-Caveat Lector- From: The SANS Institute <[EMAIL PROTECTED]> Date: Thu, 25 Nov 1999 9:11:36 -0700 (MST) Subject: SANS NewsBites Vol. 1 Num. 35 From: Rob for the SANS NewsBites service Re: November 25 SANS NewsBites Happy Holidays to those celebrating today. Nearly fifty of you responded to last week's request for information on the ICMP ECHO REPLY probes. The data helped illuminate a virulent new strain of attack. This internet collaboration thing really works! Thanks for your help. Crackers use ICMP Echo Replies as probes and clandestine controls because these parts of the protocol are also widely used for network management tasks and thus are commonly not screened as much as other services. The data supplied helped to uncover a pair of force-multiplier attack tools that use this clandestine channel. They have names now: trinoo and tfn (for Tribal Flood Network). Attackers first compromise hundreds or thousands of unprotected systems using widely known vulnerabilities that have not been patched on those systems. The attacker then installs network traffic generator programs on each of those machines. When the attacker identifies a site to close down, he/she tells all of the hidden programs to attack at the same time, and uses instructions hidden in ICMP Echo Reply to give the command. Since the Echo Reply is often a critical tool of the network manager, defense against these attacks is very difficult. See http://www.sans.org/newlook/resources/flashadv.htm for the SANS Flash Advisory (and sometimes other updates, too). RK ********************************************************************** SANS NEWSBITES The SANS Weekly Security News Overview Volume 1, Number 35 November 25, 1999 Editorial Team: Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Alan Paller, Howard Schmidt, Eugene Schultz <[EMAIL PROTECTED]> ********************************************************************** 22 November 1999 DOD Info Attacks Increase 22 November 1999 Federal Sites Attacked Through IIS Vulnerability 22 November 1999 Security's Vicious Circle - Why Vulnerabilities Don't Get Fixed 22 November 1999 Government is Almost Ready for Y2K 22 November 1999 Y2K Information Coordination Center 22 November 1999 FBI IT Training 22 November 1999 DNA Database Funding 18 November 1999 DNA Database Privacy 20 November 1999 Teenage Hacker Jailed for 15 Months 20 November 1999 Malicious Programs Lie Dormant, Await Attack Command 20 November 1999 Airline will Cancel Y2K Flights 19 November 1999 Christmas Virus Is A Worm 19 November 1999 Senate Approves Digital Signature Bill 19 November 1999 Chinese Company Sued for Piracy 19 November 1999 Computer Export Controls Have to Wait 19 November 1999 Windows 98 Bug 19 November 1999 Amazon.com Outages 18 November 1999 Wiretapping Law Challenged 18 November 1999 Increasing Attacks Point to Need for Increased Intrusion Detection Capability 18 November 1999 Hotmail's Spam Filtering Raises Questions 18 November 1999 Surviving Heavy Web Traffic 18 November 1999 Dell Recalls Computers Possibly Infected with FunLove Virus 17 November 1999 Computer Security Litigation will Take the Place of Y2K Lawsuits 17 November 1999 ACLU Wants Questions About Echelon Answered 17 November 1999 BSA Charges Have Desired Effect ************* This Issue's Sponsor: Entrust Technologies ************* Forrester Predicts . . . You could lose customers on Jan. 1st because of expiring certificates. Join us on Dec. 6th for "Expiring Certificates Raise Y2K Specters", a telebriefing presented by Forrester Research and sponsored by Entrust Technologies. See the announcement at http://www.entrust.com/events/telebriefs/dec6 to register now. ********************************************************************** 22 November 1999 DOD Info Attacks Increase A more than three-fold observed increase in information attacks against Defense Department (DOD) computer systems may be in part attributed to improved detection capability. The DOD is also trying to determine when offensive computer counter attacks would be justified. http://www.gcn.com/vol18_no37/news/983-1.html 22 November 1999 Federal Sites Attacked Through IIS Vulnerability A vulnerability in Microsoft's Internet Information Server (IIS) 4.0 web server appears to have been the hole through which crackers defaced web sites run by the Federal Aviation Administration (FAA), the Department of Energy (DOE), the National Institutes of Health (NIH) and the National Oceanic and Atmospheric Administration (NOAA). The vulnerability is easy to fix. http://www.currents.net/newstoday/99/11/22/news5.html 22 November 1999 Security's Vicious Circle - Why Vulnerabilities Don't Get Fixed Column describes the series of actions that deflect organizations from correcting security vulnerabilities, even after a successful attack, and lists three fundamental actions needed to improve protection. http://www.computerworld.com/home/print.nsf/all/991122CD52 22 November 1999 Government is Almost Ready for Y2K The federal government is very close to being ready for Y2K, and the chairman of the President's Council on Year 2000 Conversion says that agencies must maintain their vigilance as part of Y2K preparedness. http://www.gcn.com/vol18_no37/news/997-1.html 22 November 1999 Y2K Information Coordination Center The Year 2000 Information Coordination Center (ICC) will collect and summarize Y2K status data from around the world beginning on December 28, 1999. The ICC is developing parameters to help organizations report any problems with systems operations. http://www.gcn.com/vol18_no37/news/996-1.html 22 November 1999 FBI IT Training The FBI is enhancing its computer security team's IT capabilities in the wake of increasing systems intrusions that have recently challenged them. The agency has developed a training curriculum for its field agents. http://www.gcn.com/vol18_no37/news/1001-1.html 22 November 1999 DNA Database Funding Proposed legislation would give over $50 million to state and federal agencies to build DNA databases used to solve crimes. http://www.fcw.com/pubs/fcw/1999/1122/fcw-newsdna-11-22-99.html 18 November 1999 DNA Database Privacy Current laws concerning DNA databases might not adequately protect people's privacy, according to some members of the FBI's DNA Advisory Panel. Law enforcement officials were opposed to the idea of destroying the actual samples of genetic material after the DNA pattern has been extracted. http://www.wired.com/news/print/0,1294,32617,00.html 20 November 1999 Teenage Hacker Jailed for 15 Months A 19-year old hacker who caused major disruption of White house, USIA, and other government sites has been sentenced to 15 months in prison beginning in 4 to 6 weeks. The sentence was lengthened because computer hacking qualifies as a "special skill" under federal sentencing guidelines. http://www.washingtonpost.com/wp-srv/WPlate/1999-11/20/124l-112099-id x.html 20 November 1999 Malicious Programs Lie Dormant, Await Attack Command A program called "trinoo" appears to have been covertly installed on thousands of Unix-based machines worldwide. "Trinoo" creates its own network within a network, and when it receives the command to attack will launch denial of service attacks on the targeted system. http://www.sosd.com/news/computing/991120-0010_1n20trinoo.html 20 November 1999 Airline will Cancel Y2K Flights Thai Airways International will cancel as many as 20 international flights scheduled for December 31, 1999 - January 1, 2000 because of concerns regarding the Y2K preparedness of some airports. http://www.currents.net/newstoday/99/11/20/news1.html 19 November 1999 Christmas Virus Is A Worm A Melissa worm variant, which self-propagates through e-mail, is designed to reformat hard drives in infected machines on December 25th. http://news.cnet.com/category/0-1006-200-1455135.html http://www.zdnet.com/zdnn/stories/news/0,4586,2397849,00.html?chkpt=z dhpnews01 http://www.techweb.com/wire/story/TWB19991119S0013 19 November 1999 Senate Approves Digital Signature Bill The Senate has unanimously approved digital signature legislation that is narrower in focus than that recently approved in the House. The House and the Senate will hammer out the differences between the two early next year. http://news.cnet.com/category/0-1005-200-1454205.html 19 November 1999 Chinese Company Sued for Piracy Microsoft is suing a Chinese company, claiming it used pirated software in its offices. Microsoft is asking for 1.5 million yuan (US$181,200) and an apology. http://news.cnet.com/category/0-1006-200-1454172.html 19 November 1999 Computer Export Controls Have to Wait The Commerce Department will not reduce the waiting period for loosening computer export controls, a decision that disappoints and frustrates manufacturers. http://news.cnet.com/category/0-1006-200-1453669.html 19 November 1999 Windows 98 Bug A new Windows 98 bug causes users to lose access to the Windows update site. Users began to notice the problem after downloading and installing the new Java Virtual machine from the site. http://news.cnet.com/category/0-1006-200-1455259.html 19 November 1999 Amazon.com Outages Amazon.com suffered its third outage in one month. http://news.cnet.com/category/0-1007-200-1454281.html 18 November 1999 Wiretapping Law Challenged The Electronic Privacy Information Center (EPIC) and the ACLU have asked a federal appeals court to block rules that give the FBI power to determine the wiretapping capabilities of new communications technology. The groups say the level of surveillance the FBI is seeking exceeds what it is entitled to under the law. http://www.techweb.com/wire/story/TWB19991118S0009 http://www.zdnet.com/zdnn/stories/news/0,4586,2397376,00.html?chkpt=z dnntop http://www.washingtonpost.com/wp-srv/WPlate/1999-11/18/155l-111899-id x.html 18 November 1999 Increasing Attacks Point to Need for Increased Intrusion Detection Capability As computing becomes increasingly mobile, network attacks will increase. Intrusion detection capabilities need to improve; internal incident response teams can be a good form of protection. http://www.techweb.com/wire/story/TWB19991118S0003 18 November 1999 Hotmail's Spam Filtering Raises Questions Hotmail's spam filtering does not appear to be reducing the amount of unsolicited e-mail its users receive, and some e-merchants have questioned Microsoft's choice to use the filtering system at all. http://news.cnet.com/category/0-1005-200-1453427.html 18 November 1999 Surviving Heavy Web Traffic When Britannica.com experienced ten times the web traffic it expected upon its launch last month, it closed down to solve the problem. With the help of its two main vendors, the site is now up and running, thanks to 76 additional servers and a tweaked system configuration. Victoria's Secret, which experienced a traffic overload last January during a "fashion show", is taking this issue seriously as it plans for its next broadcast. http://www.techweb.com/wire/story/TWB19991118S0014 18 November 1999 Dell Recalls Computers Possibly Infected with FunLove Virus 12,000 new Dell computers, built at an Irish facility were recalled when it was discovered they may have been infected with the FunLove virus. Only 500 of the machines were in customers' homes, and none of those computers was infected. The manufacturing plant remained shut down for two days. http://www.zdnet.com/zdnn/stories/news/0,4586,2397348,00.html http://news.cnet.com/category/0-1006-200-1453342.html http://www.techweb.com/wire/story/TWB19991119S0004 http://www.currents.net/newstoday/99/11/22/news6.html 17 November 1999 Computer Security Litigation will Take the Place of Y2K Lawsuits An attorney believes that e-commerce computer security lawsuits will gain momentum after Y2K litigation has cooled down. http://www.techweb.com/wire/story/TWB19991117S0005 17 November 1999 ACLU Wants Questions About Echelon Answered The ACLU has launched the Echelon Watch web site, which pushes for disclosure of the laws under which the purported global electronic surveillance system, called Echelon, operates. While the US has not officially acknowledged Echelon's existence, the new site has posted a letter from an Australian intelligence official which appears to confirm the system's existence. http://www.wired.com/news/print/0,1294,32586,00.html 17 November 1999 BSA Charges Have Desired Effect The Business Software Alliance (BSA) is pressing charges against 25 people in California and Michigan for trafficking pirated software. The BSA says news of the charges has decreased the level of such piracy. http://www.wired.com/news/print/0,1294,32616,00.html == End == Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, e-mail [EMAIL PROTECTED] with the subject: Subscribe NewsBites Email <[EMAIL PROTECTED]> with complete instructions and your SD number (from the headers) for subscribe, unsubscribe, change address, add other digests, or any other comments. DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance�not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
