From: The SANS Institute (NewsBitessans.org)
Date: Tue Apr 06 2010 - 12:20:49 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SANSFIRE has just opened for registrations. This is the largest cyber
conference in the US Capital region, and features the stars of the
Internet Storm Center sharing the new attack data they are seeing.
Register for a course at SANSFIRE and attend the Storm Center briefings
at no cost. https://www.sans.org/sansfire-2010/

*************************************************************************
SANS NewsBites April 6, 2010 Vol. 12, Num. 27
*************************************************************************
TOP OF THE NEWS
  Boeing, U.S. Government Step Up Recruitment for 'Cyberwarriors'
  Domain Name Registrars Distancing Themselves From China
  UK's Digital Economy Bill Assigns Users Burden of Protecting Wireless Networks
THE REST OF THE WEEK'S NEWS
    Companies Should Reevaluate Security Resource Allocations
    Mozilla Updates Firefox Again
    Attempted Cyber Intrusion at Texas Electricity Provider
    Cyberwar Rhetoric Starting to Chafe
    DOE Seeking Applicants for National Electric Sector Cyber Security
       Organization Grant
    DHS to Issue Conficker Report
    Oracle Releases Update for Java
    Australian Plan to Filter Internet Meets With Criticism

**************** Sponsored By Trusted Computer Solutions ****************

OS hardening is risky business when relying on manual scripts to secure
your enterprise. Security Blanket automates this error prone process
for consistent hardening to guidelines such as DISA STIGs and SANS CAG
Top 20 Critical Controls. Saving time and complying with policy is what
Security Blanket is all about. Try it for FREE today!
http://www.sans.org/info/57578
*************************************************************************
TRAINING UPDATE
 -- SANS Northern Virginia Bootcamp 2010, April 6-13
Bonus evening presentations include Safe Surfing: How to Surf the Net
Without Getting PWND
http://www.sans.org/reston-2010/
 -- SANS Security West 2010, San Diego, May 7-15, 2010
23 courses. Bonus evening presentations include Killer Bee:
Exploiting ZigBee and the Kinetic World
http://www.sans.org/security-west-2010/
 -- SANSFIRE 2010, Baltimore, June 6-14, 2010
38 courses. Bonus evening presentations include Software Security
Street Fighting Style and The Verizon Data Breach Investigations
Report
http://www.sans.org/sansfire-2010/
 -- SANSFIRE Rocky Mountain 2010, Denver, July 12-17, 2010
8 courses. Bonus evening presentations include Hiding in Plain Sight:
Forensic techniques to Counter the Advanced Persistent Threat
http://www.sans.org/rocky-mountain-2010/
 -- SANS Boston 2010, August 2-8, 2010
11 courses
http://www.sans.org/boston-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Geneva, Toronto, Amsterdam and Canberra all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

TOP OF THE NEWS
 --Boeing, U.S. Government Step Up Recruitment for 'Cyberwarriors'
(April 6, 2010)
Cal Poly Pomona was the site of a regional cyber security competition
for the National Collegiate Cyber Competition and will be the site of
the California Cyber Camp this summer as part of the 2010 US Cyber
Challenge. Boeing was on hand to hire the best - because it, like every
contractor in the information security space, needs technical talent to
replace the people with soft skills that have been the norm in federal
cyber security.
http://www.bloomberg.com/apps/news?pid=20601100&sid=abmfWsuQyyk0
[Editor's Note (Paller): High school and college kids who know their way
around computers can win scholarships and internships and places in the
cyber camps. See www.uscyberchallenge.org]

 --Domain Name Registrars Distancing Themselves From China
(April 2 & 5, 2010)
In recent weeks, three domain name registrars have announced that they
are pulling out of China. Go Daddy and Network Solutions made their
decisions to withdraw from China last month, and last week, Australia's
Net Registry announced that it will not accept new accounts in China,
although it will continue to host current .cn sites. In a separate
story, the Foreign Correspondents' Club of China has issued a statement
that its website has been taken down after it came under attack. While
the organization does not know who is responsible for the
denial-of-service attacks, the attacks have been linked to computers in
the US and China. The event follows the suspected breach of
journalists' Yahoo email accounts.
http://ibtimes.com.au/articles/20100402/foreign-journalists-site-china-attacked.htm
http://voices.washingtonpost.com/posttech/2010/04/another_incident_another_compa.html
http://news.cnet.com/8301-30684_3-20001095-265.html
http://www.washingtonpost.com/wp-dyn/content/article/2010/03/29/AR2010032903511.html
[Editor's Note (Northcutt): This could be huge. Will China run the
Internet in the future? Probably. If you are 25 years old or younger,
this might be a wise time to take a class in Mandarin Chinese. We can
hold the line for while, but not forever.]

 --UK's Digital Economy Bill Assigns Users Burden of Protecting
Wireless Networks
(April 3, 2010)
The Digital Economy Bill, which is expected to pass Parliament this
week, specifies wi-fi security required of UK Internet users. Many
users would have to spend as much as GBP 70 (US $107) for routers to
protect their wi-fi connections or face fines or disconnection if
attackers use their unprotected connections for illegal filesharing
activity. Users who have older laptops may have to purchase new GBP 20
(US $30) wi-fi cards to protect their computers from intrusions. The
bill has also been called a potential "death-knell" for public access
wi-fi because coffee shops and other businesses offering free wireless
Internet can also be held liable for illegal filesharing activity
conducted over their networks.
http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article7086250.ece
[Editor's Note (Pescatore): There's silliness on both sides of this. The
odds that a household will be attacked via open WiFi is orders of
magnitude lower than their likelihood of malware coming over the wired
Internet and compromising their home network. So, the risk is being
overhyped, but the cost of making home WiFi secure is being way
over-hyped as well. The bigger issue is the language trying to make ISPs
responsible for blocking sites that are allowing "substantial"
infringement of copyrights, designs and patents - this is a real briar
patch.]

*************************** Sponsored Links ***************************
1) Implement least-privilege security management in complex Linux and
UNIX environments leveraging existing infrastructure. On-demand webinar.
http://www.sans.org/info/57583

2) Get real-world forensic techniques from industry-recognized experts
at the 2010 European Community Digital Forensics & Incident Response
Summit April 19-20 in London.
http://www.sans.org/info/57588
*************************************************************************

THE REST OF THE WEEK'S NEWS
 --Companies Should Reevaluate Security Resource Allocations
(April 5, 2010)
According to a study from Forrester Research conducted on behalf of RSA
and Microsoft, companies may not be taking adequate precautions to
protect intellectual property and proprietary information. Compliance
initiatives like the payment card industry data security standard
(PCI-DSS) and data protection laws in Europe, New Zealand, and Australia
require companies to take steps to protect custodial data. The
companies acknowledge that their data security budgets are directed more
at compliance with regulations and laws surrounding consumer data rather
than at protecting company intellectual property assets. Forrester,
Microsoft and RDA make several recommendations for companies to get
their data security strategies in line with the true value of the data
themselves, including identifying and assessing the value of the data
they hold and realigning their security strategies so that secrets and
intellectual property are adequately protected.
http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=224201369&subSection=Vulnerabilities+and+threats
http://www.rsa.com/go/press/RSATheSecurityDivisionofEMCNewsRelease_4510.html
The full paper is available at
http://download.microsoft.com/download/F/2/3/F2398E9C-94FE-496C-BFB2-9DEFE1502ABD/Forrester%20TLP%20-%20The%20Value%20of%20Corporate%20Secrets.pdf
[Editor's Note (Schultz): Although I very much appreciate the Forrester
Group and the work it does, I fear that in this particular instance it
has spent a lot of time and effort telling us what we already know. We
know what to do, but organizations are simply not doing what they have
to do to secure their information assets better.]

 --Mozilla Updates Firefox Again
(April 1 & 5, 2010)
Mozilla has released an update for Firefox to address a critical memory
corruption flaw that could be exploited to execute remotely injected
code. Firefox users are urged to upgrade to version 3.6.3 if they have
not already done so; users who are already running Firefox 3.6 should
already have received automated update notifications. Mozilla just
released Firefox 3.6.2 at the end of March. Mozilla also says it plans
to fix an information leak that has affected major browsers for more
than 10 years. That problem lies in the cascading style sheets history
attack and causes visited links to be displayed in purple instead of
blue. Previous suggested solutions to the problem interfered with the
browsers' functionality, but Mozilla developers say they have arrived
at a solution that will not compromise browser performance.
http://www.h-online.com/security/news/item/Firefox-3-6-3-closes-a-critical-hole-969805.html
http://www.theregister.co.uk/2010/04/05/firefox_browsing_history_fix/
https://developer.mozilla.org/devnews/index.php/2010/04/01/firefox-3-6-3-security-update-now-available/
http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/

 --Attempted Cyber Intrusion at Texas Electricity Provider
(April 3, 2010)
A Texas news outlet has reported that one of the state's largest
electricity providers was the target of an attempted cyber attack. A
confidential email from the Electricity Reliability Council of Texas
obtained by Local 2 Investigates said that an IP address in China was
used 4,800 times to attempt to log in to the computer system of the
Lower Colorado River Authority (LCRA). The attacker was unsuccessful.
The LCRA provides electricity to more than one million Texas residents
in rural areas. Neither the LCRA nor the FBI would comment about the
reported incident.
http://www.click2houston.com/news/23046216/detail.html

 --Cyberwar Rhetoric Starting to Chafe
(March 31 & April 2 & 4, 2010)
US Senators Olympia Snowe (R-Maine) and Jay Rockefeller (D-W. Va),
co-authors of the Cybersecurity Act, wrote in an op-ed column in the
Wall Street Journal this weekend that the country needs to prepare for
cyber war. They warned of attacks that could "disrupt or disable vital
information networks" and "cause catastrophic economic loss and social
havoc." However, in March, White House Cybersecurity Coordinator Howard
Schmidt told Wired magazine that "there is no cyberwar," and there is a
growing and increasingly vocal group of cyber security experts that
thinks the cyber war rhetoric is overblown.
http://www.computerworld.com/s/article/9174682/Senators_ramp_up_cyberwar_rhetoric_?source=CTWNLE_nlt_pm_2010-04-02
http://walt.foreignpolicy.com/posts/2010/03/30/is_the_cyber_threat_overblown
http://www.federaltimes.com/article/20100404/ADOP05/4040301/
[Editor's Note (Paller): This argument is silly. Billions are being
spent on cyber espionage. The United States and its allies are not
faring very well in this timeless competition through which nations
prepare to win - or at least avoid - future wars.
(Weatherford): In his 1994 book, "Agendas, Alternatives, and Public
Policies", John Kingdon characterized the term, "Policy Window" where
he described the process by which policy issues achieve sufficient
momentum to gain traction on the government agenda. The Policy Window
concept makes me think of the 'perfect storm' metaphor because it's all
about timing. A little too early or a little too late and you've missed
the window of opportunity. There have been so many fits and starts in
addressing cybersecurity issues that I'm starting to wonder if the
nation has already missed the "Policy Window?"
(Schultz): I am no particular fan of cyberwar and information warfare
jargon. At the same time, however, it is clear that the U.S. is losing
the battle in these arenas, and has been doing so for years. The sooner
the U.S. government wakes up to this fact, the sooner it will do better
in defending its systems and information from attackers.]

 --DOE Seeking Applicants for National Electric Sector Cyber
Security Organization Grant
(April 1 & 2, 2010)
The US Department of Energy (DOE) plans to award a US $10 million grant
to establish an authority to protect the country's electric power grid.
The National Electric Sector Cyber Security Organization will be charged
with developing strategies to ensure the security of emerging
technologies used in the energy industry, such as the smart grid. The
organization would also be responsible for promoting information sharing
about cyber attacks. Applicants have until April 30, 2010 to submit
proposals.
http://fcw.com/blogs/quick-study/2010/04/energy-grid-cybersecurity-grants.aspx
http://www.networkworld.com/community/node/59586

 --DHS to Issue Conficker Report
(April 1, 2010)
The US Department of Homeland Security (DHS) plans to release a report
this month on worldwide efforts to stave off the spread of Conficker.
The report will describe the creation and efforts of the Conficker
Working Group, a coalition of researchers and Internet providers focused
on addressing the malware. The group "was a very good example of the
private sector, globally, working together to try to solve a
cybersecurity attack;" the report aims to identify "what worked [and]
what didn't work" and to develop a model of cooperation that will enable
effective responses in the future.
http://www.networkworld.com/news/2010/040210-dhs-studying-global-response-to.html?source=NWWNLE_nlt_security_2010-04-05

 --Oracle Releases Update for Java
(April 1 & 2, 2010)
Oracle has released new versions of Java for Windows, Linux and Solaris
systems. The update, Java 6 Update 19, incorporates 27 fixes for
security issues in earlier versions of the software. The Java installer
now removes older versions of the software, but it has not always done
so. If users have older versions of Java running, they may find several
versions of the software on their computers; these should be removed.
Brian Krebs recommends that if you don't use Java, don't install it at
all; if you need it later, you can install it at that time. The
software is increasingly being targeted by malware. If you choose to
install the update, read the windows carefully; Java will install
several browser toolbars by default.
http://www.krebsonsecurity.com/2010/04/java-patch-plugs-27-security-holes/#more-2234
http://www.pcmag.com/article2/0,2817,2362201,00.asp
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
Internet Storm Center: http://isc.sans.org/diary.html?storyid=8572

 --Australian Plan to Filter Internet Meets With Criticism
(March 29, 2010)
US State Department officials have expressed concern over the Australian
government's plan to deploy Internet filters. The practice runs counter
to the US policy of encouraging open Internet access around the world.
Google has voiced its opinion that the Australian plan could inhibit the
free flow of information and is likely to be ineffective in preventing
the spread of offensive Internet content.
http://www.theaustralian.com.au/business/media/stephen-conroy-and-us-at-odds-on-net-filter/story-e6frg996-1225846614780
[Editor's Note (Pescatore): No one complains about routine spam and
anti-viral filtering of commercial web-email, and Google routinely
interrupts access to malware-infested sites. The issue is not having
some form of a blacklist; the issue with the Australian plan is the
criteria used to add sites to the blacklist. What's needed is a
transparent process, much like what has been done for rating content in
movies.]

**********************************************************************
The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.

Prof. Howard A. Schmidt is the Cyber Coordinator for the President of
the United States

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.

Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.

Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.

Alan Paller is director of research at the SANS Institute

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAku7ZCEACgkQ+LUG5KFpTkbxiQCgmSSoX3UPLGz+6vLXRLeQuoP5
m1kAnAjgsb6WG23zbJrp1wxlZm7lPsGr
=mLp2
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]