*************************** Sponsored By SANS ************************** What are the latest forensic tools and techniques used to help combat threats in organizations today? How can we look at these solutions in an EU-specific manner? Attend the 2010 European Community Digital Forensics & Incident Response Summit April 19-20 and learn the answers to these and other key Forensics & Incident Response questions. http://www.sans.org/info/57513 *************************************************************************
TRAINING UPDATE -- SANS Northern Virginia Bootcamp 2010, April 6-13 Bonus evening presentations include Safe Surfing: How to Surf the Net Without Getting PWND http://www.sans.org/reston-2010/
-- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses. Bonus evening presentations include Software Security Street Fighting Style and The Verizon Data Breach Investigations Report http://www.sans.org/sansfire-2010/
-- SANSFIRE Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic techniques to Counter the Advanced Persistent Threat http://www.sans.org/rocky-mountain-2010/
U.S. Court Rules that Employee-Attorney E-Mails Are Private (31st March 2010)
In the United States the New Jersey Supreme Court has ruled that the Loving Care Agency was wrong in retrieving emails that were sent by a former employee, Marina Stengart, to her attorney even though the emails were sent using the company's own computer systems. In 2008, Marina Stengart filed a lawsuit against the company claiming discrimination based on gender, religion and national origin. Before leaving the company Ms. Stengart exchanged a number of emails with her attorney by accessing her Yahoo email account using the company's computers. Loving Care retrieved copies of the emails from their systems and argued in court that the emails were sent in breach of company policy which states that emails "are not to be considered private or personal to any individual employee" and that the company had the right to "review, audit, intercept, access, and disclose all matters on the company's media systems and services at any time." Earlier, a trial court agreed with the company, but in a 7-0 ruling the Supreme Court overruled that decision and ordered the company to turn over all copies of the e-mails and delete any record of them. -http://abcnews.go.com/Technology/wireStory?id=10248507 -http://www.nj.com/news/index.ssf/2010/03/nj_supreme_court_rules_employe.html -http://www.northjersey.com/news/033010_State_court_rules_company_shouldnt_have_r ead_ex-staffers_private_emails.html [Editor's Note (Schultz): This is an extremely significant ruling that in effect says that client-attorney privileges supersede defeating the expectation of privacy. (Northcutt): I tend to be a fan of privacy rights, but this just does not sound right especially since they have a policy on the subject. If anyone is making policy changes based on advice from corporate counsel, I would love a note with your new policy fragment (email@example.com) ]
Court Says NSA Illegally Wiretapped Two Americans (31 March 2010)
Federal Judge Vaughn R. Walker has ruled that the U.S. National Security Agency's program of surveillance without warrants was illegal. Under the surveillance program the National Security Agency monitored international e-mail messages and phone calls of American citizens without court approval, which is required under the Foreign Intelligence Surveillance Act, or FISA. The ruling undermined claims by President Bush's administration that the surveillance program, which President Bush secretly authorized after the terrorist attacks of September 11, 2001 using presidential wartime powers, was lawful. Judge Walker ruled that by intercepting the phone calls of the Al Haramain Islamic charity based in Oregon, and the calls of two lawyers representing the charity in 2004, the government had violated a 1978 federal statute requiring court approval for domestic surveillance. Judge Walker also declared the plaintiffs had been "subjected to unlawful surveillance," and that the government was liable to pay them damages. -http://www.wired.com/threatlevel/2010/03/bush-spied/ -http://www.nytimes.com/2010/04/01/us/01nsa.html -http://www.wthitv.com/dpps/news/national/west/Judge-Feds-wiretapped-without-warr ant_3297308 [Editor's Note (Northcutt): All it takes for evil to prevail is for good men to remain silent. Somebody had to know about this and know it was wrong and remained silent. Though nothing tops the use of the Patriot act to spy on strippers in Vegas: -http://www.boston.com/news/nation/articles/2003/11/08/patriot_act_gets_mixed_rev iew_in_vegas/ (Schultz): Statutes and other provisions that granted the U.S. government (and in particular, law enforcement) unprecedented powers after the 9/11 attacks are slowly but surely being eroded. An equilibrium between individual and U.S. government rights is once again being achieved. ]
Journalists' Yahoo Email Accounts Hacked (31st March 2010)
*************************** Sponsored Links *************************** 1) Sign up today for SANS Webcast: Database Monitoring - Beyond Compliance to Pro-active Information Protection sponsored by NitroSecurity. Go to http://www.sans.org/info/57518 *************************************************************************
THE REST OF THE WEEK'S NEWS
U.S. Military Facing 'Increasingly Active' Cyber-Threat from China (26th March 2010)
Richard Willard, an Admiral in the U.S. Navy, appeared before the U.S. House Armed Services Committee on the same day that Google and GoDaddy appeared before a congressional committee and raised a warning about the security threat posed by China against U.S. military computer networks. Speaking before the committee Admiral Willard warned that "U.S. military and government networks and computer systems continue to be the target of intrusions that appear to have originated from within the PRC (People's Republic of China)". He highlighted that the attacks are focused on stealing data "but the skills being demonstrated would also apply to network attacks." Christine Jones, an executive vice president and general counsel at domain registration giant GoDaddy, told the Congressional-Executive Commission on China that "in the first three months of this year, we have repelled dozens of extremely serious DDoS attacks that appear to have originated in China." -http://www.computerworld.com/s/article/9174242/Military_warns_of_increasingly_ac tive_cyber_threat_from_China_?taxonomyId=82&pageNumber=1
Stalker Jailed for Framing Man (31st March 2010)
In the United Kingdom a 48 year old man, Ilkka Karttunen, has been jailed for four and half years for breaking into the house of a female work colleague and framing her husband for downloading child pornography. Basildon Crown Court heard how Karttunen became obsessed with his work colleague and hoped to develop a relationship with her by breaking up her marriage. He broke into her family home and while the family was asleep, downloaded the illegal material onto the husband's PC. He then stole the hard disk from the computer and sent it anonymously to the police with a note stating the origin of the disk. Police discovered Karttunen's involvement when they searched his home and found a computer containing the entire contents of his victim's home computer. -http://www.timesonline.co.uk/tol/news/uk/article7081986.ece -http://www.net-security.org/secworld.php?id=9090
An Invitation To Participate In the SANS Security Consensus Operational Readiness Evaluation (SCORE) Project:
What's New with SCORE? It's time for SCORE to get an overhaul! Some exciting things are happening including a new SCORE wiki (still a beta project, but it's moving toward public release). Content reviewers/authors/editors/contributors needed!
Periodically, we will be posting opportunities to participate in SCORE projects. We are currently looking for contributors and authors in the following technical areas (If your area is not in this list and you'd like to contribute, don't be afraid to contact us with your idea.):
- - -Microsoft Windows 7 Security - - -Virtual Machines - -- How/Where Trojans hide - - -Ubuntu Linux - -- Redhat Linux - -- General Linux - -- Cloud Security - - -OS X Security - -- Rootkits - - -Malware Analysis Static - - -Malware Analysis Dynamic - - -Using Olly Debug for malware analysis - - -Using IDA Pro for malware analysis - - -MySQL Security - - -Webserver Security and Testing - - -Juniper JunOS - - -PostgreSQL
If you are a subject matter expert or aspiring to be one, are interested in becoming more involved in the security community (specifically SANS) and/or would like to have the opportunity to benefit from contributing to projects of this type, please email the following information to SCORE project lead - Darren Bennett (firstname.lastname@example.org).
While I haven't been asked this question; I'd personally be asking "What's in it for me?" The following is a list of benefits for contributing to SCORE:
*Helping to increase security awareness. *Having your name credited as an author (or contributor) on one of the projects. *Networking. This is a great way to meet other security experts and share information. *CPE's for CISSP credits. *Recognition within the security community. *Becoming more involved with a great organization SANS!
- -http://www.sans.org/score/index.php (Security Consensus Operational Readiness Evaluation)
I look forward to hearing from you! Please email me the information requested above and I will put you in contact with other team members, the team leader or the SANS contact you will be working with. Do not hesitate to email me with questions or suggestions.
"Opportunity is missed by most people because it is dressed in overalls and looks like work." - Thomas A. Edison
Microsoft Issues Emergency Bulletin for Internet Explorer (30 March 2010)
Prison Inmates Hack into Phone Lines (29th March 2010)
Inmates in the Miami-Dade Corrections facilities have discovered how to make phone calls using the fax lines of unsuspecting victims. Corrections officials claim that the inmates are able to forward collect calls through AT&T from a victim's fax line. So far over US $200,000 has been reimbursed to victims over the past two years by the Alabama based Global Tel*Link (GTL) company which operates pre-paid and jail collect call services. Both the Miami-Dade Corrections department and GTL claim that there is little they can do to prevent the scam as it is being done via the AT&T network. A spokesperson for AT&T says the company is investigating and that "AT&T takes such matters seriously and strives to prevent fraudulent use of the AT&T network by third parties." -http://www.miamiherald.com/2010/03/28/1552713/miami-dade-inmates-collect-call.ht ml
'Amateur' Malware Not Part of Operation Aurora Attacks Against Google (31 March 2010)
********************************************************************** The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.
Prof. Howard A. Schmidt is the Cyber Coordinator for the President of the United States
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/