-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you have ever wanted to get children involved early in learning to keep systems more secure, there's something you can do now: tell the school in your city about the Kids Improving Security poster contest. SANS and the FBI's National Infrastructure Protection Center are cosponsoring the (page-sized) poster contest for kids in grades 3-8. Winners' schools earn $1,500 in computer equipment and the six student winners each earn a trip to Washington for themselves and a parent. DoD will make the winning posters into screen savers. Deadline is in three weeks. If you live outside the US, borrow the concept and the materials and run a poster contest yourself; we'll help tell people in your country about it. http://www.staysafeonline.org/ Alan ********************************************************************** SANS NEWSBITES The SANS Weekly Security News Overview Volume 4, Number 9 February 27, 2002 Editorial Team: Kathy Bradford, Dorothy Denning, Roland Grefer, Vicki Irwin, Bill Murray, Stephen Northcutt, Alan Paller, Marcus Ranum, Howard Schmidt, Eugene Schultz ********************************************************************** TOP OF THE NEWS 26 February 2002 Patch Internet Explorer Now CERT Warns 25 February 2002 Spitzner to Present HoneyNets On The Web 23 February 2002 Bill Would Increase Cybercrime Penalties 20 February 2002 Microsoft Baseline Security Advisor 19 February 2002 Wake Up and Smell the Coffee, Says Clarke 18 February 2002 Cybersecurity Information Coordination Center THE REST OF THE WEEK'S NEWS 22 February 2002 Gartner Says Focus on Allocating Funds Efficiently 22 February 2002 Gator Digital Wallet Vulnerability 22 February 2002 Q & A with Stephen Crocker 22 February 2002 Microsoft Patches 21 & 22 February 2002 Vulnerability Reporting Standards Proposal 21 February 2002 UK Passport Office Looks Toward Biometrics 21 February 2002 Microsoft to Share Windows Source Code with Integrators 21 February 2002 FAA Security Holes Fixed, Says FAA CIO 20 February 2002 Companies Going In-house for Cyber-forensics 19 February 2002 Yarner Worm 19 February 2002 Wireless Security Holes 19 February 2002 Peekabooty Unveiled 18 February 2002 Alleged Cyber Intruder Arrested in Australia TRAINING OPPORTUNITIES IN THE NEXT 120 DAYS SANS 2002 in Orlando: SANS' largest conference and exposition. Large conferences San Antonio, London and Washington, Toronto, and Portland (OR). Smaller programs in Kansas City, Los Angeles, Phoenix, and Minneapolis. Details: http://www.sans.org ********************* Sponsored by NetIQ Corp. *********************** Concerned with Windows Security? FREE NetIQ WHITE PAPER! Spend wisely to maximize Windows security, minimize risks. Learn key IT investments for the best ROI and six money-wasters to avoid. Don't allocate your limited budget and resources to the wrong tools. Download NetIQ's FREE white paper, "Investing Wisely in Windows Security"! http://www.netiq.com/f/form/form.asp?id=547 ********************************************************************** TOP OF THE NEWS --26 February 2002 Patch Internet Explorer Now CERT Warns Internet Explorer users should apply the latest security patch to address application vulnerabilities. The patch addresses the flaw in Microsoft Internet Explorer version 5.01 and higher. The buffer overflow vulnerability enables hackers to execute arbitrary code on a system that is not patched through malicious code embedded in HTML documents. http://www.nwfusion.com/news/2002/0226iepatch.html CERT Advisory: http://www.cert.org/advisories/CA-2002-04.html - --25 February 2002 Spitzner to Present HoneyNets On The Web The leader of the HoneyNet project and the nation's top expert on honeypots, Lance Spitzner provides a fast-paced update on this important evolving technology; Fred Kost of Recourse Technology provides tool update. Date: March 6. http://www.sans.org/webcasts/honeynets.php --23 February 2002 Bill Would Increase Cybercrime Penalties The Cyber Security Enhancement Act is likely to be voted on by a House Judiciary subcommittee this week. The bill aims to stiffen penalties for certain cyber disruptions. http://www.wired.com/news/politics/0,1283,50620,00.html --20 February 2002 Microsoft Baseline Security Advisor The Microsoft Baseline Security Advisor (MBSA) scans Windows computers for missing patches, weak passwords, and vulnerabilities in the Microsoft's site in March. http://news.com.com/2100-1001-841770.html --19 February 2002 Wake Up and Smell the Coffee, Says Clarke Cyber security advisor Richard Clarke admonished participants at the RSA conference to take cyber security seriously, pointing out that many companies spend more on coffee than on computer security. Clarke commended Microsoft for its Trustworthy Computing Initiative and encouraged the audience to hold Bill Gates to his word. http://news.com.com/2100-1001-840335.html http://www.gcn.com/vol1_no1/daily-updates/18013-1.html --18 February 2002 Cybersecurity Information Coordination Center The Bush administration plans to create a federal cybersecurity response coordination office, much like the Y2K Information Coordination Center; having a physical location where people could gather to share information was very helpful. The center will bring together the Critical Infrastructure Assurance Office (CIAO), the National Infrastructure Protection Center (NIPC) and the office of Richard Clarke, President Bush's cyber security advisor. http://www.fcw.com/fcw/articles/2002/0218/news-cyber-02-18-02.asp http://www.fcw.com/fcw/articles/2002/0218/news-cyber1-02-18-02.asp *********************** SPONSORED LINKS ****************************** Learn how ManHunt 2.0 is providing real threat management today. http://www.sans.org/cgi-bin/sanspromo/NB7 ALERT! Hackers gain access to backend data via web applications. FREE WHITE PAPER: http://www.sans.org/cgi-bin/sanspromo/NB8 Add it up and upgrade... StoneGate firewall 50% upgrade promotion. http://www.sans.org/cgi-bin/sanspromo/NB9 ********************************************************************** THE REST OF THE WEEK'S NEWS --22 February 2002 Gartner Says Focus on Allocating Funds Efficiently Gartner analyst John Pescatore observes that the recent Office of Management and Budget (OMB) report detailing cyber security weaknesses throughout government agencies' systems found no correlation between quality of security and spending on security which confirms Gartner CEO Michael Fleisher's statement that spending more doesn't make for better security. http://news.com.com/2009-1001-843375.html --22 February 2002 Gator Digital Wallet Vulnerability An ActiveX plug-in in the Gator digital wallet could be exploited to gain control of computers and install backdoors or other malicious software. A demonstration showed that the IE version of Gator was vulnerable to the exploit, but it is not known if the Netscape version is also vulnerable. Richard Smith alerted the company to the problem in January 2000 and says he got no response. http://www.newsbytes.com/news/02/174709.html --22 February 2002 Q & A with Stephen Crocker Stephen Crocker, the head of the Internet Corporation for Assigned Names and Numbers' (ICANN) recently established security committee, discusses BIND and DNS vulnerability, and the need to work with the entities that control the top level domains to establish consistent rules and procedures. http://www.computerworld.com/storyba/0,4125,NAV47_STO68514,00.html --22 February 2002 Microsoft Patches Microsoft released patches for security vulnerabilities in IE, Windows XP, SQL Server 2000 and Commerce Server 2000. Two holes could allow attackers to read files on targeted computers; two others are buffer overflow flaws. http://www.computerworld.com/storyba/0,4125,NAV47_STO68547,00.html http://www.theregister.co.uk/content/55/24168.html --21 & 22 February 2002 Vulnerability Reporting Standards Proposal Steve Christey and Chris Wysopal have released a draft proposal for responsible vulnerability disclosure procedures in an effort to codify the unwritten rules that presently govern the practice. The proposal calls for researchers who find security flaws to notify the vendor or a third party coordinator, like CERT. The vendor would be required to respond within a week in most cases, and would also have to provide the researcher with weekly updates on their progress toward fixing the problem. http://zdnet.com.com/2100-1105-842656.html http://www.computerworld.com/storyba/0,4125,NAV47_STO68558,00.html --21 February 2002 UK Passport Office Looks Toward Biometrics The UK Passport Office plans to have biometric information embedded in passports within four years. In addition to raising concerns about civil rights violations, his proposal could lead to passports being issued to people using false identities and to increased wait times at airport security checkpoints. http://news.bbc.co.uk/hi/english/sci/tech/newsid_1833000/1833939.stm [Editor's (Murray) Note: The US Immigration and Naturalization Service has had INSPass in place for a decade. It may not have produced all the benefits we might have hoped for but it has certainly had none of the downside that the alarmists are concerned about. Frequent Flyers love it. Enrollment requires your cooperation.] --21 February 2002 Microsoft to Share Windows Source Code with Integrators Microsoft announced plans to share Windows source code with licensed systems integrators as part of its Shared Source Initiative. The integrators can view the code on a smartcard accessible website accessible; they may not alter or share the code. The announcement has met with skepticism from the community; it could be viewed as a way of satisfying a recent order in the antitrust case requiring the company to reveal its code to nine plaintiff states, or as a defensive gesture in the open source arena. http://www.wired.com/news/business/0,1367,50596,00.html http://news.com.com/2100-1001-841933.html http://www.computerworld.com/storyba/0,4125,NAV47_STO68500,00.html http://www.msnbc.com/news/712896.asp?0dm=C19NT --21 February 2002 FAA Security Holes Fixed, Says FAA CIO Federal Aviation Administration (FAA) CIO Daniel Mehan said the agency has addressed computer security deficiencies enumerated in a 2000 General Accounting Office (GAO) report. The FAA now maintains redundant systems and separates administrative and control networks from each other. Mehan said his agency needs increased funding to stay on top of its cybersecurity. http://online.securityfocus.com/news/337 --20 February 2002 Companies Going In-house for Cyber-forensics A former UK police detective who now teacher classes in cyber-forensics says that there is a growing trend of companies sending their own employees for cyber-forensic training so they can conduct in-house investigations. http://zdnet.com.com/2100-1105-840925.html [SANS Note: SANSFire in Boston at the end of June offers immersion, hands-on forensics training and up-to-date technical briefings.] --19 February 2002 Yarner Worm The Yarner worm arrives in the guise of a newsletter from Trojaner Info. When executed, it overwrites the Notepad application in the Windows directory, adds and alters some files, self-replicates via Outlook e-mail, and deletes files in the Windows directory. Outlook 2002 users and Outlook 2000 users who have installed the Security Update should be protected. http://zdnet.com.com/2100-1105-840177.html http://www.computerworld.com/storyba/0,4125,NAV47_STO68459,00.html --19 February 2002 Wireless Security Holes Two security researchers published a paper detailing a pair of security holes in the 802.1X wireless security system. The first allows attackers to hijack a connection; the second allows them to steal access information during authentication. The paper recommends adding symmetric authentication to the standard. http://zdnet.com.com/2100-1105-839948.html --19 February 2002 Peekabooty Unveiled Two software developers presented a working version of Peekabooty, a human rights peer-to-peer distributed proxy network designed to deliver Internet content to people in countries that censor web sites. http://zdnet.com.com/2100-1105-840652.html http://online.securityfocus.com/news/335 --18 February 2002 Alleged Cyber Intruder Arrested in Australia Police in Sydney, Australia arrested a 21-year-old man in connection with cyber-intrusions at Optus, a telecommunications form; law enforcement authorities were able to bring charges of unauthorized access to a computer and unauthorized modification of data against the man under legislation that passed only last year. Optus Corporate Affairs manager said the intruder did not cause any damage, nor was customer data compromised. http://www.newsbytes.com/news/02/174568.html ==end== Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, (and for free posters) e-mail sans@sans.org with the subject: Subscribe NewsBites To change your subscription, address, or other information, visit http://www.sans.org/sansurl and enter your SD number (from the headers.) You will receive your personal URL via email. You may also email with complete instructions and your SD number for subscribe, unsubscribe, change address, add other digests, or any other comments. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8fQAw+LUG5KFpTkYRAjlpAKCGrwO4DLohdVFemI+QGROFJPNXzACglfEI XuAskCb//nFClpajdAwoWtg= =HBaO -----END PGP SIGNATURE-----