ICANN/DNSO
DNSO Mailling lists archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] FYI Sans security info and report - SANS NewsBites Vol. 3 Num. 45

  • To: General Assembly of the DNSO <ga@dnso.org>
  • Subject: [ga] FYI Sans security info and report - SANS NewsBites Vol. 3 Num. 45
  • From: Jeff Williams <jwkckid1@ix.netcom.com>
  • Date: Wed, 07 Nov 2001 18:18:47 -0800
  • Organization: INEGroup Spokesman
  • Sender: owner-ga@dnso.org

All assembly members,

  As I had posted twice before and followed up on by Roeland I am
forwarding the following regarding the Sans classes and news for
your review.

==============  Copy follows ==============

Today is the deadline for the early registration discount for Cyber Defense West in San Francisco next month (www.sans.org) and both Cyber Defense East (Washington DC) and West programs will have the full five-day hands-on hacker exploits course, the nation's highest rated security training program) as well as other great immersion training tracks. AP ********************************************************************** SANS NEWSBITES The SANS Weekly Security News Overview Volume 3, Number 45 November 7, 2001 Editorial Team: Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin, Bill Murray, Stephen Northcutt, Alan Paller, Marcus Ranum, Howard Schmidt, Eugene Schultz ********************************************************************** TOP OF THE NEWS 5 November 2001 Netcraft Survey Says 130,000 IIS Users Switched to Apache 2 November 2001 Passport e-Wallet Vulnerability 1 November 2001 California Court Says DeCSS is "Pure Speech" 31 October & 1 November 2001 NY Times Attack Was Nimda, Not DoS 30 October 2001 Nimda-E Still A Major Problem THE REST OF THE WEEK'S NEWS 1 & 2 November 2001 Aibo Hacker Threatened With DMCA 1 November 2001 Florida IS Director Wants Critical Infrastructure Protection Center 1 November 2001 A Place for Hackers to Work 31 October & 1 November 2001 Virus-Tainted DVD Recalled 31 October 2001 Proposed European Legislation Takes Aim at Cookies 31 October 2001 Sewage spills; Hacker jailed 31 October 2001 Phony WTO Site 31 October 2001 The Human Element of Security 30 October 2001 Plans for a Virtual Pentagon 30 October 2001 Microsoft Warns Against Installing Pirated Versions of Windows XP 1 November 2001 Microsoft Admits XP Has Been Cracked UPCOMING TRAINING OPPORTUNITIES **Microsoft IIS Security in multiple cities **Hackers Beware: Live! in multiple cities **Three Rivers SANS (1 track), Pittsburgh, PA, Nov. 15-20 **North Pacific SANS (1 track), Vancouver, BC, Nov. 15-20 **SANS Cyber Defense Initiative (6 tracks), Wash. DC, Nov. 27 - Dec. 3 **SANS Cyber Defense Initiative (3 tracks), San Fran. CA, Dec. 16-22 **SANS Gateway Asia (2 tracks), Singapore, Jan 10-15 **SANS Down Under (1 tracks), Melbourne, Jan 10-15 **SANS Darling Harbour (4 tracks), Sydney, Jan 19-24 **Plus new, on-line, security training programs. See www.sans.org for details. ************************ Sponsored by NetIQ ************************** FREE SECURITY GUIDE: Get the in-depth knowledge you need to secure your enterprise with NetIQ's FREE step-by-step security guide - "Selecting The Right Security Solution" - at http://www.netiq.com/f/form/form.asp?id=109 NetIQ's security solutions not only identify intruders, but ensure that threats don't ever become incidents. *********************************************************************** TOP OF THE NEWS --5 November 2001 Netcraft Survey Says 130,000 IIS Users Switched to Apache Netcraft's September survey of 33 million web servers showed 300,000 fewer IIS servers than in August, with 130,000 of those sites moving to Apache. The survey also reported that 11 percent of all IIS servers were infected and completely unprotected from exploitation and use by malicious persons. http://www.cw360.com/bin/bladerunner?REQSESS=Z097P4P&690REQEVENT=&CARTI=107480&CARTT=14&CCAT=2&CCHAN=20&CFLAV=1&CPAGEN=ArticlePage&CPAGET=-99999&CSEARCH=&CSESS=-99999&CTOPIC= --2 November 2001 Passport e-Wallet Vulnerability A researcher discovered that by sending specially constructed e-mails to Hotmail accounts, he could view the contents of that user's Passport e-wallet. Marc Slemko alerted Microsoft to the vulnerability, and the company temporarily shut users out of their e-wallets while they fixed the network. http://www.msnbc.com/news/652089.asp?0dm=C219T [Editor's (Schultz) Note: At least two years ago a number of malicious Java applets (e.g., "BookMarker," "DemonDialer," and "Pickpocket") that raid electronic wallets surfaced. These applets are still widely available at certain web sites. (Irwin) The summary paragraph makes it sound like Microsoft fixed the problem after being alerted. And, in the most literal sense, they did. But if you read Mark Slemko's paper, you'll see that there is a fundamental design flaw in the Passport "single sign-on" implementation ... specifically (quoting the paper) "The Hotmail HTML filtering hole and this particular cross-site scripting issue on passport.com will quickly be fixed, making this particular exploit stop working. But unless the deeper issues are addressed, it is still fairly trivial to come up with a new exploit using slightly different techniques. The key problems here are that the cookies go to all passport.com servers, broadening the attack space, and that when the user uses a password to authenticate for one purpose, the resulting token can be used for other purposes." Incidents.Org Handler's Diary article for a technical overview http://www.incidents.org/diary/november01/110501.php#2 Mark Slemko's paper http://alive.znep.com/~marcs/passport/] --1 November 2001 California Court Says DeCSS is "Pure Speech" A three judge panel of the California Court of Appeal has ruled that DeCSS, the program written to descramble DVDs, is "pure speech" and web sites posting the program are protected by the First Amendment. http://www.msnbc.com/news/651673.asp?0dm=C16PT http://www.wired.com/news/print/0,1294,48075,00.html http://news.cnet.com/news/0-1005-200-7751876.html?tag=prntfr --31 October & 1 November 2001 NY Times Attack Was Nimda, Not DoS What at first appeared to be a denial-of-service attack on the New York Times computers instead turned out to be the work of a variant of the Nimda worm. http://news.cnet.com/news/0-1003-200-7739301.html?tag=prntfr http://www.computerworld.com/storyba/0,4125,NAV47_STO65249,00.html --30 October 2001 Nimda-E Still A Major Problem Complete analysis at. http://www.incidents.org/diary/october01/103001.php#1 ****************** Also Sponsored by VIGILANTe *********************** A new generation of distributed vulnerability assessment solutions now available! Bring your company's level of internal and external network security into the 21st century of protection. You can achieve unparalleled efficiency and flexibility through a unique third generation distributed vulnerability scanning technology, providing single console real-time testing of multiple remote systems. To find out more, please go to http://www.vigilante.com/info/SANS/ ********************************************************************** THE REST OF THE WEEK'S NEWS --1 & 2 November 2001 Aibo Hacker Threatened With DMCA Sony is threatening to invoke the Digital Millennium Copyright Act (DMCA) against a hacker who has tinkered with the electronics company's Aibo robotic dog and placed software enhancements on his web site. The augmented programs still require that users purchase Sony Memory Sticks. http://news.cnet.com/news/0-1006-200-7746625.html?tag=prntfr http://www.wired.com/news/business/0,1367,48088,00.html --1 November 2001 Florida IS Director Wants Critical Infrastructure Protection Center Florida's Information Security Office Director is asking the State legislature to establish and fund a critical infrastructure protection center to alert law enforcement, infrastructure managers, some private companies and emergency workers in the event of an attack. The center would have four levels of redundancy, including a secure Internet connection, to ensure communications. http://www.gcn.com/vol1_no1/daily-updates/17400-1.html --1 November 2001 A Place for Hackers to Work Thubten Comerford, a former Buddhist monk and now the CEO of White Hat Technologies, takes issue with using the word "hackers" to refer to bad guys. Comerford created his company to guide young hackers toward helping people. http://www.theregister.co.uk/content/55/22599.html [Editor's (Murray) Note: "By their fruits you shall know them." Like it or not, the word carries a lot of baggage. It seems to mean those who reject professionalism, formal and supervised learning, order, identification with the community of users, identification with the common good, submission to authority, discipline, private property, etc. It seems to mean those that reserve the right to interfere with, not to say contaminate, the systems of others. That is the fault of those who so identify and how they behave, not of the rest of us. Anyone who does not like the baggage that comes with the word can simply reject the identification. "A rose is a rose is rose" and garlic by any name still smells like garlic. (Paller) Bill may be right and the task may be harder than Mr. Comerford thinks, but I for one, wish him great success.] --31 October & 1 November 2001 Virus-Tainted DVD Recalled In the first reported instance of a DVD acting as the vector of infection, a Powerpuff Girls cartoon DVD has been recalled because it contains the Funlove virus. The virus infects PCs when the disk's supplemental software is installed; DVD players are unaffected. http://news.cnet.com/news/0-1003-200-7735109.html?tag=prntfr http://news.bbc.co.uk/hi/english/sci/tech/newsid_1632000/1632896.stm --31 October 2001 Proposed European Legislation Takes Aim at Cookies The European Commission has introduced legislation that would prohibit the use of cookies, or personal identification tags. Proponents of the proposed directive maintain cookies violate citizens' privacy; people in the advertising business say the move, if approved, could seriously damage e-commerce and Internet advertising sales. http://www.wired.com/news/politics/0,1283,48025,00.html [Editor's (Schultz) Note: This news item once again shows the clash of two cultures, the one in the US (in which insufficient attention to privacy is paid), and the one in much of Europe, where privacy is a major concern. What we are seeing here is a proverbial time bomb waiting to go off.] --31 October 2001 Sewage spills; Hacker jailed An Australian man was sent to prison for two years after he was found guilty of hacking into a Queensland computer-controlled waste management system and causing millions of gallons of raw sewage to spill out into local parks, rivers and even the grounds of a Hyatt Regency hotel. http://www.theregister.co.uk/content/4/22579.html --31 October 2001 Phony WTO Site A phony WTO site that has been around for two years recently changed its appearance to closely resemble that of the official site; the phony site also began collecting e-mail addresses of visitors without permission. Some search engines are sending surfers to the fake site instead of the real one. http://www.computerworld.com/storyba/0,4125,NAV47_STO65229,00.html --31 October 2001 The Human Element of Security John Dickinson reminds readers that people are an important line of defense in computer security: don't open attachments if you don't know what they are, who they're from or weren't expecting them, be wary of attachments with certain extensions, including .exe, .vbs, and .dll, and adjust program security settings. http://www.zdnet.com/zdnn/stories/comment/0,5859,2821467,00.html --30 October 2001 Plans for a Virtual Pentagon The Defense Department (DoD) is working on plans for a "virtual Pentagon" or "distributed Pentagon" that would allow DoD employees to keep working after a disaster. The September 11 attack underscored the need for distributed remote storage sites and redundant measures to avoid single points of failure. http://www.fcw.com/fcw/articles/2001/1029/web-pent-10-30-01.asp --30 October 2001 Microsoft Warns Against Installing Pirated Versions of Windows XP Microsoft warns users not to install pirated versions of the recently released software because it could leave them vulnerable to malicious code. An IT security firm says the software's copy protection has been broken. http://www.newsbytes.com/news/01/171651.html --1 November 2001 Microsoft Admits XP Has Been Cracked Crackers have been distributing code that removes the product activation technology from Windows XP, allowing users to install the software on multiple machines. Microsoft is aware of the situation. http://www.computerworld.com/storyba/0,4125,NAV47_STO65240,00.html ==end== Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, (and for free posters) e-mail sans@sans.org with the subject: Subscribe NewsBites To change your subscription, address, or other information, visit http://www.sans.org/sansurl and enter your SD number (from the headers.) You will receive your personal URL via email. You may also email with complete instructions and your SD number for subscribe, unsubscribe, change address, add other digests, or any other comments. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE76ZTs+LUG5KFpTkYRAuI6AKCjdRRXGQ7CJ8TZtm0FxEoE7MZW4wCghTtW IM5BausET/t7xG8l1M4Ri/U= =brT3 -----END PGP SIGNATURE-----



<<< Chronological Index >>>    <<< Thread Index >>>