-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1







**********************************************************************

                           SANS NEWSBITES

                The SANS Weekly Security News Overview

Volume 4, Number 6                                   February 6, 2002

Editorial Team:

      Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin,

             Bill Murray, Stephen Northcutt, Alan Paller,

             Marcus Ranum, Howard Schmidt, Eugene Schultz

**********************************************************************



TOP OF THE NEWS

1 February 2002  Passenger Security Screening System

1 February 2002  Microsoft Coding Moratorium

31 January 2002  Lawrence Livermore Bans Wireless LANs

4 February 2002  Improving 802.11b Security



THE REST OF THE WEEK'S NEWS

5 February 2002  Diekman Sentenced to 21 Months

1 February 2002  Pirates Plead Guilty

30 January & 1 February 2002  Windows 2000 Security Fixes Bundled

31 January & 1 February 2002  WEF Site Down

31 January 2002  Windows 2000 and NT 4.0 Trust Vulnerability

30 & 31 January 2002  SEC's Phony Site Gets Over 150,000 Hits

30 January 2002  Corley Will Continue to Fight DMCA

29 January 2002  Navigator Flaw Exposes Cookies

29 January 2002  Alleged Hacker-Extortionist Held

29 January 2002  EPIC Wants States to Investigate Microsoft's Passport

28 January 2002  Myparty Worm

28 January 2002  Security Manager's Journal: Addressing Virus

                 Protection

28 January 2002  Cyberattack Study

24 January 2002  Study Says Most CIOs Not Prepared for Disasters



TRAINING OPPORTUNITIES IN THE NEXT 90 DAYS

SANS 2002 in Orlando (early registration deadline today).

Large conferences in Monterey, San Antonio, London and

Washington. Smaller programs in Seattle, Kansas City, Los Angeles,

Phoenix, and Minneapolis. Details: http://www.sans.org



SANS Monthly Free Web Broadcast: February 6, 2002 1 pm EST (1800 GMT)

Internet Threat Update and How Hackers Use Social Engineering

Register at http://sans.digisle.tv/audiocast_020602/brief.htm





******************* Sponsored by Tripwire, Inc. **********************



Worried about the integrity of your data? Rest easy with Tripwire.



Tripwire data integrity assurance solutions tell you if, when, and

how data or business processes have been changed on your system. This

leads to less time consuming & labor intensive assessment and recovery

processes.



Attend a free online seminar to find out more!



http://www.tripwire.com/products/register.cfml?semID=65



**********************************************************************



New Guide For Windows 2000 PRO

The US National Institute for Standards and Technology released

a security guide for Windows 2000 Professional desktop systems in

configurations used by office workers, at home users, or road-warriors.

NIST is inviting comments and suggestions on the guide.

http://csrc.nist.gov/itsec/guidance_W2Kpro.html





TOP OF THE NEWS



 --1 February 2002  Passenger Security Screening System

The U.S. government plans to test an airline security system that uses

data mining and predictive software to generate passenger profiles.

Critics of the system are concerned that it could erode civil

liberties.

http://www.cnn.com/2002/TECH/internet/02/01/rec.airlines.database.reut/index.html

http://www.computerworld.com/storyba/0,4125,NAV47_STO67962,00.html



 --1 February 2002  Microsoft Coding Moratorium

As part of its new Trustworthy Computing Initiative, Microsoft will

not write any new code for one month; instead, the company will use

the time to debug its old code.

http://www.gcn.com/vol1_no1/daily-updates/17874-1.html

[Editor's (Murray) Note: I am all in favor of MS cleaning up its

execution.  However, its strategy needs to be cleaned up too.]



 --31 January 2002  Lawrence Livermore Bans Wireless LANs

Lawrence Livermore National Laboratory, a national defense technology

research lab in California, has banned the use of wireless local area

networks (LANs) due to security concerns.  A lab spokesman said that

Los Alamos National Laboratory might introduce a wireless network

ban as well.

http://cgi.zdnet.com/slink?169109

[Editor's (Murray) Note: Yesterday I received an ad for a wireless

access point for $130-, down 50% from a year ago.  Connectivity

trumps security every time.  A ban cannot succeed.  The only way

to successfully exclude wireless is to close the network.  Get used

to it.]



 --4 February 2002  Improving 802.11b Security

Wireless networking standards 802.11a and 802.11b are both popular and

vulnerable. A new security algorithm, called Temporal Key Integrity

Protocol is being tested. It generates a new encryption key for every

ten kilobytes of data transmitted.

http://www.pcworld.com/news/article/0,aid,82563,00.asp





************************ SPONSORED LINKS *****************************



(1) Solutionary, Inc. FREE WHITE PAPER: A Technical Summary of eV3

and ActiveGuard

http://www.sans.org/cgi-bin/sanspromo/NB3



(2) Looking to implement real time incident response in your security

environment?

http://www.sans.org/cgi-bin/sanspromo/NB2



(3) FREE Web Seminar: "Palm Tightens Grip On Network Security"

http://www.sans.org/cgi-bin/sanspromo/NB1



***********************************************************************



THE REST OF THE WEEK'S NEWS





 --5 February 2002  Diekman Sentenced to 21 Months

Jason Allen Diekman, who went by the names 'Shadow Knight' and 'Dark

Lord,' was ordered to spend 21 months in federal prison and to pay

nearly $88,000 in restitution.  On February 4. He had hacked into

NASA computers and also used stolen credit cards to buy goods over

the Internet.

http://www.latimes.com/news/local/la-000009016feb05.story



 --1 February 2002  Pirates Plead Guilty

Two men who pleaded guilty to charges stemming from their involvement

in an Internet piracy group face up to five years in prison and

$250,000 in fines.  As part of their plea agreement, the two men

revealed details about how group members hid the illegal software.

http://www.gcn.com/vol1_no1/daily-updates/17875-1.html



 --30 January & 1 February 2002  Windows 2000 Security Fixes Bundled

Microsoft has released the Windows 2000 Security Rollup package, a

collection of all the company's post-Service Pack 2 security patches;

the package requires Service Pack 2 to be installed on the system.

Users who have older versions of Internet Explorer should upgrade to

version 6.0 before installing the security package.

http://news.com.com/2100-1001-826495.html

http://www.gcn.com/vol1_no1/daily-updates/17860-1.html



 --31 January & 1 February 2002  WEF Site Down

The World Economic Forum's (WEF) web site crashed late last week.

Activists claim they targeted the site in a "virtual sit-in"

denial-of-service attack.  Last year, a hacker stole personal

information, including credit card numbers, belonging to WEF

participants.

http://www.wired.com/news/politics/0,1283,50159,00.html

http://www.cnn.com/2002/TECH/internet/02/01/worldforum.techtrouble.ap/index.html

http://www.computerworld.com/storyba/0,4125,NAV47_STO67982,00.html



 --31 January 2002  Windows 2000 and NT 4.0 Trust Vulnerability

A flaw in the trust relationships in the Windows 2000 and NT 4.0

environments' network domains could allow people to increase their

access levels.

http://www.computerworld.com/storyba/0,4125,NAV47_STO67865,00.html



 --30 & 31 January 2002  SEC's Phony Site Gets Over 150,000 Hits

The Securities and Exchange Commission (SEC) used on-line investment

scam tactics, including preying on people's fears and offering huge

returns on investment with no risk, on a phony site designed to

educate consumers about investment fraud.  People who actually tried

to invest were greeted with a warning message.  The site received more

than 150,00 hits in a three-day period; the SEC says it has planted

other phony sites on the Internet in an effort to fight back against

investment fraud.

http://news.com.com/2100-1017-826434.html

http://www.wired.com/news/business/0,1367,50125,00.html

http://www.computerworld.com/storyba/0,4125,NAV47_STO67866,00.html

[Editor's (Ranum) Note: Educating people by telling them "YOU ARE

STUPID!" is an interesting tactic. I guess it's impossible to deliver

a cattle-prod like shock over the Internet effectively.]



 --30 January 2002  Corley Will Continue to Fight DMCA

Eric Corley, who has been barred from posting a DVD descrambling

program under the Digital Millennium Copyright Act (DMCA) has vowed

to continue to fight the controversial law.  In November 2001, a

three-judge panel ruled that free speech provisions did not protect

Corley's posting of the program.  Corley's attorneys have requested a

rehearing by the full 2nd Circuit Court of Appeals in New York; if that

proves unsuccessful, they intend to take the case to the Supreme Court.

http://news.com.com/2100-1023-826710.html



 --29 January 2002  Navigator Flaw Exposes Cookies

A security hole in Netscape Navigator allows web page operators to

look at site visitors' cookies.  The flaw affects Navigator versions

6 through 6.2 and Mozilla versions 0.9.6 and earlier.  Netscape is

encouraging all its affected users to upgrade their web browsers.

http://www.computerworld.com/storyba/0,4125,NAV47_STO67803,00.html



 --29 January 2002  Alleged Hacker-Extortionist Held

A Russian hacker, identified as Nikolai, allegedly extorted $10,000

from a U.S. bank; he had threatened to expose account information

he had stolen from a database on a server belonging to a company

that provides online banking and bill payment services to financial

institutions.  Nikolai is being detained in Siberia.

http://www.theregister.co.uk/content/55/23861.html



 --29 January 2002  EPIC Wants States to Investigate Microsoft's

                    Passport

The Electronic Privacy Information Center (EPIC) is asking the states'

attorneys general to protect consumers from Microsoft's "unfair

and deceptive trade practices" that accompany the passport online

identity service.  EPIC claims that in addition to profiling users'

web habits, Passport does not do an adequate job of protecting users'

credit card information.  Microsoft refutes the claims.

http://www.computerworld.com/storyba/0,4125,NAV47_STO67802,00.html

http://zdnet.com.com/2100-1106-825340.html



 --28 January 2002  Myparty Worm

The Myparty worm arrives as an attachment that appears to be an

innocuous web site link.  However, those who click on the link will

become infected with the worm, which sends itself out through to

everyone in the machine's address book and leaves a backdoor in the

infected system.  It infects computers between January 25 and January

29, and won't infect machines running Russian versions of Windows,

leading to speculation that Myparty is of Russian origin.

http://news.com.com/2100-1001-823959.html

http://www.msnbc.com/news/695292.asp?0dm=T236T

http://www.computerworld.com/storyba/0,4125,NAV47_STO67773,00.html



 --28 January 2002  Security Manager's Journal: Addressing Virus

                    Protection

The security manager discusses ideas protecting his computer network at

the various points of entry used by viruses: external media, e-mail,

web mail, downloads and unpatched operating systems.

http://www.computerworld.com/cwi/community/story/0,3201,NAV65-663_STO67720,00.html



 --28 January 2002  Cyberattack Study

A managed security services company study of cyberattacks on its

customers networks in the second half of 2001 found that nearly 40%

of the attacks targeted a specific company or computer system. In

addition, more attacks originate in the United States than in any

other country; Israel tops the list in attacks launched per capita.

Code Red and Nimda were not included in the study.

http://www.washingtonpost.com/wp-dyn/articles/A46836-2002Jan27.html

http://zdnet.com.com/2100-1105-824448.html



 --24 January 2002  Study Says Most CIOs Not Prepared for Disasters

The results of a survey conducted by the Gartner consultancy and

the Society for Information Management (SIM) indicate that while 88%

of CIOs have back-up power supplies and 70% have back-up plans for

network, software and other such failures, only about one-third have

established business continuity plans that address the possibility

of physical attacks.

http://www.eweek.com/article/0,3658,s%3D701%2526a%3D21681,00.asp



==end==





Please feel free to share this with interested parties via email (not

on bulletin boards).  For a free subscription, (and for free posters)

e-mail sans@sans.org with the subject: Subscribe NewsBites



To change your subscription, address, or other information, visit

http://www.sans.org/sansurl and enter your SD number (from the

headers.) You will receive your personal URL via email.



You may also email <sans@sans.org> with complete instructions and

your SD number for subscribe, unsubscribe, change address, add other

digests, or any other comments.







-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.0.6 (GNU/Linux)

Comment: For info see http://www.gnupg.org



iD8DBQE8YS10+LUG5KFpTkYRAhhqAJ9ZxXaZ6g/MnV+0vrqMcQkU7jambACfTvYx

QlGLDSXoQUi9V7WJ5FGM7DU=

=e+8x

-----END PGP SIGNATURE-----