|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Fri Apr 26 2013 - 12:29:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**************************************************************************
SANS NewsBites April 26, 2013 Vol. 15, Num. 033
**************************************************************************
TOP OF THE NEWS
Chinese General Says Cyber Attacks Are Like Nuclear Bombs
AP's Twitter Account Hacked; Phony Message Affected Financial Markets
THE REST OF THE WEEK'S NEWS
CISPA Not Likely to Go Far in Senate
Senate Judiciary Committee Approves ECPA Amendments Act
Google Transparency Report Shows Increase in Content Removal
Requests from Governments
DOJ Granted Immunity to ISPs Participating in Threat Monitoring Program
Judge Denies FBI Permission to Install Surveillance Software on
Suspect's Computer
Nosal Convicted Under Computer Fraud and Abuse Act
Australian Federal Police Arrest Alleged LulzSec Leader
Judge Will Not Force Man to Decrypt Hard Drives
Microsoft Releases New Version of Problematic Patch
*************************** SPONSORED BY SANS ****************************
The SANS Security Analytics Summit will bring together leading
practitioners, thought leaders and technology providers to jump start
the development of powerful new approaches to Security Analytics. Learn
about tools to help experienced security managers and analysts make more
effective, more efficient and more timely decisions that lead to fewer
successful attacks and less damage from those intrusions that do get
through. http://www.sans.org/info/129605. This event is co-located with
the Mobile Device Security Summit 2013 - http://www.sans.org/info/129610
****************************************************************************
TRAINING UPDATE
-- SANS Security West 2013 San Diego, CA May 7-May 16, 2013
32 courses. Bonus evening sessions include Gone in 60 Minutes; The
Ancient Art of Falconry; and You Can Panic Now. Host Protection is
(Mostly) Dead.
http://www.sans.org/event/security-west-2013
-- SANSFIRE 2013 Washington, DC June 14-22, 2013
41 courses. Bonus evening sessions include Avoiding Cyberterrorism
Threats Inside Hydraulic Power Generation Plants; and Automated Analysis
of Android Malware.
http://www.sans.org/event/sansfire-2013
-- SANS Rocky Mountain 2013 Denver, CO July 14-20, 2013
10 courses. Bonus evening sessions include OODA - The Secret to
Effective Security in Any Environment; and APT: It is Not Time to Pray,
It is Time to Act.
http://www.sans.org/event/rocky-mountain-2013
-- Critical Security Controls International Summit London, UK April 26-May 2 2013
Including SEC566: Implementing and Auditing the 20 Critical Security
Controls led by Dr. Eric Cole.
http://www.sans.org/event/critical-security-controls-international-summit
-- SANS Pen Test Berlin 2013 Berlin, Germany June 2-June 8, 2013
Europe's only specialist pen test training and networking event. Five
dedicated pen test training courses led by five SANS world-class
instructors.
http://www.sans.org/event/pentest-berlin-2013
-- SANS London Summer 2013 London, UK July 9-July 16, 2013
5 courses.
http://www.sans.org/event/london-summer-2013
-- Looking for training in your own community?
http://www.sans.org/community/
-- Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Bangalore, Johannesburg, Malaysia, and Canberra all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*****************************************************************************
TOP OF THE NEWS
--Chinese General Says Cyber Attacks Are Like Nuclear Bombs
(April 22, 2013)
While rejecting claims that the Chinese military is behind cyberspying
aimed at Western companies, the chief of staff of the People's
Liberation Army, likened cyber attacks to nuclear bombs, saying "If the
security of the Internet cannot be guaranteed, then ... results may be
as serious as a nuclear bomb."
http://online.wsj.com/article/SB10001424127887323551004578438842382520654.html
http://www.informationweek.com/security/attacks/cyber-strikes-like-nuclear-bombs-says-ch/240153442
[Editor's Note (Paller): Not so far fetched. When Gary Roughead was U.S.
Chief of Naval Operations he told Tony Sager and Jim Lewis and me, "for
the Navy, Cyber is more important now than nuclear." Sadly, the Navy's
new leadership hasn't followed through on making the Navy a leader in
cyberspace.)
--AP's Twitter Account Hacked; Phony Message Affected Financial Markets
(April 23 & 24, 2013)
The Associated Press's Twitter account was hacked earlier this week. The
attackers issued a phony tweet that there had been explosions at the
White House. In response to the bogus news, the Dow Jones Industrial
Average dropped 140 points. It rebounded after the White House announced
that the tweet was phony. There have been calls for Twitter to improve
security in the past, but this incident may serve as a tipping point.
Twitter has announced that it is currently testing two-factor
authentication internally and hopes to introduce it to users "shortly."
Some are questioning whether two-factor authentication would have stood
in the hackers' way. The problem was not so much Twitter's security as
it was AP employees falling for a phishing attack.
http://arstechnica.com/security/2013/04/hacked-ap-twitter-feed-rocks-market-after-sending-false-news-flash/
http://www.computerworld.com/s/article/9238637/AP_Twitter_hack_looks_like_a_security_tipping_point?taxonomyId=17
http://www.theregister.co.uk/2013/04/23/hacked_ap_tweet_dow_decline/
http://www.informationweek.com/security/attacks/twitter-preps-two-factor-authentication/240153539
http://www.nextgov.com/mobile/2013/04/good-timing-twitter-will-soon-release-two-step-security-solution/62747/?oref=ng-channelriver
http://www.scmagazine.com/two-factor-authentication-may-have-done-little-to-stop-the-ap-twitter-hijack/article/290396/
[Editor's Note (Pescatore): I'm not sure which is scarier: (1) AP having
weak security around their official Twitter accounts, or (2)
Institutional stock traders making buy/sell decisions based on tweets.
Well, actually (2) is much scarier.
(Ranum): Now that cell phones have become nearly ubiquitous for the
tweeting class, it's ridiculous not to offer cell-phone-based 2-factor
authentication. However, when I polled a room of security practitioners
last year, only 4 people out of the room of about 300 said that they
used it.]
*************************** Sponsored Links: ******************************
1) "Data Center Virtualization from a Security Perspective," featuring
Dave Shackleford and Deepak Thakkar, Wednesday, May 1, at 1 PM EDT
http://www.sans.org/info/129615
2) Tune in to next week's Wednesday Webcast: Understanding Control
System Cyber Security. Includes a live cybersecurity demo using the
CYBATI hands-on control system training environment. Wednesday, May 1
at 11:30am EDT Register at: http://www.sans.org/info/129635
3) Calling all Forensics Practitioners to Take the SANS Digital
Forensics Survey! Provide Your Expert Perspective and Enter to Win a
$400 American Express Card. http://www.sans.org/info/129630
*****************************************************************************
THE REST OF THE WEEK'S NEWS
--CISPA Not Likely to Go Far in Senate
(April 25, 2013)
The Cyber Information Sharing and Privacy Act, better known as CISPA,
is likely to die in the US Senate, according to Senator Jay Rockefeller
(D-WV). CISPA passed in the House last week, but Senator Rockefeller
says that the privacy protections CISPA offers are "insufficient" and
he thinks that the Senate will not take up the bill. The White House has
also indicated that it does not support CISPA as currently drafted.
http://www.zdnet.com/cispa-dead-in-senate-privacy-concerns-cited-7000014536/
--Senate Judiciary Committee Approves ECPA Amendments Act
(April 25, 2013)
The US Senate Judiciary Committee has approved the Electronic
Communications Privacy Act (ECPA) Amendments Act, which would require
law enforcement agents to obtain warrants to access electronic
communications that are more than 180 days old. ECPA was signed into law
in 1986, when communications stored for more than 180 days were
considered to have been abandoned. With today's prevalence of web-based
email and cloud storage services, people are storing their
communications for longer and longer periods of time. The amended bill
would require warrants for obtaining all private electronic
communications.
http://www.computerworld.com/s/article/9238685/Senate_committee_limits_government_electronic_surveillance?taxonomyId=17
http://www.wired.com/threatlevel/2013/04/email-warrants-bill/
http://arstechnica.com/tech-policy/2013/04/proposals-to-end-warrantless-e-mail-searches-gain-momentum-in-congress/
http://www.zdnet.com/plans-to-end-warrantless-email-searches-pass-senate-committee-7000014527/
--Google Transparency Report Shows Increase in Content Removal Requests
from Governments
(April 25, 2013)
According to Google's most recent transparency report, the company
received more requests from governments to remove content in the last
six months of 2012 than during any pervious six-month period for which
records have been kept. Between July and December 2012, Google received
2,285 requests from governments around the world to remove a total of
24,179 pieces on content. The figures for the first half of 2012 were
1,811 requests to remove 18,070 pieces of content. Many of the requests
came from governments seeking the removal of content critical of
government officials. Google does not automatically comply with content
removal requests, but instead scrutinizes the legality of requests and
considers each request's scope.
http://news.cnet.com/8301-1009_3-57581399-83/google-more-government-takedown-requests-than-ever-before/
http://www.zdnet.com/google-reports-more-government-removal-requests-than-ever-before-7000014525/
Google's Transparency Report: http://www.google.com/transparencyreport/
--DOJ Granted Immunity to ISPs Participating in Threat Monitoring Program
(April 24, 2013)
According to documents obtained by the Electronic Privacy Information
Center (EPIC) through a Freedom of Information Act (FOIA) request, the
US Justice Department granted some Internet service providers (ISPs)
immunity from prosecution for their participation in a communications
monitoring and interception program. The program, originally known as
the Defense Industrial Base Cyber Pilot project, was designed to monitor
traffic for indicators of cyberthreats and use the information to help
protect systems from cyberattacks. Participation was initially limited
to certain defense contractors and their ISPs, but has since been
expanded to include all sectors of critical infrastructure. The DOJ
provided the ISPs with "2511 letters," granting them immunity for the
monitoring activity.
http://news.cnet.com/8301-13578_3-57581161-38/u.s-gives-big-secret-push-to-internet-surveillance/
http://www.wired.com/threatlevel/2013/04/immunity-to-internet-providers/
--Judge Denies FBI Permission to Install Surveillance Software on
Suspect's Computer
(April 24 & 25, 2013)
The FBI may not install specialized surveillance software on a suspect's
computer, according to a ruling from a federal magistrate judge. Judge
Stephen Smith said that the order requested by the FBI was too broad and
too invasive. The FBI had sought permission to install specialized
software on a computer used by the suspect; the software "has the
capacity to search the computer's hard drive, random access memory, and
other storage media; to activate the computer's ... camera; to generate
[location] data for the device; and to transmit the extracted data to
FBI agents." The judge also took the FBI to task for failing to specify
how the operation would be certain to target the suspect and no one
else.
http://arstechnica.com/tech-policy/2013/04/fbi-denied-permission-to-spy-on-hacker-through-his-webcam/
http://www.computerworld.com/s/article/9238699/Judge_rejects_FBI_s_bid_to_hack_computer_of_suspect_in_attempted_cyberheist?taxonomyId=17
--Nosal Convicted Under Computer Fraud and Abuse Act
(April 24, 2013)
A federal jury in San Francisco has convicted David Nosal on half a
dozen charges, including theft of trade secrets and hacking, even though
he never broke into a computer. Nosal was tried under the Computer Fraud
and Abuse Act (CFAA), a law that has come under increased scrutiny
following the suicide of Aaron Swartz. Critics say that CFAA allows for
overly broad interpretations. In Nosal's case, the jury concluded that
he had paid former colleagues to access a company database and provide
him with information that allowed him to start a competing business.
http://www.wired.com/threatlevel/2013/04/man-convicted-of-hacking-despite-no-hacking/
--Australian Federal Police Arrest Alleged LulzSec Leader
(April 23 & 24, 2013)
The Australian Federal Police have arrested a man who is the
self-described leader of LulzSec. The suspect, Matthew Flannery, was
arrested in Sydney and has been released on bail. Flannery has been
charged with unauthorized modification of data to cause impairment and
unauthorized access to or modification of restricted data. He allegedly
defaced an Australian government website.
http://news.cnet.com/8301-1009_3-57581074-83/australian-police-arrest-alleged-leader-of-lulzsec-hacking-group/
http://www.scmagazine.com/alleged-lulzsec-leader-charged-with-hacking-australian-government-site/article/290374/
http://www.nbcnews.com/technology/technolog/lulzsec-leader-arrested-australian-cops-say-6C9576130
--Judge Will Not Force Man to Decrypt Hard Drives
(April 23 & 24, 2013)
A federal judge in Wisconsin said that forcing a suspect to decrypt his
hard drives would violate his Fifth Amendment right against
self-incrimination. Judge William E. Callahan called the decision a
"close call."
http://arstechnica.com/tech-policy/2013/04/fifth-amendment-shields-child-porn-suspect-from-decrypting-hard-drives/
http://www.wired.com/threatlevel/2013/04/encrypt-your-data/
Text of Ruling:
http://ia601700.us.archive.org/6/items/gov.uscourts.wied.63043/gov.uscourts.wied.63043.3.0.pdf
[Editor's Note (Murray): In the general case, if you make a record and
a judge finds that it is relevant to a matter before the court, you will
have to disclose it. Locking it in a vault or hiding it with encryption
will not protect it. On the other hand, we should be able to rely upon
the courts to resist "unreasonable searches and seizures."]
--Microsoft Releases New Version of Problematic Patch
(April 23 & 24, 2013)
Microsoft has released an updated version of MS13-036, a security
bulletin that included a patch that was reportedly causing problems for
some users. The original update, issued on April 9, was reportedly
causing some PCs to crash. Microsoft pulled the patch on the 12th. Users
who have automatic updates enabled will have the patch updated
automatically.
http://www.zdnet.com/microsoft-issues-new-version-of-patch-pulled-on-patch-tuesday-7000014473/
http://www.scmagazine.com/microsoft-issues-replacement-for-botched-patch/article/290377/
http://www.h-online.com/security/news/item/Microsoft-patches-the-patch-1848659.html
http://www.computerworld.com/s/article/9238628/Microsoft_re_releases_Blue_Screen_of_Death_patch?taxonomyId=17
************************************************************************
The Editorial Board of SANS NewsBites
John Pescatore was Vice President at Gartner Inc. for fourteen years.
He became a director of the SANS Institute in 2013. He has worked in
computer and network security since 1978 including time at the NSA and
the U.S. Secret Service.
Shawn Henry recently retired as FBI Executive Assistant Director
responsible for all criminal and cyber programs and investigations
worldwide, as well as international operations and the FBI's critical
incident response. He is now president of CrowdStrike Services.
Stephen Northcutt teaches advanced courses in cyber security management;
he founded the GIAC certification and was the founding President of STI,
the premier skills-based cyber security graduate school, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of CounterHack, the nation's top producer of
cyber ranges, simulations, and competitive challenges, now used from
high schools to the Air Force. He is also author and lead instructor of
the SANS Hacker Exploits and Incident Handling course, and Penetration
Testing course..
Michael Assante was Vice President and Chief Security Officer at NERC,
led a key control systems group at Idaho National Labs, and was American
Electric Power's CSO. He now leads the global cyber skills development
program at SANS for power, oil & gas and other critical infrastructure
industries.
Mark Weatherford is a Principal at The Chertoff Group and the former Deputy
Under Secretary of Cybersecurity at the US Department of Homeland Security.
William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate
School.
Sean McBride is Director of Analysis and co-founder of Critical
Intelligence, and, while at Idaho National Laboratory, he initiated the
situational awareness effort that became the ICS-CERT.
Rob Lee is the SANS Institute's top forensics instructor and director
of the digital forensics and incident response research and education
program at SANS (computer-forensics.sans.org).
Tom Liston is a Senior Security Consultant and Malware Analyst for
InGuardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Gal Shpantzer is a trusted advisor to CSOs of large corporations,
technology startups, Ivy League universities and non-profits
specializing in critical infrastructure protection. Gal created the
Security Outliers project in 2009, focusing on the role of culture in
risk management outcomes and contributes to the Infosec Burnout project.
Alan Paller is director of research at the SANS Institute.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlF6txkACgkQ+LUG5KFpTkZqGwCghZUIG3lUxA+0QlnD86pfurj+
zjsAn35EjVEYVoaxlOHht6h2PWvnRExM
=6plT
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]