|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Fri Aug 07 2009 - 13:17:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*************************************************************************
SANS NewsBites August 7, 2009 Vol. 11, Num. 62
*************************************************************************
TOP OF THE NEWS
Weak Passwords Allow Congressional Web Site Defacements
US Marines Bans Social Networking Sites on its Networks
Twitter Downed by DDoS
THE REST OF THE WEEKS NEWS
ARRESTS, INDICTMENTS & SENTENCES
Jail Time for Internet Bank Fraud
GOVERNMENT SYSTEMS AND HOMELAND SECURITY
National Cybersecurity Coordinator Role Watered Down
Stolen Laptop Holds Army National Guard Data
VULNERABILITIES
XML Library Flaws Affect Numerous Applications
UPDATES AND PATCHES
Apple Releases Mac OS X Update
Mozilla Issues Firefox Update
DATA BREACHES, LOSS & EXPOSURE
Mozilla Closes Online Store After Third-Party Intrusion
ATTACKS & ACTIVE EXPLOITS
Latvian ISP Cut Off Over Allegations of Hosting Botnet Command and
Control Servers
MALWARE
Blue Screen of Death Scareware
********************* SPONSORED BY SANS V-LIVE! ***********************
SANS vLive! delivers live instruction via the Web to make the student's
online learning experience as fun and engaging as possible.
Courses starting in the next 90 days:
8/11 to 9/24 SPECIAL: DIACAP + Validation: In-Depth
8/25 to 9/17 DEV541: Secure Coding in Java/JEE: Developing Defensible Applications
9/2 to 11/18 SEC617: Wireless Ethical Hacking Penetration Testing and Defenses
9/22 to 12/3 AUD423: SANS(r) +S(tm) Training for the CISA(r) Certification Exam
9/28 to 10/2 SEC440: 20 Critical Security Controls: Planning Implementing and Auditing
9/29 to 11/5 SEC501: Advanced Security Essentials - Enterprise Defender
9/29 to 12/15 SEC301: Intro to Information Security
10/5 to 10/14 SEC564: Security Architecture for Systems Administrators
10/6 to 10/29 DEV544: Secure Coding in .NET: Developing Defensible Applications
10/19 to 11/18 SEC709: Developing Exploits for Penetration Testers and Security Researchers
10/27 to 12/19 DEV422: Defending Web Applications Security Essentials
Details & Registration at http://www.sans.org/vlive/courses.php
*************************************************************************
TRAINING UPDATE
- - SANS Network Security, San Diego Sept. 14-22;
the Fall's biggest security training conference-- 20 full length
courses and 16 short courses plus a big exhibition
http://www.sans.org/ns2009
- - SANS Virginia Beach August 28 - Sept. 4. 11 full-length courses plus
short courses: http://www.sans.org/vabeach09/
- - The Virtualization and Cloud Security Summit on August 17-18 in
Washington; courses in the following days
http://www.sans.org/info/43118
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Atlanta, Canberra, Cairo, Stockholm, Dubai, Dublin & Rome all in
the next 90 days. For a list of all upcoming events, on-line and live:
www.sans.org
*************************************************************************
TOP OF THE NEWS
--Weak Passwords Allow Congressional Web Site Defacements
(August 6, 2009)
A rash of digital graffiti on the websites of at least 18 US
Representatives has been blamed on weak administrative passwords
established by a third party vendor. The defacements have been cleaned
up and no real damage was done to the sites; some have established
stronger passwords as a result of the incident. The attacks occurred
during the first week of August. The House's Chief Administrative
Officer Dan Beard has called for a review of the relationship with the
Alexandria, Va.-based vendor, GovTrends.
http://voices.washingtonpost.com/securityfix/2009/08/hackers_target_housegov_sites.html
[Editor's Note (Weatherford): All this proves is that our jobs are never
done. We've been preaching about strong passwords for years and it's a
part of almost every talk I give yet people still don't get it and still
believe "it can't happen to me."]
--US Marines Bans Social Networking Sites on its Networks
(August 4, 2009)
An August 3 order bans US Marines from accessing social networking
tools, including Facebook and Twitter, due to security concerns. The
order states that the sites "are a proven haven for malicious actors and
content and are particularly high risk due to information exposure, user
generated content and targeting by adversaries." Marines are banned from
accessing the sites via the Marine Corps Enterprise Network, the
Non-Secure Internet Protocol Router Network or virtual private network
connections. Personnel may, however, access Defense
Department-sponsored social networking sites that are hosted on internal
networks. Personnel are also permitted to access the sites from their
personal computers while they are not working.
http://www.msnbc.msn.com/id/32283587/ns/technology_and_science-security/
http://fcw.com/articles/2009/08/04/marines-ban-social-networking.aspx
http://www.marines.mil/news/messages/Pages/MARADMIN0458-09.aspx
--Twitter Downed by DDoS
(August 6, 2009)
Twitter is recovering from a distributed denial-of-service (DDoS) that
occurred on Thursday. The micro-blogging service was knocked offline
for several hours. As of 1:30 PM EDT Thursday, Twitter's status page
reads "As we recover [from the DDoS], users will experience some longer
load times and slowness. This includes timeouts to API clients. We're
working to get back to 100% as quickly as we can." Facebook suffered
problems from an apparent DDoS as well.
http://www.wired.com/epicenter/2009/08/facebook-apparently-attacked-in-addition-to-twitter/
http://www.usatoday.com/tech/news/2009-08-06-twitter-attack_N.htm
http://www.nextgov.com/nextgov/ng_20090806_7624.php?oref=topnews
http://www.theregister.co.uk/2009/08/06/twitter_outage/
http://www.siliconrepublic.com/news/article/13562/comms/twitter-suffers-denial-of-service-attack
http://www.computerworld.com/s/article/9136321/Update_Twitter_limps_back_to_life_after_DDoS_attack?source=rss_security
http://news.bbc.co.uk/2/hi/technology/8188201.stm
http://bits.blogs.nytimes.com/2009/08/06/twitter-overwhelmed-by-web-attack/?ref=technology
http://www.washingtonpost.com/wp-dyn/content/article/2009/08/06/AR2009080602341_pf.html
http://status.twitter.com/
[Editor's Note (Pescatore): Wow, 2 hours without tweets! That's like a
car drive to the shore without anyone in the back seat saying "Are we
there yet? I see a rock. Is that a seagull? I like saltwater taffy.
Shaquille Oneal is really tall. Are we there yet?" the entire trip.]
*************************** SPONSORED LINKS******************************
1) Be Sure to Register for the upcoming webcast: AV Migration - Should
You Stay or Should You Go?
http://www.sans.org/info/47029
2) ***NEW*** SANS Free Vendor Audio Casts! Visit the SANS Reading Room
and click on the Free Vendor Audio Casts link.
http://www.sans.org/info/47034
*************************************************************************
THE REST OF THE WEEK'S NEWS
ARRESTS, INDICTMENTS & SENTENCES
--Jail Time for Internet Bank Fraud
(August 5, 2009)
A woman in New Zealand has been sentenced to one year in jail for
stealing more than NZ $110,000 (US $73,700)in an Internet banking fraud
scheme. Airiana Moana Paul had pleaded guilty to cyber crime charges
of dishonestly obtaining a pecuniary advantage. Paul found a loophole
in the way Internet banking transactions were conducted at the National
Bank and over the course of three months, exploited that loophole 365
times to transfer funds from one account into another. Paul involved
other people in the scheme as well.
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10588833
GOVERNMENT SYSTEMS AND HOMELAND SECURITY
--National Cybersecurity Coordinator Role Watered Down
(August 4 & 5, 2009)
Melissa Hathaway, the administration's acting cyber security
coordinator, told the Washington Post that she stepped down from the
position and removed herself from consideration for the permanent role
because she was "not empowered ... to continue to drive the change"
deemed necessary by the 60-day review of US cyber security policy she
conducted earlier this year. The current description of the position
has the national cyber security coordinator reporting to the National
Security Council and the National Economic Council, neither of which
places significant value of having a powerful national cyber security
official.
http://lastwatchdog.com/melissa-hathaway-steps-consideration-us-cyber-czar/
http://www.washingtonpost.com/wp-dyn/content/article/2009/08/03/AR2009080302697_pf.html
http://news.bbc.co.uk/2/hi/technology/8185699.stm
http://www.computerworld.com/s/article/9136306/The_cybersecurity_job_no_one_really_wants?taxonomyId=17&pageNumber=1
http://fcw.com/Articles/2009/08/05/Web-Obama-cyber-coordinator.aspx?Page=1
[Editor's Note (Weatherford): This is terribly unfortunate because it
gives credence to the growing feeling that what started with a lot of
pomp and circumstance is becoming mired in politics.]
--Stolen Laptop Holds Army National Guard Data
(August 4 & 5, 2009)
A laptop computer belonging to an Army National Guard contractor was
stolen on July 27; the computer holds personally identifiable
information of approximately 131,000 current and former Army National
Guard members. The compromised data include names, Social Security
numbers (SSNs), and incentive payment amounts. Affected individuals
will be notified by letter.
http://www.wfrv.com/news/local/story/National-Guard-laptop-computer-stolen/PMA-Xtg6o06SgZJ1IbFFfA.cspx
http://www.msnbc.msn.com/id/32304147/ns/technology_and_science-security/
[Editor's Note (Northcutt): Consequences matter. Without consequences
this type of inexcusable behavior will continue. The contract needs to
be terminated.]
VULNERABILITIES
--XML Library Flaws Affect Numerous Applications
(August 6, 2009)
Researchers have uncovered a significant number of flaws in Extensible
Markup Language (XML) libraries that could be exploited to crash
machines and execute malicious code. The flaws affect large numbers of
applications that use the libraries in question. Sun Microsystems,
Apache, and Python products are known to be vulnerable.
http://www.securecomputing.net.au/News/152193,researchers-find-largescale-xml-library-flaws.aspx
http://www.theregister.co.uk/2009/08/06/xml_flaws/
http://voices.washingtonpost.com/securityfix/2009/08/researchers_xml_security_flaw.html
[Editor's Note (Northcutt): Uh Oh. This is not good. XML is behind the
scenes in almost everything. I wonder whether XML gateways could be used
to mitigate the problem to some extent.]
UPDATES AND PATCHES
--Apple Releases Mac OS X Update
(August 6, 2009)
Apple has released Mac OS X version 10.5.8 to address 18 security flaws,
including seven that could be exploited to take control of vulnerable
computers simply by manipulating users into viewing maliciously
constructed images. The flaws arise from uninitialized memory errors,
uninitialized pointer issues, and heap, stack, and integer overflow
errors. The update also fixes code execution flaws in the operating
system's kernel, login window and other components.
http://www.theregister.co.uk/2009/08/06/apple_mac_osx_patches/
http://www.computerworld.com/s/article/9136311/Apple_patches_18_Mac_vulnerabilities_ships_OS_X_10.5.8?source=rss_security
http://news.cnet.com/8301-27080_3-10304342-245.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://www.h-online.com/security/Apple-releases-Mac-OS-X-10-5-8--/news/113941
http://www.scmagazineus.com/Mac-OS-X-1058-update-fixes-18-flaws/article/141269/
http://support.apple.com/kb/HT3757
--Mozilla Issues Firefox Update
(August 4, 2009)
On Monday, August 3, Mozilla issued an update for Firefox to address a
number of critical security flaws. One of the vulnerabilities allows
attackers to spoof SSL certificates. Users are urged to upgrade to
Firefox 3.5.2 as soon as possible. Other vulnerabilities addressed in
the update include a memory corruption flaw, a heap overflow flaw and a
privilege escalation flaw. The SSL flaw also affects Mozilla's
Thunderbird, SeaMonkey and NSS products; fixes for those products are
likely to be available soon.
http://www.theregister.co.uk/2009/08/04/firefox_critical_update/
http://www.h-online.com/security/Firefox-3-5-2-and-3-0-13-fix-security-vulnerabilities--/news/113922
http://blog.mozilla.com/blog/2009/08/03/firefox-3-5-2-and-3-0-13-security-updates-now-available-for-download/
DATA BREACHES, LOSS & EXPOSURE
--Mozilla Closes Online Store After Third-Party Intrusion
(August 5, 2009)
Mozilla shut down its online store after learning that a third-party
company it had hired to run the site's back-end operations had
experienced a breach. Mozilla has asked St. Louis-based GatewayCDI to
notify all affected customers about the breach. The company will reopen
the online store when it has "a satisfactory assurance of ongoing login
security and data privacy."
http://www.theregister.co.uk/2009/08/05/mozilla_stores_shuttered/
http://www.computerworld.com/s/article/9136264/Mozilla_shuts_Firefox_e_store_after_security_breach?taxonomyId=17
ATTACKS & ACTIVE EXPLOITS
--Latvian ISP Cut Off Over Allegations of Hosting Botnet
Command and Control Servers
(August 4 & 5, 2009)
Latvian Internet service provider (ISP) Real Host has been disconnected
from the Internet after its upstream provider, Junik, cut off service.
Swedish telecommunications company TeliaSonera informed Junik that Real
Host was home to servers used to commit cyber crime and gave Junik the
options of cutting off service or facing sanctions.
Real Host is believed to be home to command and control servers for
the Zeus botnet.
http://www.theregister.co.uk/2009/08/05/cybercrime_takedown/
http://www.pcworld.com/businesscenter/article/169635/after_links_to_cybercrime_latvian_isp_is_cut_off.html
http://www.ft.com/cms/s/0/058167ee-8081-11de-bf04-00144feabdc0.html
MALWARE
--Blue Screen of Death Scareware
(August 4 & 5, 2009)
A new scareware variant exploits the pit-of-the-stomach feeling that
accompanies the Windows Blue Screen of Death. The malware displays what
appears to be the blue screen indicative of a Windows system crash along
with an alert window urging users to download software to fix the
alleged problem. The phony antivirus package is called SystemSecurity.
http://blogs.zdnet.com/security/?p=3912
http://www.theregister.co.uk/2009/08/04/bsod_scareware/
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and eBay and
as Vice-Chair of the President's Critical Infrastructure Protection
Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkp8ZQAACgkQ+LUG5KFpTkZgwACdHm9VYTnncF2KnHNVLxz/930G
xX8AoIaTFy5WOxgXcBvl89CE+FHvz+BP
=jcnt
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]