-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Demand for GIAC security certification courses shot up in the New Year. Both the Firewalls and Perimeter Protection track and Auditing Systems and Networks tracks at Bootcamp in Monterey are sold out as is Marcus Ranum and Lance Spitzner's new program on How to Deploy Effective Honeypots. These programs are also being presented in Orlando in early April at SANS 2002, but they are filling up quickly there, too, as is the popular new program for Certified Information Security Officers. Please make your reservations for Orlando within the next two weeks to ensure you can get a place in the track of your choice. hppt:/www.sans.org/sans2002.htm SANS Monthly Free Web Broadcast: February 6, 2002 1 pm Internet Threat Update and How Hackers Use Social Engineering Register at http://sans.digisle.tv/audiocast_020602/brief.htm Alan ********************************************************************** SANS NEWSBITES The SANS Weekly Security News Overview Volume 4, Number 5 January 30, 2002 Editorial Team: Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin, Bill Murray, Stephen Northcutt, Alan Paller, Marcus Ranum, Howard Schmidt, Eugene Schultz ********************************************************************** TOP OF THE NEWS 28 January 2002 Senator Introduces Cyber Security Legislation 28 January 2002 NIST to Release Security Guides 24 January 2002 Measuring the Progress Toward Trustworthy Computing 22 January 2002 .Net Depends on Security 23 & 24 January 2002 ISP Hit by DoS, Shuts Down THE REST OF THE WEEK'S NEWS 25 January 2002 Caution and Responsibility Urged in Using Biometric IDs 24 January 2002 Biometric Tolerances 25 January 2002 Fix Available for Vaio Backdoor 25 January 2002 Successfully Tracking a Stolen Laptop 24 January 2002 Chat with Dutch Royals Hit with DoS 24 January 2002 Patch Available for RealPlayer Buffer Overflow Vulnerability 21 January 2002 Buffer Overflow Attacks 24 January 2002 Icelandic Airport Using Face Recognition System 21 January 2002 Deleted E-mail Can Still Reside on Hard Drive 21 January 2002 Authentication Technologies SANS Announces 18 Authorized Graders for 2002 ********** This issue sponsored by PatchLink Corporation ************ FREE Proactive Protection Against Patch-Related Vulnerabilities How much do YOU suffer because of unpatched systems? PatchLink promotes proactive patching with PatchLink Update 3.0 and a limited time offer of the first ten workstations or servers completely FREE for one year. Don't let stolen data or network downtime problems continue! Find out more at: http://www.patchlink.com/promotions/sans.asp ********************************************************************** TOP OF THE NEWS --28 January 2002 Senator Introduces Cyber Security Legislation Senator John Edwards (D-North Carolina) has introduced two security bills aimed at enhancing government computer security and security education. The Cybersecurity Preparedness Act of 2002 would establish a consortium that would support the creation of cyber security "best practice" configuration settings and other measures that would be tested thoroughly, and implemented first on government computers. The bill would also fund multi-disciplinary, long-term, or high-risk research and development to improve cyber security, including R&D to identify best practices and to measure their effectiveness. First year funding, for 2003, would be $60M. The The Cybersecurity Research and Education Act of 2002 would fund graduate cybersecurity fellowships and a research sabbatical program. http://idg.net/ic_796350_1794_9-10000.html [Editor's (Schultz) Comment: Sen. Edwards deserves much praise for his efforts. A national definition of best practices is sorely needed, as is money for security research and education.] --28 January 2002 NIST to Release Security Guides The National Institute of Standards and Technology's (NIST's) Computer Security Resource Center plans to release over 30 guides for government agencies this year. The topics covered will include guidance on incident handling and security ROI, e-mail security issues and emerging technology security. The guides will be released for comment. http://www.fcw.com/fcw/articles/2002/0128/web-nist-01-28-02.asp --24 January 2002 Measuring the Progress Toward Trustworthy Computing Bruce Schneier and Adam Shostack suggest measures Microsoft should take to move its trustworthy computing initiative beyond PR and into practice. Customers can also use the measures to track Microsoft's progress toward realizing the initiative. Among the suggestions: separating code from data, allowing features to be installed one by one, making interfaces and protocols public and not disparaging researchers who bring vulnerabilities to their attention. http://www.securityfocus.com/news/315 [Editor's (Schultz)Note: Schneier and Shostack's comments are good, but they missed the by far most critical measure that is needed---implementing a structured development process designed to produce high quality code. Without this, the other measures suggested by Schneier and Shostack will not have nearly as much impact.] --22 January 2002 .Net Depends on Security Gartner analyst John Pescatore says Microsoft has to be serious about its trustworthy computing initiative because the success of ..Net depends on it. He adds that changing the security culture at Microsoft will be a difficult and lengthy process, and customers should keep tabs on the company's progress. http://zdnet.com.com/2100-1107-819752.html --23 & 24 January 2002 ISP Hit by DoS, Shuts Down Cloud Nine, a UK Internet Service Provider (ISP), closed down after it was hit with denial of service (DoS) attacks and its insurance would not cover the necessary costs to get up and running again. Cloud Nine apparently plans to sell its assets to another ISP, which has some customers worried about losing data stored on Cloud Nine's servers and being transferred to another service against their wishes. http://zdnet.com.com/2100-1105-820708.html http://zdnet.com.com/2100-1105-822309.html http://zdnet.com.com/2100-1105-821078.html ***** Also Sponsored by Ranum and Spitzner's Honeypots Course ******* A two day course dedicated to honeypot technologies. Learn what honeypots are, how they work, and how they apply to security. Learn how the bad guys are tracked in the wild. The course is hands-on, intensive, with a full night session dedicated to interacting with a variety of commercial honeypot solutions. Students will get a CDROM with a copy of the latest documentation, whitepapers, utilities, and evaluations copies of software. (And it is all part of SANS 2002 so you can take certification courses and seethe exhibits and attend the free technical conference and birds of a feather sessions, too.) http://www.sans.org/SANS2002/honeypot.php ********************************************************************* THE REST OF THE WEEK'S NEWS --25 January 2002 Caution and Responsibility Urged in Using Biometric IDs Panelists at a Cato Institute-sponsored forum said government agencies need to resolve civil rights issues surrounding the use of biometric identification for security purposes before the technology is employed. http://www.gcn.com/vol1_no1/daily-updates/17834-1.html http://www.fcw.com/fcw/articles/2002/0121/web-bio-01-25-02.asp [Editor's (Denning) Note: I was on the panel and don't remember this being a consensus of the panel. My point was that you needed to look at the application of biometrics to see whether privacy was threatened, and that for applications where biometrics is used solely for authentication as a means of access to control, biometrics can enhance privacy by stopping impersonators from getting access to your private data.] --24 January 2002 Biometric Tolerances After a fingerprint reader lens gets older and starts generating errors, some employees figure out how to reset the tolerances on the identification system. http://www.computerworld.com/storyba/0,4125,NAV47_STO67639,00.html --25 January 2002 Fix Available for Vaio Backdoor A backdoor in software on certain Sony Vaio notebook computers could allow crackers to alter or delete data on the machine's hard drive. A customer alerted Sony to the problem in December and the company has a software update available. The software is on machines sold in Asia, South Africa and the Middle East; machines sold in Europe, Mainland China and the Americas are not affected. http://www.theregister.co.uk/content/55/23825.html http://www.cnn.com/2002/TECH/ptech/01/25/sony.security.idg/index.html --25 January 2002 Successfully Tracking a Stolen Laptop A Texas man found his sister's stolen laptop computer by using remotely controllable software and changing the Internet access dial-up numbers to his home phone. The police were able to use the phone number obtained from Caller ID to apprehend the person who had the stolen machine. http://www.wired.com/news/mac/0,2125,50025,00.html --24 January 2002 Chat with Dutch Royals Hit with DoS A Dutch newspaper reported that a hacker group based in the Netherlands is claiming responsibility for launching a denial of service (DoS) attack on an on-line chat with the Country's Crown Prince and his fiancee. http://www.theregister.co.uk/content/55/23815.html --24 January 2002 Patch Available for RealPlayer Buffer Overflow Vulnerability RealNetworks plans to release a patch for a buffer overflow vulnerability in its RealPlayer 8 that could crash the software and could potentially be used to execute malicious code. The patch will be distributed via the company's automated update service. The vulnerability affects both Windows and Linux versions of RealPlayer 8. http://www.newsbytes.com/news/02/173936.html --21 January 2002 Buffer Overflow Attacks Buffer overflow attacks are highly effective because they do not rely on users opening infected attachments to execute. Despite the fact that such vulnerabilities are easy to prevent - coders can limit the length of strings the buffer accepts - buffer overflows are ubiquitous. Until they disappear, users should apply appropriate patches. http://www.computerworld.com/itresources/rcstory/0,4167,KEY73_STO67572,00.html --24 January 2002 Icelandic Airport Using Face Recognition System Iceland's Keflavik air terminal is using a facial recognition system as part of its security routine. The system has produced no matches in the six months since it has been installed; a similar system tested last year in Florida produced numerous false positives http://news.bbc.co.uk/hi/english/sci/tech/newsid_1780000/1780150.stm --21 January 2002 Deleted E-mail Can Still Reside on Hard Drive Though Enron-related e-mails were deleted, pieces and entire copies of the messages can probably be found on the hard drives, according to a computer forensics expert. http://www.computerworld.com/storyba/0,4125,NAV47_STO67583,00.html --21 January 2002 Authentication Technologies Authentication methods such as smart cards, tokens and biometrics offer layers of security that passwords alone cannot. As each method has benefits and drawbacks, companies should refrain from running headlong into new authentication systems and instead take time to match authentication technology with their specific needs. http://www.computerworld.com/itresources/rcstory/0,4167,KEY73_STO67551,00.html -- Eighteen Authorized Graders Named For GIAC Certification One of the hallmarks the SANS Global Information Assurance Certification (GIAC) program is that each student completes a practical assignment. That assignment demonstrates that he or she not only understands the material to answer test questions but can use it in the real world. This requires a significant investment of time and effort on the part of the student with outstanding rewards. Many students have commented that they learned as much completing the practical as they did in the course, and indeed that is what the practical is designed to accomplish. Grading the practicals in a fair and consistent manner is one of the top priorities of the GIAC certification. Authorized Graders are selected from the very highest scoring students that have earned certification. Each must complete a rigorous training process before they are allowed to grade a student's practical without direct supervision. SANS enthusiastically applauds this elite corps and is proud to present the 2002 GAIC Authorized Graders. Jeff Campione, Communications Analyst, Federal Reserve Board Brent Deterding, Security Engineer, TechGuard Security Clement Dupuis, Senior Security Consultant, CGI Consulting Group in Montreal, Canada. Jamie French, Canadian Department of National Defense Computer Incident Response Team - (DND CIRT) and Whitehats.ca Peter Giannoulis, Independent Security Consultant Dan Goldberg, Xerox - The Document Company, Electronic Security Architect Bob Grill, California Federal Bank, Audit Project Team Leader Erik Kamerling, Silver Dollar Optical Corporation, Network Security Administrator Brian Kelly, Computer Sciences Corporation, IT Security Analyst Fred Kerby, Naval Surface Warfare Center, Dahlgren Division David Koconis, Dartmouth College, Institute for Security Technology Studies Robert McMillen, USMC Captain Greg Owens, Vibren Technologies, Inc. David Parks, Publix Super Markets, Inc. Infrastructure Architect Patrick Prue, Fantom Technologies Inc. Jos Purvis. Veritect Dan Strom, Kansas Farm Bureau Services, Data Security Manager Carla Wendt, Internet Security Consultant ==end== Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, (and for free posters) e-mail sans@sans.org with the subject: Subscribe NewsBites To change your subscription, address, or other information, visit http://www.sans.org/sansurl and enter your SD number (from the headers.) You will receive your personal URL via email. You may also email with complete instructions and your SD number for subscribe, unsubscribe, change address, add other digests, or any other comments. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8WEaa+LUG5KFpTkYRAmWDAJ41dgAy6at0a3PqUliNp4/yzNTIwACePW6Y aNIbH6aklzlLzaNPtMXga0o= =8cSW -----END PGP SIGNATURE-----