SANS NewsBites - Volume: XII, Issue: 67

Tomorrow is the last day for savings on classes at SANS Network Security
2010 - September 19-27, in Las Vegas. 40 courses. Bonus evening
presentations include The Return of Command Line Kung Fu; and Cyberwar
or Business as Usual?; The State of US Federal CyberSecurity Initiatives.

http://www.sans.org/network-security-2010/



*************************************************************************
SANS NewsBites                     August 24, 2010                    Volume: XII, Issue: 67
*************************************************************************

TOP OF THE NEWS

  Legislators Seek Answers From US Marshalls About Stored Body Scan Images

THE REST OF THE WEEK'S NEWS

  Microsoft Will Address DLL Issue in Service Packs, Not in Monthly
   Patch Cycle
  Four Arrested in Canada Over US $1.8 Million Payment Card Fraud Case
  Researcher Arrested for Refusing to Divulge Who Gave Him Voting Machine
  Police Confiscate Perfect Privacy Staff Computers
  Blogetery Back Online
  Google Updates Chrome
  Google Privacy Lawsuits Consolidated
  US Cyber Challenge Competitions


********************** Sponsored By Splunk ************************ Live Webcast- Splunk for Cisco Security Solution: Supporting Cisco Centric Security Environments With the recent decision by Cisco to no longer support heterogeneous security environments with its CS-MARS product, users were left without a Cisco product for viewing Cisco security data in combination with other best-of-breed security products. Join this webcast and see how Splunk for Cisco Security Solution provides users with a single pane of glass for viewing real-time log data from Cisco security devices and software in addition to other data sources in the customer's environment.
http://www.sans.org/info/64013

********************************************************************
||TRAINING UPDATE New "Combating Malware in the Enterprise" course at SANS (SEC569). How do you fight off malware when you have thousands of hosts? Course debut in Las Vegas (Sept'10) and Washington DC (Dec'10):
http://www.sans.org/security-training/combating-malware-enterprise-1482-mid

-- SANS Virginia Beach 2010, August 29-September 3, 2010 9 courses. Bonus evening presentations include Future Trends in Network Security; Hack Back! The Advanced Persistent Threat; and Securing the Human.
http://www.sans.org/virginia-beach-2010/

-- SANS Network Security 2010, Las Vegas, September 19-27, 2010 40 courses. Bonus evening presentations include The Return of Command Line Kung Fu and Cyberwar or Business as Usual? The State of US Federal CyberSecurity Initiatives
http://www.sans.org/network-security-2010/

-- SOS: SANS October Singapore, October 4-11, 2010 7 courses
http://www.sans.org/singapore-sos-2010/

-- SANS Chicago 2010, Skokie, Illinois, October 25-30, 2010 7 courses. Bonus evening presentations include Weaponizing LISP: Advancing the Art of Network Security
http://www.sans.org/chicago-2010/night.php

-- SANS San Francisco 2010, November 5-12, 2010 7 courses
http://www.sans.org/san-francisco-2010/

-- SANS London 2010, November 27-December 6, 2010 14 courses. Bonus evening presentations include Latest Advances in Computer Forensics and Continuous Vulnerability Testing and Remediation: The 20 Critical Security Controls Perspective
http://www.sans.org/london-2010/

-- SANS Cyber Defense Initiative 2010, December 10-17, 2010 24 courses.
http://www.sans.org/cyber-defense-initiative-2010/

-- Looking for training in your own community?
http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/discounts.php#current Plus London, Dubai, Bangalore, San Antonio and Sydney all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

********************************************************

TOP OF THE NEWS

Legislators Seek Answers From US Marshalls About Stored Body Scan Images (August 20, 2010)

US legislators want to know why US Marshalls Service stored images of body scans taken at a Florida courthouse. Senators Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) sent a letter to the agency expressing their concern that citizens' privacy may have been violated. The letter was also signed by Senators Daniel Akaka (D-Hawaii), Thomas Carper (D-Delaware), Saxby Chambliss (R-Georgia) and Johnny Isakson (R-Georgia). The images stored were not accessed until the agency received a Freedom of Information Act (FOIA) request from the Electronic Privacy Information Center (EPIC). The Marshalls service says the images are not available without an administrative password. Despite the Marshall Service assurance that details were fuzzy enough so that people could not be identified, even by gender, the legislators want to know why the images were saved, if there are any other locations where full body imaging technology is being used, whether images from those locations are being stored, and if so, why.
-http://www.nextgov.com/nextgov/ng_20100820_1563.php?oref=topnews
-http://hsgac.senate.gov/public/index.cfm?FuseAction=Press.MajorityNews&Conte
ntRecord_id=8c23ed55-5056-8059-761a-a21459c5b48f



**************** NEW COURSE AND FREE RESOURCES FROM SANS *****************

(1) "Combating Malware in the Enterprise" course at SANS (SEC569). How do you fight off malware when you have thousands of hosts? Course debut in Las Vegas (Sept'10) and Washington DC (Dec'10): http://www.sans.org/security-training/combating-malware-enterprise-1482-mid

(2) SANS introduces two new free whitepaper resources written by Dave Shackleford: - -- McAfee Total Protection for Server Review - http://www.sans.org/info/64018 - -- A Guide to Virtualization Hardening Guides - http://www.sans.org/info/64023 Visit our reading room often for free resources! http://www.sans.org/info/64028 ****************************************************************************

THE REST OF THE WEEK'S NEWS

Microsoft Will Address DLL Issue in Service Packs, Not in Monthly Patch Cycle (August 23, 2010)

Microsoft says it will not issue patches to fix the critical DLL (dynamic link library) flaw in multiple applications, but will instead address the issue in future Windows and Office service packs. Microsoft also noted that "the root causes
[of the vulnerabilities ]
are in other vendors' products," and said it would work with those companies to help fix the flaws. The flaw was disclosed last week by researchers, one of whom presented a paper on the issue at a conference in February 2010. Internet Storm Center:
-http://isc.sans.edu/diary.html?storyid=9445
-http://www.computerworld.com/s/article/9181479/Microsoft_won_t_patch_critical_DL
L_loading_bugs?taxonomyId=17
-http://www.computerworld.com/s/article/9181358/Researcher_told_Microsoft_of_Wind
ows_apps_zero_day_bugs_6_months_ago?taxonomyId=82
[Editor's Note (Hoelzer): When a developer is calling functions in your DLLs it's really hard to say that the root cause of a flaw is in that other developer's code.
(Northcutt): This is an increasingly interesting problem. The major software vendors are becoming more and more interconnected. Adobe is now working very closely with Microsoft to release patches. All large scale software will have vulnerabilities, but now what we see is one vendor's vulnerabilities can effect one or more other vendors.
-http://www.computerworld.com/s/article/9179780/Adobe_joins_Microsoft_s_patch_rep
orting_program]

Four Arrested in Canada Over US $1.8 Million Payment Card Fraud Case (August 23, 2010)

Four people have been arrested in Calgary in connection with a payment card fraud scheme. The group allegedly stole US $1.8 million from an unnamed short-term credit and financial services company by increasing the value of prepaid debit cards from that company and withdrawing funds from ATMs in Canada, the US and other countries. Those arrested are Ehud Tenenbaum, Priscilla Mastrangelo, Jean Francois Ralph, and Spyros Xenoulis. Tenenbaum has a history of criminal charges, first as "Analyzer" in the Solar Sunrise exercise, and later for credit cardfraud. All face charges of fraudulent use of credit-card data as well as additional counts of fraud.
-http://darkreading.com/database_security/security/attacks/showArticle.jhtml?arti
cleID=226900085&subSection=Attacks/breaches

Researcher Arrested for Refusing to Divulge Who Gave Him Voting Machine (August 23, 2010)

Police in India have arrested researcher Hari Prasad for refusing to name the individual who provided him with an electronic voting machine that had been used in recent elections. Prasad had pressed India's election commission to prove the voting machines' trustworthiness, but they refused to allow an independent security review of the machines. An insider allegedly obtained the machine for Prasad, and he and two other researchers made a video demonstrating several ways the machine could be compromised to affect election results.
-http://www.wired.com/threatlevel/2010/08/researcher-arrested-in-india/
-http://www.theregister.co.uk/2010/08/23/indian_evoting_critic_jailed/
-http://www.securecomputing.net.au/News/229706,india-chases-leak-of-evoting-machi
ne-report.aspx
-http://www.computerworld.com/s/article/9181439/Researcher_arrested_for_allegedy_
stealing_Indian_voting_machine?taxonomyId=17
-http://www.cse.umich.edu/~jhalderm/pub/papers/evm-ccs10.pdf

Police Confiscate Perfect Privacy Staff Computers (August 20 & 23, 2010)

Police in Germany have confiscated five PCs and associated storage media while serving a search warrant for the house of an administrator who works for Perfect Privacy, a VPN (virtual private network) provider. The basis for the search warrant was the allegation that unnamed persons had sent criminal communications through Perfect Privacy servers in Erfurt, Germany. Perfect Privacy says the police did not take the VPN servers. The organization says that the servers are running but that they have disabled all services. The confiscated machines were used for administrative and other purposes, and are encrypted.
-https://blog.perfect-privacy.com/2010/08/20/perfect-privacy-staff-member-gets-ho
use-search/
-http://www.h-online.com/security/news/item/Police-confiscate-hardware-from-VPN-p
rovider-1063742.html

Blogetery Back Online (August 22, 2010)

Blog platform Blogetery.com is back online one month after its provider, Burst.net, shut it down. Last month, the FBI notified Burst.net that Blogetery was being used by al-Qaeda to distribute terrorism information. Burst.net said later that it shut down Blogetery because of terms of service violations. Blogetery operator Alexander Yusupov found a new host and reopened Blogetery on August 10.
-http://news.cnet.com/8301-31001_3-20014357-261.html?part=rss&subj=news&t
ag=2547-1_3-0-20
-http://blogcritics.org/scitech/article/blogetery-is-back/

Google Updates Chrome (August 20, 2010)

Google has released an updated version of its Chrome browser, 5.0.375.127, that fixes 10 vulnerabilities, two of which are considered critical and six of which are considered high risk. Google did not release any details about the vulnerabilities. It blocked public access to its bug-tracking database to prevent the flaws from being exploited before most people were upgraded to the latest version of the browser. One of the critical flaws could be exploited to cause memory corruption; the other could cause a crash on shutdown.
-http://www.h-online.com/security/news/item/Google-closes-critical-vulnerabilitie
s-in-Chrome-5-1062480.html
-http://news.cnet.com/8301-30685_3-20014222-264.html?tag=mncol;title
-http://www.computerworld.com/s/article/9181060/Google_patches_10_Chrome_bugs_pay
s_out_10K_in_bounties?taxonomyId=17
-http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html

Google Privacy Lawsuits Consolidated (August 20, 2010)

Eight class action lawsuits filed against Google over its Street View wireless data collection have been consolidated and transferred to a California judge. Five additional cases may join the already consolidated case. The suits allege that Google violated federal and state privacy laws when it collected snippets of wireless data from unencrypted wireless networks while gathering data for Street View.
-http://www.wired.com/threatlevel/2010/08/google-spy-lawsuits/
Consolidation Decision:
-http://www.wired.com/images_blogs/threatlevel/2010/08/google-streetview.pdf

US Cyber Challenge Competitions (August 18, 2010)

Three states - California, Delaware and New York -- sponsored US Cyber Challenge security treasure hunts this summer. Before the challenges, participants attended a training camp. In the video of the event at the Polytechnic Institute of New York University in Brooklyn, Efstratios Gavas describes the importance of having a "venue to do good things,
[otherwise ]
you're going to end up doing bad things" and Director of the US Cyber Challenge Karen Evans "the path of how you can do really cool things and do the right thing and then have a job and ... contribute positively to society."
-http://www.govinfosecurity.com/US-CyberChallenge.php


**********************************************************************

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Prof. Howard A. Schmidt is the Cyber Coordinator for the President of the United States

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Mark Weatherford, CISSP, CISM, is Chief Information Security Officer at the North American Energy Reliability Commission (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit
http://portal.sans.org/