*************************** Sponsored By CA ****************************
Role Management and Identity Compliance Todays challenges facing role management and identity compliance initiatives Gain some useful insights, hints and tips regarding many of todays challenges facing role management and identity compliance initiatives, as well as practical approaches to reducing the required investment and increase the value of these efforts. This paper will help you answer all these questions and more.....
Amazon.com Agrees to Pay US $150,000 to Settle Kindle eBook Removal Lawsuit (October 1 & 2, 2009)
Amazon.com has agreed to a settlement that would have the company pay US $150,000 to a Michigan high school student who sued the company after his copy of 1984 was deleted from his Kindle reading device without notice. In June of this year, Amazon deleted copies of 1984 and Animal Farm from users' devices after learning that the entity that had made the e-books available did not have proper authorization to do so. Justin D. Gawronski sued Amazon, in part because when the file was deleted from his Kindle, he lost annotations he had been making as part of his summer homework for an Advanced Placement class. The settlement also mandates that Amazon will not delete e-book files from users' Kindles unless the user agrees, the user seeks a refund or the payment does not clear, a court orders that the file be deleted, or the deletion is deemed necessary to protect users from malware. In September, Amazon offered to return the books to customers' Kindles along with any annotations that had been made or give them credit at Amazon.com or a check. -http://www.informationweek.com/news/internet/ebusiness/showArticle.jhtml?article ID=220300915 -http://www.msnbc.msn.com/id/33130484/ns/technology_and_science-tech_and_gadgets/
US Dept. of Homeland Security to Hire 1,000 Cyber Security Specialists (October 1, 2 & 5, 2009)
Null-Prefix Certificate Could be Used to Exploit Vulnerability in Browsers (October 5, 2009)
A phony PayPal SSL certificate has been released, making it easy for cyber criminals to dupe users running Internet Explorer, Google Chrome or Apple Safari web browsers with man-in-the-middle attacks. The null-prefix certificate exploits a vulnerability in a Microsoft library used by all three browsers. The vulnerability was disclosed in July, but Microsoft has yet to fix it. Mozilla fixed the vulnerability in its browsers days after the flaw was disclosed. -http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/
Missing Hard Drive Contains US Military Veterans' Records (October 1, 2 & 5, 2009)
Windows LiveID Credentials Posted on Internet (October 5, 2009)
The leak of more than 10,000 Microsoft Windows Live ID account usernames and passwords is being blamed on a phishing attack; Microsoft maintains that the leak "was not a breach of internal Microsoft data." Microsoft is "help(ing) customers regain control of their accounts," and is recommending that all customers change their passwords. The stolen information was posted on a web site over the weekend. Microsoft Windows Live ID allows users to access Hotmail, Messenger, Xbox LIVE and other services.
Careless Security Practices Result in Dropped Charges Against Former Employee (October 3, 2009)
A Deputy Merrimack County (New Hampshire) Attorney has dropped theft and computer crime charges against a Concord, NH-area Local Government Center employee. Ruthanne Bradley was arrested last year on charges that she concealed and altered data on computer backup tapes at her office. Deputy County Attorney George Waldron said his office would not seek a grand jury indictment because "the Local Government Center's careless security practices created a situation where reasonable doubt exists." The tapes in question were located promptly and were found to be unharmed. Bradley has maintained her innocence and that the tapes were simply mislabeled. -http://www.concordmonitor.com/apps/pbcs.dll/article?AID=/20091003/FRONTPAGE/9100 30315&template=single [Editor's Note (Ranum): It doesn't sound like these were careless security practices. Reading between the lines it sounds like an organization that made a mistake, wrongly accused an employee, and then decided to "drop the charges" when they realized that they were, in fact wrong. And apology might be appropriate.
(Honan): This should be used as a case study on how not to conduct an investigation. Remember incident response is not just about the technology, it is about the processes and procedures to use to identify if you have an incident in the first place and then how to gather and preserve any evidence you will need.]
California Joins Cyber Security Challenge (October 2, 2009)
The UK High Court has allowed an injunction to be served via Twitter. The decision was made because it appeared to be the best way to reach the individual who was posting comments while posing as Conservative blogger Donal Blaney. The unknown account owner will receive the writ the next time the owner visits the site; the writ says that the impostor should cease the deceptive activity and reveal his or her identity to the court. -http://technology.timesonline.co.uk/tol/news/tech_and_web/article6858340.ece
********************************************************************** The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security Forum (ISF) and author who has served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/