose,
the resulting token can be used for other purposes." Incidents.Org Handler's
Diary article for a technical overview http://www.incidents.org/diary/november01/110501.php#2
Mark Slemko's paper http://alive.znep.com/~marcs/passport/] --1 November
2001 California Court Says DeCSS is "Pure Speech" A three judge panel of
the California Court of Appeal has ruled that DeCSS, the program written
to descramble DVDs, is "pure speech" and web sites posting the program
are protected by the First Amendment. http://www.msnbc.com/news/651673.asp?0dm=C16PT
http://www.wired.com/news/print/0,1294,48075,00.html http://news.cnet.com/news/0-1005-200-7751876.html?tag=prntfr
--31 October & 1 November 2001 NY Times Attack Was Nimda, Not DoS What
at first appeared to be a denial-of-service attack on the New York Times
computers instead turned out to be the work of a variant of the Nimda worm.
http://news.cnet.com/news/0-1003-200-7739301.html?tag=prntfr http://www.computerworld.com/storyba/0,4125,NAV47_STO65249,00.html
--30 October 2001 Nimda-E Still A Major Problem Complete analysis at. http://www.incidents.org/diary/october01/103001.php#1
****************** Also Sponsored by VIGILANTe ***********************
A new generation of distributed vulnerability assessment solutions now
available! Bring your company's level of internal and external network
security into the 21st century of protection. You can achieve unparalleled
efficiency and flexibility through a unique third generation distributed
vulnerability scanning technology, providing single console real-time testing
of multiple remote systems. To find out more, please go to http://www.vigilante.com/info/SANS/
**********************************************************************
THE REST OF THE WEEK'S NEWS --1 & 2 November 2001 Aibo Hacker Threatened
With DMCA Sony is threatening to invoke the Digital Millennium Copyright
Act (DMCA) against a hacker who has tinkered with the electronics company's
Aibo robotic dog and placed software enhancements on his web site. The
augmented programs still require that users purchase Sony Memory Sticks.
http://news.cnet.com/news/0-1006-200-7746625.html?tag=prntfr http://www.wired.com/news/business/0,1367,48088,00.html
--1 November 2001 Florida IS Director Wants Critical Infrastructure Protection
Center Florida's Information Security Office Director is asking the State
legislature to establish and fund a critical infrastructure protection
center to alert law enforcement, infrastructure managers, some private
companies and emergency workers in the event of an attack. The center would
have four levels of redundancy, including a secure Internet connection,
to ensure communications. http://www.gcn.com/vol1_no1/daily-updates/17400-1.html
--1 November 2001 A Place for Hackers to Work Thubten Comerford, a former
Buddhist monk and now the CEO of White Hat Technologies, takes issue with
using the word "hackers" to refer to bad guys. Comerford created his company
to guide young hackers toward helping people. http://www.theregister.co.uk/content/55/22599.html
[Editor's (Murray) Note: "By their fruits you shall know them." Like it
or not, the word carries a lot of baggage. It seems to mean those who reject
professionalism, formal and supervised learning, order, identification
with the community of users, identification with the common good, submission
to authority, discipline, private property, etc. It seems to mean those
that reserve the right to interfere with, not to say contaminate, the systems
of others. That is the fault of those who so identify and how they behave,
not of the rest of us. Anyone who does not like the baggage that comes
with the word can simply reject the identification. "A rose is a rose is
rose" and garlic by any name still smells like garlic. (Paller) Bill may
be right and the task may be harder than Mr. Comerford thinks, but I for
one, wish him great success.] --31 October & 1 November 2001 Virus-Tainted
DVD Recalled In the first reported instance of a DVD acting as the vector
of infection, a Powerpuff Girls cartoon DVD has been recalled because it
contains the Funlove virus. The virus infects PCs when the disk's supplemental
software is installed; DVD players are unaffected. http://news.cnet.com/news/0-1003-200-7735109.html?tag=prntfr
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1632000/1632896.stm --31
October 2001 Proposed European Legislation Takes Aim at Cookies The European
Commission has introduced legislation that would prohibit the use of cookies,
or personal identification tags. Proponents of the proposed directive maintain
cookies violate citizens' privacy; people in the advertising business say
the move, if approved, could seriously damage e-commerce and Internet advertising
sales. http://www.wired.com/news/politics/0,1283,48025,00.html [Editor's
(Schultz) Note: This news item once again shows the clash of two cultures,
the one in the US (in which insufficient attention to privacy is paid),
and the one in much of Europe, where privacy is a major concern. What we
are seeing here is a proverbial time bomb waiting to go off.] --31 October
2001 Sewage spills; Hacker jailed An Australian man was sent to prison
for two years after he was found guilty of hacking into a Queensland computer-controlled
waste management system and causing millions of gallons of raw sewage to
spill out into local parks, rivers and even the grounds of a Hyatt Regency
hotel. http://www.theregister.co.uk/content/4/22579.html --31 October 2001
Phony WTO Site A phony WTO site that has been around for two years recently
changed its appearance to closely resemble that of the official site; the
phony site also began collecting e-mail addresses of visitors without permission.
Some search engines are sending surfers to the fake site instead of the
real one. http://www.computerworld.com/storyba/0,4125,NAV47_STO65229,00.html
--31 October 2001 The Human Element of Security John Dickinson reminds
readers that people are an important line of defense in computer security:
don't open attachments if you don't know what they are, who they're from
or weren't expecting them, be wary of attachments with certain extensions,
including .exe, .vbs, and .dll, and adjust program security settings. http://www.zdnet.com/zdnn/stories/comment/0,5859,2821467,00.html
--30 October 2001 Plans for a Virtual Pentagon The Defense Department (DoD)
is working on plans for a "virtual Pentagon" or "distributed Pentagon"
that would allow DoD employees to keep working after a disaster. The September
11 attack underscored the need for distributed remote storage sites and
redundant measures to avoid single points of failure. http://www.fcw.com/fcw/articles/2001/1029/web-pent-10-30-01.asp
--30 October 2001 Microsoft Warns Against Installing Pirated Versions of
Windows XP Microsoft warns users not to install pirated versions of the
recently released software because it could leave them vulnerable to malicious
code. An IT security firm says the software's copy protection has been
broken. http://www.newsbytes.com/news/01/171651.html --1 November 2001
Microsoft Admits XP Has Been Cracked Crackers have been distributing code
that removes the product activation technology from Windows XP, allowing
users to install the software on multiple machines. Microsoft is aware
of the situation. http://www.computerworld.com/storyba/0,4125,NAV47_STO65240,00.html
==end== Please feel free to share this with interested parties via email
(not on bulletin boards). For a free subscription, (and for free posters)
e-mail sans@sans.org with the subject: Subscribe NewsBites To change your
subscription, address, or other information, visit http://www.sans.org/sansurl
and enter your SD number (from the headers.) You will receive your personal
URL via email. You may also email |