![]()
|
|
|
|
|
|
|
|
|
|
|
|
|
"Corporate Security Begins at Home"
Computerworld (03/06/00) Vol. 34, No. 10, P. 14; (Harrison, Ann):
Many companies are responding to last month's denial-of-service attacks on
several Web sites by undertaking efforts to protect the security of telecommuter
transactions conducted via their corporate VPNs. Zone Labs President Gregor
Freund notes that "you can encrypt as much data in transit as you want, but if
the PC that information originates from is not secure, then the entire system is
not secure." The company's free ZoneAlarm personal firewall has been
downloaded from the Zone Labs Web site more than 500,000 times in the past
month alone, and California-based Network ICE says sales of its BlackICE
intrusion-detection and firewall product have increased 50 percent. Several
companies now require their telecommuters to use personal firewalls on their
home PCs in order to decrease the possibility that hackers could invade those
PCs and use them to access confidential corporate material and attack the
corporate VPN.
"Lawmakers Seek Better Shields Against Cyberattacks"
Washington Technology (03/06/00) Vol. 14, No. 23, P. 14; (Gallagher,
Anne):
The Government Information Security Act, recently introduced in Congress by
Sens. Joseph Lieberman (D-Conn.) and Fred Thompson (R-Tenn.), attempts to
bring the IT industry and government together behind a comprehensive,
long-term solution for computer security. The bill specifically relates to the
federal government's information system and how to protect it from
cyberattacks. It mandates that all federal agencies have their information
security programs and practices audited by an outside agency annually, and it
also allows the Office of Management and Budget authority to step up
government-wide oversight of federal agencies. The bill is said to have wide
support both within government and Silicon Valley, and it is possible that it will
pass this year, according to some congressional staffers. At a recent hearing on
computer security in the Senate, some experts said the Web sites that were
recently hit with denial-of-service attacks should have expected such attacks
and prepared for them. The experts also said that too many companies are
placing their security in one solution, such as firewalls or encryption, instead of
layering solutions and then constantly monitoring the situation. Those at the
hearing contended that IT products must be designed with greater security
protections, such as bigger firewalls. Security professionals at the hearing also
said cyberattacks have increased dramatically in recent years. The Computer
Emergency Response Team at Carnegie Mellon dealt with 132 computer security
incidents in 1989, compared to 8,000 in 1999.
http://www.wtonline.com/vol14_no23/federal/1111-1.html
"Life After the Hacks"
Telephony (02/21/00) Vol. 238, No. 8, P. 10; (Quinton, Brian):
The attacks on major Web sites earlier this month have catapulted network
security to the top of many companies' priorities. Although "denial of service"
attacks do not damage data, they do damage consumers' confidence in the
Internet as a vehicle of commerce. A recent survey by PC Data shows that 45
percent of Internet users say that they are less likely to reveal their credit card
numbers on the Web after the attacks; 37 percent say the attacks altered their
opinions on Internet security as a whole; and 50 percent say the attacks
changed their view of the Web sites that were hit. Experts contend that
infrastructure companies will have to change spending priorities and purchase
top-of-the-line security products. This is even more essential because hacking
programs readily available on the Internet allow even the most rudimentary
computer user the ability to launch an attack on a Web site. Security
professionals say hacking software exploits the Internet's greatest attribute,
which is its ability to connect huge networks of users, and that computer
security needs to be improved so that every individual computer owner has
complete control over the machine. This would effectively stop the hijacking of
third-party computers to launch attacks. Analysts say that this goal may be
facilitated by the recent liberalization of U.S. export rules on security hardware
and software, which could bring computers around the world up to the same
level of security that some American computer users enjoy. Regardless, while
consumers may be demanding that Web sites practice greater security, and
companies may be beefing-up defenses, experts admit that there is little that
can be done currently to dissuade a determined hacker from launching an attack
due to the structure of the Internet.
CYBER-ATTACK PROBE MAKES PROGRESS:
U.S. law enforcement authorities say that progress is being made
in tracking down those responsible for the recent
denial-of-service attacks on major Internet sites such as Yahoo!
and Amazon.com. However, officials told a joint hearing of the
House and Senate crime subcommittees that FBI analysts were
currently analyzing over 630 gigabytes of data, the equivalent of
several hundred truckloads of paper. Therefore, the
investigation is expected to take a fairly long time. After the
attacks, some lawmakers began introducing legislation that would
make it easier for authorities to track and prosecute hackers;
however, other legislators have said that the onus to protect
data and networks should be on the private sector, not the
government. (Washington Times, 1 March 2000)
ISPS, TELCOS JOIN FORCES TO FIGHT WEB ATTACKS:
Prompted by the recent string of denial-of-service attacks that
disabled several popular Web sites, ICSA.net has teamed various
ISPs and telecommunications companies together to form a group to
prevent future attacks. Known as the Alliance for Internet
Security, the group is dedicated to improving Internet security
technologies and practices through such means as reconfiguring
routers and denying IP-directed broadcasts on perimeter routers.
Alliance members are Cable One, Cable & Wireless, Digex, Global
Crossing, GlobalCenter, GTE Internetworking, Level 3
Communications, and Sprint Communications.
(Computer Reseller News Online, 25 Feb 2000)
Distributed Denial-of-Service Attacks,Contributory Negligence and Downstream Liability
SECURITY EXPERTS, UNIVERSITIES WILL FIGHT ATTACKS:
The SANS Institute has joined with four vendors to help secure
university networks, which are often used to launch hacker
attacks because of the openness of these networks. University
systems were exploited in the recent denial-of-service attacks on
e-commerce sites including Yahoo! and Amazon, and school networks
have also been used to hack into government sites such as the
Department of Defense research site, experts say. Hackers often
break into one computer and then use a sniffer to learn other
passwords on the network, says Steve Acheson of the SANS
Institute. Investigations into the recent denial-of-service
attacks show a potential link to the WU-FTP file-sharing program
used by many universities. The SANS Institute, along with RSA
Security, SSH Communications Security, MIT, and Mindbright
Technologies will offer free encryption software to U.S.
universities that will offer secure logins to all students,
faculty, and staff members. The initiative will provide stronger
authentication for passwords with SSH's Secure Shell login
program, which prevents identity spoofing by verifying users at
both ends of a connection. (InternetWeek Online, 24 Feb 2000)
McAfee's virus warning system distributed the following message today via email to its subscribers.
*************Information Dispatch - W32/Trinoo*************
|
From The SANS Weekly Security News Overview
SANS/GIAC FLASH! James Madison University has found 160 Windows98 computers infected with the trinoo distributed denial of service Trojan. The news here is that the infection has spread to personal computers. The vast number of PCs connected to the Internet, now able to be used in DDoS attacks, raises the threat level substantially. Please take time today to review the Consensus Roadmap For Defeating Distributed Denial Of Service Attacks at http://www.sans.org/ddos_roadmap.htm. It's a solid call to action, laying out the specific problems and providing prescriptions for solving them. Two of the recommendations need to be implemented immediately. The Roadmap was unveiled on Tuesday at the Partnership for Critical Infrastructure Security meeting with the Secretary of Commerce and three Members of Congress and about 120 corporations in attendance. The Roadmap was created cooperatively by CERT and SANS with the help of a group of distinguished security experts including Bill Cheswick, Dr. Eugene Spafford, Stephen Northcutt, Dave Dittrich, Mudge, Randy Marchany, Eric Cole, and several others. Now it needs your help in identifying effective methods of monitoring and measuring progress in implementing the Roadmap, and even more important, your experience in the implementation process, including tools that you found made it easier and challenges you had to overcome. Email ddos@sans.org. |
HACKERS' WEB WEAPONS TEST-FIRED ON CHAT SITES:
Internet Relay Chat (IRC) networks, the Web equivalent of CB
radio, are subnets that are comprised of dozens of servers
worldwide, allowing for the discussion of an enormous range of
topics in real time. However, because log-ins can be conducted
anonymously, some of these networks have become the domain of
hackers, who trade information, pirated software, attack
programs, and brag about their exploits. IRC networks also
become victims of attacks that are tested on them first, and then
used on more mainstream Web sites. The denial-of-service attacks
that hit sites such as Yahoo! several weeks ago were tested on
IRC sites long ago. Although investigators are patrolling the
IRC to try to gather information about those attacks, the
networks are still hit daily with similar attacks. This has led
many universities, which used to host IRC services on their
computers, to drop the services, leaving the private sector to
take up the slack. The constant barrage of attacks on IRC sites
has caused eight companies to leave the industry in the last
year, and now less than 40 companies provide IRC networks.
(Washington Post, 19 Feb 2000)
"Holes in the Net"
Newsweek (02/21/00) Vol. 135, No. 8, P. 46; (Sandberg, Jared; Hayden,
Thomas):
Computer security experts say the denial-of-service attacks launched last week
against several major commercial Web sites were elementary, and that true hacking
pros could cause much worse damage. Experts contend the real problem is the
inherent insecurity of the Web, which was originally designed for a small group of
trusted users to share information. High-tech firms admit that they are unable to
write software that does not contain bugs, which are used by hackers to break into
Web sites and filch personal data. In last week's attacks, hackers exploited
well-known bugs that allow unauthorized users to write commands. Bugs can also
be used for identity theft, which is much more serious than denial-of-service
attacks. Thieves who commandeer bank and credit accounts can wreak havoc on
victims' lives, and the resulting damages can take years to undo. This problem is
compounded by the fact that many financial-service firms demand that users
display their Social Security numbers to get onto their Web Sites, meaning that a
smart hacker could "sniff out" this information. Computer security professionals say
with all the new nightmare scenarios that are proliferating, there is a serious dearth
of skilled computer experts who can help protect the Internet from predators. More
students graduated from college with computer-science degrees 12 years ago than
today. This often leaves the security of the Internet in the hands of Web site
administrators and ISPs, who must keep up to date with the latest antivirus and
security products. However, many administrators do not do this, either out of a
lack of knowledge or because they do not want to spend the time and money
required. Experts say such negligence is a major part of many recent security
incidents, as the technology to guard against most of these attacks is on the
market.
"New Hacker Software Could Spread by Email"
CNet (02/23/00); (Borland, John):
An anonymous hacker group has posted a new version of software called Trinoo,
which is believed to have launched the recent denial-of-service attacks on major
e-commerce sites such as Yahoo! and Amazon. The new version of Trinoo makes it
easier for hackers to commandeer computers to send the attack data to targets.
With the new version, hackers can infect a broader range of desktops with
harmless-looking email attachments. Computers with DSL or cable modem
connections are especially at risk, experts say. "(The previous attacks) took
someone who knew what they were doing," says Trend Micro's David Perry. "This
turns it into a kid-on-the-street problem." Antivirus firms are now working on tools
to eliminate the new Trinoo software. Meanwhile, the FBI has pursued several leads
in the attacks, but has not yet reported any significant breakthroughs.
http://news.cnet.com/news/0-1005-200-1555637.html?dtn.head
"Attacks to Benefit IT Consulting, Web-Hosting Companies"
TechWeb (02/17/00); (Mosquera, Mary):
The denial-of-service attacks on top e-commerce sites last week could boost
Internet consulting, Web hosting, and security services as businesses look to
outsource more IT functions, according to Monument Internet Fund, the leading
Internet fund for 1999. Companies are likely to pay more attention to security as a
result of the attacks, which drew the attention of regulators and legislators, says
Monument's Alexander Cheung. Security tools that can stop many types of online
attack are widely available, and companies will now begin spending more on this
technology. In addition, Investors are likely to focus more on the security measures
a company takes, Cheung says. Many people working with businesses that are
moving online have little knowledge of the Internet, so companies will turn to Web
hosting and consulting firms such as USWeb and Proxicom, as well as security firms
such as Entrust and VeriSign, says Monument's Michael Gallipo.
http://www.techweb.com/wire/finance/story/INV20000217S0003
"Data Shows Web Sites Swiftly Bounced Back From Hacker Attacks"
Wall Street Journal (02/17/00) P. B8:
Figures compiled recently by the Internet-research firm Media Metrix indicate last
week's sabotage of several major Web sites has not significantly altered the surfing
habits of Internet users. Media Metrix found traffic at Yahoo! the day after the
site's shutdown was up 9 percent from the same day a week earlier, and up 6
percent two days following the attacks. Media Metrix found similar figures for other
online businesses disabled by the hackers. However, a poll released Monday by PC
Data Online shows that despite the absence of changes in Web traffic patterns,
the sabotage has raised concern among Internet users over the security of online
transactions and damaged consumer confidence in electronic communications.
McAfee's virus warning system distributed the following message today via email to its subscribers.
__________________INFORMATION DISPATCH______________________ |
Chinese Site Suffers Attack (http://www.nytimes.com/library/tech/00/02/biztech/articles/18china-hacker.html) By REUTERS:
Sina.com, a top Chinese Internet portal, suffered a hacker attack around the same time several popular American Web sites were crippled by online raids, a Sina.com executive said.
Dave Dittrich's internet security page.
Internet Executives Are Reassured After White House Meeting
Chat Systems Yield Clues in Web Attacks by Hackers
LEADS NARROW LIST OF SUSPECTS IN WEB ATTACKS
Computer security experts have located several of the systems
used in last week's cyberattacks on major e-commerce sites,
finding evidence that implicates at least two hackers.
Investigators are focusing on the two suspects, known only by
their hacker names at this point, as a result of information
obtained from network traffic analysis, computer-security logs,
and monitoring of hackers on Internet Relay Chat (IRC). The
individual suspected in the Yahoo! attack was especially skilled,
experts say. The suspect, who recently stopped using IRC, is
believed to live in the U.S. A second, less-sophisticated
hacker, who experts believe lives in Canada and uses the online
name "mafiaboy," is being monitored as a potential copycat.
Investigators have determined that computers at a number of
California universities, including Stanford, the University of
California at Santa Barbara, and the University of California at
Los Angeles were used in the attacks. School officials say their
systems were hijacked and used to launch the data that bombarded
target sites. (Wall Street Journal, 14 Feb 2000)
"In Wake of Hacks, Banks Called Relatively Safe"
American Banker (02/14/00) P. 7; (Weitzman, Jennifer):
Last week's "denial of service" attacks on several major commercial Web sites did
not affect any online banking operations, according to Keynote Systems, an
Internet performance monitor. In fact, technology security experts say that online
banks and brokers came out of last week's attacks better than any other sites,
mainly because they have better security processing and more sophisticated
security software, such as "intrusion-detection" technology. Experts say that banks
are also somewhat insulated against denial of service attacks because service
interruptions are very common in the industry, even before the advent of online
banking. However, banks are still tempting targets for hackers due to their nature,
and security professionals warn that banks may be in danger if they have too many
links to other Web sites. Therefore, banks need to be very certain that those
connecting sites practice good security, such as implementing solid firewalls and
creating and enforcing strict security policies and procedures.
HACKER TARGETS CREDIT CARDS A hacker broke into the Web server of RealNames last week and tried to steal the credit card information and other data of 15,000 customers. The attack differed from the denial of service attacks launched last week because the hacker did not shut down RealNames' site, but instead seized a Web server, using it to steal information from other computers. RealNames, which sells users a simple keyword or phrase to use in lieu of long Internet addresses, has alerted its customers and the FBI to the incident, although it says that it is not yet sure whether any credit card information was stolen. Security experts say that the incident is an anomaly only because RealNames was so open in discussing it; a recent FBI report says that 62 percent of Fortune 500 companies experienced computer breaches within the last year, but only a fraction make the incidents public, for fear of scaring off customers and investors. (SiliconValley.com, 12 Feb 2000)
CLINTON TO HOLD INTERNET SECURITY SUMMIT:
President Clinton will hold an Internet-security meeting next
Tuesday with some of the major players in the industry to address
the recent attacks on some of the world's biggest Web sites.
Companies such as Yahoo!, eBay, America Online, and Microsoft are
said to have been invited to the summit, where they will meet
with President Clinton, Attorney General Janet Reno, Commerce
Secretary William Daley, and National Security Adviser Samuel R.
Berger. The National Security Council is in charge of the
hastily organized meeting, leading analysts to speculate that the
government considers the recent attacks as bona-fide security
risks, not just economic disruption. The meeting is expected to
discuss whether the government should take a greater role in
regulating the Internet, as well as self-policing initiatives for
Internet firms. (Wall Street Journal, 11 Feb 2000)
| Go to UM-St. Louis Home Page | College of Business Page | IS Home Page |