*********************** Sponsored By Q1 Labs **************************
FREE, DOWNLOADABLE, VIRTUAL APPLIANCE FOR LOG & COMPLIANCE MANAGEMENT: Recognizing that enterprises of all sizes are required to collect and manage event logs - and in response to the challenging economic and business conditions facing organizations everywhere - Q1 Labs is providing a FREE, feature-rich log management solution called QRadar SLIM Free Edition (FE). Click here to download now: http://www.sans.org/info/43398
A Swedish man has been indicted in a US court on charges that he allegedly stole Cisco source code. Philip Gabriel Pettersson allegedly broke into Cisco Systems' network in 2004 and stole the code; he was 16 at the time. Pettersson also faces charges that he allegedly broke into NASA's computer network at least twice, also in 2004. He faces a total of three counts of intrusion and two counts of misappropriation of trade secrets. For each charge, Pettersson faces a maximum penalty of 10 years in prison, three years of supervised release and a US $250,000 fine. -http://www.theregister.co.uk/2009/05/06/cisco_source_code_hack_charges/ -http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=009132585 -http://www.cybercrime.gov/petterssonIndicted.pdf [Editor's Note (Pescatore): Since 2006 there have been continuing reports of counterfeit network hardware showing up on the market, sometimes with questionable software loads. Remember: routers and switches aren't all that different from servers: they are hardware with a software load. Make sure you verify suppliers of everything you buy and that you have a way to assure that all software running on that hardware doesn't do what it shouldn't do. (Paller) What John Pescatore prescribes is essential, but easier said than done. This is an area for government leadership in testing and verifying supply chains and the products of supply chains. How different is this really from food safety where the nation acts together to ensure the supply is safe? ]
GOVERNMENT SYSTEMS AND HOMELAND SECURITY
NSA Director Calls for Cyber Security Partnership (May 5 & 6, 2009)
In prepared testimony before the US House Armed Services Committee, National Security Agency (NSA) director Lt. General Keith Alexander told legislators that the country's military, federal agencies and private sector need to work together to protect critical networks from cyber attacks. Alexander said that they "have to work as a team [because ] the way we are working today does not work." The cyber command center will facilitate that cooperation. -http://www.nextgov.com/nextgov/ng_20090506_6733.php -http://www.msnbc.msn.com/id/30575707/ -http://www.theregister.co.uk/2009/05/06/cyber_command_center_proposal/ -http://news.bbc.co.uk/2/hi/technology/8033440.stm [Editor's Note (Schultz): Talk of teamwork and cooperation between the US government and the commercial arena has circulated for years, unfortunately mostly to little or no avail. (Northcutt): I hope this happens, I really do, but for as long as I can remember, I have been reading things like this, attending meetings with government officials and hearing the same old stuff. If I may share an Alan Paller story from 1999, Alan told me he had attended three meetings on sharing information involving the private sector and multiple agencies across government. In every case, each of the government officials said the same thing, "We really need to share information better, if all the agencies and companies would send us their data, we will coordinate it." Each official was from a different part of government, and even though the official before them had just said the same thing, they would stand up and say it, too. ]
COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
Closing Arguments in RealDVD Case Expected on May 8th (May 5 & 7, 2009)
The case regarding the legality of RealNetworks' DVD-copying software is drawing to a close; Judge Marilyn Hall Patel expects to hear closing arguments on Friday, May 8. The case revolves around a temporary restraining order that prevents RealNetworks from selling a product called RealDVD that would allow consumers to backup DVDs they purchase to their PCs under the "fair use" doctrine of US copyright law. Hollywood movie studios maintain the product was developed to make it easier for people to make bootleg copies of their products and that it violates the Digital Millennium Copyright Act. -http://www.pcmag.com/article2/0,2817,2346726,00.asp -http://news.bbc.co.uk/2/hi/technology/8027907.stm
Windows 7 Release Candidate Has Disappointments and Improvements (May 6, 2009)
Virginia Dept. of Health Professionals Says Stolen Data Were Backed Up (May 7, 2009)
The Virginia Department of Health Professions has issued a statement saying that the data an attacker claims to have encrypted were backed up and the files secured, so the data have not been lost. The agency's website currently offers only a static page while law enforcement officials investigate the attack. The cyber extortionist has demanded US $10 million in return for the password to the encrypted database. -http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=9132678
FBI Agent Talks About Dark Market Under Cover Case (May 6, 2009)
FBI agent J. Keith Mularski answers questions about the two years he spent undercover as a cyber criminal, infiltrating Dark Market, an underground Internet forum that traded in malware, stolen financial account information and other criminal cyber activity. Mularski spent the better part of two years almost constantly online; he was able to convince other members that he was a master spammer and eventually became the administrator for the Dark Market forum server. The operation led to 60 arrests in countries around the world, including the UK, the US, Germany, and Turkey. -http://news.cnet.com/8301-1009_3-10234872-83.html?part=rss&subj=news&tag =2547-1009_3-0-20 [Editor's Note (Honan): Agent Mularski should be commended for his work and demonstrates the impact proactive law enforcement can have on cyber crime. Not only does his work have direct consequences resulting in arrests but the disharmony and distrust generated within the criminal community by this type of action pays huge dividends. Hopefully the powers that be will see the merit in this type of work and provide the necessary resources and training to conduct similar operations.]
********************************************************************** The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security Forum (ISF) and author who has served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/