CRIME FW: NIPC Daily Report 18 June 2002

From: George Heuston (GeorgeH@private)
Date: Tue Jun 18 2002 - 16:40:00 PDT

  • Next message: Steve Beattie: "Re: CRIME EarthLink Password Security Story"

    Microsoft advisories. Microsoft has published three advisories for a heap
    overrun in HTR, an unchecked buffer in the Remote Access Service (RAS), and
    two issues in SQLXML. The combination of these issues presents an excellent
    opportunity for mischief ranging from crashing a system to an escalation of
    privileges by running an attacker's choice of code.  The risk for an
    unpatched system is deemed critical.  Patches are available on Microsoft's
    website and should be applied immediately. www.microsoft.com
    <http://www.microsoft.com>  (iss.net, 17 June)
    
    EarthLink's passwords are naked. EarthLink, the nation's fourth-largest
    Internet service, is allowing its support employees to have full access to
    the passwords of its 4.9 million subscribers. EarthLink service agents are
    permitted to view customer passwords in order to expedite the handling of
    one of the ISP's top support issues: forgotten passwords. EarthLink could be
    exposing its subscribers to a range of security threats, including attacks
    from disgruntled or unethical employees. At the help section of its site,
    EarthLink provides the following warning on password security: "Never tell
    your password to anyone -- with one exception. EarthLink Sprint
    Technical/Customer Support may ask for it when you call EarthLink Sprint for
    assistance." EarthLink sometimes requests a subscriber's password to
    troubleshoot connection problems, but the company does not use passwords as
    a way of authenticating telephone callers. Such a confusing password policy
    could make an ISP's customers easy prey for password scams that involve
    "social engineering" or trickery. It should be noted; any attempts by
    support reps to gain access to customer accounts would be logged. At America
    Online, MSN and United Online -- the top three ISPs, respectively -- stored
    passwords are off-limits altogether to support staff. (Wired News, 17 June)
    
    FAA to simulate GPS outages.  In September 2002, the Federal Aviation
    Administration (FAA) plans to run a simulation to assess the impact of a
    Global Positioning System (GPS) outage on air traffic control.  The GPS
    Outage En Route Simulation (GOERS) will test how the loss of satellite-based
    navigation aids affects controller workload under conditions that include
    environments in which a mix of GPS and ground-based navigational aids are
    available. Jacksonville Air Route Traffic Control Center in Florida is the
    leading candidate for GOERS, pending coordination with the National Air
    Traffic Controllers Association.  The simulation will be conducted over five
    weeks. At that time the FAA will recommend whether measures should be taken
    to lessen the effects of an outage. The plan calls for reducing the
    ground-based navigation aids aircraft use to fly across the country by about
    50 percent beginning in 2007 and finishing in 2012.  (Federal Computer Week,
    17 June)
    
    Further Information: GPS is a space-based radio-navigation system. It
    consists of 24 satellites, which orbit the Earth at an altitude of
    approximately 11,000 miles, and ground stations. GPS provides users with
    accurate information on position, velocity, and time anywhere in the world
    and in all weather conditions.  GPS satellites circle the earth twice a day
    in a very precise orbit and transmit signal information towards the earth.
    GPS receivers take this information and use triangulation to calculate the
    receiver units location.  The FAA is developing two satellite-based systems,
    the Wide Area Augmentation System and the Local Area Augmentation System,
    which will provide the accuracy, availability, and integrity needed to use
    GPS as a primary means of navigation in the U.S. National Airspace System
    (NAS).  http://gps.faa.gov/FAQ/index.htm <http://gps.faa.gov/FAQ/index.htm>
    )
    
    Flaw in Microsoft Corporation's SQL Server.  A Russian security researcher
    claims he has discovered a flaw in Microsoft Corp.'s SQL Server 2000 which
    gives an attacker the ability to either crash the server or execute
    malicious code on the machine. Microsoft is aware of the advisory and is
    investigating the issue. The vulnerability is in the "pwdencrypt" hashing
    function, which is included with SQL. A buffer overrun flaw in this function
    enables an attacker to overwrite a portion of the heap memory. (ISN, 14
    June)
    
    Microsoft accidentally distributes virus. Microsoft accidentally sent the
    Nimda worm to South Korean developers when it distributed Korean-language
    versions of VisualStudio.Net that carried the virus. The tools picked up the
    digital pest when a third-party company translated the program into Korean.
    Microsoft says the worm has not executed on any developers' systems, and if
    it did, it would not be able to spread to the developer's system because the
    virus only runs on systems running IE 5.5 and lower, and the
    VisualStudio.Net requires version 6.0 of the browser. Microsoft has notified
    all its registered Korean customers, and the company posted a patch to its
    Web site. It also plans to provide clean copies to all the developers, free
    of charge. (CNET Networks, 14 June)
    
    IBM software targets "drive-by hacking." IBM software sits on laptops and
    PCs, analyzing traffic on an internal 802.11 wireless network and sends the
    data to a centralized server. The server then "crunches" the data and
    produces a report that can tell system administrators if there are wireless
    access points that have been misconfigured. Access points are physical
    connections to the computer network located throughout a site.  Wireless
    networks are cheap, costing less than $100, and convenient to use, allowing
    workers to carry laptops from office to conference room to cafeteria.
    (atnewyork.com, 16 June)
    
    WWU Comment: Wireless networks require special attention and special
    security measures to keep both the network and the data within the network
    secure from outside intrusion.  
    



    This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 17:50:19 PDT