|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Tue Oct 07 2008 - 11:24:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Coolest Jobs in Cyber Security.
As promised on Friday, the coolest jobs survey, with the "top gun" jobs
and job paths highlighted, is now available at
http://www.surveymethods.com/EndUser.aspx?92B6DAC593D2CEC4
More information is in the last story of this issue
Alan
*************************************************************************
SANS NewsBites October 7, 2008 Vol. 10, Num. 79
*************************************************************************
TOP OF THE NEWS
Proposed Legislation Would Restrict US Border Searches of Electronic
Devices
Estonia's Cyber Security Policy
Skype Acknowledges Message Filtering and Retention in China
80,000+ Websites Serving Drive-by Malware Attacks
THE REST OF THE WEEK'S NEWS
SPAM, PHISHING & ONLINE SCAMS
US Financial Crisis Ripe Pickings for Scammers
DATA LOSS & EXPOSURE
T-Mobile Acknowledges 2006 Loss of Customer Data
Stolen Laptop Holds Irish Health Service Executive Employee Data
Virgin Media Ordered to Encrypt Portable Media Devices to Protect
Customer Data
ATTACKS
Two Indicted in Botnet Attack Case
STUDIES AND STATISTICS
Reported Data Breaches in US on the Rise
Most Hotel Internet Connections for Guests are Not Adequately Secured
MISCELLANEOUS
Mifare Classic RFID Vulnerability Research Published
Cool Jobs in Information Security
*********** Sponsored By Sourcefire, Inc. ***********
Best of Open Source Security (BOSS) Conference
February 8-10, 2009 Flamingo-Las Vegas
Be sure to register the first IT security conference dedicated to
promoting open source security (OSS) technologies and the commercial
products that embrace them. This long overdue conference will bring
together passionate OSS advocates and vendors under the same roof to
share ideas and experiences.
For more information, visit http://www.sans.org/info/33933
*************************************************************************
TRAINING UPDATE
- - SANS CDI in Washington 30 courses; big security tools expo; lots of
evening sessions: http://www.sans.org/ cdi08/
- - Monterey (10/31-11/6) http://www.sans.org/info/30738
- - Sydney Australia (10/27-11/1) http://www.sans.org/sydney08/
- - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/
and in 100 other cites and on line any time: www.sans.org
*************************************************************************
TOP OF THE NEWS
--Proposed Legislation Would Restrict US Border Searches of Electronic Devices
(September 30 & October 2, 2008)
US legislators have introduced a bill that would rein in the broad power
that the Department of Homeland Security (DHS) has granted border
control agents in seizing and searching travelers' laptops and other
electronic devices. The Travelers' Privacy Protection Act would require
that DHS establish reasonable suspicion of wrongdoing before searching
US residents' devices; it would also require that DHS have probable
cause and a court order or a warrant to hold a device for more than 24
hours. There would be restrictions placed on the sharing of information
gathered through the searches and DHS would be required to report to
Congress on its border searches.
http://news.cnet.com/8301-13578_3-10055020-38.html
http://www.securityfocus.com/brief/832
[Editor's Note (Schultz): Allowing DHS border patrol agents virtually
unlimited power in seizing, searching, and keeping laptops translates
to unreasonable search and seizure as well as infringement of privacy.
If it signed into law, the proposed legislation will go far in reining
in some of these excesses.]
--Estonia's Cyber Security Policy
(October 3, 2008)
A year-and-a-half after suffering coordinated denial-of-service attacks
against its government and commercial computer systems, Estonia has
released a national cyber security strategy that includes details about
the attacks and offers recommendations for preventing attacks in the
future and for a global stance toward cyber security. The report
identifies four "policy fronts": "application of a graduated system of
security measures in Estonia; development of Estonia's expertise in and
high awareness of information security to the highest standard of
excellence; development of an appropriate regulatory and legal framework
to support the secure and seamless operability of information systems;
[and] promoting international cooperation aimed at strengthening global
cyber security."
http://www.zdnetasia.com/news/security/0,39044215,62046785,00.htm
http://www.mod.gov.ee/static/sisu/files/Estonian_Cyber_Security_Strategy.pdf
--Skype Acknowledges Message Filtering and Retention in China
(October 3 & 6, 2008)
Skype has acknowledged that instant messages sent over its service in
China were tapped, but points the finger at its local partner, TOM
Online. Skype has a filter in place in China to block sensitive
keywords, but only last week found out that the filter had been modified
to log the conversations in which the keywords appear. The issue was
discovered by Canadian researchers, who found the unsecured servers on
which the messages were being stored. Skype has consulted with TOM on
the matter and the security hole that allowed the researchers to read
the stored messages has been closed.
http://www.theregister.co.uk/2008/10/03/skype_coughs_to_china_test_tap/
http://www.heise-online.co.uk/security/Skype-admits-censorship-and-invasion-of-privacy-in-China--/news/111662s
Supporting sites: http://www.greatfirewallofchina.org/
http://www.thedarkvisitor.com/2008/10/detailed-report-on-prcgov-monitoring-tom-skype/
[Editor's Note (Pescatore): This is just one of the many risks for
businesses when employees start to use consumer-grade services for
business purpose. This will increasingly be the case, however, and
security strategies that just rely on policy to say "don't do that"
aren't going to work any better than did saying don't use the Internet,
don't use WiFi, etc.]
--80,000+ Websites Serving Drive-by Malware Attacks
(October 3, 2008)
More than 80,000 websites have been "modified with malicious content"
that serves exploit code to unpatched PCs of site visitors. A server
containing administrative login credentials for more than 200,000
websites has been found, although not all the sites are known to be
infected with the malware. The infected sites include universities,
Fortune 500 companies, government systems, and the US Postal Service.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9116138&source=rss_news
http://www.theregister.co.uk/2008/10/03/neosploit_powered_mass_hack_attack/
[Editor's Note (Veltsos): Use a browser or add-ons that disable all
javascript and Flash content. I run Firefox with the Noscript add-on
enabled by default. NoScript lets you designate web sites as being safe
(and thus can run javascript) or you can temporarily (for duration of
the session) allow javascript to run on a particular web site.]
************************* SPONSORED LINK ******************************
1) Visit the SANS Buyers Guide for updated listings and useful
information when selecting the latest in IT security technologies.
http://www.sans.org/info/33938
*************************************************************************
THE REST OF THE WEEK'S NEWS
SPAM, PHISHING & ONLINE SCAMS
--US Financial Crisis Ripe Pickings for Scammers
(October 2, 2008)
The mergers and acquisitions of banks resulting from the US financial
crisis have provided new opportunities for online scam artists. Attacks
have been seen in which the customers of a bank are asked to provide
account information and other personal details to the bank's new owner
for verification purposes. Banks would not ask for such information
online; it would be done through paper mail.
http://news.cnet.com/8301-1009_3-10057180-83.html?part=rss&subj=news&tag=2547-1009_3-0-20s
DATA LOSS & EXPOSURE
--T-Mobile Acknowledges 2006 Loss of Customer Data
(October 4 & 6, 2008)
T-Mobile has acknowledged that a disk containing personally identifiable
information of 17 million German customers was lost more than two years
ago. T-Mobile is a subsidiary of Deutsche Telekom AG, which publicly
acknowledged the data loss only after an article published in Der
Spiegel indicated that the data were being offered for sale online. The
data include names, addresses, email addresses and mobile phone numbers,
but no bank account information. Those affected by the breach run the
gamut from everyday citizens to politicians and celebrities. T-Mobile
reported the loss to the state prosecutors as soon as it learned of the
situation and started monitoring sites where such information might be
offered for sale.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9116338&source=rss_topic17
http://www.theregister.co.uk/2008/10/06/t_mobile_records_lost/
http://www.dw-world.de/dw/article/0,2144,3690132,00.html
--Stolen Laptop Holds Irish Health Service Executive Employee Data
(October 3, 2008)
A laptop stolen in Dublin, Ireland on September 17 contains personally
identifiable information of several thousand Health Service Executive
(HSE) staff. The compromised data include names, salaries and staff
numbers; the data were not encrypted. Just weeks ago, several HSE data
storage devices, including a laptop, a Blackberry and a data disk, were
stolen from a medical officer's home. After that theft, HSE committed
to encrypt all digital media storage devices that contain personal and
medical data within one month.
http://www.scmagazineuk.com/Irish-HSE-hit-by-laptop-theft/article/118714/
--Virgin Media Ordered to Encrypt Portable Media Devices to
Protect Customer Data
(September 30, 2008)
The UK Information Commissioner's office has ordered Virgin Media to
encrypt all portable media that hold data. An unencrypted CD lost in
May 2008 contained personally identifiable data of approximately 3,000
people. The CD had been provided to Virgin Media by Carphone Warehouse;
the people whose data were on the CD had expressed interest in signing
up for Virgin Media services. The compromised data include names,
addresses, and some bank account information. The data loss constitutes
a violation of the UK's Data Protection Act.
http://www.silicon.com/research/specialreports/fulldisclosure/0,3800014102,39296160,00.htm?r=1
[Editor's Note (Pelgrin): The whole issue of hand-me-down equipment is
of real concern. One hears too frequently that old computers and other
hardware are given to charity groups, schools or left out with the
trash. There is need to raise the awareness of all the personal, private
and sensitive data that may be stored on most hardware devices.
Therefore, caution must be applied when giving away or disposing of
computers and electronic storage media. This is crucial if we are to
help prevent the inadvertent disclosure of information that often occurs
because of inadequate cleansing and disposal of computers and electronic
storage media.]
ATTACKS
--Two Indicted in Botnet Attack Case
(October 3 & 6, 2008)
A US federal grand jury has indicted two European men suspected of being
involved in distributed denial-of-service (DDoS) attacks against the
websites of two US satellite television equipment retailers in 2003.
Lee Graham Walker of England and Axel Gembe of Germany could each face
up to 15 years in prison if they are convicted of the charges of
conspiracy and intentionally damaging a computer system. Both are
presently still at large. Two other men, Saad (also called Jay)
Echouafni and Paul Ashley, were charged in 2004 with conspiracy for the
same attack. Ashley served two years for his role in the attacks;
Echouafni fled the country that same year and remains a fugitive. The
new indictment alleges Echouafni told Ashley to block access to rival
sites Rapid Satellite and Weaknees.
http://news.bbc.co.uk/2/hi/technology/7654357.stm
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9116204&source=rss_topic17
http://news.cnet.com/8301-1009_3-10058710-83.html?part=rss&subj=news&tag=2547-1009_3-0-20s
http://www.theregister.co.uk/2008/10/03/walker_gembe_ddos_attacks_indictment/print.html
STUDIES AND STATISTICS
--Reported Data Breaches in US on the Rise
(October 6, 2008)
According to statistics compiled by the Identity Theft Resource Center,
there have been 516 reported consumer data breaches in the first nine
months of 2008, exposing 30 million records; in 2007, the total number
of reported breaches was 446. Extrapolated from the numbers so far this
year, the total number of reported breaches in 2008 could top 680.
Eighty percent of the breaches involved digital media; the remaining 20
percent involved data recorded on paper. Of the incidents this year,
36 percent occurred at businesses, 21 percent occurred at educational
institutions, and 16 percent on military or federal government systems.
Twenty percent of the reported braches were due to lost or stolen
digital media storage devices, 17 percent were due to insider theft and
13 percent were exposed through hacking.
http://voices.washingtonpost.com/securityfix/2008/10/516_data_breaches_in_2008_expo.html
--Most Hotel Internet Connections for Guests are Not Adequately Secured
(October 3, 2008)
A study from the Cornell University School of Hotel Administration found
that most hotels do not take adequate security precautions on the
Internet connections they provide for their customers. The study
compiles data from 147 written survey responses and from visits to 46
hotels. Twenty percent of the hotel networks use simple hub topologies,
making them unsecured networks. Most of the other hotel networks
channel guest traffic through switches or routers, which are more secure
than hubs, but still make users susceptible to man-in-the-middle
attacks. The researchers recommend that the hotels set up Virtual Local
Area Networks (VLANs) to best protect guests from Internet threats.
http://www.gcn.com/online/vol1_no1/47290-1.html?topic=security
http://www.hotelschool.cornell.edu/research/chr/pubs/reports/abstract-14928.html
[Editor's Note (Veltsos): This report points out that the Hotel industry
has been asleep at the wheel when it comes to providing a minimum level
of security for its guests: 18% of the hotels visited had not separated
the hotel's business network from that used by guests; most hotels'
wireless and network infrastructures exposed guests to unnecessary risks
due to unencrypted wireless traffic and poorly managed network devices.
The study concludes with a number of basic recommendations for hotel
network security (e.g. use VLANs) and for hotel guests (e.g. use a
firewall and a VPN).
(Northcutt): The report is free, but you have to register. I am a bit
confused though, we are trying to buy hubs for one of our classes this
week and they are hard to find. How do hotel networks find enough hubs?
The report does say "antiquated hub technology", but what do they do
when one breaks? I wrote a related paper on ISPs, such as the ones
hotels use tracking user behavior presumably for marketing purposes:
http://www.sans.edu/resources/securitylab/superclick_privacy.php ]
MISCELLANEOUS
--Mifare Classic RFID Vulnerability Research Published
(October 6, 2008)
A research paper detailing a security vulnerability in the Mifare
Classic RFID chip has been published. The research, which was conducted
by Professor Bart Jacobs and his colleagues at Radboud University in
Holland, was set to be published earlier this year, but NXP, the company
that manufactures the Mifare Classic chip, sought an injunction to delay
the paper's dissemination to allow customers time to make changes to
their security systems. The chip is used in prepaid transportation
system cards in London, Boston and Holland and is also used to restrict
access to some buildings.
http://news.bbc.co.uk/2/hi/programmes/click_online/7655292.stm
http://www.theregister.co.uk/2008/10/06/mifare_hack_finally_published/
--Cool Jobs in Information Security
(October 7, 2008)
As promised on Friday, the "Best Security Jobs" survey is now ready. It
attempts to focus on the jobs that are interesting and make a
substantial difference in protecting organizations' information,
networks, applications and systems. If you have a job you consider
to be good, or you know about good security jobs, please take a moment
to complete the survey at:
http://www.surveymethods.com/EndUser.aspx?92B6DAC593D2CEC4
We have also marked the jobs where the "top guns" in security are often
found or are seasoned. These are the best and brightest technical
security experts - the people who can take apart an exploit and see how
it works, find flaws in communications protocols, see an attack as it
is forming on the wire, identify the faintest evidence of malicious code
and root out the infection, find evidence of criminal activity even when
it is carefully hidden, plan and execute an attack that bypasses
conventional and even sophisticated defenses, design a network that can
block known attack vectors, and more. Without these "top guns" no nation
or industry can hope to have effective protection. Their jobs are
highlighted in the survey to identify the areas of most critical need
for any nation or industry that takes security seriously.
Once the survey is completed, we'll produce a booklet on "Cool Jobs in
Cyber Security" to help guide people who interested in entering the
field.
http://www.surveymethods.com/EndUser.aspx?92B6DAC593D2CEC4
*************************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescastore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center.
Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair
of the President's Critical Infrastructure Protection Board.
Ed Skoudis is co-founder of Intelguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Intelguardians, a handler for the SANS Institute's Internet Storm
Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Mark Weatherford, CISSP, CISM, is Executive Officer of the California
Office of Information Security and Privacy Protection.
Alan Paller is director of research at the SANS Institute
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
Dr. Christophe Veltsos, CISSP, CISA, GCFA teaches Information Security
courses at Minnesota State University, Mankato. He is the President of
Prudent Security LLC and also serves as the President of the Mankato
Chapter ISSA.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkjrhT8ACgkQ+LUG5KFpTkbyDwCeICt2UUByEiudxA5FWfMpk8FN
RYkAoJUFVN+9dxa/XTglJY4//j5OQ5LY
=vSHQ
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]