From: The SANS Institute (NewsBitessans.org)
Date: Fri Feb 15 2008 - 13:34:36 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*************************************************************************
SANS NewsBites February 15, 2008 Vol. 10, Num. 13
*************************************************************************
TOP OF THE NEWS
  Senate FISA Amendment Bill Would Give Telecomms Immunity from Prosecution
  Legislators Introduce Bill Aimed at Preserving Net Neutrality
  UK Database Will Compile Educational Records
THE REST OF THE WEEK'S NEWS
  LEGAL MATTERS
    Woman Sues Best Buy for US $54 Million Over Lost Laptop
    Brothers Guilty of Manslaughter in Revenge Attack
  POLICY & LEGISLATION
    Interactive Breach Notification Map
  COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
    Danish ISP Will Fight Court Order to Block Pirate Bay
  WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
    Adobe Releases Fixes for Critical Flaws in Flash Media Server and
       Connect Enterprise Server
    Exploit Code for Microsoft Works Flaw Circulating
    Microsoft Issues 11 Security Bulletins
  ATTACKS, INTRUSIONS, DATA THEFT & LOSS
    Bloodbank Donor Information on Missing Computers
  MISCELLANEOUS
    Undersea Cables Repaired; Internet Access Restored
    Police Officer Suspended for Unauthorized Database Access
LIST OF UPCOMING FREE SANS WEBCASTS

*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
- - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad
bonus sessions and a huge exhibition of security products:
http://www.sans.org/sans2008
- - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

TOP OF THE NEWS
- --Senate FISA Amendment Bill Would Give Telecomms Immunity from
Prosecution
(February 13, 2008)
The US Senate has approved S.B. 2248, a measure that grants immunity
from prosecution to telecommunications companies that cooperate with
intelligence gathering requests from the government. The proposed
amendment to the Foreign Intelligence Surveillance Act (FISA) also
increases government powers to eavesdrop on communications in certain
cases without a warrant. The White House has said that another
temporary law will not be signed; the House of Representatives' version
of the bill does not provide immunity for the telecommunications
industry.
http://www.washingtonpost.com/wp-dyn/content/article/2008/02/12/AR2008021201202_pf.html
http://www.securityfocus.com/brief/681
[Editor's Note (Schultz): It is inevitable that some kind of legislation
of this nature will pass in the US. Protection of privacy continues to
crumble in the name of intelligence collection, fighting crime, and
stopping piracy.]

- --Legislators Introduce Bill Aimed at Preserving Net Neutrality
(February 13, 2008)
US Representatives Ed Markey (D-Mass.) and Chip Pickering (R-Miss.) have
introduced the Internet Freedom Preservation Act. Markey says the bill
is designed "to assure consumers, content providers, and high-tech
innovators that the historic, open architecture nature of the Internet
will be preserved and fostered." Advocacy groups are pleased with the
bill, particularly in light of recent allegations that Comcast engages
in traffic throttling to limit user access to applications that consume
large amounts of bandwidth.
http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/02/13/Lawmakers-introduce-new-net-neutrality-bill_1.html
http://www.savetheinternet.com/blog/2008/02/12/internet-bill-would-bar-discrimination-engage-the-public-on-better-policy/
http://www.freepress.net/docs/markey_086_xml.pdf

- --UK Database Will Compile Educational Records
(February 13, 2008)
This September, the UK government intends to launch a database that will
retain information about every student between the ages of 14 and 19,
including personal details, examination results and school records.
Students will be provided with a Unique Learner Number to identify their
record; they will be required to have a number to obtain a diploma. The
files will be permanent and teachers and employers will have access to
them, although students would reportedly have control over how the
information in their records is shared. The database project is called
Managing Information Across Partners (MIAP) and is expected to cost GBP
45 million (US $88.7 million). The plan has been met with skepticism,
particularly in light of the recent data security breaches the UK
government has experienced. Students are also concerned that every
little event that occurred in their schooling will follow them for the
rest of their careers.
http://www.news.com/2102-1029_3-6230380.html?tag=st.util.print
http://education.guardian.co.uk/schools/story/0,,2256044,00.html
http://www.theregister.co.uk/2008/02/13/england_child_database/print.html

************************** Sponsored Links: ***************************
1) SANS Third Annual Log Management Survey What are the challenges in
log management? Have perceptions changed since last year? Help us find
out! Take the survey at http://www.sans.org/info/24113

2) More than 50% of latest online scams are hosted on compromised web
sites. New report has the details.
http://www.sans.org/info/24118
*************************************************************************

THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
 --Woman Sues Best Buy for US $54 Million Over Lost Laptop
(February 14, 2008)
A woman has filed a US $54 million lawsuit against Best Buy for losing
her computer. Raelyn Campbell acknowledges that the amount far exceeds
replacement cost and compensation, but she wants to draw "attention to
the reprehensible state of consumer property and privacy protection at"
Best Buy. Campbell says that her computer was stolen from the Best Buy
store and that employees falsified records to hide that fact. She also
says they lied to her for weeks about the status of her computer.
Campbell brought her computer in for repairs in May 2007, and filed the
lawsuit in mid-November.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206504123
[Editor's Note (Pescatore): I was thinking of suing my employer for
about that much for forcing to me to carry a laptop all the time. This
does point out an issue where some companies have allowed employees to
do business on personal laptops that get repaired at places that don't
protect them very well, and then the business information ends up on
eBay and thousands of customers have to get notified, etc. etc.
(Cole): This will continue to happen; so two key take aways. One, use
folder level encryption with a strong passphrase so repair people will
not have access to your data. Full disk encryption will not work, since
the techs need to log into the system. Second, backup of all of your
critical data on a removable drive.
(Schultz): It is easy to predict that lawsuits of this kind are going
to proliferate in the future. Many organizations have been downright
irresponsible in handling personal and financial information, let alone
others' computers. The threat of a lawsuit is likely to force such
organizations to radically tighten their procedures for handling such
information and computing equipment. ]

 --Brothers Guilty of Manslaughter in Revenge Attack
(February 5, 11, 14 & 15, 2008)
Brothers Mark and Steven Forbes have been found guilty of manslaughter
in the January 2007 death of Bernard Gilbert, a man involved in a
dispute over a parking space with Mark's wife. Gilbert and Zoe Forbes
became engaged in a dispute over a supermarket parking space, at which
time Gilbert allegedly reacted in an "over-the-top, abusive, and
insulting" manner to Forbes. Forbes contacted her husband, who then
asked a friend to ask a policeman friend to use Gilbert's license plate
number to find out Gilbert's home address. Forbes's husband and his
brother threw a brick through a window at Gilbert's home; he died of a
heart attack less than an hour later. Stephen Smith, the police officer
who provided Forbes with the information, has resigned; last year he
pleaded guilty to disclosing information in violation of the Data
Protection Act.
http://www.timesonline.co.uk/tol/news/uk/crime/article3371948.ece
http://news.bbc.co.uk/2/hi/uk_news/england/derbyshire/7244728.stm
http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id=514539&in_page_id=1770
[Editor's Note (Shpantzer): Most private investigators have 'a guy at
the DMV' or 'a friend on the force' to do favors for them. Increased
logging and monitoring will help put the word out that these databases
have a specific purpose and no 'recreational' use will be tolerated.]

POLICY & LEGISLATION
 --Interactive Breach Notification Map
(January 2008)
This map provides highlights of data breach notification laws in the 39
US states that have enacted such legislation, as well as "the status of
several pending federal bills pertaining to breach disclosure."
Information provided includes notification timeframe requirements,
penalties for not disclosing breaches, whether or not the law allows for
private right of action, and exemptions to the law.
http://www.csoonline.com/read/020108/ammap/ammap.html
[Editor's Note (Skoudis): This is a great piece of work. Kudos to CSO
Online for putting it together and making it freely available. I just
bookmarked it, and will be consulting it often.]

COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
 --Danish ISP Will Fight Court Order to Block Pirate Bay
(February 13, 2008)
Danish Internet service provider (ISP) Tele2 says it will fight a court
order that it block access to the Bit-Torrent website known as Pirate
Bay. In the mean time, the ISP has cut off access to the site for its
customers; other ISPs in Denmark have not yet received letters
requesting that they also prevent their users from accessing the
website. The International Federation of the Phonographic Industry
(IFPI) plans to send the letters this week.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9062482&source=rss_topic17
http://www.heise-online.co.uk/security/Code-injection-vulnerability-in-Adobe-s-Flash-Media-Server--/news/110115

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
 --Adobe Releases Fixes for Critical Flaws in Flash Media Server
and Connect Enterprise Server
(February 13, 2008)
Adobe has released three more security bulletins, two for critical
vulnerabilities in Flash Media Server and Adobe Connect Enterprise
Server and one for an important vulnerability in RoboHelp 7 and RoboHelp
7 installations. The Flash bulletin addresses three flaws that could
be exploited to allow remote code injection. The flaws are known to
affect Flash Media Server 2 version 2.0.4 on Windows; earlier versions
and the Linux version may be vulnerable as well. Users are urged to
upgrade to version 2.0.5. The Adobe Connect Enterprise Server bulletin
addresses three flaws that could be exploited to take control of
vulnerable systems. Adobe also released a bulletin earlier this week
to fix problems in its Reader and Acrobat products.
http://www.eweek.com/index2.php?option=content&task=view&id=46377&pop=1&hide_ads=1&page=0&hide_js=1
http://www.adobe.com/support/security/bulletins/apsb08-03.html
http://www.adobe.com/support/security/bulletins/apsb08-04.html

 --Exploit Code for Microsoft Works Flaw Circulating
(February 13, 2008)
Proof-of-concept exploit code has been posted for a vulnerability in the
Microsoft Works file converter software in Office 2003, a flaw that is
addressed in a Microsoft security bulletin (MS08-011) released on
Tuesday. Users are urged to apply the fix as soon as possible. The flaw
can be exploited to allow unauthorized code to run on vulnerable
machines. The flaw affects Microsoft Works 8 and Work Suite 2005 as
well. To become infected, users would have to open a maliciously
crafted Microsoft Works attachment.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9062579&source=rss_topic17

 --Microsoft Issues 11 Security Bulletins
(February 12, 2008)
Microsoft's monthly security release for February comprises 11 security
bulletins, six with maximum severity ratings of critical and five with
maximum severity ratings of important. All of the critical bulletins
address remote code execution vulnerabilities; the five important
bulletins address flaws that could be exploited to cause
denial-of-service conditions, gain elevation of privilege and allow
remote code execution. Notably absent from the release is a fix for a
vulnerability in Excel that Microsoft acknowledged in a security
advisory a month ago.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206502000
http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx
http://www.microsoft.com/technet/security/advisory/947563.mspx
Internet Storm Center: http://isc.sans.org/diary.html?storyid=3973
[ISC Guest Editor's Note (Swa Frantzen): Not only is the excel patch
missing, one of the 12 announced patches also didn't make it. Let's hope
we get the Windows Script (JavaScript and VBScript) and the excel patch
next month. Exploits known to be around publicly include at this point
in time those targeting the vulnerabilities fixed in MS08-006, Ms08-007,
MS08-010 and MS08-011.]

ATTACKS, INTRUSIONS, DATA THEFT & LOSS
 --Bloodbank Donor Information on Missing Computers
(February 13 & 14, 2008)
Approximately 320,000 people who donated blood through Lifeblood in
Memphis are at risk of identity fraud after two laptop computers were
reported missing from the company. Lifeblood has enhanced its security
practices since the incident. Areas where laptops are kept now have
more stringent access restrictions as well as closed circuit monitoring.
Software installed on company laptops allows their locations to be
tracked remotely and provides a means for erasing the computers' hard
drives should they be lost or stolen. Finally, the company has altered
the programming so that complete Social Security numbers (SSNs) are not
downloaded to mobile computers. The missing computers were reported to
Lifeblood management in early January; the company decided to refrain
from making the incident public knowledge until all affected donors had
been notified.
http://www.sunherald.com/447/story/368296.html
http://www.tennessean.com/apps/pbcs.dll/article?AID=/20080214/NEWS03/802140369/1017/NEWS01

MISCELLANEOUS
 --Undersea Cables Repaired; Internet Access Restored
(February 12, 2008)
Internet access in the United Arab Emirates has been "completely
restored," according to Etisalat, the UAE's main telecommunications
operator. Undersea cables damaged in the last few weeks had disrupted
service, but repairs are now complete.
http://news.smh.com.au/uae-back-online-after-cable-repairs/20080212-1rnh.html

 --Police Officer Suspended for Unauthorized Database Access
(February 8, 2008)
DeKalb County (Georgia) police officer Teresa Shover has been suspended
for five weeks for accessing the Georgia Crime Information Center, a
classified database, to find a private citizen's personal Information.
Officers in the department sign forms acknowledging that they understand
that misusing the information is a crime. Shover, who is separated from
her husband, used the information in an attempt to strike out at the
woman her husband was dating. Shover sent defamatory flyers to the
woman's friends and family, including her mother, former employer,
neighbors and other relatives.
http://www.wsbtv.com/news/15256835/detail.html
[Editor's Note (Honan): In our rush to fight the terrorist/serious
criminal/paedophile bogeyman by accumulating more and more databases on
our citizens, these stories should be a salutory lesson as to why we
need to ensure proper checks and balances, and punishment for misuse,
are in place to ensure those with access to these systems do not abuse
them for their own needs or those of others.]

LIST OF UPCOMING FREE SANS WEBCASTS

SANS Special Webcast: Beyond Security Basics: Emerging Defensive
Strategies You Shouldn't Miss
WHEN: Tuesday, February 19, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKER: John Strand
http://www.sans.org/info/22954
Sponsored By: Core Security

Still think that locking down root access to operating systems is the
cornerstone of security, or that your perimeter can't be tunneled under?
Please join John Strand, certified SANS instructor and security
consultant with Argotek, for this free webcast.

Ask the Expert: Security Needs a Paradigm
WHEN: Thursday, February 21, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKERS: Dave Shackleford and A.N. Ananth
http://www.sans.org/info/22959
Sponsored By: Prism MicroSystems

In this webcast, we'll discuss the reasoning behind a "whitelist"
approach, how change monitoring can complement logging and event
monitoring in your security program, and common system changes that may
indicate malicious activity.

SANS Special Webcast Series: Part 1 of 3: "Security Insights with Dr. Eric Cole"
WHEN: Wednesday, February 20, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURING: Dr. Eric Cole
https://www.sans.org/webcasts/show.php?webcastid=91783

The 2008 information security environment suggests new challenges and
increasing potential for organizations to fall victim to the latest
threats. While information security practices are improving, attackers
and business requirements continue to raise the bar for the security
professional. As organizations look at a technical landscape fraught
with viruses, web-based exploits and social-engineering attacks, data
loss challenges and beyond, the need to select proven technologies that
address threats to their unique environment is crucial. Too often
organizations are trying out new strategies and wonder what other
organizations have done in similar situations. One of the leading
experts in network security will draw above his teaching experience and
interacting with thousands of students and different organizations, to
show strategies that will allow organizations to implement cost
effective solutions. Participants will walk away with insights they can
directly apply, to increase their security. Register now for this free
webcast!

Ask the Expert: Security Needs a New Paradigm
WHEN: Thursday, February 21, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKERS: Dave Shackleford and A.N. Ananth
http://www.sans.org/info/22959
Sponsored By: Prism MicroSystems

In this webcast, we'll discuss the reasoning behind a "whitelist"
approach, how change monitoring can complement logging and event
monitoring in your security program, and common system changes that may
indicate malicious activity.

Tool Talk Webcast: A Practical Approach to Cyber Security within Control
System Environments
WHEN: Tuesday, February 26, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKER: Brian Contos
http://www.sans.org/info/22964
Sponsored By: ArcSight

Recently there has been substantial media hype surrounding cyber attacks
against critical infrastructure: oil and gas, power and energy,
chemical, etc. Few disagree that systems controlling critical
infrastructure make valuable targets for a wide range of attackers and
pursuits; but the FUD sometimes shadows the facts. So rather than debate
the threat level, this webcast will focus on empirical findings derived
from multiple, federally funded research projects. These collaborative
projects have brought together federal agencies, academia, control
system vendors, IT security vendors like ArcSight, and industry
representatives to research and test practical cyber incident
prevention, detection and response.

SANS Special Webcast: How to Win Friends and Influence People (for
Penetration Testers)
WHEN: Tuesday, March 4, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURING: Lenny Zeltser
http://www.sans.org/info/22984
Sponsored By: Core Security

The success of a security test is often determined in the planning
stage, when the "human element" plays a critical role. This is
especially true for penetration testing projects, which sometimes
encounter political hurdles before they even begin.

Please join us to learn how, with a little transparency and tact, you
can not only get approval for pen testing projects but also help
colleagues use the results to improve your overall security.

********************************************************************

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.

Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center.

Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair
of the President's Critical Infrastructure Protection Board.

Ed Skoudis is co-founder of Intelguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Intelguardians, a handler for the SANS Institute's Internet Storm
Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.

Bruce Schneier has authored eight books -- including BEYOND FEAR and
SECRETS AND LIES -- and dozens of articles and academic papers. Schneier
has regularly appeared on television and radio, has testified before
Congress, and is a frequent writer and lecturer on issues surrounding
security and privacy.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Mark Weatherford, CISSP, CISM, is the Chief Information Security Officer
for the State of Colorado.

Alan Paller is director of research at the SANS Institute

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Rohit Dhamankar is the Lead Security Architect at TippingPoint, a
division of 3Com, and authors the critical vulnerabilities section of
the weekly SANS Institute's RISK newsletter and is the project manager
for the SANS Top20 2005 and the Top 20 Quarterly updates.

Koon Yaw Tan is Assistant Director at Monetary Authority of Singapore
(MAS) and a handler for the SANS Institute's Internet Storm Center.

Gal Shpantzer is a trusted advisor to several successful IT outsourcing
companies and was involved in multiple SANS projects, such as the
E-Warfare course and the Business Continuity Step-by-Step Guide.

Brian Honan is an independent security consultant based in Dublin,
Ireland.

Roland Grefer is an independent consultant based in Clearwater, Florida.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAke13NMACgkQ+LUG5KFpTka+9ACeIw3pKiUAFvr/Pici3cibEXQJ
O/cAoKOuFz6lKA7wGw/xgCVOL2NlefZ9
=r4yd
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]