-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Following up on the announcement of the new Roadmap to Network Security poster that's inside the SANS2002 brochure arriving this month (Orlando April 1-7, http://www.sans.org/SANS2002.php): (1) SANS recent alumni all over the world (not just North America) will also be getting the posters via surface mail. (2) When you get the SANS 2002 program, bend the staples to take out the poster. (3) As part of creating the posters, we persuaded 22 vendors to supply white papers - many of which are light on promotion and great on education. You may download any or all of them from www.sans.org/tools.htm AP ********************************************************************** SANS NEWSBITES The SANS Weekly Security News Overview Volume 3, Number 50 December 12, 2001 Editorial Team: Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin, Bill Murray, Stephen Northcutt, Alan Paller, Marcus Ranum, Howard Schmidt, Eugene Schultz ********************************************************************** TOP OF THE NEWS 10 December 2001 Israeli Teens Under House Arrest for Goner Worm 10 December 2001 Anti-Virus Companies Won't Accommodate Magic Lantern 6 December 2001 CA Governor Halts Sale of Personal Data 4, 5 & 6 December 2001 New AES Approved 30 November 2001 Wireless Security Advice THE REST OF THE WEEK'S NEWS 8 December 2001 Fleet Security Hole Fixed 7 & 8 December 2001 Dept. of Interior Shut Off From Internet Access 7 December 2001 Online Fraudsters Sentenced 7 December 2001 Outlook Web Access Security Hole 6 & 7 December 2001 Two Sites Expose Customer Information 5, 6 & 7 December 2001 Hacker Discovers, Helps Repair WorldCom Security Holes 6 December 2001 Intrusion Detection Systems 5 December 2001 CERT/CC Hit With Denial-of-Service Attack 5 December 2001 Football Association Computers Stolen 3 December 2001 FBI to Create Cybercrime Division 3 December 2001 Visa's New E-Shopping Security Service ***************** Sponsored By Check Point Software ****************** Feature Pack 1--Simpler and Faster Check Point Next Generation Feature Pack 1 (FP1), a major release built on Check Point Next Generation, makes VPNs simple and fast with its One-Click VPN technology and SecureXL performance. http://www.checkpoint.com/products/fp1/index.html ********************************************************************** TOP OF THE NEWS --10 December 2001 Israeli Teens Under House Arrest for Goner Worm Four Israeli teenagers have admitted writing and spreading the Goner worm; they are now under house arrest. Due to their age, they face maximum jail sentences of 2.5 years. http://news.cnet.com/news/0-1003-200-8127515.html?tag=mn_hd --10 December 2001 Anti-Virus Companies Won't Accommodate Magic Lantern Anti Virus companies say they do not want to write loopholes into their software that would allow the FBI's Magic Lantern keystroke Trojan to pass through undetected. Not only would crackers try to exploit the hole, but companies would lose their credibility in an international market. http://news.cnet.com/news/0-1003-200-8134814.html?tag=prntfr --6 December 2001 CA Governor Halts Sale of Personal Data California Governor Gray Davis has imposed a 45-day moratorium on the sale of birth and death records to private companies who were publishing the information on the Internet after state legislators became concerned the information could be used to steal people's identities. http://news.cnet.com/news/0-1005-200-8090554.html?tag=prntfr --4, 5 & 6 December 2001 New AES Approved The Commerce Department has approved the new Advanced Encryption Standard (AES) for use by the federal government. The new standard uses an algorithm called Rijndael, which was developed by two Belgian cryptographers and employs 128, 192 and 256-bit encryption. The US government will allow export of software that uses AES. The selection of the new AES was the culmination of a nearly 5-year process that included substantial input from the private sector throughout the world.] Official link: http://csrc.nist.gov/encryption/aes/ http://www5.zdnet.com/zdnn/stories/news/0,4586,2830092,00.html?chkpt=zdhpnews01 http://www.fcw.com/fcw/articles/2001/1203/web-aes-12-06-01.asp http://www.computerworld.com/storyba/0,4125,NAV47_STO66311,00.html [Editor's (Denning) Note: The standard is not just for the federal government. Anyone can use it and I expect it will be widely adopted.] --30 November 2001 Wireless Security Advice Daniel Lange, an IT strategist at BMW Group in Munich, details some wireless security concerns and offers advice, including treating systems using 802.11 as if they are external, being selective about what information is transmitted over wireless LANs, and logging everything. http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO66203,00.html [Editor's (Murray) Note: Like much of the advice in this space, this is bad. Use end-to-end encryption. All else is wishful thinking.] THE REST OF THE WEEK'S NEWS --8 December 2001 Fleet Security Hole Fixed A security hole in a Fleet Credit Card services web site exposed sensitive details, including social security numbers and account numbers, for an enormous number of transactions. The customer who discovered the vulnerability contacted MSNBC after Fleet failed to return his calls. A Fleet spokesperson said that a review of the logs shows that fewer than 100 records were viewed, and that all affected customers were being notified. The site was taken down and repaired. http://www.msnbc.com/news/669356.asp?0dm=C227T --7 & 8 December 2001 Dept. of Interior Shut Off From Internet Access The US Department of the Interior's access to the Internet was shut off after a computer security test revealed American Indian trust fund accounts were vulnerable to hackers. A judge presiding over a class action lawsuit alleging mismanagement of the funds ordered all computers with access to the funds be closed off from the Internet. http://www.computerworld.com/storyba/0,4125,NAV47_STO66426,00.html http://www.washingtonpost.com/wp-dyn/articles/A10955-2001Dec7.html http://www.nytimes.com/2001/12/08/technology/08SITE.html (please note this site requires free registration) --7 December 2001 Online Fraudsters Sentenced Five people who conspired to defraud online banks received sentences ranging from community service to 2.5 years in jail. http://www.theregister.co.uk/content/6/23262.html --7 December 2001 Outlook Web Access Security Hole Crackers can gain control of Outlook Web Access users' mailboxes by embedding malicious code in e-mail messages. While the intruders could delete messages and send messages in the guise of the targeted user, they cannot exploit the hole to launch a mass-mailing attack. A patch for the hole is available from Microsoft. http://www.computerworld.com/storyba/0,4125,NAV47_STO66410,00.html http://www.microsoft.com/technet/security/bulletin/MS01-057.asp --6 & 7 December 2001 Two Sites Expose Customer Information A UK sports equipment e-retailer was using a database query string to check orders; the method allowed anyone fiddling with the invoice number in the URL to view other customers' order information. Furthermore, the database used to store the information was not encrypted. Once notified of the security hole, the company moved quickly to fix the problem. http://www.theregister.co.uk/content/55/23235.html http://www.theregister.co.uk/content/55/23275.html --5, 6 & 7 December 2001 Hacker Discovers, Helps Repair WorldCom Security Holes Hacker Adrian Lamo discovered security holes in WorldCom Inc.'s network that afforded him access to WorldCom customers' networks. Lamo worked with WorldCom to fix the problems. While a WorldCom spokesperson expressed appreciation for Lamo's guidance, security analysts aren't so sure that's the right reaction. http://www.msnbc.com/news/667871.asp?0dm=T226T http://news.cnet.com/news/0-1003-200-8091945.html?tag=prntfr http://www.computerworld.com/storyba/0,4125,NAV47_STO66412,00.html [Editors' (multiple) Note: People who break into systems without authorization do not deserve any kind of praise.] --6 December 2001 Intrusion Detection Systems This article describes how intrusion detection systems (IDSs) enhance network security infrastructure, explains the difference between host- based and network-based systems and enumerates IDS detection techniques. http://www.securityfocus.com/infocus/1520 --5 December 2001 CERT/CC Hit With Denial-of-Service Attack The Computer Emergency Response Team's Coordination Center (CERT/CC) was the target of a denial-of-service attack last week. While the group was still able to get security incident information to its members, web site access was unreliable. CERT/CC did not release details about the attack. http://news.cnet.com/news/0-1003-200-8077103.html?tag=prntfr --5 December 2001 Football Association Computers Stolen Thieves stole laptop computers, hard drives and computer disks from England's Football Association's London headquarters. The information contained on the stolen items includes team travel plans, security arrangements and bank information. http://www.theregister.co.uk/content/55/23197.html --3 December 2001 FBI to Create Cybercrime Division As a part of its current reorganization, the FBI will form a cybercrime division. There was no word on where the Agency's National Infrastructure Protection Center (NIPC) will fit in the new system. http://news.cnet.com/news/0-1005-200-8055680.html?tag=prntfr --3 December 2001 Visa's New E-Shopping Security Service Visa USA's new on-line shopping security program, Verified by Visa, confirms buyers' identities with a password. The purpose of this control is to resist merchant replay attacks. http://www.zdnet.com/zdnn/stories/news/0,4586,5100222,00.html?chkpt=zdhpnews01 http://www.usa.visa.com/personal/secure_with_visa/verified_by_visa.html ==end== Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, (and for free posters) e-mail sans@sans.org with the subject: Subscribe NewsBites To change your subscription, address, or other information, visit http://www.sans.org/sansurl and enter your SD number (from the headers.) You will receive your personal URL via email. You may also email with complete instructions and your SD number for subscribe, unsubscribe, change address, add other digests, or any other comments. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8F6KZ+LUG5KFpTkYRAvhPAJ4pdGknpqLliQQR8rxACgNEuQbjbQCdFKg3 s6/iHYggguxXJYHnnBmgoIE= =XauT -----END PGP SIGNATURE-----