To: Milis Hackerlink (SD434033) From: Alan for the SANS NewsBites service Re: February 24 SANS NewsBites SANS/GIAC FLASH! James Madison University has found 160 Windows98 computers infected with the trinoo distributed denial of service Trojan. The news here is that the infection has spread to personal computers. The vast number of PCs connected to the Internet, now able to be used in DDoS attacks, raises the threat level substantially. Please take time today to review the Consensus Roadmap For Defeating Distributed Denial Of Service Attacks at http://www.sans.org/ddos_roadmap.htm. It's a solid call to action, laying out the specific problems and providing prescriptions for solving them. Two of the recommendations need to be implemented immediately. The Roadmap was unveiled on Tuesday at the Partnership for Critical Infrastructure Security meeting with the Secretary of Commerce and three Members of Congress and about 120 corporations in attendance. The Roadmap was created cooperatively by CERT and SANS with the help of a group of distinguished security experts including Bill Cheswick, Dr. Eugene Spafford, Stephen Northcutt, Dave Dittrich, Mudge, Randy Marchany, Eric Cole, and several others. Now it needs your help in identifying effective methods of monitoring and measuring progress in implementing the Roadmap, and even more important, your experience in the implementation process, including tools that you found made it easier and challenges you had to overcome. Email [EMAIL PROTECTED] AP ********************************************************************** SANS NEWSBITES The SANS Weekly Security News Overview Volume 2, Number 8 February 24, 2000 Editorial Team: Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz <[EMAIL PROTECTED]> ********************************************************************* 21 February 2000 FBI's Free Software's Code is Hidden 19 February 2000 IRCs targets of DDoS Attacks 18 February 2000 State Department Software 18 February 2000 Nasdaq Index Glitch 18 February 2000 Computer Crash at Australian Bank 18 February 2000 Web Healthcare Privacy Subject of Inquiry 18 February 2000 Intel Chip Set Bug 18 February 2000 Attacks Foster Cooperation 18 February 2000 Protecting "Always On" Computers 18 February 2000 SEC Hires Cyber Cops 18 February 2000 More Attacks 18 February 2000 Government Agencies Told to Check Computer Security 17 February 2000 Canadian ISP Distances Itself from "Mafiaboy" 17 February 2000 Attacks on Latin American Sites 17 February 2000 Two Security Bugs Affect Windows2000 17 February 2000 Press Release a Hoax 17 February 2000 Industry Cyber Security Team 17 February 2000 FTC Launches DoubleClick Probe 17 February 2000 EPA Shut Due to Security Concerns 17 February 2000 Freeh and Reno Testify Before Senate Panel 17 February 2000 Members of Congress Draft New Internet Security Laws 17 February 2000 Did Banks Keep Warnings to Themselves? 17 February 2000 Keeping Your Computer Secure 17 February 2000 DOJ Looking at Cyber Crime Law 16 February 2000 Mafiaboy Left Digital Trail 16 February 2000 AOL Cracker's Sentence Made More Severe 16 February 2000 Mutating DDoS Tools 16 February 2000 US and Chinese Servers Used in Attacks, say Tokyo Police 16 February 2000 Israeli Politician Protests Hacking Conference 16 February 2000 UK, Ireland Differ on Encryption Regulations 16 February 2000 China Urged to Drop Crypto Regulations 16 February 2000 Government and Industry will Work Together to Thwart Security Threats 16 February 2000 Defense Department's Message System Not Secure 15 February 2000 On-Line Tax Preparation Site Exposes Customer Data; Site Shuts Down 15 February 2000 TFN Author will Speak to FBI ************** This week's sponsor: Entrust Technologie ************** Entrust Technologies invites you to join us for a live Webcast on "Entrust@YourService*" on March 7th at 9:00 am Pacific (12:00pm EST). Managed service experts will discuss how Entrust's latest offering provides excellent ROI, solid reliability, and full control over how security is implemented for a wide variety of applications. Register for the Entrust@YourService Webcast today: http://www.entrust.com/events/webinars/mar7/index.htm ********************************************************************** -- 21 February 2000 FBI's Free Software's Code is Hidden The software the FBI is offering on the Internet does not allow users to see the source code. Some may suspect that the FBI has included monitoring tools in the program. http://www.fcw.com/fcw/articles/2000/0221/news-fbi-2-21-00.asp -- 19 February 2000 IRCs targets of DDoS Attacks Internet Relay Chat (IRC) networks have been testing grounds for distributed denial of service (DDoS ) attack tools. http://www.washingtonpost.com/wp-dyn/business/A6148-2000Feb18.html -- 18 February 2000 State Department Software The US State Department used a software accounting program produced by former Soviet citizens. While there is no evidence that the software is corrupt, they are checking it out, and the Office of the Inspector General is looking into the methods used in awarding such contracts. http://www.usatoday.com/life/cyber/nb/nb4.htm -- 18 February 2000 Nasdaq Index Glitch A communications feed glitch prevented the Nasdaq exchange from updating its composite index quotes for 2.5 hours on Friday afternoon. Trading continued, undisturbed. http://www.computerworld.com/home/print.nsf/all/000218EE1A -- 18 February 2000 Computer Crash at Australian Bank ATMs and EFTPOS at Australia's ANZ Banking Corp. Ltd. shut down because of a computer crash. They are trying to fix the problem. http://www.it.fairfax.com.au/breaking/20000218/A26145-2000Feb18.html -- 18 February 2000 Web Healthcare Privacy Subject of Inquiry Prompted by an allegation that many web companies are sharing personal health data without informing customers, the Federal Trade Commission (FTC) has begun an inquiry into the situation and has invited a number of web-based health care companies to a meeting to discuss privacy policies. http://news.cnet.com/category/0-1005-200-1553403.html -- 18 February 2000 Intel Chip Set Bug A bug in some Intel chip sets affects servers and workstations. The data corruption error problem is rare; it occurs only on systems running Error Correction Code (ECC) technology. http://news.cnet.com/category/0-1003-200-1554179.html -- 18 February 2000 Attacks Foster Cooperation The recent DDoS attacks have encouraged cooperation between industry and law enforcement, according to security experts. Information needs to be shared quickly. http://www.msnbc.com/news/371898.asp?0m=N14N -- 18 February 2000 Protecting "Always On" Computers This article offers advice for intrusion protection for computers connected to the Internet by cable or DSL (digital subscriber line). http://www.washingtonpost.com/wp-srv/business/feed/a2913-2000feb18.htm -- 18 February 2000 SEC Hires Cyber Cops The Securities and Exchange Commission (SEC) has hired about 30 people to patrol the web and fight Internet fraud. http://www.washingtonpost.com/wp-dyn/business/A4796-2000Feb18.html -- 18 February 2000 More Attacks More sites have suffered DDoS attacks, but several have declined to publicize their situations, possible due to concern about customer confidence. A variety of attack tools were used, and investigators suspect copycats are responsible. http://www.usatoday.com/life/cyber/tech/cth398.htm -- 18 February 2000 Government Agencies Told to Check Computer Security Attorney General Janet Reno said that all government agencies should review their computer systems security. The recommendation was made in the wake of the EPA shutting down its site due to insufficient security, and the defacement of the Department of Transportation site, as well as the recent DDoS attacks. The investigation into the attacks is moving along at a fast pace. http://www.usatoday.com/life/cyber/tech/cth390.htm http://www.wired.com/news/politics/0,1283,34412,00.html -- 17 February 2000 Canadian ISP Distances Itself from "Mafiaboy" Canadian Internet Service Provider (ISP) Internet Direct has been linked in some reports to "Mafiaboy", a cracker who has claimed responsibility for some of the recent DDoS attacks. The ISP says that a customer who used the name "Mafiaboy" had two accounts with an ISP Internet Direct acquired last May, but that those accounts were terminated in early 1998 due to noncompliance with customer policy. http://www.currents.net/newstoday/00/02/17/news12.html http://news.cnet.com/category/0-1005-200-1552232.html -- 17 February 2000 Attacks on Latin American Sites Attacks on Latin American Internet portals are increasing, due in part to the fact that security is weak and the governments have paid little attention to the threat of cyber attacks. Recent victims include a newspaper portal in Colombia, and a governmental election site in Peru. Seven of the 27 recent attacks originated in the US. http://www.msnbc.com/news/371252.asp?0m=N28HBOGOTA, Colombia, -- 17 February 2000 Two Security Bugs Affect Windows2000 Microsoft announced vulnerabilities and patches for two Windows2000 services: Internet Explorer and Index Server. The first involves IE 4.01 through 5.01 and also affects Windows versions earlier than 2000. The second is limited to Windows2000 and affects only those users who turn on Indexing. http://www.computerworld.com/home/print.nsf/all/000217ED4E http://www.currents.net/newstoday/00/02/17/news2.html -- 17 February 2000 Press Release a Hoax A phony press release, claiming a merger between Aastrom Biosciences, Inc. and Geron Corp., boosted both companies' stock prices. The Aastrom site's version of the company's second quarter earnings release was also altered. http://www.msnbc.com/news/371615.asp?0m=N23H -- 17 February 2000 Industry Cyber Security Team The information technology industry plans to create a cyber security center to protect critical infrastructure. The group will share information with each other, and, when appropriate, with the government. http://www.fcw.com/fcw/articles/2000/0214/web-analysis-02-17-00.asp -- 17 February 2000 FTC Launches DoubleClick Probe In response to a recently filed complaint, the Federal Trade Commission (FTC) has begun an informal probe of DoubleClick's information collection practices. http://www.computerworld.com/home/print.nsf/all/000217ED46 -- 17 February 2000 EPA Shut Due to Security Concerns General Accounting Office (GAO) investigators found the Environmental Protection Agency's (EPA) computer systems "highly vulnerable" to attack. During a security audit, the team was able to penetrate a mainframe critical to cyber attack defense. The EPA was asked to close down its site until security is improved. http://www.computerworld.com/home/print.nsf/all/000217ED42 http://www.fcw.com/fcw/articles/2000/0214/web-epa-02-17-00.asp -- 17 February 2000 Freeh and Reno Testify Before Senate Panel FBI director Louis Freeh and Attorney General Janet Reno testified before the Senate Appropriations Committee, asking for additional funding to combat cyber attacks and for stiffer penalties for those crackers. Freeh suggested using expanded racketeering laws against "organized and persistent" crackers, and he stressed the importance to law enforcement of access to decrypted communications. http://www.usatoday.com/life/cyber/tech/cth376.htm http://www.wired.com/news/politics/0,1283,34388,00.html -- 17 February 2000 Members of Congress Draft New Internet Security Laws Several legislators have drafted bills addressing the issue of Internet security. One bill would eliminate the difficulty of tracing electronic communications across state lines by requiring only one court order. Another bill would double prison time for convicted cyber crime offenders. http://www.washingtonpost.com/wp-srv/business/feed/a62678-2000feb17.htm -- 17 February 2000 Did Banks Keep Warnings to Themselves? A senator wants to know why a financial industry computer security didn't share information it may have had about the threat of DDoS attacks. http://www.currents.net/newstoday/00/02/17/news13.html -- 17 February 2000 Keeping Your Computer Secure Installing personal firewalls is a good way to protect your computer against intrusions. http://www.msnbc.com/news/371497.asp?0m=N18N -- 17 February 2000 DOJ Looking at Cyber Crime Law The Justice Department is examining the body of cyber crime law to assess the need for updating. http://www.fcw.com/fcw/articles/2000/0214/web-cyberlaw-02-17-00.asp -- 16 February 2000 Mafiaboy Left Digital Trail The cracker calling himself "Mafiaboy", a suspect in some of the recent DDoS attacks, bragged in chat rooms about his part in the attacks, and "clumsily" left a trail of electronic breadcrumbs for investigators. The FBI believes that the attacks on Yahoo! and eBay were more sophisticated and were conducted by someone using a German character keyboard; the copycat attacks lacked finesse. The FBI also wants to talk with "Coolio", who defaced an RSA Security site, and "Mixter", who authored one of the DDoS tools. http://www.usatoday.com/life/cyber/tech/cth369.htm http://www.currents.net/newstoday/00/02/16/news1.html -- 16 February 2000 AOL Cracker's Sentence Made More Severe The teenage cracker recently sentenced to five years without a home computer received an additional component to his sentence: he will need approval even to touch a computer terminal for work or for school, as his probation officer says he has proven unable to stay away of his own volition. http://www.usatoday.com/life/cyber/tech/cth371.htm -- 16 February 2000 Mutating DDoS Tools Crackers are mutating DDoS tools so they can elude detection. One alleged author of an attack tools he and others are crafting upgrades to flood intrusion detection systems. http://www.techweb.com/wire/story/TWB20000216S0002 -- 16 February 2000 US and Chinese Servers Used in Attacks, say Tokyo Police Tokyo police say that Chinese and US servers were used in the recent cyber attacks on Japanese government web sites. They are asking for access data to further their investigation. http://www.techweb.com/wire/story/reuters/REU20000216S0001 -- 16 February 2000 Israeli Politician Protests Hacking Conference Calling hacking "terrorism," the head of the Israeli Parliament's Committee for Scientific and Technological Research and Development is protesting an upcoming hacker conference in Israel. An Israeli Internet executive said that hacking is often misunderstood, and that the conference aims not to teach harmful practices, but to educate. http://www.wired.com/news/politics/0,1283,34349,00.html -- 16 February 2000 UK, Ireland Differ on Encryption Regulations While the UK is toying with legislation that would make it a crime to refuse to surrender encryption keys to law enforcement officials, Ireland is drafting legislation aimed at prohibiting the very same thing. http://www.wired.com/news/politics/0,1283,34350,00.html -- 16 February 2000 China Urged to Drop Crypto Regulations A United States Trade Representative encouraged China to abandon its stringent encryption regulations, which include governmental registration of all entities using encryption technology. http://www.wired.com/news/politics/0,1283,34376,00.html -- 16 February 2000 Government and Industry will Work Together to Thwart Security Threats Representatives from government and private industry at the White House summit meeting on Internet security last week agreed that security information sharing needs to expand, that government needs to serve as a role model of information systems security, and that increased cooperation between government and private industry will not erode privacy. http://www.currents.net/newstoday/00/02/16/news2.html http://www.computerworld.com/home/print.nsf/all/000215ECF2 http://www.fcw.com/fcw/articles/2000/0214/web-industrysecurity-02-16-00.asp Cooperation between government and the private sector presents proprietary information and antitrust concerns. Additionally, government and industry view attack defense differently, http://www.washingtonpost.com/wp-srv/business/feed/a56835-2000feb16.htm -- 16 February 2000 Defense Department's Message System Not Secure The Pentagon's Defense Message System (DMS) was found to have serious security deficiencies. http://www.fcw.com/fcw/articles/2000/0214/web-dms-02-16-00.asp Editor's Note: This system is not in production; it will be deployed in the future. -- 15 February 2000 On-Line Tax Preparation Site Exposes Customer Data; Site Shuts Down H&R Block shut down its on-line filing web site after discovering that some customers' data was exposed to other customers. The problem occurred as the site was making software improvements to reduce response time. The company says that the problem was with only the web-based software; returns processed in company offices or at home with the company's tax preparation software were not affected. H&R Block is conducting an audit and will bring the site back up when the security problem has been fixed. H&R Block's web site was down for two days earlier this month due to unexpectedly high traffic. http://news.cnet.com/category/0-1005-200-1550948.html http://www.computerworld.com/home/print.nsf/all/000216ED1A http://www.usatoday.com/life/cyber/tech/cth367.htm -- 15 February 2000 TFN Author will Speak to FBI The hacker known as "Mixter" says he wants to help the FBI catch the perpetrators of the recent attacks. "Mixter" is the author of Tribe Flood Network (TFN) and TFN2000, two DDoS attack tools. http://www.usatoday.com/life/cyber/zd/zd3.htm ******* Also Sponsored by surfCONTROL ****** Are "CyberSlackers" consuming your network bandwidth? Are employees using the Internet for business ... or for personal activities, such as: * Gambling * Shopping * Day-trading * Viewing pornographic pictures -- or, even worse, hate propaganda? Find out now! Try surfCONTROL *free* for 30-days. Download now at: http://www.surfcontrol.com/promo/ea12 == End == Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, e-mail [EMAIL PROTECTED] with the subject: Subscribe NewsBites . Email <[EMAIL PROTECTED]> with complete instructions and your SD number (from the headers) for subscribe, unsubscribe, change address, add other digests, or any other comments. >> HACKERLINK akan segera dipindahkan ke server baru, oleh karena itu dukungan teknis untuk milis akan terhenti untuk beberapa waktu. http://www.indolinux.com - Nikmati Layanan Personal INDOLINUX :: ------------------------------------------------------------------- untuk berhenti kirim email ke [EMAIL PROTECTED] untuk melihat peraturan kirim email ke [EMAIL PROTECTED] arsip berada di http://www.mail-archive.com/[email protected]
