|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Fri Dec 05 2008 - 15:24:03 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SANS 2009 Annual Conference and Training Program will be held in Orlando
in early March. It includes the largest selection of SANS courses ever
held, and all taught by our top rated teachers. Also includes the
largest security tools expo and extensive networking programs through
evening sessions, lunch & learns, and more. This is the one program
that you need to register early for because courses fill up more quickly
than for any other training conference. http://www.sans.org/sans2009
Alan
*************************************************************************
SANS NewsBites December 5, 2008 Vol. 10, Num. 95
*************************************************************************
TOP OF THE NEWS
Just Two Percent of PCs are Fully Patched
Texas PI License Requirement Law is Having Unforeseen Consequences
Sweden Considering Law That Would Identify Habitual Illegal Downloaders
THE REST OF THE WEEK'S NEWS
LEGAL ISSUES
Judge Hears Case Challenging Constitutionality of FISA Amendments Act
GOVERNMENT SYSTEMS AND HOMELAND SECURITY
Former Government Contractor Pleads Guilty to Stealing Laptops
MALWARE
ChromeInject Trojan Targets Firefox Users
Koobface Virus Hits Facebook
UPDATES AND PATCHES
Microsoft Will Issue Eight Security Bulletins on December 9
Sun Update for Windows Addresses At Least 14 Security Flaws
DATA LOSS & EXPOSURE
Army Notifies 6,000 of Possible Data Loss
ATTACKS
Online Payment Site Domain Hijacked
MISCELLANEOUS
Apple Removes Antivirus Recommendation Advisory
******************** Sponsored By Alert Logic, Inc. *********************
Vendors have begun offering log management in-the-cloud (or
Software-as-a-Service) as a way to simplify and reduce the cost of log
management. This white paper from Jerry Shenk of SANS presents some
questions to consider when deciding between an in-house or an
in-the-cloud solution for log management.
http://www.sans.org/info/36174
*************************************************************************
TRAINING UPDATE
- - SANS CDI in Washington (12/10-12/16) 30 courses; big security tools
expo; lots of evening sessions: http://www.sans.org/ cdi08/
- - Las Vegas (1/24-2/01) http://sans.org/securitywest09/
- - Looking for training in your own Community? http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************
TOP OF THE NEWS
--Just Two Percent of PCs are Fully Patched
(December 3 & 4, 2008)
According to statistics gathered by Secunia, 98 percent of PCs are
running at least one unpatched program. The results were extrapolated
from a sample of 20,000 PCs scanned by the company's Personal Software
Inspector 1.0 over the past week. Approximately 30 percent of the PCs
had between one and five unpatched programs; 25 percent had between six
and 10 unpatched programs; and 45 percent had 11 or more unpatched
programs. The results are slightly worse than those gathered in a
similar Secunia survey in January 2008.
http://www.scmagazineuk.com/Report-Nearly-all-computer-users-running-insecure-programs/article/121946/
http://www.heise-online.co.uk/news/Secunia-publishes-shocking-vulnerability-statistics--/112137
http://secunia.com/blog/37/
--Texas PI License Requirement Law is Having Unforeseen Consequences
(December 4, 2008)
Recent legislation in Texas that requires people performing computer
forensics to be licensed private investigators has had some unforeseen
consequences. Because of the wording of the law, anyone who collects
and evaluates electronic records for use in a court of law must have a
private investigator's license. A judge in Texas recently ruled that a
company that operates a camera system that identified drivers who run
red lights at traffic intersections was acting illegally because it does
not hold a PI's license. Citizens are now challenging the validity of
traffic tickets that have been issued.
http://legal-beagle.typepad.com/wrights_legal_beagle/2008/12/e-discovery-forensics-private-investigator-license-for-computer-data-collection-and-assessment.html
--Sweden Considering Law That Would Identify Habitual Illegal Downloaders
(December 4, 2008)
Proposed legislation in Sweden would allow music and movie companies to
obtain court orders to discover the identities of individuals suspected
of downloading digital content in violation of copyright laws. The
government said that occasional downloaders of copyrighted material will
not be identified to the companies. The proposed law requires
parliamentary approval. Several other European countries, including
Sweden's neighbors Denmark and Finland, already have similar laws in
place.
http://www.google.com/hostednews/ap/article/ALeqM5iMUvi5Gm3535xaN8wRNTb6uUlliQD94RSUCO0
************************* SPONSORED LINK ******************************
1) Learn about using/implementing automated log management technologies
at the Log Management Summit April 6-7.
http://www.sans.org/info/36179
*************************************************************************
THE REST OF THE WEEK'S NEWS
LEGAL ISSUES
--Judge Hears Case Challenging Constitutionality of FISA Amendments Act
(December 3, 2008)
A District Court Judge in California has heard arguments in a case
regarding the constitutionality of the FISA (Foreign Intelligence
Surveillance Act) Amendments Act (FAA), which was passed last July. The
Electronic Frontier Foundation (EFF) argued that the recently amended
FISA violates Americans' First and Fourth Amendment rights as well as
the constitutionally established separation of powers of the federal
government. The point of focus is that the FAA gives telecommunications
companies that cooperated with US government requests for wiretaps after
the 2001 terrorist attacks retroactive immunity from prosecution.
Lawyers for the US Department of Justice argued that the information
that such prosecutions would expose needs to remain secret to ensure
national security. Judge Vaughn Walker did not say when he expects to
rule on the case.
http://www.securityfocus.com/brief/865
GOVERNMENT SYSTEMS AND HOMELAND SECURITY
--Former Government Contractor Pleads Guilty to Stealing Laptops
(December 3, 2008)
A former US government contract worker has pleaded guilty to theft of
government property. Darryl R. Lyles stole at least 89 laptop
computers, a projector and other equipment from the Government
Accountability Office (GAO). Lyles attempted to sell the stolen
equipment on Craigslist. Another man who bought most of the laptops and
resold them on eBay has not been charged. Lyles will likely be
sentenced to 18 to 24 months in prison.
http://www.washingtonpost.com/wp-dyn/content/article/2008/12/03/AR2008120302122_pf.html
MALWARE
--ChromeInject Trojan Targets Firefox Users
(December 4, 2008)
Researchers have detected a Trojan horse program that targets only
Firefox users. Trojan.PWS.ChromeInject.A places itself in the Firefox
plug-ins folder and uses JavaScript to detect when users are visiting
specific banking websites; the malware then steals the login credentials
and sends them on to a server in Russia. Users' computers become
infected either through drive-by downloading or by being tricked into
downloading the malware.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9122419&source=rss_topic17
http://www.theregister.co.uk/2008/12/04/firefox_plug_in_trojan/
http://www.heise-online.co.uk/security/FireFox-plug-in-harvests-web-passwords--/news/112147
--Koobface Virus Hits Facebook
(December 4, 2008)
The Koobface virus is spreading through the messaging system of the
social networking site Facebook. The malware attempts to harvest
sensitive financial information, such as credit card numbers. Koobface
spreads itself through messages that appear to come from a friend,
suggesting that recipients view a movie clip. Recipients who click on
the link are then directed to a website where they are asked to download
what purports to be Flash Player, but which is actually a copy of the
malware. Because of the way Facebook is structured, users are likely
to be trusting of messages that come from within the social network.
Koobface can also redirect infected users' computers to pages it chooses
when they are performing searches. The malware hit MySpace earlier this
year but has since been eradicated from that network.
Internet Storm Center: http://isc.sans.org/diary.html?storyid=5437
http://www.usatoday.com/tech/news/computersecurity/2008-12-04-facebook-virus_N.htm?csp=34
http://www.masshightech.com/stories/2008/12/01/daily44-Boston-media-members-hit-by-Facebook-virus.html
UPDATES AND PATCHES
--Microsoft Will Issue Eight Security Bulletins on December 9
(December 4, 2008)
Microsoft's final set of security updates for 2008 will include eight
bulletins, six of which are deemed critical. The bulletins will address
vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft
Office, Microsoft Server Software and Microsoft Developer Tools and
Software. Five of the eight bulletins will require restarts. There are
some indicators that one of the Windows fixes will be for a rights
elevation vulnerability that was first acknowledged in April and which
has been actively exploited since October. The bulletins will be
released this coming Tuesday.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9122521&source=rss_topic17
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
--Sun Update for Windows Addresses At Least 14 Security Flaws
(December 3, 2008)
Sun Microsystems has released an update for Java that addresses at least
14 vulnerabilities. Sun has not released detailed information about the
vulnerabilities fixed in Java 1.6.0_11. The update also addresses 34
non-security issues. The update is for Windows users. Mac OS X users
will have to wait for Apple to provide Sun with patches for that version
of Java.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9122281&source=NLT_PM&nlid=8
http://java.sun.com/javase/6/webnotes/6u11.html
DATA LOSS & EXPOSURE
--Army Notifies 6,000 of Possible Data Loss
(December 2, 2008)
The US Army waited nearly two months to notify approximately 6,000
people that their personally identifiable information may have been held
on a laptop computer that was reported missing on October 4, 2008.
Officials knew for sure that the names, Social Security numbers (SSNs),
medical data and other information of at least 26 people were on the
missing computer, but could not be sure if the information of the nearly
6,000 others was on the computer as well. The computer was reportedly
in an employee's backpack that was lost at a train station in Nuremburg,
Germany. Officials indicated that there was encryption software
installed on the laptop.
http://www.stripes.com/article.asp?section=104&article=59159
ATTACKS
--Online Payment Site Domain Hijacked
(December 3, 2008)
There are reports that online payment website CheckFree has been the
victim of a domain hijacking attack. The attack has been traced to an
IP address with a reputation for cyber crime including running botnet
command-and-control channels and drive-by malware download sites.
CheckFree took steps to fix the problem earlier this week. Other web
addresses are being directed to that particular IP address as well,
according to several organizations that track such things. Although the
attacks could have been perpetrated through DNS poisoning, evidence
indicates that they were made through surreptitious domain transfers.
http://www.theregister.co.uk/2008/12/03/checkfree_hijacked/
http://voices.washingtonpost.com/securityfix/2008/12/hackers_hijacked_large_e-bill.html?nav=rss_blog
MISCELLANEOUS
--Apple Removes Antivirus Recommendation Advisory
(December 2 3, 2008)
Apple has taken down a notice recommending that users install multiple
antivirus programs on their Mac computers. Apple said it removed the
notice "because it was old and inaccurate," and that Macs have "built-in
technologies" to protect them from malware and other security threats,
but added that extra protection might not hurt. The article making the
recommendation to install antivirus programs was published last year.
http://www.securityfocus.com/brief/866
http://www.newsoxy.com/apple/article11414.html
http://news.cnet.com/8301-1009_3-10111958-83.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://news.bbc.co.uk/2/hi/technology/7760344.stm
[Editor's Note (Schultz): Apple needs to quit flipflopping re. whether
anti-malware software needs to run on Macs. Many serious malware-related
threats against Macs exist. Apple's waffling with respect to
recommending what to do about these threats is a huge disservice to the
Mac user community.
(Honan): Apple seriously needs to get with the security program. No
system is immune from security threats and users should take all
necessary precautions. My fear is that Apple removed this page from
their website so as not to undermine their TV advert where Apple mock
PCs for having to have anti-virus software. ]
*************************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescastore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Ron Dick headed the National Infrastructure Protection Center (NIPC) at
the FBI and is the incoming President of the InfraGard National Members
Alliance - with 22,000 members.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.
Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and eBay and
as Vice-Chair of the President's Critical Infrastructure Protection
Board.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Intelguardians, a handler for the SANS Institute's Internet Storm
Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Mark Weatherford, CISSP, CISM, is Executive Officer of the California
Office of Information Security and Privacy Protection.
Alan Paller is director of research at the SANS Institute
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkk5lVUACgkQ+LUG5KFpTkZSEgCgoZQm75PiL6GcSclGSt9jV+kl
MV8AnAxdYPAeZkWjKbu0aths3mkweXfM
=8cb0
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]