From: The SANS Institute (NewsBitessans.org)
Date: Tue Oct 13 2009 - 13:27:34 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

************************************************************************
SANS NewsBites October 13, 2009 Vol. 11, Num. 81
************************************************************************
TOP OF THE NEWS
  Sidekick Outage Causes Data Loss and Outrage
  Researchers Claim Botnet Steals Revenue from Google, Yahoo! and Bing

THE REST OF THE WEEK'S NEWS
  Apple Acknowledges Bug in Snow Leopard Causes Data Loss
  Security Software Locates and Wipes Stolen NHS Computers
  Google Fixes Android DoS Flaws
  Maine Supreme Court to Decide Hannaford Liability
  Twitter Suspended Researcher's Account for Mentioning Malicious URL
  Inspector General Finds Security Gaps in Some DHS Public-Facing Websites
  Federal Reserve Bank Employee Pleads Guilty to Fraud and Identity Theft
  Federal Charges Filed Against Former DuPont Scientist

*************************** Sponsored By Bit9 **************************
SANS' Chris Brenton on Malware Defense - Live in Houston, DC & Toronto

Protect against the Advanced Persistent Threat and targeted attacks
facing US businesses and government agencies. Join fellow IT and
Security professionals for this FREE cyber defense seminar from Bit9,
the leader in application whitelisting.

Register today:
- - Tomorrow, Oct 14th Houston
- - Oct 21st Washington DC
- - Oct 27th Toronto

http://www.sans.org/info/49514
************************************************************************
TRAINING UPDATE
 -- SANS Tokyo, October 19-24,
http://www.sans.org/sanstokyo2009_autumn/
 -- SANS Chicago North Shore, Oct. 26-Nov. 2,
http://www.sans.org/chicago09/
 -- SCADA Security Summit, Stockholm, Oct. 27-30,
http://www.sans.org/euscada09_summit/
 -- SANS Middle East, October 31-November 11,
http://www.sans.org/middleeast09/
 -- SANS San Francisco, November 9-14,
http://www.sans.org/sanfrancisco09
 -- SANS Sydney, Nov.9-14
http://sans.org/sydney09/
 -- SANS London, UK, Nov.28-Dec. 9,
http://sans.org/london09/
  -- SANS CDI, Washington DC, Dec. 11-18,
http://www.sans.org/cyber-defense-initiative-2009
 -- SANS Security East 2010, New Orleans, January 10-18, 2010
19 courses, bonus evening presentations
http://www.sans.org/security-east-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Hong Kong, Oslo and Vancouver, all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

TOP OF THE NEWS
 --Sidekick Outage Causes Data Loss and Outrage
(October 10 & 12, 2009)
A server failure appears to be responsible for a massive data loss
affecting T-Mobile Sidekick customers. The outage occurred at Danger,
a Microsoft subsidiary, which is the Sidekick data service provider.
Users lost contacts, pictures, and saved email messages. While it is
possible that some data could be restored from a backup system, most is
likely gone forever. T-Mobile has suspended sales of Sidekicks for the
time being. The company is offering customers a one-month credit to
their accounts to compensate for the data loss. The data loss affects
customers who conducted a hard reset - removing their phones' batteries
or pressing a reset button. The customers attempted the hard reset
because of outages affecting the devices all last week.
http://www.msnbc.msn.com/id/33278150/ns/technology_and_science-security/
http://www.computerworld.com/s/article/9139261/T_Mobile_sidelines_Sidekick_in_wake_of_data_debacle?taxonomyId=1
http://www.usatoday.com/tech/wireless/phones/2009-10-12-sidekick-data_N.htm
http://www.informationweek.com/news/personal_tech/smartphones/showArticle.jhtml?articleID=220600351
http://voices.washingtonpost.com/fasterforward/2009/10/sidekick_users_see_their_data.html
http://www.washingtonpost.com/wp-dyn/content/article/2009/10/11/AR2009101100109_pf.html
http://www.cnn.com/video/#/video/tech/2009/10/12/tsr.tmobile.loses.data.cnn
Editor's Note (Ullrich): So much for storing your data "in the cloud".
A local backup sounds like a great idea again.
(Pescatore): Ah, the monthly reminder that consumer grade services do
not live up to business class needs. (See definition of "extremely rare
data loss" in the Apple item below.) ]

 --Researchers Claim Botnet Steals Revenue from Google, Yahoo! and Bing
(October 9, 2009)
Researchers at Click Forensics claim they have found a new botnet (the
"Bahama botnet") that is draining advertising revenue from Google,
Yahoo! and Bing by sending part of it to smaller networks. Users whose
machines are infected with this botnet's bots reach fake search pages
made to look like bona fide ones. Their connections are initially
redirected to small ad networks to which small referral fees are paid,
and then ultimately to the sites that users have specified.

************************ Sponsored Links: ****************************
1) Register Today and receive 10% off for SANS vLive course SEC542, Web
App Penetration Testing and Ethical Hacking, November 2nd - November
9th. Please use the code Risk542 when registering.
http://www.sans.org/info/49519

2) View Cyber Attack and Defense Webinar and how IPS technology can
provide protection.
http://www.sans.org/info/49524

3) Find IT. Search IT. Mask IT. dataguise solutions for sensitive data
discovery and masking.
http://www.sans.org/info/49529
***********************************************************************

THE REST OF THE WEEK'S NEWS
 --Apple Acknowledges Bug in Snow Leopard Causes Data Loss
(October 12, 2009)
Apple has acknowledged a problem with its Mac OS X 10.6 operating
system, known as Snow Leopard, that can cause users to lose their
personal data and says a fix is in the works. The problem, according
to Apple, "occurs only in extremely rare cases." Users have been
reporting that after they log in as guest users, their personal data are
gone when they return to their personal accounts.
http://news.cnet.com/8301-31021_3-10373064-260.html
http://www.computerworld.com/s/article/9139250/Snow_Leopard_bug_deletes_all_user_data
Editor's Note (Pescatore): Data loss is to information security as
patient mortality is to medicine. "Extremely rare" has to mean "close
to never" vs. "not often." ]

 --Security Software Locates and Wipes Stolen NHS Computers
(October 12, 2009)
Four laptop computers stolen from an NHS Trust have been recovered. The
computers, which belong to the Lancashire Care NHS Foundation Trust,
were stolen from four separate locations: an NHS site in Blackpool, a
car in Manchester, an employee's home and a London hotel room. Software
previously installed on the computers allowed them to be wiped remotely
and their locations traced. None of the machines contained patient
data. Arrests have been made in connection with the theft of the
computers.
http://www.infosecurity-magazine.com/view/4508/stolen-nhs-laptops-recovered-no-data-breach-thanks-to-remote-wiping/
[Editor's Note (Schultz): The fact that software allowed the Lancashire
Care NHS Foundation Trust to wipe data after the laptops were stolen
reflects positively upon this institution's security practices. At the
same time, however, it appears that this institution has a way to go
regarding laptop security. Why are so many laptops being stolen in the
first place? And why are data that are potentially sensitive stored on
laptops instead of on servers? Editor's Note (Ullrich): Nice to see
fancy remote wipe software that actually works! ]

 --Google Fixes Android DoS Flaws
(October 12, 2009)
A pair of flaws in the Google Android mobile platform could be exploited
to create denial-of-service conditions. Google has fixed both
vulnerabilities, which affect Android version 1.5. The first of the
flaws involves the way Android handles malformed SMS messages; the
second involves Android's Dalvik application programming interface (API).
http://www.securecomputing.net.au/News/157945,google-android-vulnerabilities-disclosed.aspx
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=220600339
http://www.computerworld.com/s/article/9139192/Google_patches_DoS_vulnerabilities_in_Android
http://www.ocert.org/advisories/ocert-2009-014.html

 --Maine Supreme Court to Decide Hannaford Liability
(October 9 & 12, 2009)
The Maine Supreme Court will decide whether or not retailers that fail
to protect consumers' payment card data will be required to compensate
those people for the time they spend correcting any problems that arise
from a data security breach. Consumers are already covered for
unauthorized charges under banks' zero-liability protection policies.
In this case, the court must decide if "time and effort alone, spent in
a reasonable effort to avert reasonably foreseeable harm, constitute a
cognizable injury under Maine common law." The case involves the breach
at Hannaford Bros. in which millions of payment card numbers were
compromised.
http://consumerist.com/5379157/maines-supreme-court-to-decide-if-consumers-should-be-compensated-for-hannaford-security-breach
http://www.wired.com/threatlevel/2009/10/hannaford/

 --Twitter Suspended Researcher's Account for Mentioning Malicious URL
(October 9 & 12, 2009)
Twitter blocked F-Secure's chief researcher officer Mikko Hypponen from
accessing his account for two days last week for including a malicious
link in one of his communications. Hypponen's account was reactivated
on Friday, October 9, when he received a message chastising him for
including a URL for a MySpace phishing site, but Twitter removed all his
followers. The original Tweet was posted in August, and contained an
exhortation to beware of the phishing site. The address Hypponen
provided contained extra spaces to prevent people from accidentally
visiting it.
http://www.theregister.co.uk/2009/10/09/twitter_bans_security_maven/
http://www.wired.com/threatlevel/2009/10/twitter-suspends-researcher
http://www.geek.com/articles/news/twitter-bans-f-secure-chief-research-officer-mikko-hypponen-20091012/
http://www.f-secure.com/weblog/archives/00001789.html

 --Inspector General Finds Security Gaps in Some DHS Public-Facing Websites
(October 9, 2009)
According to a report from US Department of Homeland Security (DHS)
Inspector General Richard Skinner, a number of popular department
websites are vulnerable to attacks and could allow DHS data to be lost
or used without proper authorization. Among the problems discovered on
the sites are inconsistent patch management and security assessments.
The report makes six recommendations to improve the websites' security,
including establishing regular patching and vulnerability assessment
practices and clarifying DHS's "vulnerability assessment policy and
guidelines to address threats specifically associated with its
websites."
http://fcw.com/Articles/2009/10/09/DHS-Web-sites-vulnerable-to-hackers-IG-says.aspx
http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_09-101_Sep09.pdf

 --Federal Reserve Bank Employee Pleads Guilty to Fraud and Identity Theft
(October 6 & 7, 2009)
A former Federal Reserve Bank of New York employee has pleaded guilty
to bank fraud and aggravated identity theft. Curtis Wiltshire, who
worked at the institution as an information and technical analyst, stole
other employees' personal information, including Social Security numbers
(SSNs), which he used to fraudulently obtain US $200,000 in federally
insured student loans. According to the terms of a plea Agreement,
Wiltshire faces between 27 and 33 months in prison.
http://www.databreaches.net/?p=7702
http://www.courthousenews.com/2009/10/07/Former_Fed_Bank_Worker_Admits_to_ID_Theft.htm

 --Federal Charges Filed Against Former DuPont Scientist
(October 6, 2009)
A former DuPont research scientist is now facing federal criminal
charges for allegedly trying to steal trade secrets from the company.
Hong Meng is already facing civil charges for stealing information about
a new thin computer display technology called organic light emitting
diode (OLED). Earlier this year, Meng notified his employer that he
planned to leave his position and join DuPont in China. At that time
he asked permission to download data to take with him. Although is
request was denied, he allegedly copied about 600 files onto an external
storage device. Meng is Chinese with permanent resident status in the US.
http://www.computerworld.com/s/article/9139014/Former_DuPont_researcher_hit_with_federal_data_theft_charges?taxonomyId=17
http://www.google.com/hostednews/ap/article/ALeqM5hY6U9_VbDLCYkuz8Sn5w4wT10rUgD9B37Q1O0
http://pubs.acs.org/cen/news/87/i41/8741news6.html

**********************************************************************
The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.

Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and eBay and
as Vice-Chair of the President's Critical Infrastructure Protection
Board.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.

Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.

Alan Paller is director of research at the SANS Institute

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin,
Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkrUvhcACgkQ+LUG5KFpTkZKwwCeLkwNuN/GEfw/p6xFWSeN1AbK
tG0AoIP85rftKre7Z4zNgBzj1zqQqsu7
=1hEJ
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]