fc Fri Feb 11 13:00:15 2000 Received: from 207.222.214.225 by localhost with POP3 (fetchmail-5.1.0) for fc@l... (single-drop); Fri, 11 Feb 2000 13:00:15 -0800 (PST) Received: by multi33.netcomi.com for fc (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Fri Feb 11 21:00:10 2000) X-From_: list@i... Fri Feb 11 14:59:46 2000 Received: from mail.infowar.com (mail.infowar.com [198.252.45.164]) by multi33.netcomi.com (8.8.5/8.7.4) with ESMTP id OAA28054 for fc@a...; Fri, 11 Feb 2000 14:59:46 -0600 Received: from infowar (www.infowar.com [198.252.45.165]) by mail.infowar.com (Build 91 (devel) 8.9.3/NT-8.9.3) with SMTP id PAA02433 for fc@a...; Fri, 11 Feb 2000 15:59:49 -0500 Message-Id: 200002112059.PAA02433@m... Date: Fri, 11 Feb 2000 15:50:05 -0500 From: betty@i... Sender: list@i... Reply-to: list@i... Subject: News to Use from Infowar.Com-021100 To: fc@a...
Subject: News to Use from Infowar.Com-021100
"News to Use from Infowar.Com"is a periodic output of information relevant to computer security, information warfare, and related genres. If you do not wish to receive this, please feel free to unsubscribe. Those directions are at the bottom of this email. Infowar.Com PROTECTS your privacy. Your email address is never sold or leased to outside parties.
:)
Infowar.com always is looking for good content. Please feel free to forward your suggestions to me. Betty@i...
Thanks!
Happy Valentine's Day! Betty
**** In This Issue ****
1) Media Alert/Press Releases from NetworkICE, home of BlackICE Defender, Personal Intrusion Defense System (2)
2) Editorial - by Matt Devost, DISTRIBUTED DENIAL OF SERVICE ATTACKS RAISE LIABILITY QUESTIONS
3) CERT Distributed Attack Report
4) Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy", By Dorothy E. Denning
5) Do you have an interest in cybercrime?
6) GAO Report: Comments on the National Plan for Information Systems Protection "Most of this sounds like a broken record. Gov't just can't seem to get it right when it comes to protecting systems/networks."
7)Statement by Director of Central Intelligence George J. Tenet- Before the Senate Select Committee on Intelligence on The Worldwide Threat in 2000: Global Realities of Our National Security - 2 February 2000
1) Media Alert/Associated Press, Network ICE Protects Against Latest Microsoft Security Flaw
SAN MATEO, Calif.--(BUSINESS WIRE)--Feb. 8, 2000--Network ICE announced today a solution for the latest Microsoft Windows NT 4.0 security vulnerability. The flaw was found in the Windows NT 4.0 Index Server, which performs as a utility search tool. The vulnerability allows users to remotely view the contents of any file on a server running Index Server.
The flaw in Microsoft Windows NT 4.0 poses a serious security risk by allowing users unwarranted access to specific files. Once the files have been breached, a hacker can ultimately view any information they want and take over the machine from a remote location. Although Microsoft has released a patch for this vulnerability, you're still at risk unless you have installed this patch and all previous patches on all of your systems. Only by deploying BlackICE can a user ensure they are protected from this and other server-specific vulnerabilities. To update the latest BlackICE program, visit http://www.networkice.com/download/updatebidbeta2.htm.
Network ICE Corp. has developed an Intrusion Defense System specifically for protecting vital information assets of corporate and government agencies that alerts users to hacking activity and also supplies information on that activity by tracking the identity of cyber-criminals. For more information on Network ICE, visit them on the web at www.networkice.com. Members of the media who would like to speak with the developers of this technology regarding the impact it will have on government operations, please contact Jeff Charles of A&R Partners at 650/762-2823.
Patrick Bedwell
Marketing Manager Network ICE patrick@n... www.networkice.com
650.532.4130
650.341.0719 (fax)
408.390.9421 (mobile)
SAN MATEO, Calif.--(BUSINESS WIRE)--Feb 9, 2000--Network ICE security experts are available to comment on recent hacker attacks against Yahoo, eBay, eTrade, Amazon.com, Buy.com and ZDnet. These attacks are indicative of a new type of massively distributed attack in which hundreds or thousands of computers are hijacked by an intruder and used against companies such as Yahoo or eBay.
Network ICE pioneered a massively distributed intrusion countermeasure solution specifically designed to protect home and corporate computers from being compromised and manipulated by hackers to launch a distributed attack. Greg Gilliom, and Robert Graham, founders of Network ICE can explain why these e-commerce sites are having trouble protecting themselves from these hackers and what home or corporate Internet users can do to prevent themselves from being used in a DoS attack. They can also explain in layman's terms the mechanics of the Denial of Service (DoS) attack.
Greg Gilliom, CEO of Network ICE, co-founded the company in April, 1998. Prior to founding the company, Greg spent 19 years in the computing and networking industry. He has held a variety of high-level management positions with Hewlett Packard, Network General and Network Associates. Greg most recently was Vice President and Chief Technology Officer at Network Associates.
Robert Graham, CTO of Network ICE is a former Architect at Network Associates with 14 years industry experience. His design expertise includes not only low level, efficient protocol analysis systems but also scalable, network wide management platforms. His early accomplishments in the area of network security was in 1988, when he was part of a team that eradicated the Morris Worm (the first wide-spread computer virus to infect the Internet) from Oregon State University.
2) EDITORIAL - DISTRIBUTED DENIAL OF SERVICE ATTACKS RAISE LIABILITY QUESTIONS
by Matt Devost, Senior Consultant, SDII
During the past week, we have seen an unprecedented level of denial of service attacks against major e-commerce sites such as Yahoo, eBay, Amazon.com, Etrade and Buy.com. These attacks have undoubtedly cost millions of dollars in lost revenue, not to mention the intangible affects on customer confidence. In fact, one recent estimate is that the cumulative damages may total as much as $1.2 billion.
The underlying technical method of attack is not new. The Internet community has seen similar attacks for at least the past five years, and the theoretical basis for the attack has been known for decades. With tools that allow for distributed attacks, there is little that a diligent system administrator can do to avoid becoming a victim. However, in their concern about becoming a victim, many are missing the larger issue.
When the dust has settled and the perpetrators of the attack have been identified, the real issues will revolve around downstream liability. These distributed denial of service attacks are only successful because the attacker is able to compromise numerous systems and install "Zombie" software that will be used in a coordinated attack. This means that the compromised hosts have become part of a distributed attack platform. Did the owners of these compromised hosts practice due diligence with respect to their security? What if these systems were compromised using a well-known vulnerability for which a vendor patch was issued 10 months ago? Does the organization perform periodic vulnerability assessments to ensure they are maintaining an adequate security posture? There are many steps that you can perform to help ensure that your systems are not used as an attack vehicle against someone else.
Corporate executives are spending a lot of time worrying about whether they will be the next victim of attack, when in reality they should be worrying about whether their organization unknowingly participated in the attack. Have you been diligent?
MATTHEW G. DEVOST (matt@s...)
Mr. Devost is a Senior Consultant with Security Design International in Annandale, VA. For additional comments: Security Design International, Inc. Voice: 703-354-8326 Fax: 703-354-8346 Email: info@s... UNLIMITED DISTRIBUTION
:)
3) CERT DISTRIBUTED ATTACK REPORT
http://www.info-sec.com/internet/00/internet_020900c_j.shtml
64KB.pdf
:)
4) Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy", By Dorothy E. Denning
http://www.infowar.com/class_2/00/class2_020400b_j.shtml
Dr. Denning has a great paper here. ( Of course! )
:)
5) Do you have an interest in cybercrime?
Infowar.Com is developing a special area dedicated to cybercrime. We want your ideas! Are you in law enforcement and want to take this opportunity to put this project together? What would you like to see? If your interested in being a part of this area, please write betty@i.... We solicit and value your input. More later.!
:)
6) GAO Report: Comments on the National Plan for Information Systems Protection "Most of this sounds like a broken record. Gov't just can't seem to get it right when it comes to protecting systems/networks."
http://www.info-sec.com/internet/00/NatlPlanProt_ai00072t.pdf
:)
7) Statement by Director of Central Intelligence George J. Tenet- Before the Senate Select Committee on Intelligence on The Worldwide Threat in 2000: Global Realities of Our National Security - 2 February 2000
http://www.infowar.com/class_2/00/class2_020900a_j.shtml
:)
--------------------------------------------------------------------------- To be unsubscribed from the mailing list simply click on the link below http://www.infowar.com/cgi-shl/aalistsrv/subscribe.pl?remove=1&list=4&email=fc@a...
--
Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225
Fred Cohen & Associates: http://all.net - fc@a... - tel/fax:925-454-0171
Fred Cohen - Practitioner in Residence - The University of New Haven
Have a great day!!!
[This communication is confidential to the parties to which it is sent. If you get this email in error, please delete it immediately and do not use, repost, reprint, or view the contents. This message and all messages to or from the sender of this message is recorded and reading this message or sending email to its sender constitutes consent for such recording.]
Per the official policy of Sandia National Laboratories, the reader should be
aware that:
- Fred Cohen of Fred Cohen & Associates is the same Fred Cohen who is a
Principal Member of Technical Staff at Sandia National Laboratories.
- Fred Cohen & Associates - is owned and operated by Fred Cohen and is
separate and independent from the work done by Fred Cohen at Sandia
National Laboratories.