North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

The SANS Institute: SANS NewsBites Vol. 2 Num. 6

  • From: Brett D. Watson
  • Date: Thu Feb 10 03:41:04 2000

in light of current events, the links below will probably be useful to
many folks.  (from SANS newsletter)

-brett

------- Forwarded Message

From: Rob for the SANS NewsBites service
Re:   February 9 SANS NewsBites

Congratulations to the winners of this year's SANS Security Technology
Leadership Awards:

Dave Dittrich of the University of Washington and Marcus Ranum of Network
Flight Recorder for developing and distributing a network scanner that
finds trin00 and other distributed denial of service attack tools.
http://www.staff.washington.edu/dittrich

Eric Kayden of MITRE and Steve Schmidt of the National Infrastructure
Protection Center and their teams for developing and distributing a
system scanner that searches for trin00 and other distributed denial of
service attack tools.  http://www.fbi.gov/nipc/trinoo.htm

John Green of the Naval Surface Warfare Center and Laurie Zirkle of
Virginia Tech University for creation of the document, "Handling A
Distributed Denial of Service Trojan Infection: Step-by-Step."
http://www.sans.org/y2k/DDoS.htm

Robert Stone and Mark Krause and their team at UUNET for developing
CenterTrack, the tool that Internet Service Providers will use to find
the source of forged IP packets employed in distributed denial of service
attacks.  http://www.nanog.org/mtg-9910/robert.html

Steve Christey, Dave Mann, Mary Zuk, Pete Tasker, and the staff at MITRE
for establishing, nurturing, and sustaining the industry-wide cooperative
CVE (Common Vulnerabilities and Exposures) project that enables accurate
comparisons of vulnerability analysis tools and summaries.
http://cve.mitre.org/
 
The awards, including plaques and financial stipends will be presented
on March 24 at SANS2000 in Orlando.

                                                    RK

**********************************************************************

                          SANS NEWSBITES

                  The SANS Weekly Security News Overview

Volume 2, Number 6                                    February 9, 2000

                           Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray,
     Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz
                          <[email protected]>

**********************************************************************

8 February 2000  Yahoo! Suffers Distributed Denial of Service Attack
8 February 2000  More Sites Attacked
5 February 2000  Training Cyber Defenders
4 February 2000  Piracy Ring Exposed
4 February 2000  Cross Site Scripting Threat
4 February 2000  IETF Excludes Wiretapping
4 February 2000  The Human Element in Information Security
3 February 2000  Security of Home PCs
3 February 2000  E-Commerce Security Study
3 February 2000  Some Web Shopping Applications Could Allow Price Tampering 
3 February 2000  Phony Donation Sites
3 February 2000  Computer Export Controls Eased
3 February 2000  Government Security Standards Updated
3 February 2000  Activists Taking a New Tack in Patrolling the Web
3 February 2000  Cyber Threats
2 February 2000  Java Machine Hole
2 February 2000  Japan Lagging on Computer Security, Punishment for Intrusions
2 February 2000  DVD Code Cases
1 February 2000  FIDNet at Center of Privacy Debate

******************** This week's sponsor: VeriSign *******************

Sponsored by VeriSign - The Internet Trust Company:

Protect your servers with 128-bit SSL encryption! 

Get VeriSign's FREE guide, "Securing Your Web Site for Business." You
will learn everything you need to know about using SSL to encrypt your
e-commerce transactions for serious online security. Click here!
http://www.verisign.com/cgi-bin/go.cgi?a=n016005080008000

**********************************************************************

- -- 8 February 2000  Yahoo! Suffers Distributed Denial of Service Attack
Yahoo! was down for nearly three hours on Monday, the apparent victim
of a distributed denial of service attack.   The site was inundated with
up to a gigabyte of data a second - more than most e-commerce sites face
in a year.  No data was lost, and no one has stepped forward to claim
responsibility.
http://www.washingtonpost.com/wp-dyn/business/A23174-2000Feb7.html
http://www.msnbc.com/news/367156.asp?0m=N18Q

Editor's Note (Northcutt): One generally effective defense against these
types of attacks is egress filtering. More information is available at
the Global Incident Analysis Center: www.sans.org/giac.htm

- -- 8 February 2000  More Sites Attacked
At least two other sites have been the targets of distributed denial of
service (DDOS) attacks similar to the one that plagued Yahoo on Monday.
DDOS attacks flood sites with traffic from a variety of locations, often
causing the sites to shut down.
http://dailynews.yahoo.com/h/nm/20000208/ts/tech_hackers_1.html

- -- 5 February 2000  Training Cyber Defenders
At the Northern California branch of Sandia National Laboratory, computer
security students are learning to defeat computer attacks, and sharing
their work on the Internet.
http://washingtonpost.com/wp-srv/WPlate/2000-02/05/078l-020500-idx.html

- -- 4 February 2000  Piracy Ring Exposed
A Massachusetts man, a suspected leader of an international software
piracy group, has been arrested and charged with conspiracy to infringe
the copyright of a large number of software programs.  The members of
the group used a barter system to compile a large library of software.
http://www.msnbc.com/news/366376.asp?0m=N14P
http://www.zdnet.com/zdnn/stories/news/0,4586,2433357,00.html?chkpt=zdnntop

- -- 4 February 2000  Cross Site Scripting Threat
The Computer Emergency Response Team (CERT) Coordination Center has
issued a warning about a security threat, called cross-site scripting,
in which malicious code is inserted into dynamically generated web pages.
The scripts can be inserted without the knowledge of the operator, and
can capture data users offer to a site, such as credit card information
and passwords.  The technique exploits CGI pages that parrot back input
fields without stripping the fields of characters that make them into
a script.  http://www.currents.net/newstoday/00/02/04/news2.html
http://www.computerworld.com/home/print.nsf/all/000202E63A
http://www.apbnews.com/newscenter/internetcrime/2000/02/03/certalert0203_01.html?s=syn.yahoofc_certalert0203
http://www.usatoday.com/life/cyber/tech/cth270.htm
http://www.fcw.com/fcw/articles/2000/0131/web-hackers-02-04-00.asp
The CERT Advisory may be found at
http://www.cert.org/advisories/CA-2000-02.html

- -- 4 February 2000  IETF Excludes Wiretapping
The Internet Engineering Task Force (IETF) has voted against incorporating
wiretapping capabilities into the next generation of Internet protocols.
The IETF says that because it is an international standards organization,
incorporating net wiretapping would subject the rest of the world to US
law.  The IETF also expressed concerns that built-in net tapping
capabilities hold the potential for abuse.
http://www.wired.com/news/print/0,1294,34055,00.html
http://www.currents.net/newstoday/00/02/04/news4.html

- -- 4 February 2000  The Human Element in Information Security
Both ex-CIA director John Deutch and Energy Department scientist Wen Ho
Lee placed classified information on unsecured computers.  Government
officials say this is a human problem, not a technological problem.
http://www.wired.com/news/print/0,1294,34105,00.html
http://www.fcw.com/fcw/articles/2000/0131/web-security-02-04-00.asp

- -- 3 February 2000  Security of Home PCs
The recent revelation that the former CIA director's home computer
contained highly classified material and was used to access the internet,
raises the question of the security of home computers.
http://cnn.com/2000/TECH/computing/02/04/pc.security/index.html
http://www.msnbc.com/news/366221.asp?0m=N15P
 
- -- 3 February 2000  E-Commerce Security Study
Many e-commerce businesses lack comprehensive security policies, and IT
managers are less confident in the security of their systems than are
company executives, according to a recent study by Deloitte Touche
Tohmatsu and the Information Systems Audit and Control Association
(ISACA) http://www.currents.net/newstoday/00/02/04/news17.html

- -- 3 February 2000  Some Web Shopping Applications Could Allow Price Tampering 
Some web based shopping cart applications could allow malicious shoppers
to alter fields in HTML forms and in URLs to change the price of items
they are buying.  Eight of the eleven identified vulnerable shopping
applications have been altered to increase security.
http://www.computerworld.com/home/print.nsf/all/000202E636
http://www.usatoday.com/life/cyber/nb/nb2.htm
http://www.theregister.co.uk/000203-000006.html

- -- 3 February 2000  Phony Donation Sites
At least two fraudulent web sites purporting to be related to Alaska
Airlines Flight 261 have popped up on the Internet.  At least one is
trying to solicit donations and it spreads a virus to site visitors;
another was shut down.  Alaska Airlines is trying to find out who set
up the phony sites; their official site, which contains Flight 261
information, is www.alaskaair.com.
http://www.usatoday.com/life/cyber/tech/cth273.htm
http://www.currents.net/newstoday/00/02/04/news7.html

- -- 3 February 2000  Computer Export Controls Eased
The Clinton administration has eased export controls on high performance
computers; the controls will be reviewed again in April.
http://www.currents.net/newstoday/00/02/03/news6.html

- -- 3 February 2000  Government Security Standards Updated
Government systems security and encryption validation standards have
been updated.  Revisions include removal of redundant information and
the addition of a section on surviving cyber attacks.
http://www.gcn.com/vol1_no1/daily-updates/1236-1.html

- -- 3 February 2000  Activists Taking a New Tack in Patrolling the Web
Former cyber vigilantes bent on ridding the Internet of child pornography
have changed their tactics.  Rather than engaging in illegal and
evidence-destroying activities, they are patrolling the Internet and
turning information over to law enforcement authorities.  One of the
more thought-provoking elements of the story is that fewer than a dozen
of the 250 members stuck with the group when it went "legal."
http://www.wired.com/news/print/0,1294,33869,00.html

- -- 3 February 2000  Cyber Threats
The US's reliance on information technology is both an asset and a
liability.  The technology of information warfare can magnify the range
and effect of a single attacker, according to the directors of the CIA
and the DIA (Defense Intelligence Agency).  Intelligence suggests that
Middle East terrorist groups are using computers and encryption.  Most
adversaries, however, are not sophisticated enough to launch a
comprehensive information systems attack.
http://www.currents.net/newstoday/00/02/03/news19.html

- -- 2 February 2000  Java Machine Hole
A security hole in Microsoft's Java virtual machine could allow attackers
to lift files from computers by inserting code into a Java applet and
them embedding it in a web page.
http://www.zdnet.com/zdnn/stories/news/0,4586,2431555,00.html

- -- 2 February 2000  Japan Lagging on Computer Security, Punishment for
                    Intrusions
Japan has not maintained a high level of computer security, which may
in part explain the rash of attacks the country's government web sites
recently experienced.  Additionally, the country has not penalized cyber
intrusions. A new law will change that, providing for prison time and
a hefty fine for entering computer networks without authorization.  The
Japanese government also plans to step up its efforts to improve computer
security.
http://washingtonpost.com/wp-srv/WPlate/2000-02/02/152l-020200-idx.html

- -- 2 February 2000  DVD Code Cases
The Electronic Frontier Foundation (EFF), arguing for the defense in
two DVD code cases, says that DVD encryption does not meet the minimum
standard for a trade secret.
http://www.cnnfn.com/news/technology/newsbytes/143179.html

- -- 1 February 2000  FIDNet at Center of Privacy Debate
FIDNet, the proposed Federal Intrusion Detection Network, is the focus
of debate about the Clinton administration's National Plan for Information
Systems Protection.  Privacy advocates say the plan focused heavily on
system monitoring and surveillance rather than on enhancing computer
security.  They have also expressed concern that one agency, the General
Services Administration (GSA) would monitor all federal network
communication.
http://www2.infoworld.com/articles/en/xml/00/02/01/000201enprivate.xml?Template=/storypages/printarticle.html
http://www.thestandard.com/article/display/1,1151,9327,00.html
http://www.computerworld.com/home/print.nsf/all/000201E5E2
http://www.wired.com/news/print/0,1294,34027,00.html

== End ==

Please feel free to share this with interested parties via email (not
on bulletin boards).  For a free subscription, e-mail [email protected] with
the subject: Subscribe NewsBites

Email <[email protected]> with complete instructions and your SD number
(from the headers) for subscribe, unsubscribe, change address, add other
digests, or any other comments.

------- End of Forwarded Message