Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> FW: SANS NewsBites Vol. 4 Num. 28
Our security folks just sent me this. I thought many would be interested.
Ian
-----Original Message-----
Sent: Wednesday, July 10, 2002 1:35 PM
To: MacGregor, Ian A.
Cc: security
Ian,
At this point, this is just a heads up that an Oracle security guide from SANS will be available RSN, and once available, we will probably ask that you review it and explain any SLAC deviations. There almost always are site specific reasons to be different, but at least we need to make sure we understand why.
Thanks.
Gary
-----Original Message-----
Sent: Wednesday, July 10, 2002 10:30 AM
To: Buhrmaster, Gary
To: Gary Buhrmaster (SD315849)
Re: July 10 SANS NewsBites
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good news on two important security projects
Oracle Security
Pete Finnegan and a global team of Oracle security wizards just
finished an amazing step-by-step guide for securing Oracle, and we
now need three sites to bench-test the document. If you have a test
system and are willing to test the guide, email sans_at_sans.org with
the subject: Oracle Bench Test
The Richter Scale Project For Rating Vulnerabilities Many system administrators are overwhelmed by the number of vulnerabilities - finding it difficult to tell which must be acted upon immediately and which can be put aside to wait for the next service pack. A new SANS project is providing the needed information by collating the decisions of a "Security Council" whose members describe exactly what they did (completely confidentially) to respond to each of the highest priority vulnerabilities (as collated by Neohapsis and Tipping Point). We need additional members of this council. If you are the person who makes the security decision on what to do for at least 5,000 users, and you want to participate, email your qualifications to sans_at_sans.org with the subject Richter Project.
Today is the last day for the early registration discount for SANS Beyond Firewalls conference and training program in Denver. (www.sans.org)
Alan
SANS NEWSBITES The SANS Weekly Security News Overview Volume 4, Number 28 July 10, 2002 Editorial Team: Kathy Bradford, Dorothy Denning, Roland Grefer, Bill Murray, Stephen Northcutt, Alan Paller, Marcus Ranum, Eugene Schultz *********************************************************************
TOP OF THE NEWS
3 July 2002 Netcraft Survey Says Web Servers More Vulnerable
7 July 2002 Kowbot Virus/Worm Spreading Through Kazaa
3 July 2002 Congressional Action On Cybersecurity Now Focuses on
Homeland Security Bill
27 June 2002 White House Boosting Cyber Insurance
THE REST OF THIS WEEK'S NEWS
7/8 July 2002 Falun Gong Hacks Chinese Satellite TV
7 July 2002 Virus Blocks Access To News Site From Infected Systems
8 July 2002 Attacks on Power Companies Growing
3 July 2002 Microsoft RAS Patch has Flaw; New Patch Issued
3 July 2002 DEA Agent Accused of Selling Law Enforcement Data
2 July 2002 Forensics Tools Not Up To The Task
2 July 2002 Singapore Police Believe They Know Identity of On
2 July 2002 Police Break Up On Line Pornography Ring
1 July 2002 Scarfo Receives Sentence; Keystroke Logging Software
Evidence Allowed
1 July 2002 InfraGard Hopes More Businesses Will Share Information
1 July 2002 Security Manager's Journal: Losing Staff
1 July 2002 Add a Variety of Operating Systems to Bolster Security
1 July 2002 Secure Computing Consortium to Frame Standard
IN-DEPTH TECHNICAL SECURITY TRAINING (AND SECURITY MANAGEMENT COURSES)
IN THE NEXT 120 DAYS
*If you are planning to attend any security conference this fall, make
it SANS Network Security 2002 - the largest security conference.
http://www.sans.org/NS2002
*More Large SANS Training programs: Denver, Marina Del Ray (CA),
Ottawa, New York
*Smaller SANS programs: Detroit, St. Louis, San Diego, Vienna, VA,
Omaha, London, Vancouver, Kuala Lumpur. *Online and mentor-led programs starting up in August/September
in 40 cities.
*Windows 2000 Security Gold Standard training starts in DC August 28
Details and registration information for all programs: www.sans.org
Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions, secure your corporate intranets and authenticate your Web sites. 128-bit SSL is serious security for your online business.
Get it now! http://www.verisign.com/cgi-bin/go.cgi?a=n09440091010057000
TOP OF THE NEWS
--3 July 2002 Netcraft Survey Says Web Servers More Vulnerable
Netcraft says, based upon its survey results, that a greater number of
web servers are vulnerable now than ever before. Recently disclosed
vulnerabilities in Apache and Microsoft's IIS servers are pervasive
within the installed base and, because of lags in installing patches,
leave a greater number of systems exposed.
http://www.theregister.co.uk/content/55/26049.html
[Editor's Note (Northcutt): Thousands of companies run their businesses
on Apache servers, so securing them is critical. The Center for
Internet Security has just completed a consensus benchmark on securing
Apache. SANS will begin a series of one day hands-on Securing Apache
courses in many cities beginning with one in the Washington DC area
on August 28, 2002.
Data on the course: http://www.sans.org/CIS_Apache
Register at:
https://registration.sans.org/cgi-bin/SecuringApache_register/
(Grefer) Actually the vulnerability is the same as it was before
disclosure (the hole was there). The risk of attack has increased.]
--7 July 2002 Kowbot Virus/Worm Spreading Through Kazaa
A new virus/worm is spreading by masquerading as a popular mp3 media
file to trick users into downloading it. It then replicates itself
150 times in the Kazaa shared files directory. Kowbot takes control
of the user's computer and is the second worm to attack Kazaa users
in the past two months.
http://www.vnunet.com/News/1133129
--3 July 2002 Congressional Action On Cybersecurity Now Focuses on
Homeland Security Bill
--27 June 2002 White House Boosting Cyber Insurance
The White House is establishing a joint public/private working group
to identify obstacles that may be preventing insurers from writing
more cybersecurity policies.
http://www.washingtonpost.com/wp-dyn/articles/A55719-2002Jun27.html
Digital Immunity: take full control over Application Execution and Plug & Play devices http://www.sans.org/cgi-bin/sanspromo/NB51
THE REST OF THE WEEK'S NEWS
--1 July 2002 Attacks on Power Companies Growing
Power companies are increasingly being targeted by hackers, according
to data gathered by RipTech. FBI spokespersons expressed concern
http://www.cbsnews.com/stories/2002/07/08/tech/main514426.shtml http://www.latimes.com/business/la-sci-hackers8jul08.story Editor's Note: The LA Times site requires free registration [Editor's Note (Denning): It isn't just power companies. Attack activity averaged over all companies during the 6-month period Jan-June 2002 was 28% higher than over the preceding 6-month period (Jul-Dec 2001), leading to a projected annual growth rate of 64%. (Bill Murray's brief analysis of hackers v. terrorists is included at the end of this issue.)]
--7/8 July 2002 Falun Gong Hacks Chinese Satellite TV
TV viewers in China saw a banner reading "Falun Gong is good" on their
TV screens during prime time. Peoples Republic of China government
sources confirmed that the satellite carrying Central Chinese TV's
ten stations was hacked, and vowed to fight back.
http://www.washingtonpost.com/wp-dyn/articles/A41297-2002Jul8.html
http://www.msnbc.com/news/777515.asp#BODY
--7 July 2002 Virus Blocks Access To News Site From Infected Systems
The Gunsan mass-mailing virus deletes files needed by antivirus
and firewall products and blocks the infected computer's access
to a British technology news service, The Register. It spreads by
emailing itself to all email addresses found on the infected machine
and comes with a subject of a single blank character and an attachment
of test.exe.
http://www.theregister.co.uk/content/56/26079.html
--3 July 2002 Microsoft RAS Patch has Flaw; New Patch Issued
A security patch released June 12 for a buffer overflow flaw in
Microsoft's Remote Access Service (RAS) in Windows NT 4.0, 2000 and XP
has a flaw itself that can prevent users from connecting to virtual
private networks (VPNs). Microsoft has removed the patch from its
Update service and provided a new one.
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,72441,00.html
http://www.microsoft.com/technet/security/bulletin/MS02-029.asp
--3 July 2002 DEA Agent Accused of Selling Law Enforcement Data
A former US Drug Enforcement Administration (DEA) agent who skipped
bail was found in Mexico and sent back to Los Angeles to face a number
of charges, including violating the Computer Fraud and Abuse Act.
Emilio Calatayud allegedly sold information from three law enforcement
databases, including the FBI's National Crime Information Center
(NCIC), the California Law Enforcement Telecommunications System (CLETS) and the DEA's Narcotics and Dangerous Drug Information System (NADDIS). The case underscores the problem of law enforcement databeing too easily accessible.
--2 July 2002 Forensics Tools Not Up To The Task
FBI special agents and other security experts report that increasing
complexity of software and larger numbers of vulnerabilities are
too much for many of the rudimentary forensics tools available to
cyber defenders.
http://www.businessweek.com/technology/content/jul2002/tc2002072_9216.htm
--2 July 2002 Singapore Police Believe They Know Identity of On
Line Account Theft CulpritPolice in Singapore have identified the man they believe is responsible for a rash of thefts from on line banking accounts at DBS and POSB banks. The alleged thief stole varying amounts between $200 and $4,999. Police recommend that online banking customers use firewalls and anti-virus software and that they do not access their accounts from public computers. The bank maintains that it was not their security but the security of individuals' computers that was breached. http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8449 http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8448
--2 July 2002 Police Break Up On Line Pornography Ring
Law enforcement agents from Europol and the UK's National Hi-Tech
Crime Unit managed to infiltrate and break up a pedophile ring that
was using complex cryptography to send files and proxy servers to
hide members' identities.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_2082000/2082657.stm
--1 July 2002 Scarfo Receives Sentence; Keystroke Logging Software
Evidence Allowed
--1 July 2002 InfraGard Hopes More Businesses Will Share Information
Businesses are still reluctant to share information about computer
attacks and security breaches because they fear the repercussions
the negative PR could generate. The FBI is trying to entice them
to change their stance on this issue by offering anonymity and
information about cyber security. The (offer) comes as part of the
FBI's InfraGard program. It is available to companies with "secure"
memberships in the program.
http://www.msnbc.com/news/774803.asp
http://www.infragard.net/
--1 July 2002 Security Manager's Journal: Losing Staff
The security manager writes about how he plans to manage after losing
two members of his security team. He will have to take on more
responsibilities himself until replacements are hired and trained,
which means he will have to temporarily assign some of his daily
tasks to other areas of the company.
http://computerworld.com/securitytopics/security/story/0,10801,72328,00.html
--1 July 2002 Add a Variety of Operating Systems to Bolster Security
Homogenous computing environments are more susceptible to virus
infections. MIT Police Department information systems manager John
Welch says that deploying servers with alternate operating systems
throughout networks slows down the spread of viruses.
http://www.computerworld.com/securitytopics/security/story/0,10801,72288,00.html
http://researchweb.watson.ibm.com/antivirus/SciPapers/Kephart/ALIFE3/alife3.html;
and http://www.cs.berkeley.edu/~nweaver/warhol.html
[Editor's Note (Ranum): Genetic diversity is _one_ defence against
viruses. Immunity is another. The wise organism will use both.
(Schultz) IT managers will read Welch's comments and cringe. Sure,
having different OSs is better for security, but different OSs create
all kinds of IT challenges. Security professionals need to be careful
about conveying a "security above all else" attitude.]
--1 July 2002 Secure Computing Consortium to Frame Standards for
Software Development
Are hackers the moral equivalent of terrorists? A brief analysis by William Murray
It has been suggested (by the President of the United States, inter alia) that post 911 there is a moral equivalence between hackers and terrorists. That is, they both diminish necessary public trust and confidence. However, for security purposes it is useful to distinguish. For hackers, the network is both the target and the means: for terrorists the application is the target and the network merely the means. The hacker attacks targets of opportunity in a target-rich environment; the terrorist attacks targets of choice. The hackers are attacking instances of ubiquitous operating systems and applications where the necessary special knowledge is essentially public. The terrorist is after applications (where the money and the power are); where the necessary special knowledge is more narrowly held. The hacker succeeds because targets are numerous and most targets are the same. The terrorist succeeds because his cost of attack, while higher than that of the hacker, is very low when compared to the value to him (martyrdom and eternal fame and happiness?) of his success. There is some limit to what hackers will do.
==end==
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) e-mail sans_at_sans.org with the subject: Subscribe NewsBites
To change your subscription, address, or other information, visit http://www.sans.org/sansurl and enter your SD number (from the headers.) You will receive your personal URL via email.
You may also email <sans_at_sans.org> with complete instructions and your SD number for subscribe, unsubscribe, change address, add other digests, or any other comments.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9LEjz+LUG5KFpTkYRArORAJ9ONJrPJQHJe16BhKNO7IxH/kAY4gCePJ00
s0bul9d76MhD+zhpfCH5+GM=
=laa0
-----END PGP SIGNATURE-----
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: MacGregor, Ian A. INET: ian_at_SLAC.Stanford.EDU Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Thu Jul 11 2002 - 00:28:22 CDT
![]() |
![]() |