From: The SANS Institute (NewsBitessans.org)
Date: Tue Dec 16 2008 - 12:38:40 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eight days left for early registration discount for SANS Security West
2009 (Jan 24-Feb 1) http://www.sans.org/securitywest09

And early registration is still open (save $350) on SANS biggest program
SANS 2009 Orlando (March 1-9) http://www.sans.org/sans2009

*************************************************************************
SANS NewsBites December 16, 2008 Vol. 10, Num. 98
*************************************************************************
TOP OF THE NEWS
  DHS Addresses Privacy Concerns in Data Mining Projects
  CSIS Commission Recommends Cybersecurity Stance Based on WMD
     Nonproliferation Model
  Browser Password Security Test
  Hackers May Have Played Role in Brazilian Deforestation
THE REST OF THE WEEK'S NEWS
  ARRESTS, CHARGES & CONVICTIONS
    Another Guilty Plea in Citibank 7-Eleven ATM Scam
    Dubai Police Arrest Three in Credit Card Fraud Scheme
  POLICY AND LEGISLATION
    Mandatory Internet Filtering Meets With Resistance in Australia
  VULNERABILITIES
    Zero-Day IE Flaw Attacks on the Rise
  DATA LOSS & EXPOSURE
    NH Movie Theater Server Compromised; Card Data Stolen
  STUDIES AND STATISTICS
    Cisco's Annual Security Report
  MISCELLANEOUS
    Google Issues Browser Security Handbook
    It's Official: Google Chrome No Longer a Beta

**************************** Sponsored By CA ****************************

Server Resource Protection: A Critical Element of IT Security

Protecting server resources from internal and external access abuse and
attacks is critical to maintaining a strong security posture. Incessant
threats and attacks on enterprise security continue to challenge IT. A
recent $7 billion French banking fraud case clearly illustrates the
problem at hand. This IDC whitepaper analyzes common vulnerabilities in
protecting server resources. Learn more
http://www.sans.org/info/36558
*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early march - the largest security training
conference and expo in the world. lots of evening sessions:
http://www.sans.org/
- - SANS Security West Las Vegas (1/24-2/01) http://sans.org/securitywest09/
- - Looking for training in your own Community? http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

TOP OF THE NEWS
 --DHS Addresses Privacy Concerns in Data Mining Projects
(December 15, 2008)
The US Department of Homeland Security (DHS) has released "Principles
for Implementing Privacy Protections in Science & Technology Research
Projects." The document is part of a DHS report to Congress on the
department's data mining technology and policy. Privacy advocates have
expressed concerns about the DHS's data mining programs. The principles
require the DHS's Privacy Office and Scientific Directorate to produce
purpose statements for projects and use personally identifiable data
only for the purposes stated therein. The principles also call for
researchers to use the least possible amount of data to conduct their
studies. In addition, employees would need to be trained in privacy
policy and a system to address the concerns of people who believe their
information has been misused would need to be established.
http://www.fcw.com/print/22_39/news/154665-1.html?topic=homeland_security
[Editor's Note (Schultz): The DHS's principles seem quite reasonable to
me. A bigger question is whether these principles will govern the way
individual data are actually handled.]

 --CSIS Commission Recommends Cybersecurity Stance Based on WMD
Nonproliferation Model
(December 15, 2008)
The Center for Strategic and International Studies (CSIS) Commission on
Cybersecurity for the 44th Presidency promotes a model for addressing
national cyber security based on the model the government used for
dealing with nuclear weapons proliferation. The commission recommended
establishing a cyber security directorate within the National Security
Council, much as the government did to address nuclear weapons toward
the end of the Cold War. The nonproliferation model is appropriate
because "we need to recognize that we are facing a new kind of threat,"
according to James Lewis, CSIS Senior Fellow and Director of the
Technology and Public Policy Program. Cyber threats cross the usual
boundaries, requiring attention from civilian, military, economic,
national and international security standpoints.
http://www.fcw.com/print/22_39/news/154668-1.html?type=pf

 --Browser Password Security Test
(December 14 & 15, 2008)
According to statistics compiled by Chapin Information Services (CIS),
most major browsers present some concerns regarding password management
security. CIS tested Opera 9.62, Firefox 3.0.4, IE 7.0, Safari 3.2
and Google Chrome 1.0. Opera and Firefox each passed seven of 21 tests,
IE passed five tests, and Safari and Chrome each passed two tests.
Although the tests examined Chrome's beta version, the issues detected
in this study were not fixed when it became an official release last
week.
http://www.heise-online.co.uk/security/Google-Chrome-bottom-in-Password-Security--/news/112248
http://www.theregister.co.uk/2008/12/15/browser_password_security_tests/
http://www.info-svc.com/news/2008/12-12/
[Editor's Note (Schultz): Although important, browser password security
is only a small part of the total picture of browser security.]

  --Hackers May Have Played Role in Brazilian Deforestation
(December 12 & 15, 2008)
Logging and charcoal companies in Brazil reportedly employed hackers to
alter computerized controls that determine how much timber can be logged
in areas of the Brazilian Amazon rainforest. According to one estimate,
the attacks allowed an additional 1.7 million cubic meters of timber to
be exported before police became aware of the situation. Authorities in
Brazil are suing the companies for 2 billion reals (US $842 million).
More than 200 people are facing charges in connection with the case.
http://www.theregister.co.uk/2008/12/12/brazil_hackers_deforestation/
http://news.bbc.co.uk/2/hi/technology/7783257.stm
[Editor's Note (Dick): I found this piece very interesting as it
highlights the impact of lax cyber security from not only a monetary
standpoint but the potential impact on our environment. For the general
public to get involved and demand the implementation of cyber security
in all systems which impact our lives, it has to become personal.
Protection of our environment has become a crusade to many around the
world. ]

**************************** SPONSORED LINKS **************************
1) Ensure that your VMware ESX hosts are secure and compliant using free
Compliance Checker from Configuresoft.
http://www.sans.org/info/36563

2) ALERT: Hackers Announce Open Season on Web 2.0 Users and Browsers-
Purewire White Paper
http://www.sans.org/info/36568

3) Listen to the December 10th Internet Storm Center Webcast
http://www.sans.org/info/36569 to receive your free 2009 SNORT Calendar
*************************************************************************

THE REST OF THE WEEK'S NEWS
ARRESTS, CHARGES & CONVICTIONS
 --Another Guilty Plea in Citibank 7-Eleven ATM Scam
(December 15, 2008)
A fifth person has pleaded guilty to charges stemming from a scam that
took an estimated US $2 million from Citibank accounts with the help of
stolen ATM personal identification numbers (PINs). Aleksandar Aleksiev
has pleaded guilty to one count of device access fraud. The group of
cyber criminals broke into a server that manages transactions for
Citibank-branded ATMs at 7-Eleven convenience stores. Authorities
caught Aleksiev withdrawing funds from machines with purloined access
codes. They sold the stolen account information and PINs on the
underground; the information was used to create phony cards for use in
ATMs.
http://www.theregister.co.uk/2008/12/15/atm_hack_scam/

 --Dubai Police Arrest Three in Credit Card Fraud Scheme
(December 15, 2008)
Police in Dubai, United Arab Emirates have arrested three people in
connection with a credit card scam. The gang allegedly used information
stolen from others' online financial transactions to make fraudulent
purchases over the Internet. Authorities in Dubai say the gang
compromised the data of 16,975 credit cards and stole more than Dh227.73
million (US$62 million). A fourth member of the gang was located out
of the country, but authorities are making extradition arrangements.
http://www.gulfnews.com/nation/Police_and_The_Courts/10267633.html
http://www.thenational.ae/article/20081216/NATIONAL/791381445/1133

POLICY AND LEGISLATION
 --Mandatory Internet Filtering Meets With Resistance in Australia
(December 12, 13 & 16, 2008)
The Australian government's plan to launch trials of Internet filtering
technology have run into some roadblocks, as Internet service providers
(ISPs) have expressed reluctance to participate. The plan is to filter
all Internet traffic and to block access to about 10,000 web sites with
reputations for having illegal content. Telstra, the largest ISP in
Australia, and Internode have both said they will not participate in the
trials. Optus said it would participate only in a scaled back
deployment of the filtering technology, and iiNet said it would
participate only to demonstrate that the filtering plan will not work.
The trials were set to take place this month. Protests against the
filtering plan have been held in cities across the country, including
Melbourne, Brisbane and Sydney.
http://news.bbc.co.uk/2/hi/technology/7779547.stm
http://www.news.com.au/technology/story/0,28348,24795948-5014239,00.html
http://www.australianit.news.com.au/story/0,24897,24804682-15306,00.html
Further clarification from Microsoft at
http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx
Also interesting to note that SC Magazine UK ran a story titled
"Microsoft encourages users to switch to other browsers"
http://www.scmagazineuk.com/Microsoft-encourages-users-to-switch-to-other-browsers/article/122909/.

VULNERABILITIES
 --Zero-Day IE Flaw Attacks on the Rise
(December 12, 13, 14 & 15, 2008)
The volume of attacks exploiting the zero-day flaw in Internet Explorer
(IE) that was disclosed last week has increased significantly over the
last several days. The attacks appear to be originating from websites
that have been infected with malware. Over the weekend, the number of
affected sites was estimated to be 6,000 and climbing rapidly. The flaw
affects more versions of IE than researchers initially believed. The
flaw is now known to affect IE versions 5.01, 6, 7 and 8 Beta 2, but the
attacks have so far only targeted IE 7. It is also more difficult to
prevent attacks than was first believed. There are now nine offered
workarounds to protect users' systems from the flaw; several require
editing the Windows registry.
Once again the Internet Storm Center was the leader in identifying,
analyzing, and illuminating this problem (on 12/10):
http://isc.sans.org/diary.html?storyid=5458
And how it is still being used (12/12):
http://isc.sans.org/diary.html?storyid=5464
http://www.theregister.co.uk/2008/12/12/ie_zero_day_misconceptions/
http://www.theregister.co.uk/2008/12/15/ie7_exploits/
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9123398&source=rss_topic17
http://www.microsoft.com/technet/security/advisory/961051.mspx

DATA LOSS & EXPOSURE
 --NH Movie Theater Server Compromised; Card Data Stolen
(December 10, 2008)
Some moviegoers who used credit cards to make purchases at a Merrimack,
New Hampshire theater last summer have been reporting fraudulent
activity on their accounts. An investigation determined that an
attacker gained access to the server at the Zyacorp Entertainment
Cinemagic Stadium in Merrimack; the server has been replaced and new,
stronger security measures have been implemented.
http://www.wmur.com/news/18247613/detail.html#-

STUDIES AND STATISTICS
 --Cisco's Annual Security Report
(December 15, 2008)
According to Cisco's Annual Security Report from 2007 to 2008, the total
number of disclosed security flaws increased 11.5 percent. Attacks
spread through malicious email attachments fell 50 percent over the same
period. Attacks are more and more often blended, comprising multiple
flaws through multiple vectors, and are also increasingly targeted at
specific victims. Nearly 90 percent of email sent worldwide is spam,
according to the report's findings. The report covers information
gathered between January and October 2008.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9123466&source=rss_topic17
http://cisco.com/en/US/prod/vpndevc/annual_security_report.html
(This site requires registration)

MISCELLANEOUS
 --Google Issues Browser Security Handbook
(December 11 & 12, 2008)
Google has released the "Browser Security Handbook," which provides
information about the security features and security concerns present
in IE 6 and 7, Mozilla Firefox 2 and 3, Apple Safari, Opera and its own
browsers, Chrome and Android. The handbook covers "basic concepts
behind web browsers, standard browser security features and experimental
and legacy security mechanisms."
http://www.securityfocus.com/brief/870
http://www.heise-online.co.uk/security/Worth-Reading-Browser-Security-Handbook--/features/112243
http://code.google.com/p/browsersec/wiki/Main

 --It's Official: Google Chrome No Longer a Beta
(December 11 & 12, 2008)
As of December 11, Google's Chrome web browser is no longer a beta.
Notable among the browser's security measures is sandboxing.
Specifically, each tab in Chrome is run in its own sandbox; Chrome
isolates HTML rendering and JavaScript execution in their own process
classes. Chrome also has the capability to hide user's surfing
histories through a feature called Incognito mode. While it does not
provide anonymous browsing, it does not retain cookies beyond the life
of that particular browser window.
http://www.eweek.com/c/a/Security/Google-Chrome-Puts-Security-in-a-Sandbox/
http://www.internetnews.com/webcontent/article.php/3790636/Google+Chromes+Out+of+Beta+Now+What.htm
http://www.crn.com/security/212500156

*************************************************************************
The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescastore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Ron Dick headed the National Infrastructure Protection Center (NIPC) at
the FBI and is the incoming President of the InfraGard National Members
Alliance - with 22,000 members.

Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.

Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center.

Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and eBay and
as Vice-Chair of the President's Critical Infrastructure Protection
Board.

Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Intelguardians, a handler for the SANS Institute's Internet Storm
Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Mark Weatherford, CISSP, CISM, is Executive Officer of the California
Office of Information Security and Privacy Protection.

Alan Paller is director of research at the SANS Institute

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin,
Ireland.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAklH40cACgkQ+LUG5KFpTkadjwCeLuwJJxbOCRwaLhSuaop+0Bta
SNwAoKMXIxxQHOaXw3W+83RnhB47/4Pv
=S0yR
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]