|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Fri Dec 31 2010 - 14:23:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**************************************************************************
SANS NewsBites December 31, 2010 Vol. 12, Num. 103
**************************************************************************
TOP OF THE NEWS
Apple Facing Lawsuits Over iOS User Data Sharing
SCADA Spending Projections Up
THE REST OF THE WEEK'S NEWS
Attackers Exploiting Known Rich Text Format Vulnerability in
Microsoft Word
Federal Agents Seize Data from Servers Allegedly Used in
Pro-WikiLeaks PayPal Attack
4Chan Suffers Attacked
ChronoPay.com Suffers Redirect Attack
Woman Arrested for Allegedly Selling Insider Info on Tech Companies
Trojan Targets Android OS
NIST Issues Final Version of IPv6 Deployment Guidelines
Wired.com Responds to WikiLeaks Coverage Criticism
Mozilla Says Old Password Exposure a Low Risk Incident
******************** Sponsored By SANS 2011 ****************************
SANS 2011 in Orlando is now taking registrations.
39 courses. Bonus evening presentations and special events include
Hiding in Plain Sight: Forensic Techniques to Counter the Advanced
Persistent Threat; and Law and the Public's Perception of Data Security
http://www.sans.org/sans-2011/
*************************************************************************
TRAINING UPDATE
New "Combating Malware in the Enterprise" course at SANS (SEC569).
How do you fight off malware when you have thousands of hosts?
Learn the answers in Orlando in March:
http://www.sans.org/security-training/combating-malware-enterprise-1482-mid
-- SANS Security East 2011, New Orleans, LA, January 20-27, 2011
12 courses. Bonus evening presentations and special events include
Happy Little Clouds: Governing, Assessing and Auditing Cloud
Environments; and Future Trends in Network Security
http://www.sans.org/security-east-2011/
-- North American SCADA 2011, Lake Buena Vista, FL, February 23-March 2, 2011
http://www.sans.org/north-american-scada-2011/
-- SANS Phoenix 2011, Phoenix, AZ, February 25-March 2, 2011
6 courses. Bonus evening presentations and special events include
Indicators of Compromise: ABCs of IOCs and Network Vulnerability
Exploitation, Step By Step From Discovery through to Metasploit Module
http://www.sans.org/phoenix-2011/
-- SANS AppSec 2011: Summit & Training, San Francisco, CA, March 7-14, 2011
7 courses. Bonus evening presentations and special events includes
The Road to Sustainable Security
http://www.sans.org/appsec-2011/
-- SANS 2011, Orlando, FL, March 27-April 4, 2011
39 courses. Bonus evening presentations and special events include
Hiding in Plain Sight: Forensic Techniques to Counter the Advanced
Persistent Threat; and Law and the Public's Perception of Data
Security
http://www.sans.org/sans-2011/
- - -- Looking for training in your own community?
http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Atlanta, Bangalore, Singapore and Barcelona all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
****************************************************************************
TOP OF THE NEWS
--Apple Facing Lawsuits Over iOS User Data Sharing
(December 28, 2010)
Apple is facing a pair of lawsuits over its sharing of information from
Unique Device Identifiers (UDIDs) with advertising networks. The
lawsuits, both filed in California, allege that Apple iPhones and iPads
allow advertising networks to track users' behavior. Specifically, the
suits allege that the devices' operating systems are being used to send
personal information to advertisers - the information includes apps that
users download and how often and for how long the apps are used. The
data are being shared with advertisers without users' permission.
http://technolog.msnbc.msn.com/_news/2010/12/28/5725165-apple-sued-for-sharing-users-information-with-advertisers
http://news.cnet.com/8301-13579_3-20026677-37.html?tag=mncol;title
http://www.eweek.com/c/a/Mobile-and-Wireless/Apple-Allowed-Advertisers-Access-to-iPhone-iPad-Owners-Data-Report-595599/
http://www.theregister.co.uk/2010/12/28/apple_privacy_lawsuit/
[Editor's Note (Ranum): I think it's probably worth emphasizing that the
data are not being "shared" with advertisers: they are being sold.]
--SCADA Spending Projections Up
(December 27, 2010)
Statistics from research firm Frost & Sullivan indicate that the
Supervisory Control and Data Acquisition (SCADA) market is expected to
grow from $4.6 billion last year to nearly US $7 billion in 2016. The
advent of Stuxnet has brought the issue of SCADA security to headlines
around the world. The Frost & Sullivan report indicates that companies
expect to include security in their SCADA spending.
http://www.informationweek.com/blog/main/archives/2010/12/scada_security.html
[Editor's Note (Paller): The people shaping the future of SCADA security
are getting together in Orlando at the end of February. Most of the
major electric utilities and the key suppliers will be there along with
water, gas & oil, and other major users. Government speakers will
unveil new pathays and improved resources, If you play a roll in
securing the critical infrastructure, this is the one meeting to attend
early in 2011. http://www.sans.org/north-american-scada-2011/]
********************** Sponsored Link: *****************************
1) Wondering how to protect SCADA and other control systems? The North
American SCADA conference can help you create a game plan to prevent
future attacks. ( http://www.sans.org/info/68424 ), Lake Buena Vista,
Florida, February 23 - March 2, 2011
***********************************************************************
THE REST OF THE WEEK'S NEWs
--Attackers Exploiting Known Rich Text Format Vulnerability in
Microsoft Word
(December 30, 2010)
The Microsoft Malware Protection Center Threat Research & Response blog
communicated a warning about active attacks on Windows machines. The
exploit involves using a RTF (rich text format) file to create a stack
overflow in Word running on Windows. The vulnerability was patched in
Microsoft Word 2002, 2003, 2007 and 2010 in November's batch of updates;
the flaw has also been fixed in Word 2008 and 2011, but Word 2004 for
Macintosh is still vulnerable. Users who have not downloaded the
November patch are urged to do so as soon as possible.
http://www.computerworld.com/s/article/9202819/Microsoft_warns_of_Word_attacks
http://blogs.technet.com/b/mmpc/archive/2010/12/29/targeted-attacks-against-recently-addressed-microsoft-office-vulnerability-cve-2010-3333-ms10-087.aspx
--Federal Agents Seize Data from Servers Allegedly Used in
Pro-WikiLeaks PayPal Attack
(December 30, 2010)
US federal agents have seized records at Texas hosting company Tailor
Made Services because servers there were allegedly used to launch a
distributed denial-of-service (DDoS) attack against PayPal. The attack
appears to have been prompted by PayPal's decision to freeze a WikiLeaks
account. The FBI obtained from PayPal eight IP addresses associated
with planning the attack. Agents armed with warrants copied the hard
drive of at least one server at Tailor Made.
http://www.theregister.co.uk/2010/12/30/avenge_assange_server_raids/
http://www.itworld.com/legal/132033/fbi-raids-texas-hosting-company-wikileaks-ddos-attackers
--4Chan Suffers Attacked
(December 29, 2010)
4Chan has come under a DDoS attack that has left discussion boards
difficult if not impossible to reach. No one has claimed responsibility
for the attack, although it is possible that it was launched in
retaliation for attacks aided by 4Chan members as part of the group
Anonymous, to show support for WikiLeaks.
http://www.bbc.co.uk/news/technology-12090245
http://www.eweek.com/c/a/Security/4chan-Forum-for-Anonymous-Activists-Hit-by-DoS-Counterattack-174885/
http://www.theregister.co.uk/2010/12/29/4chan_ddos/
[Editor's Note (Northcutt): Hmmm, normally I would ask that we pull this
story from the lineup, but the WikiLeaks potential link is interesting.
However if you are not familiar with the acronym NSFW ( Not Safe For
Work ) DO NOT go to 4Chan from your work account. Also it is not clear
that Anonymous is actually anonymous:
http://yro.slashdot.org/story/10/12/11/0228212/Anonymous-WikiLeaks-Proponents-Not-So-Anonymous ]
--ChronoPay.com Suffers Redirect Attack
(December 29, 2010)
A hijacking attack on ChronoPay.com, Russia's largest online payment
processor, redirected visitors to a phony site that attempted to steal
their financial information. ChronoPay chief executive Pavel Vrublevsky
said the phony site was up for several hours between December 25 and 26,
and that approximately 800 credit card numbers were harvested. The
attackers also posted a message to the ChronoPay home page claiming that
all personal data used on the site in 2009 and 2010 had been stolen.
The message appeared to be from Vrublevsky, who said that the claims
were untrue, claiming the only data compromised were the credit card
numbers stolen last week.
http://krebsonsecurity.com/2010/12/russian-e-payment-giant-chronopay-hacked/
--Woman Arrested for Allegedly Selling Insider Info on Tech Companies
(December 29 & 30, 2010)
A California woman described as a self-employed commodities trader has
been arrested and charged with conspiracy to commit securities fraud and
securities fraud for allegedly buying and trading insider information
from technology companies. Winifred Jiau allegedly has ties to Primary
Global Research LLC in Mountain View, California. Four executives at
high tech companies were arrested for allegedly selling insider
information to Primary Global for sizeable consulting fees. Jiau was
allegedly paid more than US $200,000 over two years for the information
she provided to hedge fund managers. Jiau has been granted bail, but
must surrender her US and Taiwanese passports and remain under
electronic surveillance at her own home. She faces up to 25 years in
prison and fines in excess of US $5 million.
http://articles.latimes.com/2010/dec/29/business/la-fi-insider-trading-arrest-20101229
http://www.computerworld.com/s/article/9202730/Charges_filed_in_high_tech_insider_trading_case?taxonomyId=82.
http://www.reuters.com/article/idUSTRE6BS3IC20101230?feedType=RSS&feedName=topNews
http://news.cnet.com/8301-1001_3-20026795-92.html
--Trojan Targets Android OS
(December 29, 2010)
Malware known as Geinimi targets the Google Android platform and has
characteristics of botnet malware. It appears to have been bundled with
legitimate games, both paid and free; the developers were unaware that
the malware was piggybacking on their products. The malware targets
Chinese-speaking users. Geinimi communicates with a command-and-control
server that has the capability of telling infected devices to perform
certain tasks, such as downloading or uninstalling software. Android
users receive prompts and must approve the actions before they occur.
Internet Storm Center: http://www.isc.sans.org/diary.html?storyid=10186
http://www.computerworld.com/s/article/9202778/Android_mobile_malware_has_botnet_like_traits?taxonomyId=85
http://news.cnet.com/8301-1009_3-20026804-83.html?tag=mncol;title
--NIST Issues Final Version of IPv6 Deployment Guidelines
(December 27 & 29, 2010)
NIST has released the final version of its "Guidelines for the Secure
Deployment of IPv6." This is an important starting point for
organizations planning to deploy IPv6. It outlines many important
security issues and includes a good primer about IPv6 and its features,
as well as a number of very valuable resources as references. The
guidelines are NIST Special Publication 800-119.
http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf
http://www.govinfosecurity.com/articles.php?art_id=3218
http://www.tmcnet.com/channels/ip-transit/articles/130362-ip-transit-the-move-ipv6-tackle-challenges-now.htm
http://www.enterprisenetworkingplanet.com/daily_news/article.php/419164/Network-Intrusion-Prevention-System-Supports-IPv6.htm
http://tech.slashdot.org/story/10/12/27/148258/After-IPv4-How-Will-the-Internet-Function?from=headlines
[Editor's Note (Ullrich): Probably within the next couple weeks,
Regional Registrars will receive their final IPv4 allocations. It is
probably too late to get started thinking about IPv6 now, but this NIST
document is a good resource to get you started.
[Editor's Note (Northcutt): Great document! Managers should read at
least the executive summary and ensure your technical people can explain
the reasons for the recommendations. Technical people, if you have any
network responsibility, you need to know everything in this publication
backwards and forwards. ]
--Wired.com Responds to WikiLeaks Coverage Criticism
(December 28, 2010)
Wired.com editor-in-chief Evan Hansen and senior editor Kevin Poulsen
respond to criticism of their coverage of Bradley Manning, Julian
Assange and WikiLeaks. Salon.com columnist and blogger Glenn Greenwald
has issued a rebuttal to their response to his allegations.
http://www.wired.com/threatlevel/2010/12/greenwald/
http://www.salon.com/news/opinion/glenn_greenwald/2010/12/29/wired_1/index.html
--Mozilla Says Old Password Exposure a Low Risk Incident
(December 28, 2010)
Mozilla says the accidental exposure of 44,000 inactive addons account
passwords was "harmless." All of the passwords contained in the exposed
database were inactive, and Mozilla says it can account for every
download of the database, which was inadvertently left on a Mozilla
public server. The passwords were encrypted and Mozilla has disabled
the old accounts.
Internet Storm Center: http://isc.sans.edu/diary.html?storyid=10162
http://www.theregister.co.uk/2010/12/28/mozilla_password_snafu/
http://www.computerworld.com/s/article/9202658/Mozilla_site_exposed_encrypted_passwords?taxonomyId=17%27
************************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Adv
isory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in
independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer at
the North American Energy Reliability Commission (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAk0eNlAACgkQ+LUG5KFpTka/KgCfTzODUJSwfaXDKL8vMyefoEqR
GesAoJ3xmkK6o+VUpLJ5BFtuzmmu8vg3
=NFXE
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]