|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Fri May 18 2012 - 12:01:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**************************************************************************
SANS NewsBites May 18, 2012 Vol. 14, Num. 040
**************************************************************************
TOP OF THE NEWS
Budget Official To Replace Howard Schmidt as White House Cyber Czar
Terrorists and Nation States May Attempt To Exploit Anonymous
Utah CIO Resigns Over Healthcare Data Breach
THE REST OF The WEEK'S NEWS
House Subcommittee Hears Testimony on Geolocation Data Bill
The Pirate Bay Back Online After DDoS Attack
Prison Term for Facebook Account Hack
Survey Finds Energy and Utility Industry Companies Weak on Cyber
Risk Management
Google Releases Chrome 19 Stable; Enabled, In Part, by Security Bug
Bounties
Apple Issues Flashback Removal Tool for Leopard
Cards Compromised in Global Payments Breach Used in Fraudulent
Transactions
FBI Returns Server Seized in Univ. of Pittsburgh Bomb Threat
Investigation
Appeals Court Turns Down FOIA Request for Google Attack Records
**************** SPONSORED BY Skybox Security, Inc. ***************
Special Webcast:
Intelligent Firewall Management: The Key Ingredient for Network
Consolidation Success
Featuring: Michelle Johnson Cobb.
Wednesday, May 23, 2012 at 11:00 AM EDT.
http://www.sans.org/info/105480
**************************************************************************
TRAINING UPDATE
--SANS Rocky Mountain 2012, Denver, CO June 4-9, 2012
10 courses. Bonus evening presentations include Adjusting Our Defenses
for 2012; and Why Do Organizations Get Compromised?
http://www.sans.org/rocky-mountain-2012/
--Forensics & Incident Response Summit & Training, Austin, TX June 20-27, 2012
Pre-Summit Courses: June 20-25, 2012; Summit: June 26-27, 2012
Techniques and solutions to aid organizations and agencies responding
to crimes and attacks. Maximize your training by also attending one or
more of the 4 pre-summit courses.
http://www.sans.org/forensics-incident-response-summit-2012/
--SANS Canberra 2012, Canberra, Australia July 2-10, 2012
5 courses.
http://www.sans.org/canberra-2012/
--Security Impact of IPv6 Summit, Washington, DC July 6, 2012
Walk away with best practices from some who have already implemented
IPv6, in large networks, for a few years.
http://www.sans.org/ipv6-summit-2012/
--SANSFIRE 2012, Washington, DC July 6-15, 2012
44 courses. Bonus evening presentations include Authentication Issues
Between Entities During Protocol Message Exchange in SCADA Systems;
Critical Infrastructure Control Systems Cybersecurity; and Why Don't We
Consider Our Cars Critical Infrastructure?
http://www.sans.org/sansfire-2012/
- - --Looking for training in your own community?
http: sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Johannesburg, Atlanta, Brisbane, Jakarta, Boston, New York, and
Malaysia all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
********************************************************************
TOP OF THE NEWS
--Budget Official To Replace Howard Schmidt as White House Cyber Czar
(May 17, 2012)
White House Cybersecurity Coordinator Howard Schmidt has announced his
retirement from public service. Schmidt has held the position as special
assistant to the president since late 2009. In a statement, Schmidt
said, "We have made real progress in our efforts to better deal with the
risks in cyberspace." When he steps down at the end of May, Schmidt will
be succeeded by Michael Daniel, who has worked for 17 years in the
Office of Management and Budget's National Security Division, the last
10 of which he has focused on cybersecurity as chief of the Intelligence
Branch.
http://abcnews.go.com/Technology/wireStory/budget-official-picked-top-cybersecurity-post-16370635#.T7ZuxXlYt-Z
http://www.washingtonpost.com/world/national-security/white-houses-cybersecurity-official-retiring/2012/05/16/gIQAX6fmUU_story.html?tid=pm_world_pop
http://news.cnet.com/8301-1009_3-57436466-83/u.s-cybersecurity-chief-howard-schmidt-retiring/
http://www.nextgov.com/cybersecurity/2012/05/schmidt-resigns-white-house-cyber-post/55790/?oref=ng-channeltopstory
[Editor's Note (Murray): Well done, Howard, and so say all of us!
(Paller); Mike Daniel is the perfect man the job. Legislative
initiatives are stalled and cybersecurity cannot wait. The most powerful
lever the White House has is budget control over the $80 billion that
is spent by the U.S. government each year on IT. Mike is the one person
in cybersecurity who knows the financial levers that control that $80
billion, and how they may be used to improve the government's ability
to lead by example in cybersecurity and to provide incentives for
industry to deliver more secure products and systems. ]
--Terrorists and Nation States May Attempt To Exploit Anonymous
(May 17, 2012)
According to a Microsoft executive, Anonymous could be co-opted by
nation states and terrorist groups to use it for their own ends. Lewis
Shepherd, director of Microsoft's Institute for Advanced Technology in
Governments citied classified evidence and precedents in nation states
taking control of other nationalist movements in making the claims.
http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=791
--Utah CIO Resigns Over Healthcare Data Breach
(May 15 & 16, 2012)
Earlier this week, Utah State Chief Information Officer (CIO) Stephen
Fletcher resigned his position over a data security breach that exposed
the Social Security numbers (SSNs) and other personal information of
280,000 Medicaid patients. Utah Governor Gary Herbert announced
Fletcher's resignation and said that a third party audit of the state's
technology systems is underway. The state has also appointed a new
health data security ombudsman.
http://www.govtech.com/policy-management/Utah-CIO-Steve-Fletcher-Resigns-State-Promises-Security-Reforms.html
http://www.computerworld.com/s/article/9227215/Utah_CTO_takes_fall_for_data_breach?taxonomyId=17
*************************** Sponsored Links: *************************
1) New Analyst Paper in the SANS Reading Room: Sorting Through the
Noise: SANS 8th Annual Log and Event Management Survey Results
http://www.sans.org/info/105485
2) Ask The Expert Webcast: Privileged Account Management: Enabling
Secure Outsourcing and Cloud. Tuesday May 22 at 1:00 EDT.
http://www.sans.org/info/105490
************************************************************************
THE REST OF THE WEEK'S NEWS
--House Subcommittee Hears Testimony on Geolocation Data Bill
(May 17, 2012)
Law enforcement officers and privacy proponents testified at a US House
Judiciary Committee Subcommittee on Crime, Terrorism, and Homeland
Security regarding a bill that would require law enforcement officers
to obtain warrants before collecting geolocation data from cell phone
carriers. Members of the law enforcement community said that the warrant
requirement would get in the way of the collection of evidence to make
a case; geolocation data are often used to gather information to obtain
a probable cause warrant for additional information collection. An
American Civil Liberties Union (ACLU) staff attorney disputed the notion
that obtaining a warrant is burdensome, saying that the proposed bill
would make it easier for law enforcement to obtain warrants for
geolocation data than it is for them to obtain warrants for telephone
wiretaps. The House's Geolocation Privacy and Surveillance Act and a
companion bill in the Senate were introduced following a recent Supreme
Court ruling on a geolocation data case that provided only a partial
answer to the question.
http://www.wired.com/threatlevel/2012/05/geo-location-data-protection/
--The Pirate Bay Back Online After DDoS Attack
(May 16 & 17, 2012)
The Pirate Bay is back online following a distributed denial-of-service
(DDoS) attack that kept the site inaccessible for more than a day.
Anonymous does not appear to have been behind the attack; an individual
who is not a fan of Anonymous has claimed responsibility. Wikipedia has
also been the target of a DDoS, but it is not known if the same group
or person is responsible for that attack.
http://www.zdnet.com/blog/security/the-pirate-bay-returns-anonymous-hater-takes-credit-for-ddos/12233?tag=mantle_skin;content
http://arstechnica.com/security/2012/05/massive-ddos-attack-keeps-the-pirate-bay-offline-for-over-a-day/
http://www.bbc.co.uk/news/technology-18095370
--Prison Term for Facebook Account Hack
(May 17, 2012)
A UK man will spend one year in prison for hacking another person's
Facebook account. Gareth Crosskey broke into the Facebook account of an
unnamed US citizen in January 2011. The incident was reported to the
FBI, which traced the source of the break-in to the UK and turned the
case over to authorities there. Crosskey was arrested in July 2012 and
was found guilty of using a computer to gain unauthorized access to a
program or data and performing unauthorized acts with intent to impair
operation of, or prevent/hinder access to a computer, both offenses
under the UK's Computer Misuse Act.
http://www.theregister.co.uk/2012/05/17/facebook_account_hacker_jailed/
http://www.zdnet.com/blog/facebook/21-year-old-gets-12-months-for-hacking-facebook-account/13258
[Editor's Note (Honan): A sentence of 12 months in jail for what seems
a trivial attack on an individual's FaceBook account seems quite severe.
Given that the FBI is involved I think there is a lot more to this than
meets the eye. ]
--Survey Finds Energy and Utility Industry Companies Weak on Cyber Risk
Management
(May 16, 2012)
A recent survey of 108 global companies conducted by the Carnegie Mellon
University CyLab and sponsored by RSA and Forbes found that those in the
financial sector have the best cyber and information risk management
practices, while companies in the energy and utility industries have the
worst. While more than 90 percent of respondents said that they are
actively addressing risk management at their organizations, only 33
percent said they were attending to cyber and information security, 29
percent said they were attending to information technology operations,
and just 13 percent said they were attending to managing vendors who
provide software and other services.
http://www.washingtonpost.com/blogs/checkpoint-washington/post/survey-critical-sectors-less-attuned-to-cyber-threat/2012/05/16/gIQA3lDqTU_blog.html
http://www.rsa.com/innovation/docs/CMU-GOVERNANCE-RPT-2012-FINAL.pdf
--Google Releases Chrome 19 Stable; Enabled, In Part, by Security Bug Bounties
(May 16, 2012)
Google has released Chrome 19, the newest stable version of its browser.
Chrome 19 incorporates 20 security fixes. Google paid out US $16,500 in
bounties and rewards for security bugs found by the security community.
The only new major feature supported in this newest version of Chrome
is tab synchronization, which allows signed in users to synchronize
their tabs on different systems. Tab synchronization will be rolled out
to Chrome 19 users over the next few weeks.
http://www.h-online.com/security/news/item/Chrome-19-released-with-tab-syncing-1577047.html
http://www.computerworld.com/s/article/9227196/Google_releases_Chrome_19_adds_tab_sync_and_patches_20_bugs?taxonomyId=17
http://www.theregister.co.uk/2012/05/16/google_chrome_update/
--Apple Issues Flashback Removal Tool for Leopard
(May 15, 2012)
Apple has released a tool that will remove the Flashback malware from
infected machines running OS X 10.5, also known as Leopard. Apple has
already released similar tools for OS X 10.6 (Snow Leopard) and OS X
10.7 (Lion). Flashback had infected an estimated 600,000 computers
worldwide. The tool also disables the Java plug-in in Apple's Safari web
browser. In addition, Apple has released a security update for Leopard
that disables older versions of Adobe Flash Player.
http://www.eweek.com/c/a/Security/Apple-Protects-OS-X-105-Leopard-From-Flashback-Malware-609591/
http://www.h-online.com/security/news/item/Flashback-removal-tool-arrives-for-Mac-OS-X-10-5-Leopard-1575554.html
http://www.theregister.co.uk/2012/05/15/mac_leopard_security_update/
--Cards Compromised in Global Payments Breach Used in Fraudulent Transactions
(May 14, 2012)
Debit cards that were compromised in a data security breach at Global
Payments have reportedly been used to conduct fraudulent transactions.
In March 2012, Union Savings Bank (United) in Danbury, Connecticut
started noticing debit cards it had issued were involved in fraud.
United determined that the location of the fraudulent transactions, a
nearby private school, was a customer of Global Payments, so the bank
contacted Visa to let them know of a possible breach at the processor.
United was then contacted by a fraud investigator from Vons, a chain of
grocery stores in the southwestern US, regarding a scam that was being
conducted using the stolen card information.
http://krebsonsecurity.com/2012/05/global-payments-breach-fueled-prepaid-card-fraud/
--FBI Returns Server Seized in Univ. of Pittsburgh Bomb Threat Investigation
(May 11, 2012)
FBI agents returned a server seized from a New York co-location facility
four days after the equipment was taken from the organization. The
seizure was related to an investigation into the bomb threats delivered
by email against the University of Pittsburgh earlier this year. The
people who own the server run an organization that provides a number of
web tools, including email and mailing list support; the company also
encrypts all data, so users' anonymity is assured. The article provides
details of the events surrounding the seizure and the actions taken by
the co-location center's owner/operators. It appears that someone linked
to the bomb threats used an anonymization service that subcontracted
space on a server from an organization that subcontracted server space
from the New York company.
http://redtape.msnbc.msn.com/_news/2012/05/11/11647813-the-fbi-took-and-mysteriously-returned-their-server-heres-their-story
--Appeals Court Turns Down FOIA Request for Google Attack Records
(May 11, 2012)
A three-judge panel of the US Court of appeals for District of Columbia
has denied a Freedom of Information Act (FOIA) request from the
Electronic Privacy Information Center (EPIC) to unseal records
pertaining to a cyber attack against Google users in China that occurred
in 2010. EPIC was seeking communications between Google and the National
Security Agency (NSA), which has neither confirmed nor denied a
relationship with Google.
http://www.washingtonpost.com/business/appeals-court-wont-order-public-release-of-google-nsa-communications-following-cyberattack/2012/05/11/gIQAxcyAIU_story.html
************************************************************************
The Editorial Board of SANS NewsBites
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of
STI, The Premier Skills-Based Cyber Security Graduate School,
www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of CounterHackChallenges, the nation's top
producer of cyber ranges, simulations, and competitive challenges, now
used from high schools to the Air Force. He is also author and lead
instructor of the SANS Hacker Exploits and Incident Handling course, and
Penetration Testing course..
William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate
School.
Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in
independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and served as President of the InfraGard National
Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAk+2fBsACgkQ+LUG5KFpTkb6vACgjG0aQSTxNWD/FNWS1Ic0J+gf
emwAn1+r9RNIydcK100iujKgzXoh3dZe
=t31U
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]