|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Fri Nov 06 2009 - 13:10:09 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*************************************************************************
SANS NewsBites November 6, 2009 Vol. 11, Num. 88
*************************************************************************
TOP OF THE NEWS
EU Legislators Reach Agreement on Internet Access Rights and Illegal
Downloading
FBI Warns More Than US $100 Million Stolen Through Automated Clearing
House System Fraud
Senate Judiciary Committee Approves Two Breach Notification Bills
THE REST OF THE WEEK'S NEWS
Judge Punishes Attorney for Disregarding Privacy Practices
Zero-Day Flaw in SSL and TLS Protocols
Cookie Issue Allows Attackers to target Main Domain From Subdomain
Microsoft to Issue Six Bulletins on November 10
Two Indicted for Unauthorized Computer Access
Adobe Issues Shockwave Security Update
Corporate Data Compromise Leads to Increased Risk of Identity Fraud
************************ Sponsored By SANS ******************************
Using the Network to detect incidents - Focusing on hosts to
detect incidents. Two critical themes of the Incident Detection
Summit December 9-10. Attend and hear expert speakers tell what
network-centric and host-centric indicators yield the best results
as well as how to collect/analyze them.
http://www.sans.org/info/50448
*************************************************************************
TRAINING UPDATE
-- SANS San Francisco, November 9-14,
http://www.sans.org/sanfrancisco09
-- SANS Sydney, November 9-14
http://sans.org/sydney09/
-- SANS Hong Kong, November 9-14
http://www.sans.org/hong-kong-forensics-2009/
-- SANS Vancouver, November 14-19
http://www.sans.org/vancouver09/
-- SANS London, UK, November 28-December 6,
16 courses, bonus evening sessions: Hex Factor, Forensics Mini Summit and more
http://sans.org/london09/
-- SANS CDI, Washington DC, December 11-18,
http://www.sans.org/cyber-defense-initiative-2009
-- SANS Security East 2010, New Orleans, January 10-18, 2010
19 courses, bonus evening presentations
http://www.sans.org/security-east-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus New Delhi, Geneva and Qatar all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************
TOP OF THE NEWS
--EU Legislators Reach Agreement on Internet Access Rights and
Illegal Downloading
(November 5, 2009)
European Union legislators have reached an agreement that strikes a
balance between citizens' rights to Internet access and the need to
protect copyright holders' interests. Internet users are granted
protection from having their Internet access arbitrarily cut off if
they are suspected of illegal filesharing. Internet access can be cut
off only if national authorities have proof that users have illegally
downloaded copyrighted material. The EU agreement, which has yet to
be confirmed, does not require that authorities obtain a court order
before cutting suspected offenders off from the Internet. France has
already enacted a three-strikes policy for illegal downloaders,
but connections cannot be severed without an order from a judge.
Britain is considering similar rules. Spain has said it will not
cut illegal downloaders off from the Internet.
http://www.net-security.org/secworld.php?id=8472
http://www.msnbc.msn.com/id/33655437/ns/technology_and_science-security/
http://www.computerworld.com/s/article/9140364/EU_breaks_deadlock_in_debate_over_right_to_Internet_access?source=rss_security
http://www.nytimes.com/2009/11/06/technology/internet/06net.html?_r=1&ref=technology
http://www.theregister.co.uk/2009/11/05/span_does_not_intend_to_pursue_web_disconnection/
--FBI Warns More Than US $100 Million Stolen Through Automated
Clearing House System Fraud
(November 3 & 4, 2009)
The FBI's Internet Crime Complaint Center has issued an Intelligence
Note warning of increased fraudulent use of the Automated Clearing
House (ACH) system to steal more than US $100 million from small and
medium sized businesses, municipal governments and school districts.
In general, the online attacks use social engineering techniques to
trick users into installing malware on computers used to conduct
financial transactions. Once the criminal have access to the
organizations' bank accounts, they transfer money out to accounts
often opened by "money mules," people who have agreed to forward the
money to overseas accounts for a small fee. The transfers are kept
under US $10,000 to avoid triggering currency transaction reports.
http://www.ic3.gov/media/2009/091103-1.aspx
http://www.networkworld.com/news/2009/110309-fbi-warns-of-100m-cyber-threat.html
http://news.cnet.com/8301-27080_3-10390118-245.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://www.securityfocus.com/brief/1032
http://www.scmagazineus.com/FBI-Money-mule-scams-top-100-million/article/157066/
--Senate Judiciary Committee Approves Two Breach Notification Bills
(November 5 & 6, 2009)
On Thursday, the US Senate Judiciary Committee approved both the
Personal Data Privacy and Security Act of 2009 and the Data Breach
Notification Act. The bills now go before the full Senate. The
Personal Data Privacy and Security Act would require organizations that
retain consumer data to establish data privacy and security programs.
The bill would also impose significant fines for failing to disclose
a data breach and require that entities experiencing data security
breaches notify those whose information was compromised and also
notify law enforcement authorities. The Data Breach Notification
Act would establish a federal law requiring data breach notification
that would supersede all existing state breach notification laws.
The bill would also require organizations to report large breaches
to the US Secret Service.
http://www.computerworld.com/s/article/9140408/Federal_data_protection_law_inches_forward?source=rss_security
http://www.pcworld.com/article/181549/senate_panel_approves_databreach_notification_bills.html
http://www.nextgov.com/nextgov/ng_20091105_7308.php?oref=topnews
http://computerworld.co.nz/news.nsf/scrt/6402CA6D786CBA34CC25766500775C35?opendocument&utm_source=security&utm_medium=email&utm_campaign=security
[Editor's Note (Schultz): Both bills will face considerable opposition
in the full Senate. Opponents assert that if passed, these pieces of
legislation would be too costly to businesses.]
************************ Sponsored Links: ****************************
1) Steamlining Security Awareness Training (SAT) with SecureAware from
Lightwave Security Or Rapidly deploy PCI, COBIT, and ISO compliant
Security Awareness Training(SAT)
http://www.sans.org/info/50453
2) REGISTER NOW for the upcoming webcast: A Day In The Life Of A
Configuration Compliance Exception
http://www.sans.org/info/50458
3) Website HealthCare Reform is Coming... Watch Out Nov 9, 2009. Sign
up now to be first in line. http://www.sans.org/info/50463
***********************************************************************
THE REST OF THE WEEK'S NEWS
--Judge Punishes Attorney for Disregarding Privacy Practices
(November 5, 2009)
A US District Judge in Minnesota has reprimanded attorney Vincent J.
Moccio for including the Social Security numbers (SSNs) and birth
dates of 179 people in an electronically filed court brief. Judge
Michael J. Davis ordered Moccio to provide credit monitoring for
all affected individuals and to pay US $5,000 to an area food bank.
The censure and punishment was not requested by anyone in the court
case; instead, the judge used his "inherent power" to impress upon
Moccio the importance of adhering to effective privacy practices.
http://www.theregister.co.uk/2009/11/05/judge_sanctions_attorney/
--Zero-Day Flaw in SSL and TLS Protocols
(November 5, 2009)
A zero-day flaw in the Secure Sockets Layer (SSL) and Transport
Layer Security (TLS) protocols could be exploited to launch a
man-in-the-middle attack. The discovery of this authentication
gap vulnerability means that all affected libraries will need to
be patched. Representatives from leading technology firms have
been meeting since late September to develop a new standard to fix
the vulnerability.
http://www.computerworld.com/s/article/9140362/Scramble_on_to_fix_flaw_in_SSL_security_protocol?source=rss_security
http://www.theregister.co.uk/2009/11/05/serious_ssl_bug/
http://www.h-online.com/security/news/item/Vulnerability-in-SSL-TLS-protocol-851478.html
http://www.scmagazineus.com/Serious-vulnerability-in-SSL-discovered/article/157173/
http://news.zdnet.co.uk/security/0,1000000189,39860592,00.htm
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221600523
--Cookie Issue Allows Attackers to target Main Domain From Subdomain
(November 4 & 5, 2009)
A problem with the way browsers handle cookies could be exploited to
attack a website's main domain through its subdomains. A researcher
has published a paper in which he offers proof-of-concept examples of
the attack for the Google, Expedia and Chase Manhattan Bank websites.
The problem lies in a browser protocol, RFC 2965, which says "that
browsers must allow subdomains to set and read cookies for their
parent."
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221600496&subSection=Vulnerabilities+and+threats
http://www.securecomputing.net.au/News/159809,browser-cookie-handling-could-widen-web-attack-space.aspx
http://www.theregister.co.uk/2009/11/04/website_cookie_stealing/
--Microsoft to Issue Six Bulletins on November 10
(November 5, 2009)
According to Microsoft Security Bulletin Advance Notification, the
company will issue six security bulletins on Tuesday, November 10.
Three of the bulletins are rated critical, and three are rated
important. All three of the critical bulletins and two of the
important bulletins address remote code execution vulnerabilities; the
other important bulletin addresses a denial-of-service vulnerability.
The bulletins address flaws in Microsoft Windows and Office.
http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx
http://news.cnet.com/8301-27080_3-10391568-245.html?part=rss&subj=news&tag=2547-1009_3-0-20
--Two Indicted for Unauthorized Computer Access
(November 4 & 5, 2009)
Two former employees of the Stens Corporation, one from Indiana and one
from Kentucky, have been indicted on charges of computer intrusion for
allegedly breaking into the company's computer systems. According to
the indictment, Scott R. Burgess and Walter D. Puckett allegedly
accessed the Stens computer systems about a dozen times with passwords
they had used up to two years previously. When administrators at
Stens became suspicious, they terminated the old passwords, but
the men were able to successfully guess the new login credentials.
The men were allegedly working for a Stens competitor at the time of
the intrusions. If convicted, the men could face up to five years
in prison and a US $250,000 fine.
http://indianapolis.fbi.gov/dojpressrel/pressrel09/ip110409.htm
http://www.theregister.co.uk/2009/11/05/computer_intrusion_charges_filed/
--Adobe Issues Shockwave Security Update
(November 3, 4 & 6, 2009)
Adobe has updated its Shockwave Player to fix five critical flaws.
Four of the vulnerabilities could be exploited to inject and execute
malicious code. For an attack to succeed, users would need to be
tricked into visiting specially crafted websites. Four of the flaws
could be exploited to execute code; the fifth could be exploited to
create denial-of-service conditions. Adobe recommends that users
upgrade to Shockwave version 11.5.2.602 as soon as possible.
http://www.h-online.com/security/news/item/Adobe-patches-critical-vulnerabilities-in-Shockwave-Player-849517.html
http://www.v3.co.uk/v3/news/2252654/adobe-patches-five-critical
http://www.adobe.com/support/security/bulletins/apsb09-16.html
--Corporate Data Compromise Leads to Increased Risk of Identity Fraud
(November 4, 2009)
People who have received data breach notification letters from
companies are four times more likely to be victims of identity fraud.
This is despite claims made by many companies that they do not see any
indication that the compromised data are being used by criminals.
The study also found that most consumers do not see a direct
correspondence between breach notification letters and identity fraud.
http://www.darkreading.com/security/privacy/showArticle.jhtml?articleID=221600348
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and
the author/co-author of books on Unix security, Internet security,
Windows NT/2000 security, incident response, and intrusion detection
and prevention. He was also the co-founder and original project manager
of the Department of Energy's Computer Incident Advisory Capability
(CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level
IT Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet
Storm Center and Dean of the Faculty of the graduate school at the
SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses,
worms, Trojans, P2P, spyware, and other applications for use in
TippingPoint's Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and
eBay and as Vice-Chair of the President's Critical Infrastructure
Protection Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and
he is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune
50 company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner
for Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer
of the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and
is widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFK9GvY+LUG5KFpTkYRApqCAJ9fLjT+IE5J4AGKaxgS+GjFTC9xCwCeNepB
ew2F8r7KuFkzOPOG1/TEOpc=
=jRcA
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]