Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FWD: SANS Newsbites: A New Service
- From: Paul Howell
- Date: Wed Mar 31 10:30:14 1999
------- Forwarded Message
Date: Sun, 28 Mar 1999 21:10:30 -0500 (EST)
Message-Id: <199903290210.VAA28247@shell.clark.net>
To: grue@merit.edu
Subject: SANS Newsbites: A New Service
To: Paul Howell SD519142
From: Rob for the SANS Newsbites Service
Re: A New SANS Service
If you're like us, you are pummeled with data (and information) throughout
the day. You get paper trade magazines, e-mail, quick pointers to web
sites, phone calls, and more. SANS has initiated a new e-mail service
that summarizes recent security news and notes for easy perusal. These
relatively frequent high-level documents contain snippets of the `big
picture' along with references to the details, when they are available.
All SANS Digest subscribers are initially members of the subscription
list through June (send a brief `unsubscribe newsbites' note to
<sans@clark.net> if you wish not to be a member of this list). After
June, non-conference-alumni will be asked if they wish to continue their
subscription for a small annual fee.
Please feel free to forward this to any interested parties. Anyone
wishing a free subscription through June, please e-mail <sans@clark.net>.
Alan and Rob
*************************************************************************
SANSBITES
The SANS Weekly Security News Overview
Volume 1, Number 1 March 28, 1999
Alan Paller, Editor
<sansro@clark.net>
*************************************************************************
INDEX OF THIS ISSUE'S HEADLINES
27 March 1999: New Virus Spreading Rapidly
24 March 1999: eBay Hacked
26 March 1999: Mitnick's Plea Bargain Accepted
24 March 1999: SAFE Moves Forward
22 March 1999: Study Says Pentagon Computers Vulnerable
17 March 1999: U.S. and E.U. Discuss Electronic Privacy
15 March 1999: Encryption Keys' Randomness is Key to their Undoing
19 March 1999: Tenebaum Extradition Unlikely
18 March 1999: Mitnick to Spend One More Year Behind Bars
19 March 1999: AOL Hacked
17 March 1999: BBB Offers Web Privacy Seal
17 March 1999: Increased Piracy Threat to Software Industry
17 March 1999: China's Anti-Piracy Technology
*************************************************************************
27 March 1999: New Virus Spreading Rapidly
A Microsoft Word macro virus affecting machines with Microsoft Word 97
or Word2000 is spreading rapidly via email attachments. Although it
exploits no new vulnerabilities, it can send copies of your documents
to the first 50 entries in the Microsoft Outlook address book if Outlook
is installed. Those infected so far report noticeable network degradation
when the virus hits. Those copies are also infected attachments that
continue to spread the virus. [Editor's Note: If your users never
worried about Word macros before, this is a good time to raise their
awareness and have them follow the instructions in the CERT advisory.]
Ref: http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
24 March 1999: eBay Hacked
A Hacker known as MagicFX broke into eBay's site twice in recent weeks,
once taking the site down. MagicFX was able to watch everyone's
keystrokes, but eBay reassures users that "credit card information was
not compromised."
Ref: www.infosecuritymag.com/securitywire/index.html (no longer posted)
26 March 1999: Mitnick's Plea Bargain Accepted
A U.S. District Court Judge today accepted hacker Kevin Mitnick's plea
bargain, a decision which might find him in a halfway house as soon as
this autumn. Under the terms of the agreement, Mitnick may not use
computers for three years. Mitnick was to be tried next month on
charges of computer fraud, wire fraud, and wire communications
interception.
Ref: www.news.com/News/Item/0,4,34332,00.html
24 March 1999: SAFE Moves Forward
The SAFE Act passed in the House Judiciary Committee on Wednesday, and
will appear next before the House International Relations Committee.
The act, which would relax stringent export rules governing encryption
technology, is supported by the software industry, and is opposed by
law enforcement agencies. The act contains a provision which makes it
a felony to use encryption to hide criminal activity.
Ref: http://abcnews.go.com/sections/tech/CNET/cnet_cryptobill990324.html
ref: http://www.wired.com/news/news/politics/story/18708.html
22 March 1999: Study Says Pentagon Computers Vulnerable
A new Pentagon study acknowledges that U.S. Defense Computers are highly
vulnerable to attack. Art Money, a Pentagon civilian official recently
told the Senate Armed Service Committee, "[A]n attack against [Pentagon
information systems] would present a genuine threat to U.S. security."
The Pentagon is working to develop more state-of-the-art intrusion
detection systems.
Ref: http://abcnews.go.com/sections/tech/dailyNews/hackerspentagon990322.html
17 March 1999: U.S. and E.U. Discuss Electronic Privacy
The U.S. and the European Union are trying to reach a compromise regarding
personal data on the Internet. The E.U. passed strict laws governing
personal information in late 1998 and feels the U.S. is too lax about
consumer protection. The U.S. last month proposed self-regulation,
giving companies "safe harbor".
Ref: http://www.infosecuritymag.com/securitywire/index.html (no longer posted)
15 March 1999: Encryption Keys' Randomness is Key to their Undoing
New viruses search for patches of randomness of hard drives to locate
encryption keys, according to a paper published recently by two
cryptographers. Since most data on hard drives is organized in a logical
fashion, the randomness of the keys stands out. Suggested solutions
include storing keys on smart cards and deleting them securely every
time they're used, or encrypting the entire hard drive.
Ref: www.techweb.com/wire/story/TWB19990315S0001
19 March 1999: Tenebaum Extradition Unlikely
Although he is responsible for sophisticated attacks on U.S. Military
computer systems and arrested in Israel, Ehud Tenebaum might not be
extradited. Tenebaum, known in hacker circles as "Analyzer" has a U.S.
protege, known as "Makaveli"; a Justice Department spokesperson says
charges will be filed in this case in the U.S.
Ref: http://Abcnews.go.com/sections/tech/Daily/News/hack0319.html
18 March 1999: Mitnick to Spend One More Year Behind Bars
Hacker Kevin Mitnick and his defense team have agreed to a plea deal
but details are not being released as the deal is awaiting judicial
review. An anonymous source says the deal has Mitnick spending one more
year in prison, and staying away from computers for three years following
his release. Mitnick has been dubbed a "computer terrorist" by the
Justice Department.
Ref: http://abcnews.go.com/sections/tech/daily/News/hacker990318.html
19 March 1999: AOL Hacked
A New Rochelle teenager has been charged with hacking AOL and altering
some of its programs. An AOL spokesperson says that the incident should
have no effect on AOL members.
Ref: http://abcnews.go.com/wire/US/AP19990318_1011.html
17 March 1999: BBB Offers Web Privacy Seal
The Better Business Bureau will offer a seal which licensed businesses
can display on their sites. Such seals are designed to assure customers
that their personal data is being protected. BBB views their entry into
this market as a stand against federal privacy regulation.
Ref: www.wired.com/news/news/politics/story/18517.html
17 March 1999: Increased Piracy Threat to Software Industry
A survey indicates that pirated copies of CD-ROMs may be costing the
software industry as much as $1 billion. The cost of CD-ROM recorders
have come down significantly in recent years.
Ref: http://www.sfgate.com/cgi-bin/article.cgi?file+/chronicle/
archive/1999/03/17/BU61507.DTL
17 March 1999: China's Anti-Piracy Technology
"The China Software Association recently introduced new anti-piracy
technology"; DiscGuard, a U.S. product, cannot be decoded according to
a CSA official.
Ref: www.nikkeibp.asiabiztech.com/Database/1999_Mar/17/Mor.01.gwif.html
== End ==
------- End of Forwarded Message
|
