Please find below an example of UPI's continuing coverage of cybersecurity and related issues. I hope you find it interesting. You may link to it on the web here:
http://www.upi.com/view.cfm?StoryID=20050501-062731-3623r A shorter version of this piece appeared on A6 of Monday's edition of the Washington Times. UPI Subscribers received this story when it was first published yesterday evening. If you have any comments or questions about this piece, need any more information about UPI products and services, or want to stop receiving these alerts, please get in touch. Thank you, Shaun Waterman UPI Homeland and National Security Editor E-mail: [EMAIL PROTECTED] Tel: 202 898 8081 Internet survey highlights threat of 'pharming' By Shaun Waterman UPI Homeland and National Security Editor WASHINGTON, May 1 (UPI) -- The nation's largest information security institute published its quarterly review of Internet threats Monday, highlighting the Web's growing vulnerability to a new form of online fraud -- "pharming," where Internet users are diverted to a different site than the one they typed into their browser. The data also reveal that, for the first time, some security and anti-virus software is vulnerable to hackers, creating a dangerous high-level backdoor into users' systems. The SANS Institute, the United States' largest cooperative research effort on information security, publishes its list of the top 20 Internet security vulnerabilities every three months. The survey lists the 10 most commonly exploited groups of weaknesses in each of the two major computer operating systems: Windows and UNIX/Linux. The majority of the thousands of viruses, worms and other Internet threats identified by the institute's researchers take advantage of one or more of these weaknesses, SANS Institute Director of Research Alan Paller told United Press International. "It's a way of flagging up the vulnerabilities that need to be patched" both by individuals users and company network security executives, said Paller, adding that the institute did not list vulnerabilities unless there was a patch available. "What's the point?" he asked rhetorically. "You're just letting the bad guys see there's a problem with no fix." Paller noted that, to make the list, the vulnerability had to be real, not just potential, and had to affect large numbers of users. "We don't list anything unless the code to exploit it is out there," for instance in one of the chat rooms or bulletin boards used by hackers, he said. The data for the first three months of 2005 -- drawn from thousands of security reports compiled by the institute -- reveal a number of trends, Paller said. "Two years ago, this list was dominated completely by weaknesses in operating systems," said Paller, referring to the underlying programs that run PCs and servers, springing to life when the computer is switched on. "Now we're seeing more and more vulnerabilities in applications being exploited." Applications are the programs that enable users to perform specific tasks, such as word processing, e-mail or creating spreadsheets, and the vulnerabilities in their code are more dangerous, according to Paller, because -- unlike operating system software -- they cannot be set to update themselves automatically with new security patches. "Users think they're protected because they've set their operating systems to automatically update," he said. "But vulnerabilities in applications can just as easily be exploited." Another new development, Paller added, was that, for the first time, the list includes vulnerabilities being exploited in some security and anti-virus software. "The problem here," Paller pointed out, "is that such programs operate with very high level privileges" within computing systems. "If a hacker gets control of one of these programs, he has much better access" than he would get by hacking in through, say, a word-processing program. Paller also said that the data highlighted a new form of security threat, known as "pharming," where Internet users are forcibly diverted to sites chosen by the hacker. Experts say pharming could be used to clandestinely redirect those visiting online banking or other financial services Web sites to fake pages, where their personal information could be harvested by identity thieves. In this sense, pharming resembles phishing, in which fake e-mail messages are sent to Internet users. The messages, which appear to come from banks or commercial sites such as Amazon.com or eBay, urge the recipient to visit the site to update or confirm personal information. But the link the message offers actually takes anyone who clicks on it to a fake site, operated by criminals, which steals the information the user enters. The victims' identity, password and other data can then be used to conduct bogus transactions, or to steal the contents of bank accounts. But in pharming, Internet users are diverted without receiving a message or clicking on a bogus link. "The reason this is so bad," said Paller, "is that users arrive at the site by typing in the correct address to the browser. ... They are likely to be very confident that they are in the right place; very confident and very wrong." There are several ways such attacks are carried out, but they all rely on hijacking the link between a computer's Web browser and the Internet site the user wants to visit. When users type an Internet site address into a Web browser, the browser converts those letters into a numerical code, known as an IP address. This number directs the Web browser to the site. IP addresses are stored on large network computers called domain name service servers. But most browser programs looking for an IP address will check the computer's records, because if the user has visited the site before, the IP address will be on file. Experts say malicious programs can infest a computer and change the IP addresses it has stored, so that when a user types in an Internet address, the browser will find its way to a site chosen by the malicious program's author, rather than the one the user wanted to visit. But these kinds of malicious programs, known as "malware," affect only one computer at a time. The phenomenon known as DNS poisoning can affect thousands of users at once. Poisoned DNS servers mistranslate Internet addresses and cause users to be redirected to a site other than the one they chose. "I liken it to changing the traffic signs on the Internet," Gerhard Eschelbeck, chief technology officer of computer security firm Qualys, told UPI. "You change the signs, you misdirect the traffic." Qualys is one of the four sources for the SANS top 20, and the company offers a free scan to locate any of them. In March, the SANS Internet Storm Center, an early warning monitoring center that scans the Internet for new threats, monitored a DNS poisoning incident that affected as many as 25,000 users. "Users were re-directed to a generic-looking search page," said Johannes Ullrich, the storm center's chief research officer. The page uploaded various spyware and adware programs to the users' computers. Ullrich said that the attack took place against a single, poorly maintained DNS server, but exploited a common vulnerability. The attack was possible "because of a fairly specific, but fairly common configuration" used by the attacked server, he said. Fixing such vulnerabilities, he added "is technically straightforward, but can be politically difficult" because the company running the vulnerable server is often unaffected by the attack. "You have to get the attention of your (Internet service provider)," said Ullrich, adding that there was no legal obligation on the company to fix the vulnerability and that some were unwilling to endure the downtime that would be required to patch their systems. Although DNS poisoning is technically sophisticated, Paller warned that it is not beyond the skill of professional, criminal hackers. Nonetheless, Ullrich added that he was unaware of any pharming attacks which had been carried out to harvest personal financial information to facilitate fraud. -- Copyright (c) 2001-2005 United Press International ------------------------ Yahoo! Groups Sponsor --------------------~--> DonorsChoose. A simple way to provide underprivileged children resources often lacking in public schools. Fund a student project in NYC/NC today! http://us.click.yahoo.com/EHLuJD/.WnJAA/cUmLAA/TySplB/TM --------------------------------------------------------------------~-> -------------------------- Want to discuss this topic? Head on over to our discussion list, [EMAIL PROTECTED] -------------------------- Brooks Isoldi, editor [EMAIL PROTECTED] http://www.intellnet.org Post message: osint@yahoogroups.com Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
