|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Tue Nov 23 2010 - 12:00:13 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Seven days left to get a 16GB iPad with any of 28 SANS OnDemand courses
including Auditing, Penetration Testing, Forensics, Secure Coding,
Wireless, CISSP training and more. See:
http://www.sans.org/ondemand/discounts.php#current
**************************************************************************
SANS NewsBites November 23, 2010 Vol. 12, Num. 93
**************************************************************************
TOP OF THE NEWS
Stuxnet Suspected to be Behind Iranian Nuclear Setback
Bill Would Give DHS Authority to Fine Critical Companies For
Inadequate Security
Google to Destroy UK Street View Wi-Fi Data
THE REST OF THE WEEK'S NEWS
Alleged Federal Reserve Bank Hacker Arraigned
Google Fixes Gmail Address Leak
MoD Official Targeted by Malicious eMail
Man Used Malicious eMail to Steal Personal Information and Take
Control of Webcams
Kroxxu Botnet on One Million Systems
Microsoft Embraces Kinect Tinkerers
Senator Says He Will Fight Antipiracy Legislation
Adobe Releases Reader X
Guilty Plea in Wiseguys Ticket CAPTCHA Case
Britain's Lord Chief Justice Voices Concerns About Intrusion of
Internet Into Jury Trials
LifeLock Sending Refund Checks as Part of Settlement With FTC
******************* Sponsored By Palo Alto Networks ********************
REGISTER NOW! Please join us for the SANS Analyst Webcast: Taming the
Social Networking Beast on December 7, 1PM EST sponsored by Palo Alto
Networks. In this webcast, learn the risks social networking brings to
enterprises and how to enable social networking while protecting against
risks. Featuring SANS Fellow Eric Cole, PhD. Register for this webcast
to receive an advance copy of a special SANS accompanying whitepaper on
the same topic. Go to: http://www.sans.org/info/67153
*************************************************************************
TRAINING UPDATE
New "Combating Malware in the Enterprise" course at SANS (SEC569).
How do you fight off malware when you have thousands of hosts?
Course debut in Las Vegas (Sept'10) and Washington DC (Dec'10):
http://www.sans.org/security-training/combating-malware-enterprise-1482-mid
-- SANS London 2010, November 27-December 6, 2010
14 courses. Bonus evening presentations include Latest Advances in
Computer Forensics; and Continuous Vulnerability Testing and
Remediation: The 20 Critical Security Controls Perspective
http://www.sans.org/london-2010/
-- SANS Cyber Defense Initiative 2010, Washington DC, December 10-17, 2010
24 courses. Bonus evening presentations include Browser Based
Defenses; Continuous Vulnerability Testing and Remediation: the 20
Critical Security Controls Perspective; and Cyberwar or Business as
Usual? The State of US Federal CyberSecurity Efforts
http://www.sans.org/cyber-defense-initiative-2010/
-- SANS Security East 2011, New Orleans, LA, January 20-27, 2011
12 courses. Bonus evening presentations and special events include
Happy Little Clouds: Governing, Assessing and Auditing Cloud
Environments; and Future Trends in Network Security
http://www.sans.org/security-east-2011/
-- SANS 2011, Orlando, FL, March 27-April 4, 2011
39 courses. Bonus evening presentations and special events include
Hiding in Plain Sight: Forensic Techniques to Counter the Advanced
Persistent Threat; and Law and the Public's Perception of Data
Security
http://www.sans.org/sans-2011/
-- Looking for training in your own community?
http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Los Angeles, Atlanta, San Francisco, Bangalore all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
****************************************************************************
TOP OF THE NEWS
--Stuxnet Suspected to be Behind Iranian Nuclear Setback
(November 22, 2010)
Iran's nuclear program has experienced a setback, but diplomats have no
specific information about the problem that forced the powering down of
enrichment machines. The Stuxnet worm is suspected to be involved.
Hundreds of centrifuges have been taken offline in the last
year-and-a-half.
http://www.msnbc.msn.com/id/40323245/ns/world_news-mideastn_africa/
Editor's Comment (Northcutt): NewsBites reader Mark Walker wrote to
point out that there is a risk someone could reverse engineer Stuxnet
and use the information to attack other targets. We may think of
Stuxnet as an attack, but it could also be a transfer of technology.]
--Bill Would Give DHS Authority to Fine Critical Companies For
Inadequate Security
(November 19, 2010)
Proposed legislation would give the US Department of Homeland security
(DHS) the authority to impose fines of up to US $100,000 a day on
organizations that are responsible for elements of the country's
critical infrastructure if they have not complied with cyber security
directives imposed by DHS. The Homeland Security Cyber and Physical
Infrastructure Protection Act would have DHS create a list of companies
whose operations are critical to the continuing operation of the
country's infrastructure. Those companies will be required to comply
with DHS established regulations, which could include submitting their
cyber security plans to DHS for approval and having "announced or
unannounced audits and inspections." It would also call for DHS
Secretary Janet Napolitano to appoint a cyber security chief. The bill
has raised concerns among many who say that DHS lacks the expertise to
establish cyber security requirements and evaluate their effectiveness.
http://news.cnet.com/8301-13578_3-20023464-38.html
[Editor's Note (Pescatore): There is a predictable arc to all compliance
regimes that almost invariably ends in the cost of feeding the
compliance regime exceeding any measurable security gain. At first, that
new compliance regime allows us to finally convince management to fund
necessary security improvements but the next year the compliance monster
gets hungrier - and every year after that. Security *spending* always
goes up, the actual level of security rarely does.
(Schultz): Having both a DHS cyber security chief and a Presidential
cybersecurity advisor would be anything but good. It would at a minimum
set the stage for incessant conflict. ]
--Google to Destroy UK Street View Wi-Fi Data
(November 19, 2010)
Google will destroy the data it collected in the UK while gathering
information for Street View, according to the Information Commissioner's
Office (ICO). Deputy Information Commissioner David Smith said there
was no evidence that the data "had fallen into the wrong hands" and that
his office would not conduct any further enquiries into the issue.
http://www.bbc.co.uk/news/technology-11797907
http://www.msnbc.msn.com/id/40280537/ns/technology_and_science-security/
******************** SPONSORED LINK ********************************
1) REGISTER NOW for the upcoming webcast: Beyond AV: Total Endpoint
Security For Multi-Regulatory Compliance and Better Security, Sponsored
By: BigFix
http://www.sans.org/info/67158
**********************************************************************
THE REST OF THE WEEK'S NEWS
--Alleged Federal Reserve Bank Hacker Arraigned
(November 22, 2010)
Lin Mun Poo, the Malaysian man who allegedly hacked into a Federal
Reserve Bank of Cleveland computer system as well as computer systems
at a Defense Contractor and "several major international banks," was
arraigned in federal court on November 22. Poo entered a plea of not
guilty. One law enforcement official called the alleged activity "scary
stuff." Poo was arrested in October just after flying into John F.
Kennedy International Airport; he had with him a "heavily encrypted"
laptop computer that was found to contain "more than 400,000 [payment
card] and bank account numbers." He is facing charges of access device
fraud, aggravated identity theft, unlawful transmission of computer code
and commands, and unauthorized computer access involving government
information.
http://www.msnbc.msn.com/id/40306517/ns/us_news-security/
Indictment: http://msnbcmedia.msn.com/i/msnbc/Sections/NEWS/poo_indictment.pdf
--Google Fixes Gmail Address Leak
(November 22, 2010)
Google fixed a flaw over the weekend that allowed spam to be sent to
Gmail users who had visited certain websites while logged in to their
Gmail accounts. The problem in the Google Apps Script API was fixed
soon after Google was alerted to the issue.
http://www.eweek.com/c/a/Security/Google-Patches-Security-Flaw-Affecting-Gmail-Users-162318/
http://technolog.msnbc.msn.com/_news/2010/11/22/5509761-security-hole-let-hacker-harvest-gmail-addressess
--MoD Official Targeted by Malicious eMail
(November 22, 2010)
An email received by a British defense official was found to contain
malware designed to leak information from infected system to a foreign
intelligence agency. The message came from an individual the official
had met at a conference.
http://www.theregister.co.uk/2010/11/22/mod_spear_phish/
--Man Used Malicious eMail to Steal Personal Information and Take
Control of Webcams
(November 22, 2010)
Matthew Anderson of Keith, Banffshire, Scotland has admitted to an
offense under the UK's Computer Misuse Act for his role in an email
scheme designed to steal personal data. He sent spam containing malware
that allowed him access to users' computers. Anderson gained remote
control of users' webcams and spied on them in their homes. Law
enforcement agents found other people's photographs and medical reports
on Anderson's computer. He is to be sentenced on November 23.
http://news.stv.tv/scotland/highlands-islands/211018-computer-hacker-controlled-victims-webcams-from-mothers-front-room/
--Kroxxu Botnet on One Million Systems
(November 22, 2010)
The Kroxxu Botnet appears to have infected more than 100,000 domains and
may be present on as many as one million systems around the world. It
is not yet clear if those in control of Kroxxu are using it to make
money and if they are, how they are making money. Kroxxu is designed
specifically to steal FTP passwords. It spreads only through infected
websites.
http://www.v3.co.uk/v3/news/2273368/kroxxu-avast-botnet-threats
http://www.securecomputing.net.au/News/239314,kroxxu-botnet-targets-one-million-users.aspx
http://www.thenewnewinternet.com/2010/11/22/kroxxu-botnet-infects-100000-domains-1-million-users/
--Microsoft Embraces Kinect Tinkerers
(November 21 & 22, 2010)
Microsoft has backtracked on its vague threats to pursue legal action
against people who tampered with its newly-released Kinect gaming
device. Craig Davidson, senior director for Xbox Live, has now said
"Anytime there is engagement and excitement around our technology, we
see that as a good thing." Kinect inspires technophiles because of its
use of "cameras, sensors and software that let it detect movement,
depth, and the shape and position of the human body."
http://www.nytimes.com/2010/11/22/technology/22hack.html?ref=technology
http://www.pcworld.com/article/211299/microsoft_flipflops_on_kinect_computer_hack.html
--Senator Says He Will Fight Antipiracy Legislation
(November 19, 2010)
US Senator Ron Wyden (D-Oregon) said he will fight proposed legislation
that would give the US government the authority to shut down web sites
believed to be dedicated to illegal filesharing. Calling the Combating
Online Infringement and Counterfeits Act the "wrong medicine" for
addressing illegal filesharing, Wyden said the proposed law is too
broad. The bill was approved last week by the Senate Judiciary
Committee; it allows the Justice Department to file civil actions
against domain names believed to be involved with digital piracy.
http://www.nextgov.com/nextgov/ng_20101119_5885.php?oref=topnews
http://www.computerworld.com/s/article/9197341/Senator_threatens_to_block_online_copyright_bill?taxonomyId=17
--Adobe Releases Reader X
(November 19, 2010)
Adobe has released Reader X, the newest version of its PDF reader
software. The Protected Mode of Reader X for Windows isolates system
processes in a sandbox. Reader X for Mac Os X and Android do not
include the sandbox. Adobe's Director of Security and Privacy Brad
Arkin acknowledges that the new feature will not stop every attack but
said "It provides a strong additional level of defense against attacks."
Other applications already using sandboxing include Google's Chrome
browser, and Microsoft Internet Explorer and Office 2010.
http://www.computerworld.com/s/article/9197230/Adobe_launches_sandboxed_Reader_X?source=rss_news
http://www.theregister.co.uk/2010/11/19/adobe_reader_sandbox/
[Editor's Note (Pescatore): Sandboxes are good, they limit damage - like
bulkhead doors in a submarine. However, a submarine with great bulkheads
still need to make sure they aren't using screen windows.]
--Guilty Plea in Wiseguys Ticket CAPTCHA Case
(November 19, 2010)
Three men have pleaded guilty to charges of wire fraud and hacking for
using specialized computer programs to defeat systems designed to
prevent large blocks of event tickets from being purchased by one group
or individual. The men, who operated a company called Wiseguy Tickets,
bought up premium seats for desirable events and resold them at a
profit. Their scheme allowed them to appear as if they were thousands
of individuals as they purchased the tickets. Between 2002 and 2009,
the defendants are believed to have made as much as US $25 million in
profits. The men admitted to hiring people in Bulgaria to create a
specialized network of computers devoted to breaking CAPTCHA (Completely
Automated Public Turing Test to Tell Computers and Humans Apart).
http://www.wired.com/threatlevel/2010/11/wiseguys-plead-guilty/
http://www.theregister.co.uk/2010/11/19/wiseguy_ticket_touts_guilty/
http://www.computerworld.com/s/article/9197278/Wiseguy_scalpers_bought_tickets_with_CAPTCHA_busting_botnet?taxonomyId=17s
--Britain's Lord Chief Justice Voices Concerns About Intrusion of
Internet Into Jury Trials
(November 19, 2010)
Britain's Lord Chief Justice Lord Judge recently published a lecture
decrying the misuse of the Internet by jurors, saying that "We cannot
accept that the use of the Internet, or rather its misuse, should be
acknowledged and treated as an ineradicable fact of life, or that a
Nelsonian blind eye should be turned to it or the possibility that it
is happening." Lord Judge also said that judges should strongly warn
jurors not to use the Internet to research the cases or to share
information about the cases about which they are deliberating, and that
notices in the jury rooms should remind jurors that such activity could
be viewed as contempt of court.
http://www.bbc.co.uk/news/uk-11796648
--LifeLock Sending Refund Checks as Part of Settlement With FTC
(November 19, 2010)
LifeLock, a company that offers identity theft protection services, is
sending US $10.87 checks to nearly one million customers to comply with
a settlement the company reached with the US Federal Trade Commission
(FTC). Attorneys general from 35 states and the FTC alleged that
LifeLock made false claims about the scope of its protection. The
settlement was reached in March. In addition to making the payments to
customers, LifeLock must not overstate the risk of identity theft and
must not misrepresent its services.
http://www.computerworld.com/s/article/9197482/After_FTC_settlement_LifeLock_refund_checks_going_out?taxonomyId=17
http://www.consumeraffairs.com/news04/2010/11/nearly-one-million-consumers-getting-refunds-from-lifelock.html
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Adv
isory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in
independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer at
the North American Energy Reliability Commission (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkzr+BsACgkQ+LUG5KFpTkbJ2ACdHZ4uadpebi82WJpRl+0DlzSd
iJgAn1XF8UKIwwxuTiqvo4KIYPsgZyOo
=xJRA
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]