[196] in Security FYI
[Security-fyi] itlt
daemon@ATHENA.MIT.EDU (Linda A. LeBlanc)
Wed Jul 23 13:19:42 2003
Message-Id: <5.1.0.14.2.20030723131216.01efae18@po12.mit.edu>
Date: Wed, 23 Jul 2003 13:13:37 -0400
To: security-fyi@MIT.EDU
From: "Linda A. LeBlanc" <leblancl@MIT.EDU>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: security-fyi-bounces@mit.edu
The bottom was inadvertently cut off the original mailing.
Linda
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FLASH ALERT
The first story below describes a critical Microsoft vulnerability
(MS03-026) that affects Windows NT, Windows 2000, Windows 2003 Server,
and Windows XP. A worm using this vulnerability would find more than
ten times as many potential victims as Code Red. If an efficient worm
is launched, so many infected systems will be searching for victims that
you will not be able to download the patches before being infected. Do
*not* rely entirely on blocking traffic to port 135 as a defense.
Install the patches. If you needed a reason to launch a sweeping
vulnerability elimination program on all Windows systems -- including
the home computers from which your users connect to your corporate
systems -- this is it.
Alan
***********************************************************************
SANS NewsBites July 23, 2003 Vol. 5, Num. 29
***********************************************************************
TOP OF THE NEWS
Microsoft Warns of Critical Flaw
Cisco Routers Vulnerable: Exploit Circulating
Music Industry Wins Nearly 900 Subpoenas
Bill Would Jail Song Swappers
THE REST OF THE WEEK'S NEWS
Clarke Advocates Grassroots User Action To Protect Critical IT
Private Sector Executives Lament Loss of Stature for Cybersecurity in
Government
FTC Targets Growing Form of Identity Theft
Congress Going Slowly On Privacy Regulation
Authentication Spending To Rise Because Of Government Spending
KPMG Says Small Firms Have Terrible Security
Senate Blocks Funding For TIA
US Passports To Have Facial Recognition Chips
Programmers Automating Credit Card Theft Tasks
Security Risks in Voice Over IP
Mumu Worm Shows Security Manager Remote Office Security Flaws
Virtual Private Networks Pose Threat When Home Computers Are
Exploited
TUTORIALS
Tips For Thwarting Insider Threat
A Poor Man's Guide To Forensics On Windows
*************** Sponsored by Internet Security Systems ***************
Prioritize Patching and Remediation Efforts
With the X-Force(tm) Catastrophic Risk Index, Internet Security Systems
has introduced a unique listing of the most severe and potentially
detrimental cyber-attacks. Bring immediate focus to your patching and
remediation efforts.
Click for information.
https://www.iss.net/issEn/MYISS/campaignForm.jhtml?campaignCode=SANSXForce072303
***********************************************************************
Highlighted Security Training in August and September
SANS Rocky Mountain returns to Denver August 14-19 with six popular
immersion training tracks and a vendor exposition. Registration:
http://www.sans.org/rockymountain03
Or come to Boston (http://www.sans.org/newengland03) or Los Angeles
(http://www.sans.org/losangeles03) in September for our two other
six-track programs.
Programs in more than 60 other cities as well: http://www.sans.org
***********************************************************************
TOP OF THE NEWS
--Microsoft Warns of Critical Flaw
(16/18 July 2003)
Microsoft announced a critical flaw in most Windows systems, including
Windows 2003 Server, the first system to be built entirely under the
Trusted Computing Initiative (TCI). The flaw allows attackers to take
over the victim's computer and install and run malicious code. In
response, some users questioned the value of Microsoft's Trusted
Computing Initiative.
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,83130,00.html
http://www.computerworld.com/securitytopics/security/story/0,10801,83221,00.html
Microsoft Bulletin:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
CERT Bulletin updated Monday:
http://www.cert.org/advisories/CA-2003-16.html
Editor's Note (Schultz): Critics of the TCI should recall the number of
vulnerabilities that surfaced in the first few months after the release
of previous Windows products such as Windows NT and Windows 2000. The
current number of vulnerabilities in Windows Server 2003 pales in
comparison.]
--Cisco Routers Vulnerable: Exploit Circulating
(17/18 July 2003)
A security vulnerability in Cisco IOS devices allows attackers to shut
down routers by sending a small number of packets. An exploit was
quickly published and it has been used by attackers.
http://www.informationweek.com/story/showArticle.jhtml?articleID=12800921
http://www.nwfusion.com/news/2003/0718cisattacks.html
The Cisco advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
--Music Industry Wins Nearly 900 Subpoenas
(18 July 2003)
US courts are approving roughly 75 new subpoenas per day requested by
the music industry to compel Internet service providers to provide the
names and mailing addresses of users known by their nicknames. Some of
the subpoenas were granted on claims that as few as five songs were
being offered, indicating the industry is going after more than the most
egregious pirates.
http://www.washingtonpost.com/wp-dyn/articles/A14148-2003Jul18.html
--Bill Would Jail Song Swappers
(17 July 2003)
Michigan Rep. Conyers and California Rep. Berman introduced a bill in
the US House of Representatives that would define the value of making
copyrighted material available through a computer network at 10 times
the retail value. In many cases, that would make the act a felony
potentially punishable by jail time.
http://www.cnn.com/2003/TECH/internet/07/17/music.internet.reut/index.html
************************ SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.
(1) ALERT: "How a Hacker Uses SQL Injection to Steal Your Data"
http://www.sans.org/cgi-bin/sanspromo/NB199
(2) Earn a Norwich University Master's Degree in Information Security
in 24 months.
http://www.sans.org/cgi-bin/sanspromo/NB200
(3) Got SecureCRT? Get VShell server for UNIX today.
Download a free trial.
http://www.sans.org/cgi-bin/sanspromo/NB201
(4) Control spam! - Top 10 enterprise techniques to control spam
***white paper
http://www.sans.org/cgi-bin/sanspromo/NB202
***********************************************************************
THE REST OF THE WEEK'S NEWS
--Clarke Advocates Grassroots User Action To Protect Critical IT
(22 July 2003)
Saying that the government should not be counted on to protect the
critical infrastructure, former White House security czar Richard Clarke
called for users to organize and set security standards themselves.
http://gcn.com/vol1_no1/daily-updates/22845-1.html
--Private Sector Executives Lament Loss of Stature for Cybersecurity
in Government
(21 July 2001)
An article claims that corporate executives claim the position to head
the Department of Homeland Security's cybersecurity division would be
too low in the organization to be effective. The article claims that
a former senior administration official said that many people are wary
of the position because "of what the official characterized as 'an axis
of evil' comprising the National Economic Council, the Office of Science
and Technology Policy and the Office of Management and Budget (OMB) --
agencies that have sought to redirect the administration's attention to
other priorities."
http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,83242,00.html
--FTC Targets Growing Form of Identity Theft
(21 July 2003)
Hackers are increasingly using fake web sites to steal information. On
July 21st, the Federal Trade Commission announced it had brought its
first case and obtained a lifetime ban and a financial fine for a
17-year old California boy who was accused of setting up a fake web site
appearing to be an America Online site.
http://www.washingtonpost.com/wp-dyn/articles/A23606-2003Jul21.html
--Congress Going Slowly On Privacy Regulation
(18 July 2003)
Senator Diane Feinstein has no co-sponsors for her bill to require
companies to notify consumers when a database containing private
information has been compromised. The bill was modeled after a
California law that went into effect July 1.
http://www.infoworld.com/article/03/07/18/HNsmallsteps_1.html
[Editor's Note (Schultz): I would hope that any law requiring
notification of privacy compromises would be better than the recently
enacted California law, which in effect specifies no penalties for
failure to comply.
(Schneier) A law with no teeth in it isn't much of a law. Given the
problems I've heard about the California version, I'd rather see how
that one shakes out before barging ahead with national legislation.]
--Authentication Spending To Rise Because Of Government Spending
(17 July 2003)
The Yankee Group projects that spending on authentication systems should
rise from $1.4 to $2.2 billion in the next five years, primarily because
of increased spending by the Department of Homeland Security and other
government agencies.
http://www.internetwk.com/security02/showArticle.jhtml?articleID=12800867
--KPMG Says Small Firms Have Terrible Security
(18 July 2003)
Smaller firms have weak security with only a single layer of defense.
They also have difficulty hiring security experts with skills necessary
to safeguard their systems.
http://www.theregister.co.uk/content/67/31821.html
--Senate Blocks Funding For TIA
(14/17 July 2003)
The U.S. Senate explicitly stopped funding for the Total Information
Awareness (TIA) project being managed by the Defense Advanced Research
Projects Agency (DARPA). The House of Representatives had previously
restricted TIA activities, but did not cut off funding. TIA's fate now
rests in the hands of a Congressional Conference committee.
http://www.wired.com/news/politics/0,1283,59606,00.html
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,83130,00.html
--US Passports To Have Facial Recognition Chips
(16 July 2003)
In a boost for biometrics, US passports will carry images of faces and
other biometric data on a chip. Pilot projects are scheduled to begin
in 15 months, with full-scale implementation to start in 2006.
http://www.gcn.com/vol1_no1/daily-updates/22765-1.html
--Programmers Automating Credit Card Theft Tasks
(12 July 2003)
The HoneyNet Project reports that it found an "open and helpful"
community of credit card thieves. Power (ab)users are making it easier
for newcomers to break into the credit card theft business by automating
many tasks. http://www.theregister.co.uk/content/55/31707.html
--Security Risks in Voice Over IP
(17 July 2003)
In the first of a three-part series, Siemens' Joel Pogar explains the
security risks associated with voice over IP networks and the principal
methods of mitigating those risks.
http://computerworld.com/newsletter/0,4902,83107,00.html
--Mumu Worm Shows Security Manager Remote Office Security Flaws
(7 July 2003)
Mathias Thurman reports how the quest to eradicate the Mumu worm led to
the discovery of widespread vulnerabilities in remote offices of his
company.
http://www.computerworld.com/securitytopics/security/story/0,10801,82734,00.html?SKC=security-82734
--Virtual Private Networks Pose Threat When Home Computers Are Exploited
(6 July 2003)
Many corporate executives falsely believe that their systems are
protected when their users rely on virtual private networks (VPNs).
However, if a hacker gains control of an "always-on" home computer, that
hacker has a direct pipe into the corporate network with all the
privileges of the person who usually uses the computer.
http://www.forbes.com/2003/07/15/cx_ah_0715telecommute.html
[Editor's Note (Grefer): While a VPN secures communications between
systems, including small office and home office (SOHO) connectivity to
corporate networks, a security policy needs to be in place detailing
the requirements to abide by in order to be allowed to connect.
Enforcing such policies is not a trivial task. Many companies therefore
have chosen to not allow access to their corporate environment from
personally-owned computers, but rather require their staff to use a
corporate computer, on which the users does not have administrator
privileges, and that has been secured by experienced IT staff. Corporate
policy then usually dictates that this system must be used solely for
business purposes]
TUTORIALS
- --Tips For Thwarting Insider Threat
(14 July 2003)
Dan Verton of Computerworld has compiled three lists of tips from the
experts on how to lessen the risk of insider threat: (1) People - 8
tips, (2) Process - 7 tips, (3) Technology - 5 tips. It's useful and
practical advice.
http://computerworld.com/newsletter/0,4902,82922,00.html
--A Poor Man's Guide To Forensics On Windows
(July 18 2003)
Koon Tan has developed a step by step set of instructions to find and
use the tools to perform forensics in a windows environment.
http://www.sans.org/rr/paper.php?id=1120
[Editor's Note (Paller): Mr. Tan's paper is one of more than 1,100
practical research papers developed by candidates for GIAC Security
Essentials Certification. Although it is extraordinarily good, many of
the others are, as well. The SANS Reading Room, where these papers can
be found, is an extraordinary collection original research by
experienced front-line practitioners. There is nothing like it anywhere
else on the Internet. It has papers in more than 70 categories ranging
from Auditing and Application Security to Windows and Wireless. Take a
look: http://rr.sans.org]
==end==
NewsBites Editorial Board:
Kathy Bradford, Dorothy Denning, Roland Grefer, Stephen Northcutt, Alan
Paller, Marcus Ranum, Eugene Schultz, Gal Shpantzer
Guest Editor: Bruce Schneier
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
iD8DBQE/HnoV+LUG5KFpTkYRAuczAJ4k8cGO/083yA8BH0ogjH5wQoEtGgCghMFh
YVo+OZmjp34FrpRGaG9qDcg=
=5RNg
-----END PGP SIGNATURE-----
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
