-Caveat Lector- --------forwarded message-------- From: The SANS Institute <[EMAIL PROTECTED]> Date: Thu, 16 Dec 1999 Subj: SANS NewsBites Vol. 1 Num. 38 From: Rob for the SANS NewsBites service The useful new consensus document ``Securing Linux: Step-by-Step'' was released Monday, joining five other how-to guides including Securing Solaris Step-By-Step, Windows NT Security Step-By-Step (3rd Ed.), Incident Handling, and Intrusion Detection. All five are available for the price of three through January 15 at http://www.sansstore.org . Also released this week is the first industry consensus hardening script. Bastille Linux supplies scripsts to implement the guidelines in the Step-by-Step guide automatically in just a few minutes. The Bastille Linux scripts are free, but we are soliciting feedback and suggestions for further development. http://www.bastille-linux.org/ . Experience with the Bastille project has led us to realize we should ask for pointers to other efforts for the similar Solaris hardening script. If you have built your own script or are willing to check every step of the new one, please email [EMAIL PROTECTED] with the subject Solaris Script and tell us what you have done or will do. We'll send you the url. Security professionals planning to be deeply involved in intrusion detection may want to sign up for one of the limited spots in the unique five-day Intrusion Detection Immersion Curriculum at SANS2000 in Orlando. http://www.sans.org/sans2000/idic.htm . RK ********************************************************************** SANS NEWSBITES The SANS Weekly Security News Overview Volume 1, Number 38 December 16, 1999 Editorial Team: Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray, Alan Paller, Howard Schmidt, Eugene Schultz <[EMAIL PROTECTED]> ********************************************************************* 13 December 1999 Computer Security High on Capitol Hill To-Do List 13 December 1999 Encryption Rules Release Postponed 13 December 1999 Getting the Government Ready for Y2K 13 December 1999 Browser Bugs 13 December 1999 PGP Gets Export License 13 December 1999 NTIA Administrator Will Focus on Infrastructure Security 13 December 1999 Patent Office Uses PKI 12 December 1999 Russian News Web Site Defaced 7 December 1999 Babylonia Virus Downloads Updates 8 December 1999 Babylonia Web Page Removed 10 December 1999 Babylonia Site Shut Down/New Variant of ExploreZip Discovered 10 December 1999 Bermuda Stock Exchange Experiences Y2K Difficulties 10 December 1999 Australian Government Agency Web Site Defaced 10 December 1999 Privacy Advocates Ask For Ban On Practice Of "Profiling" 10 December 1999 Expired Root Certificates and Y2K 10 December 1999 Electronic Credit Card Theft 10 December 1999 ICQ_Greetings Trojan 10 December 1999 GSM Cell Phones Insecure 9 December 1999 Conviction in Melissa Case May be a Deterrent 9 December 1999 Virus Updates Important 9 December 1999 Firewall "Sandwiches" 9 December 1999 Government and Industry to Team Up on Information Security 9 December 1999 New Attacks on Web Pages 9 December 1999 Government Pension Databases Tested, Patched 8 December 1999 Microsoft Files Piracy Suits 8 December 1999 Attack Protection for Cable Connections 8 December 1999 FBI Will be Attentive to Attacks Near Y2K 8 December 1999 Is the Cure Worse than the Bug? 7 December 1999 Dependence on Technology Creates Vulnerability 7 December 1999 DSML Submitted to Standards Bodies 7 December 1999 Powerful New Cracker Tools 7 December 1999 On Line Crime May Increasingly Target Private Sector 6 December 1999 NT 4.0 Receives C2 Security Rating 6 December 1999 Keeping Attackers at Bay ************* This Issue's Sponsor - ProactiveNet, Inc. ************* DOES YOUR FIREWALL APPEAR TO BE SLOW? How do you diagnose the problem? Is it the network, firewall, application or server? Solving response time problems requires measuring it from an end-user perspective and auto-baselining your "normal" firewall-based environment. This report tells how: http://www.proactivenet.com/wp8.html . ********************************************************************** 13 December 1999 Computer Security High on Capitol Hill To-Do List Computer security, particularly lack of standardized practices among federal agencies, will figure prominently in next year's legislative sessions. http://www.gcn.com/vol18_no38/news/1045-1.html 13 December 1999 Encryption Rules Release Postponed The White House is postponing the release of encryption export regulations to January 14. Earlier this fall, the administration said it would ease export controls significantly, but a recent draft of the rules appeared to fall short of the earlier promises. http://news.cnet.com/category/0-1005-200-1494825.html 13 December 1999 Getting the Government Ready for Y2K Some officials from the Office of Budget and Management (OMB) and the CIO Council are recommending that government agencies double check their systems' Y2K preparedness, and some are suggesting that agencies refrain from making any changes at all until after January 1, 2000. http://www.gcn.com/vol18_no38/news/1077-1.html 13 December 1999 Browser Bugs Microsoft Internet Explorer and Netscape are both dealing with a variety of security bugs. http://news.cnet.com/category/0-1005-200-1494316.html 13 December 1999 PGP Gets Export License The US government has granted a license allowing Network Associates to export its PGP (Pretty Good Privacy) encryption. http://www.computerworld.com/home/news.nsf/all/9912131nai 13 December 1999 NTIA Administrator Will Focus on Infrastructure Security The assistant secretary of Commerce and administrator of the National Telecommunications and Information Administration (NTIA) will work with industry to ensure the security of US communications and information systems. http://www.fcw.com/pubs/fcw/1999/1213/web-ntia-12-13-99.html 13 December 1999 Patent Office Uses PKI The Patent and Trademark Office has established a public key infrastructure (PKI) that allows inventors and attorneys file applications and track their progress on-line. http://www.gcn.com/vol18_no38/news/1080-1.html 12 December 1999 Russian News Web Site Defaced Protesters defaced the web site of Russian news agency Itar-Tass. The site was down for over an hour while undergoing repair. http://news.bbc.co.uk/hi/english/world/europe/newsid_561000/561576.stm 7 December 1999 Babylonia Virus Downloads Updates A new virus masquerading as a Y2K fix, W95.Babylonia, infects machines via chat room software and then updates itself from a web site, much as anti-virus packages do. While the virus presently carries no malicious payload, security experts are concerned that the virus writer could alter the data on the web site to make the virus destructive. http://www.wired.com/news/technology/0,1282,32956,00.html http://www.computerworld.com/home/news.nsf/all/9912072babylon 8 December 1999 Babylonia Web Page Removed The web page from which the Babylonia virus had been updating itself has been taken down, diminishing the virus's threat. http://www.zdnet.com/zdnn/stories/news/0,4586,2406408,00.html?chkpt=z dnnstop 10 December 1999 Babylonia Site Shut Down/New Variant of ExploreZip Discovered The site used by the Babylonia virus to update itself has been shut down. Also, a new variant of an old virus has been discovered; Worm.ExploreZip.Neolite.it does not presently appear to be "in the wild". http://news.cnet.com/category/0-1006-200-1490378.html 10 December 1999 Bermuda Stock Exchange Experiences Y2K Difficulties The Bermuda Stock Exchange's daily trade report began listing dividend payout dates as 1900 rather than 2000. The glitch occurred as a result of the exchange using an older computer system while upgrading its software. http://news.cnet.com/category/0-1009-200-1490496.html 10 December 1999 Australian Government Agency Web Site Defaced The web site of the Australian Broadcasting Authority (ABA) was defaced in protest last week, and was taken off line for a while as a security measure. The ABA is the government agency responsible for upholding Australia's controversial new on line censorship laws. http://www.wired.com/news/print/0,1294,33010,00.html 10 December 1999 Privacy Advocates Ask For Ban On Practice Of "Profiling" Claiming that on line profiling is more insidious than the now banned subliminal advertising, privacy advocates want the Federal Trade Commission (FTC) to ban profiling. Internet advertising companies have established the Network Advertising Initiative, which would give consumers some more control over what is done with information gathered about them. http://www.currents.net/newstoday/99/12/10/news2.html 10 December 1999 Expired Root Certificates and Y2K Internet browsers lacking new root certificates may present a problem on January 1, 2000 because many embedded certificates are set to expire on the last day of 1999. The certificates vouch for a user's identity, and can be used in establishing secure conversations between web site and browser. The certificates' expirations will affect Macintosh users with Internet Explorer 4.5, and other users who have older versions of Netscape. http://www.techweb.com/wire/story/TWB19991210S0011 http://news.cnet.com/category/0-1006-200-1491280.html 10 December 1999 Electronic Credit Card Theft Thirty-eight members of a purported organized crime ring have been arrested in Toronto in connection with alleged interception, decryption, and unauthorized use of credit card information. Authorities said that a leader of the group had enlisted the help of a computer expert. http://www.wired.com/news/business/0,1367,33027,00.html Editor's Note: As with many such stories, this one requires a lot of reading. There is an implication throughout the article that the encryption was successfully attacked. One must get to the end of the article to find that this is probably not true. What was probably involved was merchant fraud. While "decryption" may have been involved, it was with benefit of the key. 10 December 1999 ICQ_Greetings Trojan The ICQ_Greetings Trojan will try to reformat hard drives of infected machines on January 1, 2000. It replicates by sending itself off via the victim's e-mail address book, but at a rate of only two e-mails every fifteen minutes. The virus can infect Windows 95, 98, NT, and 2000. http://www.msnbc.com/news/345030.asp 10 December 1999 GSM Cell Phones Insecure Israeli researchers have published a paper describing flaws in an algorithm used to secure GSM transmissions. http://www.computerworld.com/home/news.nsf/all/9912105gsm Editors' Note: GSM cell phones might be less secure than was thought. However, they are more secure than analog phones and more secure than US digital phones. 9 December 1999 Conviction in Melissa Case May be a Deterrent The conviction of the Melissa virus author, who faces up to ten years in prison and fines of as much as $400,000, might prove a deterrent to other virus writers. The case is the first in which the United States federal government has successfully prosecuted a virus writer. http://www.zdnet.com/zdnn/stories/news/0,4586,2406928,00.html 9 December 1999 Virus Updates Important While many companies have frozen hardware and software upgrades until after January 1, 2000, they are continuing to update their virus protection. Virus updates should not affect Y2K compliance. http://www.internetwk.com/story/INW19991209S0006 9 December 1999 Firewall "Sandwiches" IT managers have discovered that they can keep firewalls from becoming chokepoints using load-balancing switches. http://www.internetwk.com/story/INW19991209S0009 9 December 1999 Government and Industry to Team Up on Information Security The Partnership for Critical Infrastructure Security, a group of government and private sector representatives, will hold a summit early next year to explore ways in which government and industry can work together to protect economic and national security. http://www.fcw.com/pubs/fcw/1999/1206/web-security-12-09-99.html http://www.techweb.com/wire/story/reuters/REU19991208S0007 9 December 1999 New Attacks on Web Pages Two new attacks threaten web pages' security. The Poison Null attack could allow crackers to read directories and possibly read and alter files on web servers. The Upload Bombing attack has the potential to fill a site's hard disk space with useless files. The attacks exploit bugs in commonly downloaded CGI scripts. http://www.techweb.com/wire/story/TWB19991209S0007 http://www.internetwk.com/story/INW19991209S0007 9 December 1999 Government Pension Databases Tested, Patched The Pension Benefit Guaranty Corporation says it has fixed holes discovered by crackers hired to test the security of the agency's databases. http://dailynews.yahoo.com/h/ap/19991209/pl/pensions_security_1.html 8 December 1999 Microsoft Files Piracy Suits Microsoft has filed suits against auction web sites and on line software sellers in six states to enjoin them from selling allegedly pirated software. http://www.wired.com/news/technology/0,1282,32985,00.html 8 December 1999 Attack Protection for Cable Connections Internet subscribers who are connected via cable are more vulnerable than those who dial in on telephones because they are almost always online. A new cable network connection box blocks attacks in the network before they can reach individual computers. http://dailynews.yahoo.com/h/ap/19991208/tc/cable_internet_security_1.html 8 December 1999 FBI Will be Attentive to Attacks Near Y2K The FBI will be on the alert for malicious information systems attacks around the New Year. While there have been no indications that such attacks will take place, it is certainly possible that crackers will want to exploit Y2K fears. http://news.cnet.com/category/0-1009-200-1488176.html 8 December 1999 Is the Cure Worse than the Bug? Some companies have experienced problems with new Y2K compliant software proving incompatible with existing systems. http://www.techweb.com/wire/story/reuters/REU19991208S0001 7 December 1999 Dependence on Technology Creates Vulnerability Our society's dependence on technology makes us vulnerable to attacks on computer and communications networks, according to experts. http://www.sfgate.com/cgi-bin/article.cgi?file=/examiner/hotnews/stor ies/07/hackers.dtl 7 December 1999 DSML Submitted to Standards Bodies Directory Services Markup Language (DSML), which makes sharing information in e-commerce easier, has been submitted to standards bodies. http://www.internetwk.com/story/INW19991207S0007 7 December 1999 Powerful New Cracker Tools New cracker tools commandeer remote computers to launch massive and difficult to trace denial of service attacks on web sites running Unix. http://www.usatoday.com/usatonline/19991207/1723034s.htm 7 December 1999 On Line Crime May Increasingly Target Private Sector The director of the FBI's National Infrastructure Protection Center said that countries would be attacked increasingly through private companies' computers and civilian systems. http://news.cnet.com/category/0-1005-200-1484895.html 6 December 1999 NT 4.0 Receives C2 Security Rating Microsoft NT 4.0 has finally received the C2 security rating from the National Security Agency (NSA). Defense Department information systems are supposed to carry at least a C2 security rating. http://www.zdnet.com/pcweek/stories/news/0,4153,2404702,00.html Editors note: This C2 "rating" is not equivalent to C2 Certification. Network-connected systems cannot receive C2 certification. 6 December 1999 Keeping Attackers at Bay This article describes a variety of intrusion points and offers suggestions for securing them. http://www4.zdnet.com/intweek/stories/news/0,4164,2404413,00.html == End == Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, e-mail [EMAIL PROTECTED] with the subject: Subscribe NewsBites Email <[EMAIL PROTECTED]> with complete instructions and your SD number (from the headers) for subscribe, unsubscribe, change address, add other digests, or any other comments. . DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance�not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
