- Email: [email protected]
Security site hit by pastich vandals
November 2001 ISSN 1361-3723
“We are not devaluing music but we are, in our own small way, re-valuing it.” see page 2.
Editor: Chloë Palmer American Editor: CHARLES CRESSON WOOD Baseline Software, Sausalito, California, USA Australasian Editor: BILL J. CAELLI Queensland University of Technology, Australia European Editor: KEN WONG Insight Consulting, London, UK Editorial Advisors: Chris Amery, UK; Jan Eloff, South Africa; Hans Gliss, Germany; David Herson, UK; P.Kraaibeek, Germany; Wayne Madsen, Virginia, USA; Belden Menkus, Tennessee, USA; Bill Murray, Connecticut, USA; Silvano Ongetta, Italy; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK; Peter Thingsted, Denmark; Hank Wolfe, New Zealand. Correspondents: Frank Rees, Melbourne, Australia; John Sterlicchi, California, USA; Paul Gannon, Brussels, Belgium. Editoral Office: Elsevier Advanced Technology, PO Box 150 Kidlington, Oxford OX5 1AS, UK Tel: +44-(0)1865-843645 Fax: +44-(0)1865-843971 E-mail: [email protected] Subscription Price for one year: (12 issues) US$710/1397NLG including first class airmail delivery subject to our prevailing exchange rate Price valid to end of 2001 Subscription Enquiries: Orders and Payments: For customers residing in the Americas (North, South and Central America) Elsevier Science Customer Support Department PO Box 945, New York NY 10010 USA Tel: (+1) 212-633-3730 [Toll free number for North American customers: 1-888-4ES-INFO (437-4636)] Fax: (+1) 212-633-3680 E-mail: [email protected] For customers in the rest of the World: Elsevier Science Customer Support Department PO Box 211, 1000 AE Amsterdam, The Netherlands Tel: (+31) 20-3853757 Fax: (+31) 20-4853432 E-mail: [email protected] To order from our website: www.compseconline.com
Publishers of Network Security Computers & Security Computer Fraud & Security Computer Law & Security Report Information Security Technical Report
Security site hit by pastiche vandals The trend for defacing security sites has taken a confusing twist. The latest lark is to attribute the defacement to another hacking group. Non-profit news site Security NewsPortal (SNP) has been defaced twice in the course of a few days. Visitors to the site on 23 October saw a lengthy flame, posted, “by parties unknown” signed by German hacker and entrepreneur Kim 'Kimble' Schmitz, who had offered SNP $10 000 in exchange for information about Fluffy Bunny, a serial defacer who had hit Schmitz's site earlier in the month. Schmitz heads up YIHAT, Young Intelligent Hackers Against Terrorism, and it is in this capacity that the message is signed. Ironically, YIHAT recently stopped administrating its website at kill.net following a rash of distributed denial-of-service attacks. The defacement read, “They [SNP] encourage defacements. ...their business prospers. We are looking forward to hearing them bitch about this incident.” Marquis Grove, the man in charge of runnig the SNP site, responded to the defacement by deciding to close the site. He posted a statement explaining that, as a non-profit organization, SNP could not keep up with stained attacks. Grove's statement also said that closing down would, “prove a point to the defacer and to the security industry.”
In response to Grove's posting, the site was promptly defaced again. This time it claimed that Grove had decided to join forces with Schmitz and run the site for profit with his help. The statement cleverly imitated the style of Grove's posting, and claimed that the site would go back up on 31 October. Grove believes that the guilty party is the same vandal that hit security site New Order with a similarly ironic message. Jericho from security group Attrition.org pointed out to Newsbytes that although the idea of defacing in the style of other hacking sites is not new, “The difference is, before they were mimicking lesser group that hit lesser sites.” Massive offers of support from the security community, particularly academia, mean that the site will be returning soon. Let's think about all this for a moment. Grove's suspect blames YIHAT whose founder has a beef with Fluffy Bunny. It is a high profile site, but security was outsourced. So, why did he do it? There is limited kudos in breaking into a server farm no one has ever heard of, and disrupting a
Contents Hacking News Security site hit by pastiche vandals 1 Hackers unite: don't deface 2
Legal News Napster faces copyright charges 2 RIAA tries to spin doctor legislation 2
Cryptography News PKI Challenge update Internet to be used for secure military messages German minister calls for digi sig interoperability
3 3 4
Vulnerabilities News Automatic macro execution glitch GroupWise users urged to patch security hole
4 4
Technology News Wireless tech to protect PDAs
4
Reports Cyber Skirmishes — Hackers Threaten, Government warns 5 Yahoo News Hacked 5 AT&T Protects Routers 6
Web Review Fine Tuning your Focus on Vulnerabilities
7
Tales From The Crypt The Changing Face of International Cryptography Policy Part 21 — OECD Security Guidelines 8
Fetaures 11 September IT Fallout 10 Cyber-terrorism — Virtual For Who?12 A Mockery of Fair Use? 15
Information Warfare Prepare For Unexpected Intense Attacks Against Your Infrastructure 16
ShockwaveWriter CISSP and the InfoSec Writer — Part 2
18
Stop Press
20
news service that people in your community like. Who gains? Well, SNP, in the long run as the service has secured propper funding as a result of the attack. And Schmitz hits the headlines in some capacity other than as a failed businessman — he is near bankruptcy. To the defacer’s credit, he did take a copy of the site and gave it to Grove according to newswire reports. It all begs the question: has this defacement backfired? Are defacers kidiots? Let us know your views. Email [email protected] with your thoughts. Check out the defacement mirrors on Alldas.de on 24 and 26 October.
Hackers unite: don’t deface Linux is “without a doubt the most discussed topic in the security e-zines of today,” says zwanderer, also known as Kristian Frederiksen, editor of security publication Black Box e-zine. Frederiksen explains that the cause of Linux has been evangelised by hackers and crackers alike. But what of Microsoft? Apparently, there have been so
many bugs that finding them is “no more fun”. The major trend in hacking, identified by Black Box, is defacement. But, groups that make defacements, “proudly carry the flag ahead — but they do it in a suicidal fashion.” These acts are “destructive” and “ignorant” and are causing the media to perceive all hackers in this way. Rather, then, hackers should remember their roots: creating code, finding bugs and writing advisories and articles to push online culture ahead. Frederiksen identifies a progressing trend towards copycat behaviour. One example of is was with Trojans. “BO [Back Orifice] came out and, all of a sudden, everyone was hacking their brothers PC with netbus of BO.”(sic.) The latest such trend is attacking the kernel — “The Linux kernel, such a powerful beast is the number one target for hacker code these days.” Catch the article, “On recent hacking trends #1” on http://black.box.sk/articles/12/h acking_trends.
Legal News
Napster faces copyright charges Napster is back in court in the US.
ISSN: 1361-3723/01/$20.00 © 2001 Elsevier Science Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Science Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. Permissions may be sought directly from Elsevier Science Rights & Permissions Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: [email protected]. You may also contact Rights & Permissions directly through Elsevier’s home page (http://www.elsevier.nl), selecting first ‘Customer Support’, then ‘General Information’, then ‘Permissions Query Form’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (978) 7508400, fax: (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) 207 436 5931; fax: (+44) 207 436 3986. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal
2
It stopped swapping copyrighted materials in July, but the prosecution are “seeking a summary judgement against Napster on the issue of liability, which would in essence leave for trial only the amount of damages and the nature of the injunction,” explained Russell Frackman, an attorney for the record industry. The case will be brought before the federal court in San Francisco. CF&S has been told that, although Napster appears to have stopped trading copyrightable materials, a near spelling search on a popular artist until recently returned a selection of copyrighted works — but a correct name returned no results. At press we had not been unable to veryify the validity of this claim.
RIAA tries to spin doctor legislation It is rumoured that the Recording Industry Association of America (RIAA) is trying to manipulate US federal anti-terrorism legislation to endorse its electronic antipiracy measures. ZDNet reported that, “RIAA lobbyists sought a provision to the bill that would shield copyright holders for
any damage done to computers in the pursuit of copyright protection…[which] might give the group the ability to spread viruses in the pursuit of pirates.” The group currently monitors activity on file swapping sites and when it discovers copyrighted materials being made available, it calls the individual's ISP in the hope of having it prevent the practice. RIAA also uses software to mimic swapping behaviour until it finds copyrighted material, and then attempts to block anyone else from downloading it by sending multiple requests. It is this latter behaviour that may be outlawed in the anti-terrorism Act. However, the record industry is not having it all its own way. Non-copyrighted brands are gaining popularity as evidenced by 3qsound winning the award for 'best business to business site' at the prestigious UK Online Music Awards. The site allows anybody to preview and download royalty free music, from anywhere in the world, for use in conjunction with any kind of media product. Matthew Corbett, house producer at 3q explained, “people have paid too much for music for too long, the perceived value is too high in the new media age in which we
circulation within their institutions. Permission of the publisher is required for resale or distribution outside the institution. Permission of the publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Contact the publisher at the address indicated. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the publisher. Address permissions requests to: Elsevier Science Rights & Permissions Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by Mayfield Press (Oxford) Ltd
“We are not devaluing music but we are, in our own small way, re-valuing it.” see page 2.
Editor: Chloë Palmer American Editor: CHARLES CRESSON WOOD Baseline Software, Sausalito, California, USA Australasian Editor: BILL J. CAELLI Queensland University of Technology, Australia European Editor: KEN WONG Insight Consulting, London, UK Editorial Advisors: Chris Amery, UK; Jan Eloff, South Africa; Hans Gliss, Germany; David Herson, UK; P.Kraaibeek, Germany; Wayne Madsen, Virginia, USA; Belden Menkus, Tennessee, USA; Bill Murray, Connecticut, USA; Silvano Ongetta, Italy; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK; Peter Thingsted, Denmark; Hank Wolfe, New Zealand. Correspondents: Frank Rees, Melbourne, Australia; John Sterlicchi, California, USA; Paul Gannon, Brussels, Belgium. Editoral Office: Elsevier Advanced Technology, PO Box 150 Kidlington, Oxford OX5 1AS, UK Tel: +44-(0)1865-843645 Fax: +44-(0)1865-843971 E-mail: [email protected] Subscription Price for one year: (12 issues) US$710/1397NLG including first class airmail delivery subject to our prevailing exchange rate Price valid to end of 2001 Subscription Enquiries: Orders and Payments: For customers residing in the Americas (North, South and Central America) Elsevier Science Customer Support Department PO Box 945, New York NY 10010 USA Tel: (+1) 212-633-3730 [Toll free number for North American customers: 1-888-4ES-INFO (437-4636)] Fax: (+1) 212-633-3680 E-mail: [email protected] For customers in the rest of the World: Elsevier Science Customer Support Department PO Box 211, 1000 AE Amsterdam, The Netherlands Tel: (+31) 20-3853757 Fax: (+31) 20-4853432 E-mail: [email protected] To order from our website: www.compseconline.com
Publishers of Network Security Computers & Security Computer Fraud & Security Computer Law & Security Report Information Security Technical Report
Security site hit by pastiche vandals The trend for defacing security sites has taken a confusing twist. The latest lark is to attribute the defacement to another hacking group. Non-profit news site Security NewsPortal (SNP) has been defaced twice in the course of a few days. Visitors to the site on 23 October saw a lengthy flame, posted, “by parties unknown” signed by German hacker and entrepreneur Kim 'Kimble' Schmitz, who had offered SNP $10 000 in exchange for information about Fluffy Bunny, a serial defacer who had hit Schmitz's site earlier in the month. Schmitz heads up YIHAT, Young Intelligent Hackers Against Terrorism, and it is in this capacity that the message is signed. Ironically, YIHAT recently stopped administrating its website at kill.net following a rash of distributed denial-of-service attacks. The defacement read, “They [SNP] encourage defacements. ...their business prospers. We are looking forward to hearing them bitch about this incident.” Marquis Grove, the man in charge of runnig the SNP site, responded to the defacement by deciding to close the site. He posted a statement explaining that, as a non-profit organization, SNP could not keep up with stained attacks. Grove's statement also said that closing down would, “prove a point to the defacer and to the security industry.”
In response to Grove's posting, the site was promptly defaced again. This time it claimed that Grove had decided to join forces with Schmitz and run the site for profit with his help. The statement cleverly imitated the style of Grove's posting, and claimed that the site would go back up on 31 October. Grove believes that the guilty party is the same vandal that hit security site New Order with a similarly ironic message. Jericho from security group Attrition.org pointed out to Newsbytes that although the idea of defacing in the style of other hacking sites is not new, “The difference is, before they were mimicking lesser group that hit lesser sites.” Massive offers of support from the security community, particularly academia, mean that the site will be returning soon. Let's think about all this for a moment. Grove's suspect blames YIHAT whose founder has a beef with Fluffy Bunny. It is a high profile site, but security was outsourced. So, why did he do it? There is limited kudos in breaking into a server farm no one has ever heard of, and disrupting a
Contents Hacking News Security site hit by pastiche vandals 1 Hackers unite: don't deface 2
Legal News Napster faces copyright charges 2 RIAA tries to spin doctor legislation 2
Cryptography News PKI Challenge update Internet to be used for secure military messages German minister calls for digi sig interoperability
3 3 4
Vulnerabilities News Automatic macro execution glitch GroupWise users urged to patch security hole
4 4
Technology News Wireless tech to protect PDAs
4
Reports Cyber Skirmishes — Hackers Threaten, Government warns 5 Yahoo News Hacked 5 AT&T Protects Routers 6
Web Review Fine Tuning your Focus on Vulnerabilities
7
Tales From The Crypt The Changing Face of International Cryptography Policy Part 21 — OECD Security Guidelines 8
Fetaures 11 September IT Fallout 10 Cyber-terrorism — Virtual For Who?12 A Mockery of Fair Use? 15
Information Warfare Prepare For Unexpected Intense Attacks Against Your Infrastructure 16
ShockwaveWriter CISSP and the InfoSec Writer — Part 2
18
Stop Press
20
news service that people in your community like. Who gains? Well, SNP, in the long run as the service has secured propper funding as a result of the attack. And Schmitz hits the headlines in some capacity other than as a failed businessman — he is near bankruptcy. To the defacer’s credit, he did take a copy of the site and gave it to Grove according to newswire reports. It all begs the question: has this defacement backfired? Are defacers kidiots? Let us know your views. Email [email protected] with your thoughts. Check out the defacement mirrors on Alldas.de on 24 and 26 October.
Hackers unite: don’t deface Linux is “without a doubt the most discussed topic in the security e-zines of today,” says zwanderer, also known as Kristian Frederiksen, editor of security publication Black Box e-zine. Frederiksen explains that the cause of Linux has been evangelised by hackers and crackers alike. But what of Microsoft? Apparently, there have been so
many bugs that finding them is “no more fun”. The major trend in hacking, identified by Black Box, is defacement. But, groups that make defacements, “proudly carry the flag ahead — but they do it in a suicidal fashion.” These acts are “destructive” and “ignorant” and are causing the media to perceive all hackers in this way. Rather, then, hackers should remember their roots: creating code, finding bugs and writing advisories and articles to push online culture ahead. Frederiksen identifies a progressing trend towards copycat behaviour. One example of is was with Trojans. “BO [Back Orifice] came out and, all of a sudden, everyone was hacking their brothers PC with netbus of BO.”(sic.) The latest such trend is attacking the kernel — “The Linux kernel, such a powerful beast is the number one target for hacker code these days.” Catch the article, “On recent hacking trends #1” on http://black.box.sk/articles/12/h acking_trends.
Legal News
Napster faces copyright charges Napster is back in court in the US.
ISSN: 1361-3723/01/$20.00 © 2001 Elsevier Science Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Science Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. Permissions may be sought directly from Elsevier Science Rights & Permissions Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: [email protected]. You may also contact Rights & Permissions directly through Elsevier’s home page (http://www.elsevier.nl), selecting first ‘Customer Support’, then ‘General Information’, then ‘Permissions Query Form’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (978) 7508400, fax: (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) 207 436 5931; fax: (+44) 207 436 3986. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal
2
It stopped swapping copyrighted materials in July, but the prosecution are “seeking a summary judgement against Napster on the issue of liability, which would in essence leave for trial only the amount of damages and the nature of the injunction,” explained Russell Frackman, an attorney for the record industry. The case will be brought before the federal court in San Francisco. CF&S has been told that, although Napster appears to have stopped trading copyrightable materials, a near spelling search on a popular artist until recently returned a selection of copyrighted works — but a correct name returned no results. At press we had not been unable to veryify the validity of this claim.
RIAA tries to spin doctor legislation It is rumoured that the Recording Industry Association of America (RIAA) is trying to manipulate US federal anti-terrorism legislation to endorse its electronic antipiracy measures. ZDNet reported that, “RIAA lobbyists sought a provision to the bill that would shield copyright holders for
any damage done to computers in the pursuit of copyright protection…[which] might give the group the ability to spread viruses in the pursuit of pirates.” The group currently monitors activity on file swapping sites and when it discovers copyrighted materials being made available, it calls the individual's ISP in the hope of having it prevent the practice. RIAA also uses software to mimic swapping behaviour until it finds copyrighted material, and then attempts to block anyone else from downloading it by sending multiple requests. It is this latter behaviour that may be outlawed in the anti-terrorism Act. However, the record industry is not having it all its own way. Non-copyrighted brands are gaining popularity as evidenced by 3qsound winning the award for 'best business to business site' at the prestigious UK Online Music Awards. The site allows anybody to preview and download royalty free music, from anywhere in the world, for use in conjunction with any kind of media product. Matthew Corbett, house producer at 3q explained, “people have paid too much for music for too long, the perceived value is too high in the new media age in which we
circulation within their institutions. Permission of the publisher is required for resale or distribution outside the institution. Permission of the publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Contact the publisher at the address indicated. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the publisher. Address permissions requests to: Elsevier Science Rights & Permissions Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by Mayfield Press (Oxford) Ltd