From: The SANS Institute (NewsBitessans.org)
Date: Tue Apr 27 2010 - 14:00:28 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*************************************************************************
SANS NewsBites April 27, 2010 Vol. 12, Num. 33
*************************************************************************
TOP OF THE NEWS
  IT Security Job Market Getting Stronger
  US Defense Contractors Bulk Up on Cyber Skills To Compete for New Money
  No Agreement on UN Global Cyber Crime Treaty
THE REST OF THE WEEK'S NEWS
    Blippy Will Hire CSO After Data Leak
    NHS Computers Reportedly Infected with Qakbot
    Microsoft Pulls Ineffective Patch
    Chinese Company Must Pay Microsoft for Using Illegal Software
    Former NSA Official Pleads Not Guilty in Data Leak Case
    Man Indicted on Cyber Extortion Charges
    NSA Holds 10th Annual Cyber Defense Exercise
    Affinity Health Plan Acknowledges Data Breach
  
********************* Sponsored By Palo Alto Networks *******************

Join Palo Alto Networks on May 7th in one of 15 cities in North America
to hear Gartner discuss the state of the firewall market and give
predictions for the future of network security. Then enjoy the premiere
of Iron Man 2.
http://www.sans.org/info/58443
*************************************************************************
TRAINING UPDATE
- -- SANS Security West 2010, San Diego, May 7-15, 2010
23 courses. Bonus evening presentations include Killer Bee:
Exploiting ZigBee and the Kinetic World
http://www.sans.org/security-west-2010/
- -- SANSFIRE 2010, Baltimore, June 6-14, 2010
38 courses. Bonus evening presentations include Software Security
Street Fighting Style and The Verizon Data Breach Investigations
Report
http://www.sans.org/sansfire-2010/
- -- SANS Secure Europe Amsterdam 2010, June 21-July 3, 2010
8 courses.
http://www.sans.org/secure-amsterdam-2010/
- -- SANS Rocky Mountain 2010, Denver, July 12-17, 2010
8 courses. Bonus evening presentations include Hiding in Plain Sight:
Forensic techniques to Counter the Advanced Persistent Threat
http://www.sans.org/rocky-mountain-2010/
- -- SANS Boston 2010, August 2-8, 2010
11 courses. Special Events include Rapid Response Security Strategy Competition
http://www.sans.org/boston-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Geneva, Toronto, Singapore and Canberra all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

TOP OF THE NEWS
 --IT Security Job Market Getting Stronger
(April 24, 2010)
The high profile attacks against Google disclosed earlier this year are
prompting companies to take a look at their own cyber security posture.
The public awareness of data breaches has heightened awareness of the
need for people with skills to protect valuable information assets. In
the first three months of 2010, one employment market information
company has seen a 25 percent jump in the number of cyber security job
openings, from 32,000 to 40,000. An information security recruitment
company says it has seen a 50 percent increase in the number of
companies seeking IT security specialists. Companies that have been
working with limited employees are feeling the pinch of not having
adequate data security in place. The companies are looking for people
with specific skill sets: particularly those with experience in identity
and access management; cloud computing security; forensics; and reverse
engineering.
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/04/23/BUOJ1D2VIK.DTL
[Editor's Note (Paller): Although not included in the final version, the
journalist who wrote this story told me, during our interview, that the
recruiters he had contacted said that out-of-work people with management
credentials in cyber security were lingering on the job market for six
months and often much longer. Demand has dropped off for people with
soft skills, but is increasing for those people when they can prove they
can do the technical work required to protect systems and networks.
(Northcutt): There do appear to be "green shoots" of employment growth
in the security field. I am not sure about identity and access
management, but I know people are desperate to find qualified incident
response people who can find and eliminate modern malware.]

 --US Defense Contractors Bulk Up on Cyber Skills To Compete for New Money
(March 18, 2010)
Defense firms are investing in cyber security skills training, in
acquiring small security companies, and in hiring new talent to tap new
revenue streams and offset declining revenue from traditional weapon
systems purchased by the US Department of Defense. Northrup-Grumman,
Lockheed-Martin, Raytheon, and Europe's biggest defense contractor, BAE
Systems, are all mentioned. They face substantial competition in this
new market from consulting firms such as Booz Allen & Hamilton.
http://online.wsj.com/article/SB123733224282463205.html
[Editor's Note (Paller): The new competition has almost entirely halted
the "rush to mediocrity" that DoD contractors launched in response to
DoD's 8570 mandate. Contractors tell us that certifications like
Security+ are now seen by government proposal review boards as overt
signs of "paper skills," doing more harm than good in competitions for
new contracts.]

 --No Agreement on UN Global Cyber Crime Treaty
(April 23, 2010)
A proposed global cyber crime treaty was rejected by the United Nations
after Russia, China and several other countries could not bridge human
rights and sovereignty differences over the treaty's contents with the
UK, the US, Canada, and the European Union. The advent of cyber crime
has prompted countries to seek international agreements to allow law
enforcement agencies the authority to pursue cases outside their own
geo-political borders. The advent of cloud computing has made the need
for such arrangements even more pressing. The EU and the US maintain
there is no need for a new treaty because the Budapest Convention on
Cybercrime already exists and has been ratified by 46 countries. That
treaty allows law enforcement authorities to cross borders to access
servers without the consent of local authorities as long as the network
owners give their permission.
http://www.scmagazineus.com/global-cybercrime-treaty-rejected-at-un/article/168630/

************************* Sponsored Links: ******************************

1) Just added: 2 bonus sessions at this year's SANS Security
Architecture Summit April 24th - 26th in Las Vegas.
http://www.sans.org/info/58453

2) The 2010 SANS What Works in Penetration Testing & Vulnerability
Assessment Summit features an agenda loaded with brand-new talks from
the best penetration testers and vulnerability assessment leaders in the
world. http://www.sans.org/info/58458

3) Save $350 on the SANS Forensics and Incident Response Summit when you
book by May 26, 2010. http://www.sans.org/info/58463
*************************************************************************

THE REST OF THE WEEK'S NEWS
 --Blippy Will Hire CSO After Data Leak
(April 23 & 26, 2010)
Social networking and shopping site Blippy has announced that it is
hiring a chief security officer in the wake of a security incident that
exposed members' credit card numbers in Google searches. The data leak
was due to technical oversight that permitted transaction data to appear
in some HTML code for several hours in February. Blippy was unaware,
however, that a Google crawler had indexed Blippy pages that contained
the sensitive account information. Blippy has since asked Google to
remove the information. Blippy also plans to hire information security
staff to work with the CSO and focus solely on data protection.
http://www.csoonline.com/article/591967/Social_network_Blippy_to_hire_CSO_in_wake_of_security_woes
http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=224600308
[Editor's Note (Pescatore): This is a common path for consumer-grade,
advertising supported services. The business model is to make money by
exposing people's information and selling advertising around it, so
security is really not Job #1 - data protection severely limits revenue
possibilities. What's really needed is a security architect on the app
dev side, and focus on security *before* the service is turned on.]

 --NHS Computers Reportedly Infected with Qakbot
(April 23, 2010)
Some of the UK's National Health Service (NHS) computers have been
infected with Qakbot, malware that is designed to steal data, including
credit card information, search histories and account passwords. More
than 1,100 computers appear to have been affected. Qakbot is normally
detected by most off-the-shelf security software. Researchers
monitoring the malware say it has the capability to steal significant
amounts of data. The malware spreads through web pages manipulated to
exploit known flaws in Internet Explorer and QuickTime, and through file
shares on local networks. It spreads at a measured pace so as not to
attract attention.
http://www.theregister.co.uk/2010/04/23/nhs_worm_infection/
http://www.computerworld.com/s/article/9175943/Update_Malware_infects_UK_National_Health_Service_systems?taxonomyId=85

 --Microsoft Pulls Ineffective Patch
(April 23, 2010)
Microsoft has stopped distributing one of the 11 patches it issued on
April 13 because of "quality issues." The company plans to release a
refined version of the patch before the end of the month. The MS10-025
update did "not address the underlying issue effectively." The update
is meant to fix a critical remote code execution flaw in the way Windows
2000 Server handles network packets while running Windows Media
Services. This appears to be the first instance in which Microsoft has
pulled a patch without having a replacement available.
http://www.computerworld.com/s/article/9175954/Microsoft_pulls_April_patch?taxonomyId=17
http://www.scmagazineus.com/microsoft-revokes-recent-security-bulletin-for-critical-flaw/article/168623/
http://www.h-online.com/security/news/item/Microsoft-withdraws-placebo-patch-985141.html

 --Chinese Company Must Pay Microsoft for Using Illegal Software
(April 23, 2010)
A Chinese court has ordered an insurance company there to pay Microsoft
2.2 million yuan (US $322,000) for using illegal copies of Microsoft
software, including Windows XP and Microsoft Office. Microsoft said
that Dazhong Insurance was using 450 illegal copies of its software.
Dazhong plans to appeal the verdict. The case is the first brought by
Microsoft against a large Chinese company for software copyright
infringement. The rate of pirated software in China in 2008 was
estimated to be 80 percent; while still high, the number is lower than
in previous years.
http://www.computerworld.com/s/article/9175937/Microsoft_wins_piracy_case_against_Chinese_company?taxonomyId=144
[Editor's Note (Schultz): If this verdict is upheld, it would signal a
major change of direction regarding software piracy in China.]

 --Former NSA Official Pleads Not Guilty in Data Leak Case
(April 23 & 24, 2010)
Former National Security Agency (NSA) official Thomas Andrews Drake has
pleaded not guilty to charges of willful retention of national defense
information, obstruction of justice and making a false statement. Drake
allegedly leaked NSA secrets to a journalist who used the information
in a series of articles about problematic programs within the NSA.
Drake's attorneys have requested that he be tried by a jury; a trial has
been scheduled for October.
http://www.washingtonpost.com/wp-dyn/content/article/2010/04/23/AR2010042303458.html
http://www.baltimoresun.com/news/maryland/bs-md-br-nsa-leaks-case-20100423,0,5848791.story
Text of Indictment:
http://www.fas.org/sgp/news/2010/04/drake-indict.pdf

 --Man Indicted on Cyber Extortion Charges
(April 23, 2010)
Anthony Digati has been indicted on charges of cyber extortion for
threatening to spread negative information about his insurance company
and former employer over a dispute concerning a variable universal life
insurance policy. Digati, a former registered agent and manager at New
York Life Insurance Company, allegedly demanded that the company pay him
nearly US $200,000; he had paid just under US $50,000 in premiums. If
the demand was not met by a certain date, he is alleged to have said the
amount would increase to US $3 million and that he would send millions
of email messages to people disparaging the company. If convicted,
Digati could face up to two years in prison.
http://www.wired.com/threatlevel/2010/04/spam-extortion/
http://www.wired.com/images_blogs/threatlevel/2010/04/digati.pdf
Text of Indictment:
http://www.justice.gov/usao/nys/pressreleases/April10/digatianthonyindictmentpr.pdf

 --NSA Holds 10th Annual Cyber Defense Exercise
(April 22, 2010)
The National Security Agency (NSA) held its 10th annual Cyber Defense
Exercise last week. The competition involves students from US military
academies battling each other and the competition leaders in cyber
space. Competition participants "build and defend computer networks
against simulated intrusions by the National Security Agency Services
Red Team." They will face a variety of threats, including malicious
attachments and scanning. There is also a gray-cell, or uneducated user
on this year's NSA team; this individual is clicking on all links.
http://news.cnet.com/8301-13772_3-20003203-52.html?part=rss&subj=news&tag=2547-1_3-0-20
http://www.infosecurity-us.com/view/8989/nsa-holds-cyber-boot-camp/

 --Affinity Health Plan Acknowledges Data Breach
(April 21, 2010)
A New York managed health care service is notifying more than 400,000
people that their personally identifiable information may have been
compromised. The data were held on the hard drive of a digital copier
that had been leased by Affinity Health Plan and then returned to the
leasing company. The notification follows an NBC News story about
information contained on hard drives of used digital copiers. Affinity
has not yet reviewed the data, but the breach is believed to affect
former and current employees, providers, job applicants, members, and
coverage applicants.
http://www.darkreading.com/database_security/security/privacy/showArticle.jhtml?articleID=224600001
[Editor's Note (Honan): Any device with a hard disk can pose a risk to
your data. ENISA published an interesting paper regarding the security
risks associated with most printers and it is available from
http://www.enisa.europa.eu/act/ar/deliverables/2008/secure-printing ]

**********************************************************************
The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.

Prof. Howard A. Schmidt is the Cyber Coordinator for the President of
the United States

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.

Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.

Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin,
Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkvXFx8ACgkQ+LUG5KFpTkbGYQCfXulEsWPTo5Nd4CDFD5Ahja8F
0/4AoJA0zemTxncsWeoH5lYsGL2XS9ns
=Uj2n
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]