******************* Sponsored By Catbird & McAfee, Inc. *******************
Top Security Mistakes in Virtualization (and How to Avoid Them) Sponsored by Catbird and McAfee Failure to separate duties, securely segment networks, and to recognize where the virtual meets the physical network are but some of the security mistakes organizations make when deploying virtual machine technology. Senior SANS Analyst, Jim D. Hietala, describes how to avoid these and other security mistakes in order to prevent security incidents and exposures. http://www.sans.org/info/45453
Revised Rockefeller-Snowe Cybersecurity Bill To Move Forward in July (June 26, 2009)
The most far-reaching US legislative proposal on Cybersecurity is being modified to eliminate problematic language (such as the language that gave the government the right to "shut-off the Internet" during a national emergency) and will be moving ahead during July with a major rewrite and an additional hearing followed by a full-committee vote. Among many other far-reaching provisions, the Rockefeller-Snowe bill extends federal cyber security regulatory reach to federal contractors and grantees and calls for licensing of cyber security professionals. -http://www.nextgov.com/nextgov/ng_20090626_2244.php [Editor's Note (Paller): The White House has a sound plan for cyber security and the President gave a great speech five weeks ago, but the White House does not appear to be acting fast enough, and Congress will step in. Once the Senate Intelligence Committee approves the redrafted Rockefeller-Snowe legislation in July, look for a coming together of Senators Carper (author of the draft 'FISMA 2.0' bill and chairman on the key Senate Subcommittee on cyber security in government), Senators Lieberman and Collins (chairman and ranking member of the Senate Homeland Security and Government Affairs Committee), and Senators Rockefeller and Snowe (chairman and ranking member of the Senate Intelligence Committee). If they all reach agreement on the contentious issue of the White House cyber coordinator's role, they could launch a reshaping of US cyber security policy. ]
Former Employee Arrested for Alleged Code Theft (July 6, 2009)
A former Goldman Sachs employee has been arrested for allegedly stealing code from the company. Sergey Aleynikov worked for the company from 2007 until 2009; his responsibilities included "the development of a real time co-located high frequency trading platform." An affidavit alleges that after Aleynikov gave notice at Goldman Sachs, he copied, compressed and encrypted 32 MB of data and moved them to a server in Germany. Aleynikov maintains he intended to copy only open source files that he had worked on, but included the proprietary information by mistake. The affidavit alleges that his use of encryption and the fact that he deleted the software used to perform the tasks suggest his motives were less than honorable. Aleynikov is being held pending his posting of US $750,000 bail; he has also been ordered to surrender his passport. -http://www.washingtonpost.com/wp-dyn/content/article/2009/07/06/AR2009070601654. html -http://www.h-online.com/security/Ex-Goldman-Sachs-developer-arrested-for-code-th eft--/news/113691 -http://static.reuters.com/resources/media/editorial/20090706/Complaint%20--%20Al eynikov.pdf -http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=9135216 -http://www.wired.com/threatlevel/2009/07/aleynikov/ [Editor's Note (Ranum): The age of internet news makes "innocent until proven guilty" rather pointless, doesn't it? From now on, if someone Googles "Sergey Aleynikov" they will get allegations of a crime, regardless of whether or not he is subsequently acquitted. I predict that there will eventually be some very interesting lawsuits over this kind of thing. The US Department of Justice, for example, settled with Stephen Hatfill and Wen-Ho Lee to the tune of millions of dollars, for declaring Hatfill a "person of interest" and ruining his life, and implying that Lee was a Chinese Government spy and failing to present evidence for any of fifty nine indictments except for one: a trivial instance of mishandling classified material. Every case where an alleged criminal's name is leaked to the press is a multimillion dollar lawsuit waiting to happen if the alleged criminal is actually innocent. Wen Ho Lee's suit included 5 major media outlets and, at $1.6+ million in settlements, it's not over yet. Perhaps SANS NewsBites should not publish names of "alleged" wrongdoers until/if they are convicted? ]
Woman Sentenced for Identity Fraud (July 6, 2009)
Labiska Gibbs has been sentenced to two-and-a-half years in prison for her role in an identity fraud scam that compromised personal information of Library of Congress employees and defrauded Target and other retailers of US $30,000. Gibbs asked her cousin, William Sinclair Jr., who worked at the Library of Congress, to obtain the names, birth dates and Social Security numbers (SSNs) of the employees; she then used the information to purchase gift cards. Sinclair was sentenced to three years probation for his participation in the scheme. -http://www.nextgov.com/nextgov/ng_20090706_4406.php
MI6 Chief's Information Exposed on Wife's Facebook Page (July 5 & 6, 2009)
Bord Gais Data Breach Affects more Than 100,000 Customers (July 5, 2009)
The laptop stolen from a Bord Gais office in Dublin affects more customers than was first believed. According to a report from the Data Protection Commissioner, the security breach affects the personal information of more than 100,000 customers; when the incident was first disclosed, the number of affected customers was estimated to be 75,000. In all, four laptops were stolen in early June; at least one contained unencrypted data, including bank account information, of people who had switched to the Bord Gais electricity supply service in recent months. -http://www.sbpost.ie/post/pages/p/story.aspx-qqqt=IRELAND-qqqm=news-qqqid=42906- qqqx=1.asp
Microsoft Warns of Unpatched Flaw in Video Access Control (July 6, 2009)
Twitter Increasingly Used for Questionable Purposes (July 6, 2009)
Twitter is being used increasingly as a vector of attack, owing to the ease with which accounts are obtainable. For the time being, Twitter is being used to redirect users to sites that are selling typical spam items - pornography, pharmaceuticals, and phony anti-virus subscription. Of particular concern is Twitter's use of shortened URLs, which can disguise the site to which a user is being taken. -http://www.usatoday.com/tech/news/2009-07-05-hackers-internet-twitter_N.htm [Editor's Note (Pescatore): I'm trying to think of any technology that *hasn't* been "increasingly used for questionable purposes." Maybe marshmallow Peeps? ]
Malware Targets Latin American Best Buy Website Customers (July 3, 2009)
Latin American visitors to the Best Buy website have been targeted with malware. Site visitors are redirected to another site that uses an iFrame vulnerability to infect users' machines with the Luckysploit kit. The website used in the attacks was registered on June 4 by the same group believed to be responsible for Gumblar. -http://www.theregister.co.uk/2009/07/03/best_buy_luckysploit_attack/
Online Game Bank Manager Stole Billions (July 3 & 6, 2009)
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security Forum (ISF) and author who has served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/