Information Security News


    January 2001

    January 18, 2001

    Someone posted information concerning a Redhat Linux Server being hacked to SecurityFocus.com newsgroup. This is from their posting:

    "They got in through "lpd" printer service which "yes" on all our production servers is disabled. They then ran ./hack.sh and Synscan"

    Redhack Linux has had an update to the LPRng package since 04-Oct-2000 that would have patched this vulnerability. The updated package is available at their web site: http://www.redhat.com

    It seems that someone has created a Worm that searches Redhat Linux servers still running the vulnerable LPRng package. Here is the information I have found concerning this:

    Note: RHP Studios clients who are running Redhat Linux v6.2 or 7.0 are NOT affected by this worm or vulnerability. Those running the LPRng package that this worm exploits have been patched since the fix was issued by Redhat Linux on October 04, 2000. Those clients running stand-alone/dedicated Web Servers do not have the LPRng package installed on the Web Servers. As with any computer system connected to any network, you should only install software/services that are needed for the systems functions to reduce the possibility of exploits in services or software that is not used. Regular updates should be performed by running up2date. RHP Studios checks for any needed updates daily and applies them for each of our clients. LPRng package is not needed on a dedicated web server. Because this information/exploit is due to a worm, this information will also be posted on the Virus News.

    If you are not a RHP Studios client, you should update your Redhat Linux Packages by either running up2date after su to root, or by clicking on the next two links (one for Redhat Linux version 6.2 and the other for Redhat Linux version 7.0).

    Redhat Linux v6.2 Updates - http://www.redhat.com/support/errata/rh62-errata-security.html

    Redhat Linux v7.0 Updates - http://www.redhat.com/support/errata/rh7-errata-security.html

    More Information can be found below concerning this exploit and worm:

    Redhat worm touts instant noodles

    An Internet worm cobbled together from pre-existing scripts is spreading rapidly through Redhat Linux systems, leaving in its wake a trail of defaced Web pages touting the virtues of instant Oriental noodles.

    http://www.theregister.co.uk/content/6/16168.html

    To: BUGTRAQ@SECURITYFOCUS.COM

    SUMMARY

    LPRng is almost certainly vulnerable to remote-root compromise on account of a format string bug. The flaw is almost identical to the rpc.statd one I found; namely a faulty syslog() wrapper. This is becoming a very common flaw.

    http://lwn.net/2000/0928/a/sec-lprng.php3

    F-SECURE VIRUS DESCRIPTIONS: RAMEN - ALIAS: LINUX.RAMEN,LINUX/RAMEN - LINUX WORM

    "Ramen affects systems running a default installations of Red Hat Linux 6.2 and 7.0. It attempts to infect the system by exploiting two known security vulnerabilities."

    http://www.f-secure.com/v-descs/ramen.shtml

    BBC NEWS: LINUX VIRUS INFECTION FEARS; RAMEN HITS RED HAT

    "The webmasters who have had to deal with the problem are those running sites using Redhat Linux. Servers have been invaded by a worm that replaces the site's main page with one showing an image of a Ramen instant noodle packet."

    http://news.bbc.co.uk/hi/english/sci/tech/newsid_1123000/1123827.stm

    LINUXPLANET: RAMEN AND THE DANGER OF DEFAULT LINUX CONFIGURATIONS

    The security field is all aflutter about a worm that takes advantage of well-known security lapses in Red Hat Linux -- lapses that most experienced Linux system administrators addressed back in September 2000. And while the so-called Ramen worm doesn't do a whole lot of damage to Linux systems, it does point out the need for constant awareness to security issues -- beginning with the default configurations offered by most Linux distributions. Kevin Reichard reports.

    http://www.linuxplanet.com/linuxplanet/opinions/2921/1/

      January 16, 2001

    WHAT'S IMPORTANT FOR INFORMATION SECURITY

    The basic reasons we care about information systems security are that some of our information needs to be protected against unauthorized disclosure for legal and competitive reasons; all of the information we store and refer to must be protected against accidental or deliberate modification and must be available in a timely fashion. We must also establish and maintain the authenticity (correct attribution) of documents we create, send and receive. Finally, if poor security practices allow damage to our systems, we may be subject to criminal or civil legal proceedings; if our negligence allows third parties to be harmed via our compromised systems, there may be even more severe legal problems.
    Security Portal

    EGGHEAD: NO EVIDENCE HACKER STOLE CREDIT CARD INFO

    Egghead.com Inc. said that no customer credit card numbers appear to have been stolen from its Web site, two and half weeks after the online retailer announced it had detected an intruder in its computer systems. Only about
    7,500 of the more than three million credit card accounts in Egghead's database showed evidence of "suspected fraudulent activity", the company said, saying those transactions may have been the result of unrelated thefts.
    ZDNET

    NT STILL MOST HACKED WEB SERVER PLATFORM

    The year 2000 saw Windows NT steaming ahead yet again as the most hacked web server operating system, after a majority of defaced pages were found to be sitting on compromised NT boxes. As NT is one of the most popular options for web servers, it appears that it is attacked most, however a number of companies running web sites on variations of Linux also suffered the embarrassment of defacement.
    http://www.uk.internet.com/Article/101161

    TOP LEVEL DOMAINS: WINNERS AND LOSERS, 2000

    "Over year 2000, Attrition.org recorded over 5800 defacements, over 2000 more defacements over 1999. Where did all of these defacements come from? Did any Top Level Domains manage to reduce their share of defacements over the last year in what can only be described as a harsh environment? The answers surprised me. I didn't expect to see Brazil leading those countries with gains, or the U.S. military heading the list of those TLDs to reduce their absolute share of defacements."
    http://www.attrition.org/security/commentary/winnersandlosers.html

    ATTACKER BOMBS CHAT NETWORK

    A Romanian attacker has launched a major distributed denial of service forcing one of the largest IRC networks, Undernet, to shut down much of its service. A number of Internet Service Providers hosting Undernet servers – including some in the US, the Netherlands and France - have been hit with DdoS attacks.
    http://www.zdnet.co.uk/news/2001/1/ns-20101.html

    HISTORY LOOKS AT THE NSA

    As anyone who watched Enemy of the State knows, the National Security Agency is a rapacious beast with an appetite for data surpassed only by its disregard for Americans' privacy. Or is the opposite true, and the ex-No Such Agency staffed by ardent civil libertarians? To the NSA, of course, its devilish reputation is merely an unfortunate Hollywood fiction. Its director, Lt.Gen. Michael Hayden, has taken every opportunity to say so, most recently on a History Channel documentary that aired for the first time Monday evening. "It's absolutely critical that (Americans) don't fear the power that we have," Hayden said on the show.
    http://www.wired.com/news/politics/0,1283,41063,00.html

    WEAK SECURITY IN NUKE PLANT

    A security guard is believed to have hacked his way into computer networks at the Bradwell nuclear reactor in Essex near London and to have altered and deleted information.
    http://www.theregister.co.uk/content/6/15947.html

    LINUX.CONF.AU - THE HACKER'S CONFERENCE

    The talk of Linux Australia at the moment is about Linux.conf.au. This four-day gathering of some of the world's most influential Linux developers is being held at the University of New South Wales, Sydney from 17 to 20 January.
    http://www.linuxworld.com.au/news.php3?nid=3D393&tid=3D2

    BIOMETRICS - WHAT YOU NEED TO KNOW

    Biometrics have garnered increasing attention and backing in the last few years. We are promised a utopian existence: never again will you forget your password or need to remember your access card to get into the building. Unfortunately, it isn't quite this simple. While biometrics will be a significant portion of any authentication or identification in the future, they cannot replace many existing security systems without significant disadvantages. Using biometrics in conjunction with other proven security methods can result in a stronger solution; but using biometrics on their own is a very bad idea, for numerous reasons.
    http://securityportal.com/closet/closet20010110.html

    BOOTS PENETRATED

    Britain's biggest chemist had its corporate Web site attacked this morning by a poet. Instead of the usual corporate nonsense, the 534-word poem left behind by 'Mentor' tells of the angst of a teenage hacker - but also the personal discovery of computer crime. Called The Conscience of a Hacker, there is a deliciously dark undercurrent that shines a light on teenage angst in a digital generation.
    http://www.theregister.co.uk/content/6/15958.html

    U.S. TURNS ITS TECH EFFORTS TO PREVENTION

    In a recent study about new national security threats, CSIS warned that it is growing increasingly difficult to distinguish between threats from foreign militaries or spies, terrorists, or run-of-the mill hackers. Plus, the interconnectedness of America's many computer networks creates tasty new targets; for example, taking down a large bank's computer system could do more damage than attacking a bank building. The study also noted that 95 percent of U.S. military traffic moves over civilian telecommunications and computer networks.
    http://enterprisesecurity.symantec.com/content.cfm?articleid=3D559&PID=3D17=26127

    CLINTON: RELAX CRYPTO EXPORT CONTROLS

    In a move that could be its final action regarding encryption, the Clinton administration acknowledged that it can't control security using hardware-based measures, because even the most innocuous home PCs can be strung together to form a powerful computing system. The Department of Defense, which has been working with the White House on the issue, agreed.
    http://www.zdnet.com/zdnn/stories/news/0,4586,2673461,00.html

    PERSONAL SIDE OF BEING A SYSADMIN

    Have you got what it takes to be a sysadmin? Can you deal with an annoying user without telling them off? How about that dreaded boss with an idea? In this article, the Personal Side of being a Sysadmin, we will look at methods of dealing with the day to day aspects of keeping all the kids happy in the sandbox.
    http://www.linux.com/sysadmin/newsitem.phtml?sid=3D1&aid=3D11529


Older Information Security News


Copyright © 1998 - 2004 RHP Studios
All Rights Reserved!
Report errors to webmaster@rhpstudios.com
Last Updated on July 24,2004 @ 11:45 hrs EST