|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Tue Dec 21 2010 - 15:45:36 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**************************************************************************
SANS NewsBites December 21, 2010 Vol. 12, Num. 100
**************************************************************************
TOP OF THE NEWS
FCC Has Votes to Pass Net Neutrality Rules
Congress Waters Down Cyber Security Provisions in Defense Authorization Bill
THE REST OF THE WEEK'S NEWS
Researchers Create Botnet to Study
Microsoft Retires Office Genuine Advantage
Gawker Acknowledges Falling Down on Security, Plans to Do Better
Data on NYC Tourism Site Compromised Through SQL Injection Attack
Bank of America Stops Processing WikiLeaks Transactions
Thornberry to Coordinate House Cyber Security Legislation
Google Enhances Warnings for Suspicious Search Results
Google Misses Connecticut AG Data Submission Deadline
Tech Executives Allegedly Sold Inside Information
************************ Sponsored By ArcSight, Inc. *******************
Special Holiday Offer-- Download ArcSight Logger for FREE (a $49 USD
value)! Finally, a world-class log management solution at an even better
price-free! Download using promo code: Free_Logger_4_SANS. Free
downloads are limited, so act fast and secure your free ArcSight Logger
TODAY! Happy holidays and happy logging from ArcSight, an HP Company.
http://www.sans.org/info/68233
*************************************************************************
TRAINING UPDATE
New "Combating Malware in the Enterprise" course at SANS (SEC569).
How do you fight off malware when you have thousands of hosts?
Learn the answers in Orlando in March:
http://www.sans.org/security-training/combating-malware-enterprise-1482-mid
- -- SANS Security East 2011, New Orleans, LA, January 20-27, 2011
12 courses. Bonus evening presentations and special events include
Happy Little Clouds: Governing, Assessing and Auditing Cloud
Environments; and Future Trends in Network Security
http://www.sans.org/security-east-2011/
- -- North American SCADA 2011, Lake Buena Vista, FL, February 23-March 2, 2011
http://www.sans.org/north-american-scada-2011/
- -- SANS Phoenix 2011, Phoenix, AZ, February 25-March 2, 2011
6 courses. Bonus evening presentations and special events include
Indicators of Compromise: ABCs of IOCs and Network Vulnerability
Exploitation, Step By Step From Discovery through to Metasploit Module
http://www.sans.org/phoenix-2011/
- -- SANS AppSec 2011: Summit & Training, San Francisco, CA, March 7-14, 2011
7 courses. Bonus evening presentations and special events includes
The Road to Sustainable Security
http://www.sans.org/appsec-2011/
- -- SANS 2011, Orlando, FL, March 27-April 4, 2011
39 courses. Bonus evening presentations and special events include
Hiding in Plain Sight: Forensic Techniques to Counter the Advanced
Persistent Threat; and Law and the Public's Perception of Data
Security
http://www.sans.org/sans-2011/
- -- Looking for training in your own community?
http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Atlanta, Bangalore, Singapore and Barcelona all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
****************************************************************************
TOP OF THE NEWS
--FCC Has Votes to Pass Net Neutrality Rules
(December 20, 2010)
The US Federal Communications Commission (FCC) is expected to pass net
neutrality regulations on Tuesday, December 21. Internet service
providers (ISPs) would be prohibited from blocking or favoring traffic
to or from particular websites on Internet lines to homes. While not
prohibiting ISPs from charging websites for enhanced speed of delivery,
the rules would discourage the practice. Rules for wireless networks
would be somewhat less restrictive. Broadband providers would also be
required to disclose their network management practices to customers.
Net neutrality proponents have criticized FCC chairman Julius
Genachowski's proposal for being too weak.
http://mediadecoder.blogs.nytimes.com/2010/12/20/f-c-c-poised-to-pass-net-neutrality-order/
http://voices.washingtonpost.com/posttech/2010/12/fcc_copps_to_vote_in_favor_of.html
http://www.computerworld.com/s/article/9201818/Net_neutrality_plan_has_the_votes_at_FCC?taxonomyId=16
--Congress Waters Down Cyber Security Provisions in Defense Authorization Bill
(December 17, 2010)
The pared-down version of the 2011 National Defense Authorization Act
that cleared the US House of Representatives last week includes some
language that addresses cyber security concerns for military systems,
though not nearly the scope for which supporters had hoped. The bill
would establish a group of IT acquisition officials to focus on IT
procurement. The DOD would define the number of people necessary for
the team and the certification they must have to serve on the team. A
provision in earlier drafts of the bill would have allowed DOD officials
to exclude companies from procurement bids if they had been determined
to pose a cyber security threat in the supply chain. The provision has
been watered down so that DOD would have to tell the company about the
risks their products and services pose and work with the companies to
mitigate those threats. Companies could be excluded from contract
bidding only after a decision by senior DOD officials who would inform
Congress of the decision. The bill must now pass the Senate.
http://washingtontechnology.com/Articles/2010/12/17/House-passes-defense-authorization-act-for-2011.aspx?Page=1
http://fcw.com/articles/2010/12/17/federal-cybersecurity-removed-from-defense-authorization.aspx?admgarea=TC_SECCYBERSEC
http://www.govinfosecurity.com/articles.php?art_id=3184
***********************************************************************
Christmas in May: Take the SANS 2011 Annual Log Management Survey
Take the 7th Annual Log Management Survey and be entered to win a $250
American Express Gift card. This comprehensive survey has become a
leading indicator of how well log management and automation helps
organizations with their security and compliance needs. To take our
survey, follow this link: http://www.sans.org/info/68238
The results will be released in early May during a short series of live
webcasts with Jerry Shenk and Dave Shackleford.
***********************************************************************
THE REST OF THE WEEK'S NEWS
--Researchers Create Botnet to Study
(December 20, 2010)
Canadian researchers have published the results of a study they
conducted in which they created a botnet to see how it worked. The
simulation involved researchers from Ecole Polytechnique de Montreal
with help from others at Nancy University in France and Carlton
University in Ottawa. The experiment involved creating an isolated
botnet with Waledac software. The researchers examined the botnet's
communication protocols, message formats, command-and-control
architecture and other elements.
http://www.csoonline.com/article/647917/researchers-create-botnet-to-learn-how-it-works
--Microsoft Retires Office Genuine Advantage
(December 20, 2010)
Microsoft has retired its Office Genuine Advantage anti-piracy program,
which detected whether users were running legitimate or counterfeit
copies of the software suite. A spokesperson for the company explained
the decision by writing in an email that "the program has served its
purpose." Windows Genuine Advantage, now known as Windows Activation
Technologies, is still active.
http://news.cnet.com/8301-10805_3-20026196-75.html
http://www.channelregister.co.uk/2010/12/20/microsoft_retires_office_genuine_advantage_program/
http://www.computerworld.com/s/article/9201778/Microsoft_kills_Office_anti_piracy_program?taxonomyId=144
http://support.microsoft.com/kb/917999
--Gawker Acknowledges Falling Down on Security, Plans to Do Better
(December 18 & 20, 2010)
Gawker chief technology officer (CTO) Tom Plunkett acknowledged that his
company's lack of preparedness resulted in the compromise of more than
one million customer accounts. Plunkett wrote in an internal memo that
"the tech team should have been better prepared [and] committed more
time to perform thorough audits. As a result of not having done these
things, we have not adhered to standards expected of us." Gawker has
audited the sites affected by the attack and has now mandated the use
of Secure Sockets Layer (SSL) encryption for employees with accounts
that use Google Apps as well as the use of two-factor authentication if
employees require access to financial or legal information. Employees
will also be prohibited from discussing sensitive company information
on chat applications. The FBI is investigating the breach.
http://www.computerworld.com/s/article/9201719/Gawker_CTO_outlines_post_hack_security_changes?taxonomyId=17
http://www.theregister.co.uk/2010/12/18/gawker_hack_aftermath/
[Editor's Note (Schultz): From all appearances, Gawker's problem is not
lack of audits. Instead, it is lack of adequate security risk management
that includes implementing suitable preventative, detecting and
corrective controls. Audits, while very important, are just the tail end
of a complete risk management process.]
--Data on NYC Tourism Site Compromised Through SQL Injection Attack
(December 20, 2010)
Cyber criminals used an SQL injection attack to compromise the
information of more than 110,000 credit cards stored on a server
belonging to a New York City tourism company. Twin America, d.b.a.
City Sights NYC, sent a breach notification letter to the New Hampshire
Attorney General after learning that 300 residents of that state were
affected by the incident. SQL injection attacks have been around for
more than a decade, but companies are still not taking adequate steps
to protect their data from these attacks.
http://www.bankinfosecurity.com/articles.php?art_id=3195
--Bank of America Stops Processing WikiLeaks Transactions
(December 18, 2010)
Bank of America (BofA) has become the most recent company to sever
business ties with WikiLeaks, publicly announcing that it will not
process transactions that appear to finance the whistle blowing website.
BofA justified its action, saying "WikiLeaks may be involved in
activities that are ... inconsistent with our internal policies for
processing payments." WikiLeaks has threatened to publish evidence of
"unethical practices" at certain financial institutions; BofA is
believed to be among those institutions.
http://www.bbc.co.uk/news/world-us-canada-12028084
http://www.computerworld.com/s/article/9201618/Bank_of_America_cuts_services_for_WikiLeaks?taxonomyId=17
--Thornberry to Coordinate House Cyber Security Legislation
(December 17, 2010)
William McClellan "Mac" Thornberry (R-Texas) has been tapped to be the
point guard for congressional cyber security legislation. Incoming
House Speaker John Boehner has assigned Thornberry to coordinate cyber
security legislation in Congress, which is a complex task, as every
house committee has some jurisdiction over the issue. Thornberry has
been named vice-chairman of the House Armed Services Committee. He has
been a member of the committee since his election to Congress 16 years
ago.
http://blogs.govinfosecurity.com/posts.php?postID=826&rf=2010-12-20-eg
http://amarillo.com/news/local-news/2010-12-16/thornberry-named-committee
--Google Enhances Warnings for Suspicious Search Results
(December 17, 2010)
Google has debuted a new security feature for its search engine that
warns users when they are attempting to visit a suspicious site. Google
has been letting users know for some time that sites they are attempting
to visit may harm their computers; this new feature expands that service
to include sites that might not be serving malware, but may not be under
complete control of the legitimate owner - for instance, when spammers
have placed invisible links or redirects or when phishers have added
pages to a site.
http://krebsonsecurity.com/2010/12/google-debuts-this-site-may-be-compromised-warning/
http://www.scmagazineus.com/new-google-service-identifies-hacked-sites/article/193028/
--Google Misses Connecticut AG Data Submission Deadline
(December 17, 2010)
Google has not yet surrendered information it inadvertently collected
about Connecticut residents to the state's Attorney General. Richard
Blumenthal had given Google until 5:00 pm on Friday, December 17 to turn
over the data it collected from unprotected Wi-Fi networks while
gathering information for Street View. Google has allowed authorities
elsewhere to look at the information it collected in those locations.
Blumenthal will now consider whether nor not to take legal action
against Google.
http://www.washingtonpost.com/wp-dyn/content/article/2010/12/17/AR2010121705585.html
--Tech Executives Allegedly Sold Inside Information
(December 16, 2010)
Four technology company executives have been arrested for selling inside
company information to a California market research company. The
executives worked as consultants for Primary Global Research, receiving
generous fees for providing the company with information about industry
trends that is then sold to money managers, but the FBI alleges that the
activity "went way beyond permissible market research" when insider
information was sold to hedge funds.
http://www.computerworld.com/s/article/9201427/FBI_Executives_at_Dell_AMD_sold_inside_information
http://mountainview.patch.com/articles/second-executive-at-primary-global-research-arrested-by-fbi
[Editor's Note (Northcutt): These guys will be back in the work place
in two years. What can be done to put them on ice for longer than that?
We need something similar to Megan's Law/sex offender registry. If they
sold you out, they will sell me out!]
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Adv
isory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in
independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer at
the North American Energy Reliability Commission (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAk0RGQYACgkQ+LUG5KFpTkbScQCfclVPxUt92IVu1UWyjGBG+WAH
miIAoIbTnb77MSK/iodLM94EqZBbUDM0
=Fj6P
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]