in light of current events, the links below will probably be useful to many folks. (from SANS newsletter) -brett ------- Forwarded Message From: Rob for the SANS NewsBites service Re: February 9 SANS NewsBites Congratulations to the winners of this year's SANS Security Technology Leadership Awards: Dave Dittrich of the University of Washington and Marcus Ranum of Network Flight Recorder for developing and distributing a network scanner that finds trin00 and other distributed denial of service attack tools. http://www.staff.washington.edu/dittrich Eric Kayden of MITRE and Steve Schmidt of the National Infrastructure Protection Center and their teams for developing and distributing a system scanner that searches for trin00 and other distributed denial of service attack tools. http://www.fbi.gov/nipc/trinoo.htm John Green of the Naval Surface Warfare Center and Laurie Zirkle of Virginia Tech University for creation of the document, "Handling A Distributed Denial of Service Trojan Infection: Step-by-Step." http://www.sans.org/y2k/DDoS.htm Robert Stone and Mark Krause and their team at UUNET for developing CenterTrack, the tool that Internet Service Providers will use to find the source of forged IP packets employed in distributed denial of service attacks. http://www.nanog.org/mtg-9910/robert.html Steve Christey, Dave Mann, Mary Zuk, Pete Tasker, and the staff at MITRE for establishing, nurturing, and sustaining the industry-wide cooperative CVE (Common Vulnerabilities and Exposures) project that enables accurate comparisons of vulnerability analysis tools and summaries. http://cve.mitre.org/ The awards, including plaques and financial stipends will be presented on March 24 at SANS2000 in Orlando. RK ********************************************************************** SANS NEWSBITES The SANS Weekly Security News Overview Volume 2, Number 6 February 9, 2000 Editorial Team: Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray, Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz <sansro@sans.org> ********************************************************************** 8 February 2000 Yahoo! Suffers Distributed Denial of Service Attack 8 February 2000 More Sites Attacked 5 February 2000 Training Cyber Defenders 4 February 2000 Piracy Ring Exposed 4 February 2000 Cross Site Scripting Threat 4 February 2000 IETF Excludes Wiretapping 4 February 2000 The Human Element in Information Security 3 February 2000 Security of Home PCs 3 February 2000 E-Commerce Security Study 3 February 2000 Some Web Shopping Applications Could Allow Price Tampering 3 February 2000 Phony Donation Sites 3 February 2000 Computer Export Controls Eased 3 February 2000 Government Security Standards Updated 3 February 2000 Activists Taking a New Tack in Patrolling the Web 3 February 2000 Cyber Threats 2 February 2000 Java Machine Hole 2 February 2000 Japan Lagging on Computer Security, Punishment for Intrusions 2 February 2000 DVD Code Cases 1 February 2000 FIDNet at Center of Privacy Debate ******************** This week's sponsor: VeriSign ******************* Sponsored by VeriSign - The Internet Trust Company: Protect your servers with 128-bit SSL encryption! Get VeriSign's FREE guide, "Securing Your Web Site for Business." You will learn everything you need to know about using SSL to encrypt your e-commerce transactions for serious online security. Click here! http://www.verisign.com/cgi-bin/go.cgi?a=n016005080008000 ********************************************************************** - -- 8 February 2000 Yahoo! Suffers Distributed Denial of Service Attack Yahoo! was down for nearly three hours on Monday, the apparent victim of a distributed denial of service attack. The site was inundated with up to a gigabyte of data a second - more than most e-commerce sites face in a year. No data was lost, and no one has stepped forward to claim responsibility. http://www.washingtonpost.com/wp-dyn/business/A23174-2000Feb7.html http://www.msnbc.com/news/367156.asp?0m=N18Q Editor's Note (Northcutt): One generally effective defense against these types of attacks is egress filtering. More information is available at the Global Incident Analysis Center: www.sans.org/giac.htm - -- 8 February 2000 More Sites Attacked At least two other sites have been the targets of distributed denial of service (DDOS) attacks similar to the one that plagued Yahoo on Monday. DDOS attacks flood sites with traffic from a variety of locations, often causing the sites to shut down. http://dailynews.yahoo.com/h/nm/20000208/ts/tech_hackers_1.html - -- 5 February 2000 Training Cyber Defenders At the Northern California branch of Sandia National Laboratory, computer security students are learning to defeat computer attacks, and sharing their work on the Internet. http://washingtonpost.com/wp-srv/WPlate/2000-02/05/078l-020500-idx.html - -- 4 February 2000 Piracy Ring Exposed A Massachusetts man, a suspected leader of an international software piracy group, has been arrested and charged with conspiracy to infringe the copyright of a large number of software programs. The members of the group used a barter system to compile a large library of software. http://www.msnbc.com/news/366376.asp?0m=N14P http://www.zdnet.com/zdnn/stories/news/0,4586,2433357,00.html?chkpt=zdnntop - -- 4 February 2000 Cross Site Scripting Threat The Computer Emergency Response Team (CERT) Coordination Center has issued a warning about a security threat, called cross-site scripting, in which malicious code is inserted into dynamically generated web pages. The scripts can be inserted without the knowledge of the operator, and can capture data users offer to a site, such as credit card information and passwords. The technique exploits CGI pages that parrot back input fields without stripping the fields of characters that make them into a script. http://www.currents.net/newstoday/00/02/04/news2.html http://www.computerworld.com/home/print.nsf/all/000202E63A http://www.apbnews.com/newscenter/internetcrime/2000/02/03/certalert0203_01.... http://www.usatoday.com/life/cyber/tech/cth270.htm http://www.fcw.com/fcw/articles/2000/0131/web-hackers-02-04-00.asp The CERT Advisory may be found at http://www.cert.org/advisories/CA-2000-02.html - -- 4 February 2000 IETF Excludes Wiretapping The Internet Engineering Task Force (IETF) has voted against incorporating wiretapping capabilities into the next generation of Internet protocols. The IETF says that because it is an international standards organization, incorporating net wiretapping would subject the rest of the world to US law. The IETF also expressed concerns that built-in net tapping capabilities hold the potential for abuse. http://www.wired.com/news/print/0,1294,34055,00.html http://www.currents.net/newstoday/00/02/04/news4.html - -- 4 February 2000 The Human Element in Information Security Both ex-CIA director John Deutch and Energy Department scientist Wen Ho Lee placed classified information on unsecured computers. Government officials say this is a human problem, not a technological problem. http://www.wired.com/news/print/0,1294,34105,00.html http://www.fcw.com/fcw/articles/2000/0131/web-security-02-04-00.asp - -- 3 February 2000 Security of Home PCs The recent revelation that the former CIA director's home computer contained highly classified material and was used to access the internet, raises the question of the security of home computers. http://cnn.com/2000/TECH/computing/02/04/pc.security/index.html http://www.msnbc.com/news/366221.asp?0m=N15P - -- 3 February 2000 E-Commerce Security Study Many e-commerce businesses lack comprehensive security policies, and IT managers are less confident in the security of their systems than are company executives, according to a recent study by Deloitte Touche Tohmatsu and the Information Systems Audit and Control Association (ISACA) http://www.currents.net/newstoday/00/02/04/news17.html - -- 3 February 2000 Some Web Shopping Applications Could Allow Price Tampering Some web based shopping cart applications could allow malicious shoppers to alter fields in HTML forms and in URLs to change the price of items they are buying. Eight of the eleven identified vulnerable shopping applications have been altered to increase security. http://www.computerworld.com/home/print.nsf/all/000202E636 http://www.usatoday.com/life/cyber/nb/nb2.htm http://www.theregister.co.uk/000203-000006.html - -- 3 February 2000 Phony Donation Sites At least two fraudulent web sites purporting to be related to Alaska Airlines Flight 261 have popped up on the Internet. At least one is trying to solicit donations and it spreads a virus to site visitors; another was shut down. Alaska Airlines is trying to find out who set up the phony sites; their official site, which contains Flight 261 information, is www.alaskaair.com. http://www.usatoday.com/life/cyber/tech/cth273.htm http://www.currents.net/newstoday/00/02/04/news7.html - -- 3 February 2000 Computer Export Controls Eased The Clinton administration has eased export controls on high performance computers; the controls will be reviewed again in April. http://www.currents.net/newstoday/00/02/03/news6.html - -- 3 February 2000 Government Security Standards Updated Government systems security and encryption validation standards have been updated. Revisions include removal of redundant information and the addition of a section on surviving cyber attacks. http://www.gcn.com/vol1_no1/daily-updates/1236-1.html - -- 3 February 2000 Activists Taking a New Tack in Patrolling the Web Former cyber vigilantes bent on ridding the Internet of child pornography have changed their tactics. Rather than engaging in illegal and evidence-destroying activities, they are patrolling the Internet and turning information over to law enforcement authorities. One of the more thought-provoking elements of the story is that fewer than a dozen of the 250 members stuck with the group when it went "legal." http://www.wired.com/news/print/0,1294,33869,00.html - -- 3 February 2000 Cyber Threats The US's reliance on information technology is both an asset and a liability. The technology of information warfare can magnify the range and effect of a single attacker, according to the directors of the CIA and the DIA (Defense Intelligence Agency). Intelligence suggests that Middle East terrorist groups are using computers and encryption. Most adversaries, however, are not sophisticated enough to launch a comprehensive information systems attack. http://www.currents.net/newstoday/00/02/03/news19.html - -- 2 February 2000 Java Machine Hole A security hole in Microsoft's Java virtual machine could allow attackers to lift files from computers by inserting code into a Java applet and them embedding it in a web page. http://www.zdnet.com/zdnn/stories/news/0,4586,2431555,00.html - -- 2 February 2000 Japan Lagging on Computer Security, Punishment for Intrusions Japan has not maintained a high level of computer security, which may in part explain the rash of attacks the country's government web sites recently experienced. Additionally, the country has not penalized cyber intrusions. A new law will change that, providing for prison time and a hefty fine for entering computer networks without authorization. The Japanese government also plans to step up its efforts to improve computer security. http://washingtonpost.com/wp-srv/WPlate/2000-02/02/152l-020200-idx.html - -- 2 February 2000 DVD Code Cases The Electronic Frontier Foundation (EFF), arguing for the defense in two DVD code cases, says that DVD encryption does not meet the minimum standard for a trade secret. http://www.cnnfn.com/news/technology/newsbytes/143179.html - -- 1 February 2000 FIDNet at Center of Privacy Debate FIDNet, the proposed Federal Intrusion Detection Network, is the focus of debate about the Clinton administration's National Plan for Information Systems Protection. Privacy advocates say the plan focused heavily on system monitoring and surveillance rather than on enhancing computer security. They have also expressed concern that one agency, the General Services Administration (GSA) would monitor all federal network communication. http://www2.infoworld.com/articles/en/xml/00/02/01/000201enprivate.xml?Templ... http://www.thestandard.com/article/display/1,1151,9327,00.html http://www.computerworld.com/home/print.nsf/all/000201E5E2 http://www.wired.com/news/print/0,1294,34027,00.html == End == Please feel free to share this with interested parties via email (not on bulletin boards). For a free subscription, e-mail sans@sans.org with the subject: Subscribe NewsBites Email <sans@sans.org> with complete instructions and your SD number (from the headers) for subscribe, unsubscribe, change address, add other digests, or any other comments. ------- End of Forwarded Message