From: The SANS Institute (NewsBitessans.org)
Date: Fri Mar 07 2008 - 13:23:58 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A very interesting gathering on web application security coming up in
June in Las Vegas. The top technical experts in application security
(Jeremiah Grossman, Gary McGraw, and Caleb Sima, just to name three)
will present the newest attack techniques and the most promising
mitigations they have found. They will be joined by application security
managers from more than a dozen of the most experienced banks and other
user organizations who will tell what works and what doesn't work and
share the lessons they learned in implementing application security
initiatives. Add to that the technical folks from every important
application security vendor, sharing their newest tools, and you will
walk away with the key things needed to move forward confidently in
improving application security. There are also several sources for
those who want more in-depth training. Information at
http://sans.org/info/24609

                                  Alan
PS. 80% of the new attack vectors are using application security flaws,
so if you don't have an application security initiative underway, you
are leaving yourself open to simple and sophisticated attacks.

*************************************************************************
SANS NewsBites March 7, 2008 Vol. 10, Num. 19
*************************************************************************
TOP OF THE NEWS
  Military Asks Google to Remove Base Images from Street View
  USAF Plans New Cyberspace Command
  Swiss Bank Drops Lawsuit in Wikileaks Case
THE REST OF THE WEEK'S NEWS
  LEGAL MATTERS
    Goal Financial Settles FTC Charges
    10 Months in Prison for Hotel Business Kiosk Hacker
  HOMELAND SECURITY & GOVERNMENT SYSTEMS SECURITY
    UK Website Shuts Down After Being Inundated with USAF eMail
  COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
    Judge Allows RIAA to Subpoena Univ. to Obtain Students' Identities
  WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
    Microsoft's March Security Update to Comprise Four Bulletins
    Chinese Mobile Phone Ransomware
  ATTACKS, INTRUSIONS, DATA THEFT & LOSS
    Thirty Thousand PCs and Macs used In "Overwhelming" DDoS Attack on UK
       Gambling Site
  Children's Personal Data on Stolen Memory Stick
  STATISTICS, STUDIES & SURVEYS
    Survey: National Security Outweighs Privacy
  MISCELLANEOUS
    US $76 Million Worth of Counterfeit Cisco Products Seized
LIST OF UPCOMING FREE SANS WEBCASTS

****************** Sponsored By Clearwell Systems ***********************

Free Webinar: Best Practices for Corporate Investigations --- Presented
by Cisco's Joel Yusim, this online seminar on March 18th will detail
best practices for performing corporate investigations. Attend and learn
how to audit your current internal investigation process, implement
several best practices, and solve internal investigations more quickly
and accurately.
http://www.sans.org/info/25379

*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
- - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad
    bonus sessions and a huge exhibition of security products:
       http://www.sans.org/sans2008
- - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any-time: www.sans.org

*************************************************************************

TOP OF THE NEWS
 --Military Asks Google to Remove Base Images from Street View
(March 6, 2008)
The US military has asked Google to remove certain images from its
Street View service because they pose a threat to the security of
military bases. The military is especially concerned with images that
show details of security at base entrances. The military has also
banned Google from taking videos at its bases after footage was filmed
at one Texas army base. Google says that it does not "seek access to
military bases" private roads, or posted no trespassing areas." A
Google spokesman said the company has complied with the military's
requests.
http://www.msnbc.msn.com/id/23505366/
http://ap.google.com/article/ALeqM5gJWAqizzLP80ddn0-BHPl7hy1uvgD8V84NVO0
http://afp.google.com/article/ALeqM5i3BOMCwxbAZg_Nfh9OyIAYPTlSQA

 --USAF Plans New Cyberspace Command
(March 5, 2008)
The US Air Force plans to establish a cyber command that is expected to
be operational by October of this year. According to a recently
released document, Air Force Cyber Command Strategic Vision, "Mastery
of cyberspace is essential to America's national security." In
addition, the "cyberspace command will provide combat-ready forces
trained and equipped to conduct sustained combat operations through the
electromagnetic spectrum and fully integrate these with air and space
operations."
http://www.theregister.co.uk/2008/03/05/air_force_cyber_command/print.html
http://www.afcyber.af.mil/shared/media/document/AFD-080303-054.pdf

 --Swiss Bank Drops Lawsuit in Wikileaks Case
(March 5 & 6, 2008)
Bank Julius Baer has dropped its lawsuit against Wikileaks.org. The
Swiss financial institution originally brought the suit because it
claimed sensitive bank data were posted on the Wikileaks site and it
wanted them removed. The judge in the case initially ordered that
Wikileaks.org be shut down, but reconsidered and reversed his decision
due to First Amendment concerns. Bank Julius Baer is now seeking other
avenues to removing the documents.
http://www.msnbc.msn.com/id/23488121/
http://www.forbes.com/facesinthenews/2008/03/06/wikileaks-switzerland-tax-face-markets-cx_ll_0306autofacescan01.html
[Editor's Note (Shchultz): Julius Baer's wanting the sensitive documents
removed is making less sense over time. The damage has already been done
in that the information in these documents has been publicly available
for an extended period of time.]

************************** Sponsored Links: ***************************
1) SANS Third Annual Log Management Survey What are the challenges in
log management? Have perceptions changed since last year? Help us find
out! Take the survey at http://www.sans.org/info/25384

2) PacketMotion delivers unprecedented visibility and real-time control
of insider threats. Learn more and first 100 respondents receive a
complementary Elsevier book "Insider Threat" - $35 value.
http://www.sans.org/info/25389

3) Live Webcast March 18th. Listen to Hertz, Forrester, and
GuardianEdge Discuss Endpoint Data Protection - Beyond Encryption.
Register Now!
http://www.guardianedge.com/eseminar/monthly/invite/ge/index.php?esemp=sans

*************************************************************************

THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
 --Goal Financial Settles FTC Charges
(March 4 & 6, 2008)
Goal Financial has agreed to change the way it protects customer data
to settle Federal Trade Commission (FTC) allegations that it failed to
take proper safeguards with the student loan data it held. Between 2005
and 2006, two employees accessed personal information of approximately
7,000 customers and brought it to a competing company. Also, the company
allowed an employee to sell a hard drive with unencrypted personal data
of approximately 34,000 customers. The compromised data include names,
birth dates, Social Security numbers (SSNs), and income and employment
information. Goal Financial will put in place a comprehensive security
program that includes independent audits every two years.
http://www.cio.com/article/192255/FTC_Settles_Breach_Complaint_with_Student_Lender
http://www.scmagazineus.com/Student-loan-company-settles-with-FTC-over-data-mishandling/article/107705/

 --10 Months in Prison for Hotel Business Kiosk Hacker
(March 3, 2008)
Hario Tandiwidjojo has been sentenced to 10 months in prison for
stealing credit card information from hotel business kiosks. In
December, Tandiwidjojo pleaded guilty to unauthorized access to a
protected computer and admitted to breaking into about 60 computers with
passwords he obtained when he was employed by a company that serviced
the kiosks. He installed software that captured the sensitive data and
sent them back to him. Tandiwidjojo was also ordered to pay US $34,266
in restitution for fraudulent charges made on the stolen accounts.
http://losangeles.fbi.gov/dojpressrel/pressrel08/la030308usa.htm

HOMELAND SECURITY & GOVERNMENT SYSTEMS SECURITY
 --UK Website Shuts Down After Being Inundated with USAF eMail
(March 3 & 4, 2008)
The website www.mildenhall.com has been shut down because it was
receiving classified email intended for US Air Force personnel at a
nearby airbase. The site's owner had been trying to solve the problem
for years and until recently, the Air Force did not take him seriously.
He tried blocking unrecognized addresses within his domain and
established an auto-reply to let people know the correct address for Air
Force personnel. He finally closed the site that he had established to
promote his town of the same name.
http://www.theregister.co.uk/2008/03/03/mildenhall_website/print.html
http://news.bbc.co.uk/2/hi/uk_news/england/suffolk/7277392.stm

COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
 --Judge Allows RIAA to Subpoena Univ. to Obtain Students' Identities
(March 4, 2008)
A federal judge has granted a request from the Recording Industry
Association of America (RIAA) to subpoena the University of Arizona (UA)
to surrender information identifying 14 students the RIAA believes have
violated copyright law. Universities usually have 30 days to comply
with the subpoenas; the RIAA is likely to contact UA within the next
week. The RIAA sent 14 prelitigation letters to the university in early
December; the students have been identified only as John Does. UA
decided not to send those letters on to the students.
http://www.azstarnet.com/metro/228226

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
 --Microsoft's March Security Update to Comprise Four Bulletins
(March 6, 2008)
According to Microsoft Advance Notification, the company will release
four security bulletins on Tuesday, March 11. All four bulletins carry
a severity rating of critical. Three of the bulletins will address
flaws in Microsoft office; the fourth will address flaws in Microsoft
Office Web Components. The vulnerabilities affect Microsoft Office
2000, Office XP, Office 2003, Excel, Office Outlook and Office for Mac.
http://www.eweek.com/c/a/Security/Microsoft-Critical-MS-Office-Patches-Coming/
http://www.microsoft.com/technet/security/Bulletin/MS08-mar.mspx
[Editor's Note (Shpantzer): Note that Mac users are also exposed to the
Office for Mac vulnerability.]

 --Chinese Mobile Phone Ransomware
(March 5, 2008)
The Kiazha-A Trojan horse program has been infecting Symbian series 60
mobile phones in China. The malware deletes all text messages and
displays a message telling the users that their phones have been
infected and will be rendered useless unless they send RMB 50 yuan (US
$7). Kiazha-A is part of a malware bundle known as MultiDropper-CR;
phones can be infected through Bluetooth or MMS messages.
http://www.theregister.co.uk/2008/03/05/mobile_ransomware_trojan/print.html
http://www.vnunet.com/vnunet/news/2211194/ransomware-goes-mobile

ATTACKS, INTRUSIONS, DATA THEFT & LOSS
 --Thirty Thousand PCs and Macs used In "Overwhelming" DDoS Attack on
    UK Gambling Site
(March 6, 2008)
A British gambling site was disabled for a half hour by an "unstoppable"
denial of service attack. The attack generated a sustained 10 gigabits
of traffic fro more than 30,000 Macs and PCs that had been converted to
bots.
http://software.silicon.com/security/0,39024655,39170296,00.htm
 
 --Children's Personal Data on Stolen Memory Stick
(March 5 & 6, 208)
A memory stick plugged into a laptop computer stolen from a Shropshire
(UK) medical center holds personally identifiable information of more
than 200 children. The computer "had been fitted with encryption
software to comply with ... NHS security standards" and its remote
access has been disabled to prevent it from connecting to the NHS
network. It also had tracking technology installed. The data on the
memory stick include names, dates of birth, addresses and information
about the treatment they received for speech and language therapy.
Patients and their families were notified promptly.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9066858&source=rss_topic17
http://www.shropshirestar.com/2008/03/05/details-on-200-children-stolen/
[Editor's Note (Shpantzer): Most full disk encryption software packages
come with free USB encryption. For some reason a lot of organizations
don't take advantage of this feature.]

STATISTICS, STUDIES & SURVEYS
 --Survey: National Security Outweighs Privacy
(March 3, 2008)
A survey of 474 US federal, state, and local government IT professionals
found that more than half believe national security is more important
than personal privacy. Sixty-nine percent of respondents said identity
management is important to their organizations; 72 percent believe that
importance will increase over the next five years. Fifty-six percent
of the IT professionals were aware of someone having violated their
organizations' security protocols. Seventy-six percent say their
agencies have secured their information systems.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206901345
http://www.quest.com/newsroom/news-releases-show.aspx?contentid=6954

MISCELLANEOUS
 --US $76 Million Worth of Counterfeit Cisco Products Seized
(February 28, 29 & March 3, 2008)
North American law enforcement agencies have seized counterfeit Cisco
hardware and product labels. The phony merchandise, which was seized
in more than 400 raids, is estimated to be worth US $76 million. The
US Immigration and Customs Enforcement, Customs and Border Protection,
the FBI, and the Royal Canadian Mounted Police collaborated in the
investigation. The decision was made to focus on phony Cisco equipment
to protect critical infrastructure from network failure. Thus far, the
investigation has netted 10 convictions and US $1.7 million in
restitution.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206901053
http://www.channelregister.co.uk/2008/03/03/cisco_counterfeit_goods_doj/
http://www.usdoj.gov/opa/pr/2008/February/08_crm_150.html

LIST OF UPCOMING FREE SANS WEBCASTS

ISC Threat Update: March 2008
WHEN: Wednesday, March 12, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURED SPEAKERS: Johaness Ullrich and Tony Magallanez
http://www.sans.org/info/24623
Sponsored By: F-Secure

The SANS Internet Storm Center (ISC) uses advanced data correlation and
visualization techniques to analyze data collected from thousands of
sensors in over sixty countries. Experienced analysts constantly monitor
the Storm Center data feeds searching for trends and anomalies in order
to identify potential threats. When a threat is identified, the team
immediately begins an intensive investigation to gauge the threat's
severity and impact. This monthly webcast discusses recent threats
observed by the Internet Storm Center, and discusses new software
vulnerabilities or system exposures that were disclosed over the past
month. The general format is about 30 minutes of presentation by senior
ISC staff, followed by a question and answer period.

***
WhatWorks Webcast: PaulDotCom's Penetration Testing Dojo: Core IMPACT Style
WHEN: Tuesday, March 18, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURED SPEAKERS: Alan Paller and Paul Asadoorian
http://www.sans.org/info/24628
Sponsored By: Core Security Technologies

When beginning a security process at a consortium of non-profits, senior
network security engineer, Paul Asadoorian of Pauldotcom began looking
for a penetration testing tool that did network, web application and
social engineering tests. The tool he purchased is low on manpower use,
mostly self-maintaining and reliably proves the existence of network
vulnerabilities. Please attend this webcast to find out why Paul
selected CORE IMPACT and learn how it can help you safely perform
network, web application and end-user penetration testing.

***
SANS Special Webcast: Monthly Series: Security Insights with Dr. Eric Cole
This Month's Topic: Encryption
WHEN: Wednesday, March 19, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Dr. Eric Cole
http://www.sans.org/info/24633

Based on first-hand experience, this talk will look at areas where
encryption should be used and how to avoid common mistakes. Dr. Cole
will also identify areas where encryption should not be deployed.
Overall, this talk will provide expert knowledge of the landscape of
encryption, proper uses and common pitfalls. Register now for this free
webcast!

***
Ask the Expert: Malcode Analysis and Response: Proficiency vs. Complexity
WHEN: Thursday, March 20, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURED SPEAKERS: Matt Allen and Russ McRee
https://www.sans.org/webcasts/show.php?webcastid=91808
Sponsored By: Norman Data Defense Systems

The threat landscape changes constantly, driven in part by the "bot
economy" and changing malcode techniques. In response, incident handler
techniques must keep pace. This presentation will cover the use of
RAPIER, a security tool built to facilitate first response procedures
for incident handling. It is designed to acquire commonly requested
information and samples during an information security event, incident,
or investigation. RAPIER automates the entire process of data collection
and delivers the results directly to the hands of a skilled security
analyst. From detection and discovery, capture and containment, count
on a useful discussion meant to further your incident response
practices.

***
Tool Talk Webcast: Are You Naked? Why virtualization and service
processors are leaving traditional log management customers naked.
WHEN: Tuesday, March 25, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURED SPEAKER: Bill Johnson
https://www.sans.org/webcasts/show.php?webcastid=91798
Sponsored By: Tdi

Virtualization and on board service processors are making log management
systems obsolete and opening their customers to huge compliance issues.
All existing log management systems are based on an 'inside out' agent
based, SYSLOG and SNMP architecture. This model is obsolete in today's
datacenter. Traditional log management systems do not log all events or
watch the data center all the time, opening the door to Sarbanes Oxley,
HIPAA and other compliance risks.

***
Tool Talk Webcast: Analyzing Pen Testing Tools: Shootout at the Blackbox Corral
WHEN: Wednesday, March 26, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Larry Suto
http://www.sans.org/info/24653
Sponsored By: Fortify Software

All black box testing tools are not created equal. In the Fall of 2007,
security consultant Larry Suto published a report that evaluates the
coverage and balance between false positives and false negatives of
three popular penetration testing tools. His findings, which some found
surprising, prompted official responses from a number of tool vendors
that called into question areas of the experiment that could have led
to shaky results.

*******************************************************************

Be sure to check out the following FREE SANS archived webcasts:

Tool Talk Webcast: The ABC's of Dealing with Unique Network Security
Risks in a World of Open Campus Networks
WHEN: Wednesday, March 5, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURING: Brian Mehlman
http://www.sans.org/info/22979
Sponsored By: Q1 Labs

SANS Special Webcast: A Response to the "Cold Boot Attack" Announcement
WHEN: Thursday, March 6, 2008 at 3:00 PM EST (1900 UTC/GMT)
FEATURING: John Strand
https://www.sans.org/webcasts/show.php?webcastid=91884
********************************************************************

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.

Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.

Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair
of the President's Critical Infrastructure Protection Board.

Ed Skoudis is co-founder of Intelguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Intelguardians, a handler for the SANS Institute's Internet Storm
Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.

Bruce Schneier has authored eight books -- including BEYOND FEAR and
SECRETS AND LIES -- and dozens of articles and academic papers. Schneier
has regularly appeared on television and radio, has testified before
Congress, and is a frequent writer and lecturer on issues surrounding
security and privacy.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Mark Weatherford, CISSP, CISM, is the Chief Information Security Officer
for the State of Colorado.

Alan Paller is director of research at the SANS Institute

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Rohit Dhamankar is the Lead Security Architect at TippingPoint, a
division of 3Com, and authors the critical vulnerabilities section of
the weekly SANS Institute's RISK newsletter and is the project manager
for the SANS Top20 2005 and the Top 20 Quarterly updates.

Koon Yaw Tan is Assistant Director at Monetary Authority of Singapore
(MAS) and a handler for the SANS Institute's Internet Storm Center.

Gal Shpantzer is a trusted advisor to several successful IT outsourcing
companies and was involved in multiple SANS projects, such as the
E-Warfare course and the Business Continuity Step-by-Step Guide.

Brian Honan is an independent security consultant based in Dublin,
Ireland.

Roland Grefer is an independent consultant based in Clearwater, Florida.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkfRib4ACgkQ+LUG5KFpTkZAwQCfWiwUitu1FNoF2bEYWD/hmJao
5+MAoKOXkhv7qlZN1rivuPBEXmOPRCEW
=3yl5
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]