To: Milis Hackerlink (SD434834)
From: Rob for the SANS NewsBites service
Re: March 15 SANS NewsBites
I have included a personal subscription URL at the bottom of this note.
If you forward the note, you should remove that part so that others will
neither see nor change your information. You can use the URL to update
your address and subscription lists.
If you are an expert on router filters, and would be willing to help
verify SANS new anti-spoofing and anti-smurfing filtering instructions
(to make sure they do work and inflict no harm), please email
<[EMAIL PROTECTED]> with subject "DDOS Filters".
RK
**********************************************************************
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 2, Number 11 March 15, 2000
Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray,
Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
<[EMAIL PROTECTED]>
*********************************************************************
11 March 2000 French Bank Card Fraud
11 March 2000 Melissa.AO Worm
11 March 2000 Chinese E-Commerce Site Suffers Attack
10 March 2000 FBI Wants More Cyber Savvy Agents
10 March 2000 Arizona On-Line Voting
10 March 2000 Hole In Windows 95 and 98 Leads to Crashes
10 March 2000 DoubleClick Hires Privacy Officer
10 March 2000 Credit Card Information Stolen Through Known Hole
9 March 2000 "Curador" Grows More Brazen
9 March 2000 On Line Sit Ins
9 March 2000 How Best to Share Security Information
9 March 2000 ATM and Frame Relay Security Problems
9 March 2000 "Coolio" Arrested, Charged with Defacing DARE Site
9 March 2000 Intuit Faces Suit Over Personal Data Disclosure
9 March 2000 Errant Mouse Clicks, Not Crackers, to Blame for Altered
Grades at MIT
9 March 2000 Internet Crime Report has Industry Support, Privacy
Advocates Upset
9 March 2000 Senate Committee Hears Testimony About Securing Internet
8 March 2000 Anonymous Net Could Offer Pirates a Hideout
8 March 2000 Anti-Virus Software Poses Threat
8 March 2000 Security Evaluation Model
7 March 2000 Taiwan Ready for Cyber Attack
7 March 2000 Gallup Web Site Defaced, Repaired
7 March 2000 Keystroke Monitoring Software
7 March 2000 UK RIP Bill Goes Too Far, Say Opponents
************** This week's sponsor: Entrust Technologies *************
Learn how you can use Entrust Technologies award winning e-mail
solutions - now including Entrust/Express(tm) for Lotus Notes(tm) - to
streamline your processes, shorten business transaction cycles, and
maximize data confidentiality by participating in our free Secure E-mail
telebriefing, March 23rd from noon to 1:00 p.m. ET. Register at:
http://www.entrust.com/events/telebriefs/mar23/index.htm
**********************************************************************
-- 11 March 2000 French Bank Card Fraud
The encryption algorithm used by the Cartes Bancaire system in France
has been posted on the Internet; while personal bank accounts are safe
from theft, forged cards could be used to purchase travel tickets and
pay parking fees. http://www.currents.net/newstoday/00/03/11/news4.html
http://www.wired.com/news/technology/0,1282,34897,00.html Editor's note
(Murray): This is not so much about smartcard cryptography as it is
about the checking built into the account numbering that keeps arbitrary
numbers from being valid account numbers. It is rarely used any more.
-- 11 March 2000 Melissa.AO Worm
A new mutation of the Melissa worm disables the Tools/Macro command menu
and sends itself to the first 50 addresses in the Microsoft Outlook
address book. The payload triggers at 10:00 am on the tenth day of any
month. http://www.currents.net/newstoday/00/03/11/news7.html
-- 11 March 2000 Chinese E-Commerce Site Suffers Attack
A Chinese e-commerce site suffered major damage from crackers; files
were destroyed and databases damaged. Chinese police have found the
attacker's Internet Protocol (IP) address. The attack comes amid debate
over Internet controls in China.
http://news.bbc.co.uk/hi/english/world/asia-pacific/newsid_674000/674038.stm
-- 10 March 2000 FBI Wants More Cyber Savvy Agents
Few FBI agents are well versed in fighting cyber crime. The agency's
technology is not cutting edge, and private sector jobs offer more
money. While creating partnerships with private industry on certain
investigations is a good idea, it would still be in the agency's best
interest to build its own cyber fighting capabilities.
http://dailynews.yahoo.com/htx/ao/20000310/cr/20000310009.html
-- 10 March 2000 Arizona On-Line Voting
25,000 people voted on line in Arizona's Democratic primary, nearly
twice the number that voted on line four years ago. People using older
versions of Netscape Navigator were unable to vote on line because the
browsers couldn't process the digital certificates.
http://www.computerworld.com/home/print.nsf/all/000310F5B2
-- 10 March 2000 Hole In Windows 95 and 98 Leads to Crashes
A security hole in Windows 95 and Windows 98 forces computers to process
a string of characters which crashes the operating system. The string
could be embedded in a web page, or come as a part of a web based e-mail
message. http://www.msnbc.com/news/380494.asp?0m=N1BQ
http://news.cnet.com/category/0-1003-200-1568544.html
-- 10 March 2000 DoubleClick Hires Privacy Officer
Calling its plan to merge personal information data "a mistake",
DoubleClick has hired new York City's former commissioner of Consumer
Affairs to ensure that the company has a solid privacy policy and that
it is followed.
http://www.computerworld.com/home/print.nsf/all/000310F57A
-- 10 March 2000 Credit Card Information Stolen Through Known Hole
Thousands of credit cards numbers, along with names, addresses, and
phone numbers have been stolen from e-commerce sites through a security
hole in Microsoft's Internet Information Server (IIS). A patch for the
hole has been available for a year and a half. One site is switching
to Linux. http://news.cnet.com/category/0-1007-200-1563391.html
Editors' Note (multiple): The e-commerce sites kept credit card numbers
in clear text on their web servers.
-- 9 March 2000 "Curador" Grows More Brazen
"Curador", the cracker who stole thousands of credit card numbers though
a security hole in Microsoft's Internet Information Server (IIS) (see
10 March story), last week set up another site with a purloined credit
card number which has since been shut down. He has also created an
animated banner ad which will take users to his site. "Curador" claims
his purpose is to demonstrate e-commerce's lack of security.
http://www.internetnews.com/ec-news/article/0,1087,4_318381,00.html
-- 9 March 2000 On Line Sit Ins
A group of "hacktivists" plans to release a software tool which will
help them stage attacks against sites of companies whose policies they
want to protest. The "Ehippies" plan to notify the targeted site
several days in advance, and their tool involves no covertly manipulated
zombie machines, just those of protesters who wish to make their
opinions known. http://www.msnbc.com/news/380065.asp?0m=N1DQ
-- 9 March 2000 How Best to Share Security Information
Some are critical of the government for dragging its feet about
informing the public about the possibility of DDoS attacks. Others
point out that private companies are reluctant to share information with
the government for fear their computers will be confiscated and their
reputation will suffer.
http://www.usatoday.com/life/cyber/tech/cth523.htm
-- 9 March 2000 ATM and Frame Relay Security Problems
According to a report from The Yankee Group, Asynchronous Transfer Mode
(ATM) networks and frame-relay systems are vulnerable to attacks at a
very basic level - their cables are often unsecured. Network management
systems also provide opportunities for crackers to infiltrate the
systems. http://www.computerworld.com/home/print.nsf/all/000309F55A
Editors' notes: (Multiple) Though the vulnerabilities are real these
technologies are safer than most of the alternatives. If privacy and
authenticity matter, use cryptography.
-- 9 March 2000 "Coolio" Arrested, Charged with Defacing DARE Site
The New Hampshire teenager who goes by the cracker handle "Coolio" has
been arrested and charged with defacing the Drug Abuse Resistance
Education (DARE) web site. The seventeen-year-old will be charged as
an adult and could face a fifteen-year prison sentence. "Coolio" has
also admitted cracking the RSA site and the US government's Chemical
Weapons Convention site. He still denies responsibility for the
February DDoS attacks.
http://www.techweb.com/wire/story/reuters/REU20000309S0002
http://www.msnbc.com/news/377102.asp?0m=N229
-- 9 March 2000 Intuit Faces Suit Over Personal Data Disclosure
A Quicken.com user who alleges that his personal data was disclosed to
advertisers without his permission is suing Intuit. The suit asks for
unspecified damages and that all the information collected be purged.
An Intuit spokesperson believes the suit is without merit as the
information disclosure was "an unintentional consequence of using
industry standard technology."
http://www.techweb.com/wire/story/reuters/REU20000309S0001
http://www.computerworld.com/home/print.nsf/all/000310F58A
-- 9 March 2000 Errant Mouse Clicks, Not Crackers, to Blame for Altered
Grades at MIT
While initial reports suggested that MIT's computer system had been
cracked and student grades altered (Boston Globe story), the problem
was actually due to an error on the part of a data entry clerk.
(Computerworld story)
http://www.boston.com/dailyglobe2/069/metro/MIT_says_a_hacker_altered_class_grades+.shtml
http://www.computerworld.com/home/print.nsf/all/000309F556
-- 9 March 2000 Internet Crime Report has Industry Support, Privacy
Advocates Upset
The Working Group on Unlawful Conduct on the Internet has released a
report stating that while most existing laws are sufficient for dealing
with cyber crime, interstate warrants would speed the process of
tracking an Internet criminal. Industry applauds the report, but
privacy advocates point out that the report designates anonymity a
"thorny issue" and that many of its recommendations aim to "strip away
basic privacy, free speech and free press protections."
http://dailynews.yahoo.com/htx/ao/20000309/cr/20000309019.html
http://www.cnn.com/2000/TECH/computing/03/09/internet.crime/index.html
http://www.msnbc.com/news/379837.asp?0m=N1FQ
-- 9 March 2000 Senate Committee Hears Testimony About Securing Internet
A Senate subcommittee heard from the Deputy Attorney General that
interstate court orders are necessary to track Internet criminals. A
Carnegie Mellon University Professor of Computer Science and Robotics,
who is also co-chair of the President's Information Technology Advisory
Committee, spoke to the committee of a "self-healing" Internet which
would constantly monitor itself for problems and address them
immediately, much like the human immune system.
http://www.fcw.com/fcw/articles/2000/0306/web-3survive-03-09-00.asp
http://dailynews.yahoo.com/htx/ao/20000309/cr/20000309020.html Editor's
Note: (Crispin) The down-side to enabling an agent-based security system
is that the attackers can also deploy agents. If the network allows
applets to roam the network, then attackers can deploy hostile agents
that roam the network committing mischief. In so doing, the attacker
gains the ability to much more effectively obscure their identities,
making apprehending perpetrators all the more difficult.
-- 8 March 2000 Anonymous Net Could Offer Pirates a Hideout
Freenet, an "alternative publishing network" which operates without
centralized control and promises anonymity may also provide a means for
media pirates to hide from law enforcement.
http://www.wired.com/news/print/0,1294,34768,00.html
-- 8 March 2000 Anti-Virus Software Poses Threat
An anti-virus scanning program could be used to rewrite hard drives,
hide Trojan horse programs on a computer, or crash a client.
http://www.msnbc.com/news/379691.asp?0m=N219
Editor's note (Murray): Trend Anti-virus does not scan for DoS
vulnerabilities; the vulnerabilities are fundamental and pervasive. It
scans for zombies. The rest of this article is probably true but
misleading. Any program can be used for those purposes.
-- 8 March 2000 Security Evaluation Model
The CIO Council's Security Subcommittee has drafted the Information
Technology Security Maturity Framework which will allow agencies to
evaluate their security capabilities. The Council will present the
model to Congress.
http://www.fcw.com/fcw/articles/2000/0306/web-4ciomodel-03-08-00.asp
-- 7 March 2000 Taiwan Ready for Cyber Attack
Taiwan has taken measures to protect its computer network systems from
attacks during the days leading up to its March 18 presidential
election. Taiwan has detected over 7,000 attempts to infiltrate its
systems.
http://www.thestandard.com/article/display/1,1151,12661,00.html
-- 7 March 2000 Gallup Web Site Defaced, Repaired
A cracker vandalized the Gallup Organization's web site just before
recent primary elections, posting a claim that AntiOnline was
responsible for the invasion. The site remained defaced for only six
hours before it was fixed. The organization took the site off line to
purge all information in case the cracker left trap doors for a more
subtle attack. http://www.usatoday.com/life/cyber/tech/cth509.htm
-- 7 March 2000 Keystroke Monitoring Software
Keystroke monitoring software is not terribly expensive and can alert
employers to inappropriate employee activity. Critics say it is an
invasion of privacy, as every keystroke is recorded, even those
employees reconsider and type over. This article includes stories of
employers who have used the software.
http://www.msnbc.com/news/378768.asp
-- 7 March 2000 UK RIP Bill Goes Too Far, Say Opponents
Opponents of the UK's Regulation of Investigatory Powers (RIP) Bill say
if passed, the bill would breach the European Convention of Human Rights
(ECHR) and hinder e-commerce in the UK.
http://www.wired.com/news/politics/0,1283,34776,00.html
******************* Also sponsored by: surfCONTROL *******************
"CyberSlacking" wastes up to 59% of network traffic.
Is your network used for business or for gambling, shopping,
day-trading, listening to the radio, downloading MP3s or even
pornography? Understand and easily manage Internet usage -- Try
surfCONTROL *free* for 30-days; see:
http://www.surfcontrol.com/promo/SANS316
== End ==
Please feel free to share this with interested parties via email (but
not on bulletin boards). For a free subscription, e-mail
<[EMAIL PROTECTED]> with the subject: Subscribe NewsBites or visit
http://www.sans.org/sansnews to subscribe instantly to any of several
newsletters.
Use this personal URL to change your subscription, address, or other
information:
http://www.sans.org/sansaddr?hashid=SD434834MdgHPABLXNd
> NEOCYBER.NET :: Dunia baru webhosting indonesia - Dari Rp. 10.000
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
