To: Milis Hackerlink (SD434033) From: Rob for the SANS NewsBites service Re: February 17 SANS NewsBites SANS Research Director Alan Paller met with President Clinton on Tuesday. See http://www.sans.org/pres.htm for his fascinating trip report. The cracker-challenge IDnet information for SANS 2000 is now available at http://www.sans.org/sans2000/idnet.htm . RK ********************************************************************** SANS NEWSBITES The SANS Weekly Security News Overview Volume 2, Number 7 February 17, 2000 Editorial Team: Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz <[EMAIL PROTECTED]> ********************************************************************** Distributed Denial of Service Articles: 15 February 2000 Web Security Summit to Convene Today 15 February 2000 Federal Investigators Narrowing Search 15 February 2000 Conspiracy Theories 14 February 2000 Banks Had Warning of Attacks 14 February 2000 DDoS Tool Author Says He'll Speak with FBI 9-12 February 2000 Hacker Community Disparages DDoS Perpetrators 11 February 2000 FBI Posts Software to Detect DDoS Slave Programs 11 February 2000 Vulnerable Computers Made DDoS Possible 11 February 2000 California Computer Used in Attack 10 February 2000 Internet Insurance 10 February 2000 E-Mail Claims Responsibility for Attacks 10 February 2000 Defending Against DDoS Attacks 10 February 2000 Government Checking Systems for Attack Agents 9 February 2000 Distributed Denial of Service Attacks: Q & A 9 February 2000 Reno Committed to Tracking Down Perpetrators 8 February 2000 Yahoo E-Mail Bug Other Security Articles: 15 February 2000 RSA Web Site Compromised 15 February 2000 PKI at DOD a Problem of Scale 15 February 2000 DoubleClick Addresses Privacy Concerns 14 February 2000 Fighting Computer Crime 11 February 2000 RealNames' Database Cracked 11 February 2000 Melissa Resurfaces 11 February 2000 Privacy Legislation Introduced 10 February 2000 UK Surveillance Bill Introduced, Criticized 10 February 2000 EU Cyber Crime Fighting Plan to be Drafted 10 February 2000 Windows 2000 Has New Anti Piracy Measures ********* This week's sponsor: Network-1 Security Solutions ********** Network-1 Security Solutions - Embedded NT Firewalls Now you can stop denial of service attacks against your critical NT servers. CyberwallPLUS-SV is the industry's first embedded firewall for NT servers. It allows you to protect your valuable NT servers from unwanted access and intrusion by Internet, Intranet and Extranet users. Visit http://www.network-1.com/eval/eval6992.htm and get your free CyberwallPLUS evaluation kit. ********************************************************************** -- 15 February 2000 Web Security Summit to Convene Today President Clinton has called together a group of technology executives, academics, and other concerned parties to address the issue of protecting the web from attacks. http://www.msnbc.com/news/370314.asp Editors Note: The meeting occurred and SANS was invited. For a recap: http://www.sans.org/pres.htm -- 15 February 2000 Federal Investigators Narrowing Search Federal agents are getting ready to question three suspects in the rash of distributed denial of service (DDoS) attacks. http://dailynews.yahoo.com/h/nm/20000215/ts/tech_hackers_31.html http://www.washingtonpost.com/wp-dyn/business/A51397-2000Feb14.html http://www.wired.com/news/business/0,1367,34341,00.html -- 15 February 2000 Conspiracy Theories Suspicions that the government may be responsible for the recent barrage of distributed denial of service attacks are circulating on the Internet. Some suggest that the attacks are the result of a classified exercise, and others propose that they provided a "smoke screen" for the government to place surveillance programs on computers. Still others wonder if the attacks were staged to increase concern about computer security. http://www.fcw.com/fcw/articles/2000/0214/web-conspiracy-02-15-00.asp http://www.wired.com/news/print/0,1294,34285,00.html Editors Note: Most people who have a clue disagree with these theories. -- 14 February 2000 Banks Had Warning of Attacks Computer experts at banks and other financial institutions received warnings about the recent DDoS attacks, but due to rules mandated by their security network, they were unable to share that information with law enforcement agencies. http://www.msnbc.com/news/370221.asp -- 14 February 2000 DDoS Tool Author Says He'll Speak with FBI A white-hat hacker who uses the moniker "Mixter" and who authored Tribe Flood Network (TFN), a distributed denial of service (DDoS) attack tool program said in an interview on ZDNet that he wants to talk with the FBI because he wants the perpetrator of the attacks caught. Mixter said he wrote the program to demonstrate weaknesses in the Internet, and that when he posted the program, he was operating under the concept of "full disclosure." (The MSNBC article has the text of the ZDNet interview). http://www.zdnet.com/zdnn/stories/news/0,4586,2437637,00.html http://www.msnbc.com/news/370058.asp -- 9 - 12 February 2000 Hacker Community Disparages DDoS Perpetrators The hacker community has been quite vocal in its disdain for those responsible for the recent burst of distributed denial of service attacks (DDoS). While such attacks do not require "technical prowess", there is evidence to suggest that the person or group responsible for the attack on Yahoo used more sophisticated technologies that specifically targeted the site's vulnerabilities. http://news.bbc.co.uk/hi/english/sci/tech/newsid_640000/640527.stm http://www.usatoday.com/life/cyber/tech/cth337.htm http://www.usatoday.com/life/cyber/tech/cth328.htm http://www.wired.com/news/print/0,1294,34228,00.html -- 11 February 2000 FBI Posts Software to Detect DDoS Slave Programs The FBI's National Infrastructure Protection Center (NIPC) has posted software that can detect the surreptitiously placed programs which act as slaves in distributed denial of service attacks (DDoS), but few people have downloaded the tool. Those who have downloaded the software have been asked to alert the FBI if the suspected programs are found on their computers. http://news.cnet.com/category/0-1003-200-1547115.html http://www.computerworld.com/home/print.nsf/all/000211E9BE http://www.fcw.com/fcw/articles/2000/0214/web-fbi-02-14-00.asp Editor's Note (Paller): This software was actually released in December after many of the subscribers of this newsletter helped the FBI test it. More than 4,000 downloads were made shortly after CERT and SANS announced the program's availability, and many dozens of organizations found that their systems were infected. A significant number reported those discoveries to SANS, but they expressed reluctance to report them to the FBI. On February 15, SANS posted a related document on what to do if you find your system are infected: http://www.sans.org/y2k/DDoS.htm -- 11 February 2000 Vulnerable Computers Made DDoS Possible The first computers attacked of the distributed denial of service (DDoS) attacks weren't the major sites, but the computers surreptitiously enlisted to carry out the barrage of traffic sent to the sites. The computers vulnerable to manipulation share several characteristics: they are always connected to the Internet, they have high bandwidth access, and belong to people or institutions whose primary concern is not security. http://www.computerworld.com/home/print.nsf/all/000211E9AE -- 11 February 2000 California Computer Used in Attack Network administrators at the University of California at Santa Barbara said that one of their computers was used in the attack on CNN's web site. The cracker who manipulated the computer did not destroy all the monitoring logs. http://www.wired.com/news/print/0,1294,34305,00.html http://www.usatoday.com/life/cyber/tech/cth346.htm http://news.cnet.com/category/0-1005-200-1548087.html http://www.zdnet.com/zdnn/stories/news/0,4586,2437045,00.html -- 10 February 2000 Internet Insurance Requests for information about Internet insurance coverage have escalated in the wake of the recent distributed denial of service attacks. The majority of losses due to cracking are not covered by traditional insurance. http://www.usatoday.com/life/cyber/tech/cth331.htm http://www.wired.com/news/print/0,1294,34229,00.html -- 10 February 2000 E-Mail Claims Responsibility for Attacks Attrition.org received an e-mail claiming responsibility for the recent distributed denial of service (DDoS) attacks. The author also claimed that the intent of the attacks was to scare Internet stockholders, and that each attacked site had an insider who helped the attack along. While DDoS attacks do not require the help of insiders, the claim is being investigated. http://www.wired.com/news/print/0,1294,34256,00.html -- 10 February 2000 Defending Against DDoS Attacks The best defense against distributed denial of service (DDoS) attacks is to prevent the slave programs from being installed on your computer. Another wise move would be to install filters that refuse to send packets to improper addresses. http://www.wired.com/news/print/0,1294,34230,00.html -- 10 February 2000 Government Checking Systems for Attack Agents The federal government is checking its computers to make sure they do not contain agents used to overwhelm web sites with traffic. Several free security products that will scan for such programs are available for downloading. http://www.fcw.com/fcw/articles/2000/0207/web-servers-02-10-00.asp http://news.bbc.co.uk/hi/english/business/newsid_638000/638445.stm -- 9 February 2000 Distributed Denial of Service Attacks: Q & A Two articles that do a good job of describing how the attacks work, and what can be done to mitigate their effects. http://news.cnet.com/category/0-1007-200-1546362.html http://www.usatoday.com/life/cyber/tech/cth317.htm -- 9 February 2000 Reno Committed to Tracking Down Perpetrators Attorney general Janet Reno is committed to combating "Internet vandalism." No motive for the recent attacks has been uncovered. Perpetrators outside the US can be prosecuted if they used US computers to carry out their attacks. http://news.cnet.com/category/0-1005-200-1546086.html -- 8 February 2000 Yahoo E-Mail Bug In the midst of recovering from a massive distributed denial of service attack, Yahoo inadvertently introduced an e-mail bug which sent some messages without their headers, and others without their headers or their bodies. http://news.cnet.com/category/0-1005-200-1545407.html -- 15 February 2000 RSA Web Site Compromised People trying to get to www.rsa.com were instead led to a rogue page hosted by a server in Colombia. RSA's computers were not compromised. Two crackers have claimed responsibility. http://www.currents.net/newstoday/00/02/15/news2.html Editor's Note (Murray): The compromised site, rsa.com, is not the current site name for RSA Security; the new site name is rsasecurity.com. -- 15 February 2000 PKI at DOD a Problem of Scale Using Public Key Infrastructure (PKI) to protect Defense Department (DOD) information systems would require an "enormous" undertaking to provide the more than a million users with digital certificates, according to the National Security Agency (NSA). http://www.fcw.com/fcw/articles/2000/0214/web-nsa-02-15-00.asp -- 15 February 2000 DoubleClick Addresses Privacy Concerns DoubleClick, the focus of much debate about consumer privacy, has set up a web site from which consumers can opt-out of having their on-line data collected, and which offers links to privacy advocacy sites. DoubleClick's president maintains that the purpose of advertisements is to keep the cost of the Internet down. Privacy advocates call the plan "disingenuous". http://www.currents.net/newstoday/00/02/15/news5.html -- 14 February 2000 Fighting Computer Crime The Justice Department's chief prosecutor of computer crimes says the public expects a balance between security and ease of access. http://www.usatoday.com/life/cyber/tech/cth353.htm -- 11 February 2000 RealNames' Database Cracked A cracker broke into RealNames' keyword database and redirected all searches to a web site in China. Credit card numbers and passwords could have been stolen, and RealNames has asked its customers to change their passwords. http://www.wired.com/news/print/0,1294,34295,00.html http://www.computerworld.com/home/print.nsf/all/000211E9C2 http://news.cnet.com/category/0-1005-200-1547688.html -- 11 February 2000 Melissa Resurfaces Washington state's Snohomosh County government's e-mail system was hit with the Melissa worm. The system was shut down while the servers were cleaned up. http://www.usatoday.com/life/cyber/tech/cth335.htm -- 11 February 2000 Privacy Legislation Introduced Recent Internet privacy violations have fueled privacy advocates' hopes for legislation restricting the on-line gathering of personal consumer data, and recently introduced legislation would prevent sites from collecting personal data without the customer's express permission. The legislation focuses on "cookies," or data strings stored on computers and used to identify visitors to sites. Opponents say improving advertising is necessary to keep the Internet free. http://news.cnet.com/category/0-1005-200-1547443.html http://www.usatoday.com/life/cyber/tech/cth319.htm -- 10 February 2000 UK Surveillance Bill Introduced, Criticized The UK's Regulation of Investigatory Powers Bill declares that law enforcement officials should have the power to demand encryption keys or plaintext versions of computer files. Those who fail to comply would be faced with jail time. Critics of the measure say that people could be jailed for losing their encryption keys. The bill does require that law enforcement have "reasonable grounds" to demand keys. http://news.bbc.co.uk/hi/english/sci/tech/newsid_638000/638041.stm -- 10 February 2000 EU Cyber Crime Fighting Plan to be Drafted The European Commission intends to step up development of its cyber crime fighting plan. Representatives will meet in March to draft a policy document. Provisions likely to be included are law enforcement training in cyber crime prevention, and cooperation across borders within the European Union. http://news.cnet.com/category/0-1007-200-1546938.html -- 10 February 2000 Windows 2000 Has New Anti Piracy Measures Windows 2000 Professional will ship soon with increased anti-piracy protection, including a measure that requires users to register the software within the first fifty times it is used. If the software is not registered by then, it will stop working. Registrants will receive a code to disable the alert message. http://www.computerworld.com/home/print.nsf/all/000210E832 ******* Also Sponsored by VeriSign - The Internet Trust Company ****** Running multiple servers in your organization? Securing all of them can quickly become complicated. Learn how to simplify security administration through a single point of management. Request your FREE copy of VeriSign's "Guide to Securing Intranet and Extranet Servers" now at: http://www.verisign.com/cgi-bin/go.cgi?a=n018305080151000 == End == Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, e-mail [EMAIL PROTECTED] with the subject: Subscribe NewsBites Email <[EMAIL PROTECTED]> with complete instructions and your SD number (from the headers) for subscribe, unsubscribe, change address, add other digests, or any other comments. http://www.indolinux.com - Nikmati Layanan Personal INDOLINUX :: http://techscape.net/ - Webhosting: Dual T3 on Dual Pentium III 450Mhz Only US$1.95/month -> CGI SSL 5MB Unlimited Traffic & Mail FP2000 ------------------------------------------------------------------- untuk berhenti kirim email ke [EMAIL PROTECTED] untuk melihat peraturan kirim email ke [EMAIL PROTECTED] arsip berada di http://www.mail-archive.com/[email protected]
