A present from the Internet Storm Center handlers. The volunteers who
staff the Internet Storm Center are widely regarded as the most
knowledgeable group of cyber security experts. They come together each
summer to brief 1,000 people on new things they have been learning.
Twelve of their talks are now accessible at
****************** Sponsored By Skybox Security, Inc. *******************
Forrester Live Webcast: Rule Your Firewalls with Automated Firewall Auditing Many organizations have dozens of firewalls with hundreds of rules- making it impossible to manually assess and ensure firewall compliance and security. In this webcast, John Kindervag from Forrester and Gidi Cohen from Skybox Security discuss the critical need for better firewall management, and why automated firewall audit solutions are an indispensible IT tool. http://www.sans.org/info/46309
Kundra Letter Addresses Need to Correct Flaws in FISMA Cyber Security Metrics (July 21, 2009)
In a letter to the Government Accountability Office (GAO) director of information security issues Gregory Wilshusen, US federal CIO Vivek Kundra says that the Office of Management and Budget (OMB) is looking for new ways to measure government agencies' cyber security postures. Currently, agencies pour their reporting resources into demonstrating compliance with the Federal information Security Management Act (FISMA), which does not provide a clear picture of agencies' abilities to manage cyber threats. Kundra called FISMA compliance data "trailing, rather than leading indicators" of agencies' preparedness. Kundra noted that "we need metrics that give insight into agencies' security postures and possible vulnerabilities on an on-going basis." -http://www.networkworld.com/news/2009/072109-omb-eyes-new-metrics-for.html -http://gcn.com/articles/2009/07/20/kundra-gao-fisma-compliance.aspx?sc_lang=en [Editor's Note (Schultz): FISMA was a dead horse a long time ago. Being FISMA- compliant amounts, in effect, to successfully completing a gigantic, bureaucratic paperwork exercise. Surely the US government is capable of coming up with better information security standards. ]
Committee Attaches Disclosure Requirements to FY10 Intelligence Authorization Bill (July 23, 2009)
Funding for cyber security programs initiated by the US government will depend in part upon disclosure of each program's legality and privacy impact. The Senate Intelligence Committee provisions attached to the FY10 intelligence authorization bill also require the administration to inform Congress of all new and existing cyber security programs that involve personally identifiable information. -http://www.nextgov.com/nextgov/ng_20090723_1951.php?oref=topnews -http://fcw.com/articles/2009/07/23/bill-to-require-added-cybersecurity-oversight .aspx [Editor's Note (Pescatore): Since the current administration's approach is to put cybersecurity leadership under Intelligence, the focus stays on monitoring attacks not preventing or blocking them. This is not a good thing. ]
Information Commissioner's Office Will Have Authorization to Impose Fines Next Year (July 23, 2009)
As of April 2010, the UK Information Commissioner's Office (ICO) will have the authority to levy new fines against organizations that fail to adequately protect personal data. The amount of the fines has not yet been determined. The ICO will have the power to impose fines when it determines that an organization has knowingly and/or recklessly violated one of the eight principles of the Data Protection Act. -http://www.theregister.co.uk/2009/07/23/ico_fines/ [Editor's Note (Honan): Given that there are no mandatory breach disclosure laws in the UK, this is a positive move as there is now a financial stick to help ensure companies properly protect personal data. ]
THE REST OF THE WEEK'S NEWS
Ministry of Defence Lost Server Last Year (July 21, 2009)
In detailing data loss incidents as part of its Annual Report and Accounts document, the UK's Ministry of Defence (MOD) acknowledged losing a server from a secured building in 2008. MOD also listed the loss of personal data belonging to 1.7 million people when a portable hard drive disappeared from a contractor's office. In another incident last August, a MOD computer experienced "catastrophic failure" and backup was unsuccessful, resulting in the loss of medical records of approximately 1,150 servicemen and their dependents. -http://www.eweekeurope.co.uk/news/mod-admits-losing-an-entire-server-1432
Adobe Will Patch Critical Flaw in Flash, Reader, and Acrobat Next Week (July 22 & 23, 2009)
Malicious Banner Ads Infect Some Digital Spy Subscribers' Computers (July 20, 2009)
The computers of US and Australian subscribers to the Digital Spy gossip website have been infected with malware from banner ads on the site. Infected users have reported anti-virus scanners warning of malware and being redirected to sites they did not intend to visit. The malicious content came through an advertising exchange and affected other sites in addition to Digital Spy. -http://www.theregister.co.uk/2009/07/20/digital_spy_malware/
Windows 7 Released to Manufacturing (July 22 & 23, 2009)
********************************************************************** The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security Forum (ISF) and author who has served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/