********************* Sponsored By Palo Alto Networks ********************
Palo Alto Networks Recognized as a Leader in the Gartner Magic Quadrant for Enterprise Network Firewalls. According to Gartner, vendors in the leaders quadrant "lead the market in offering new safeguarding features, providing expert capability, rather than treating the firewall as a commodity, and having a good track record of avoiding vulnerabilities in their security products."
--SANS Security East 2012, New Orleans, LA January 17-26, 2012 11 courses. Bonus evening presentations include Advanced VoIP Pen Testing: Current Threats and Methods; and Helping Small Businesses with Security. http://www.sans.org/security-east-2012/
--SANS North American SCADA 2012, Lake Buena Vista, FL January 21-29, 2012 Gain the most current information regarding SCADA and Control System threats and learn how to best prepare to defend against them. Hear what works and what doesn't from peer organizations. Network with top individuals in the field of SCADA security. Return from the summit with solutions that you can immediately put to use in your organization. Pre-Summit courses: January 21-25, 2012 Summit: January 26-27, 2012 Post-Summit Courses: January 28-29, 2012 http://www.sans.org/north-american-scada-2012/
--SANS Monterey 2012, Monterey, CA January 30-February 4, 2012 6 courses. Bonus evening presentations include Who Do You Trust? SSL and TLS Under Attack; and IOS Programming Demo. http://www.sans.org/monterey-2012/
--SANS Phoenix 2012, Phoenix, AZ February 13-18, 2012 7 courses. Bonus evening presentations include Desktop Betrayal: Exploiting Clients Through the Features They Demand; and Windows Exploratory Surgery with Process Hacker. http://www.sans.org/phoenix-2012/
--SANS 2012, Orlando, FL March 23-39, 2012 42 courses. Bonus evening presentations include Why Our Defenses Are failing Us: One Click is all It Takes ...; Evolving Threats; and Windows Exploratory Surgery with Process Hacker. http://www.sans.org/sans-2012/
Exploit Code Boost Cross Site Scripting Attacks Into "Persistent State" (December 16, 2011)
Code posted to the Internet can be used to conduct cross-site scripting (XSS) attacks that phish for valuable troves of sensitive information. The person who posted the exploit code is the same one who found a XSS flaw in the American Express site's debugging tool. He claims that his code shows that XSS attacks can be used for harvesting more than cookies and that it "transform [s ] a 'non persistent' XSS into a persistent state." It is "self-aware" and infects all links of websites that users with infected machines visit so it can gather information as the user moves through the various pages. Some have questioned the hacker's claim of ingenuity, saying that the technique has been known for a while, but did acknowledge that the XSS attack it offers presents a more potent risk than most. The hacker says he posted the code to demonstrate the need for improved security on online banking websites. -http://www.theregister.co.uk/2011/12/16/potent_xss_script/ [Editor's Note (Murray): I wonder why the Register chose to characterize this "security researcher" as a "hacker?" Is it possible that they are finally learning that language matters? That is why I prefer "narcissistic vulnerability pimp." ]
1) SAINT is the FIRST product to receive USGCB validation by NIST. SAINT provides both FDCC and USGCB SCAP scanning policies. http://www.sans.org/info/94269
2) Take this groundbreaking survey to help determine policy, controls and standards needed to enable users to use their own small mobile devices for work-related functions. Also be entered to win a $250 American Express Card Giveaway when results are announced in late March at www.sans.org/webcasts. Follow this link to the survey: http://www.sans.org/info/94274
3) SANS 8th Annual Log and Event Management Survey is Under Way - Take the SANS 8th Annual Log and Event Management Survey. Be a part of this industry leading survey cited in top technology publications and blogs! Also be entered to WIN a $250 American Express Card giveaway when survey results are released during SANS webcasts held in early May at www.sans.org/webcasts. Follow this link to the survey: http://www.sans.org/info/94279
Top U.S. High School Cybersecurity Talent Announced (December 19, 2011)
The Fall 2011 round of the US Cyber Challenge Cyber Foundation's competition for high school students drew more than 2,000 participants from 32 states and three territories. The students represented 169 high schools. The top five finishers nationally received scholarships. The competition provides students with the opportunity to engage with real-world cyber security issues. The student who placed first is Gavy Aggarwal of Wilmington, Delaware. -http://gcn.com/articles/2011/12/19/cyber-challenge-high-school-winners.aspx
Republicans Take Steps to Shore Up Cyber Security Around Iowa Caucuses (December 19, 2011)
Irish Data Protection Commissioner Tells Eircom to Stop Three-Strikes Policy (December 19, 2011)
Irish telecommunications company Eircom has 21 days to respond to the Irish Data Protection Commissioner's order to halt its three strikes anti-piracy policy. Eircom instituted the policy as part of a court case settlement with a music industry group, known as IRMA. Eircom's agreement with IRMA involves IRMA providing the ISP with IP addresses of suspected illegal filesharers. Eircom is then supposed to issue a series of warnings which, if unheeded, could result in a yearlong suspension of broadband service. IRMA, then went on to pursue the same kind of deal with other Irish telecommunications companies, but UPC won its case against IRMA after refusing to implement a similar policy. The order to Eircom to abandon the policy is the result of a ruling from the DPC prompted by users' privacy concerns about their IP addresses being used to identify them. -http://www.siliconrepublic.com/comms/item/25072-eircom-has-21-days-to/ -http://www.thejournal.ie/massive-blow-to-music-industry-as-eircom-anti-piracy-me asures-rejected-307584-Dec2011/ [Editor's Note (Honan): On the day that this story was announced another newspaper broke the news that the Irish government, in response to legal pressure from EMI, is going to introduce a law in January 2012 to compel Irish ISPs to block access to pirate websites upon request by the copyright holders -http://www.irishtimes.com/newspaper/frontpage/2011/1219/1224309259318.html. Yet it is only a few weeks since the EU Court of Justice ruled that "EU law precludes the imposition of an injunction by a national court which requires an internet service provider to install a filtering system with a view to preventing the illegal downloading of files." -http://curia.europa.eu/jcms/upload/docs/application/pdf/2011-11/cp110126en.pdf.]
Fifty-Five People Charged in Connection with Cyber Theft (December 19, 2011)
Phone Manufacturers and Carriers Say Carrier IQ Consent is in EULA (December 16, 2011)
Four mobile phone manufacturers and service carriers have said that their end-user licensing agreements (EULAs) include language that allow then to use Carrier IQ software to monitor a number of functions on the devices. The software in question has become a hot potato issue. Carrier IQ has clarified that its software does not collect users' keystrokes, but that the functionality is in the debug log left on by the handset manufacturer. It has been found only on HTC and Samsung smartphones. Samsung says it places the software on the devices at the carriers' request and that the carriers are responsible for informing customers of its presence. Wireless carrier Sprint says it has disabled the use of the Carrier IQ software on its customers' handsets. Sprint has ceased using the software to collect customer information, including diagnostic data. Sprint has been using Carrier IQ's software since 2006 and has installed it on 26 million handsets. -http://www.wired.com/threatlevel/2011/12/telcos-say-you-consented/
List of phones that have Carrier IQ installed: -http://gizmodo.com/5868732/the-complete-list-of-all-the-phones-with-carrier-iq-s pyware-installed [Editor's Note (Liston): EULA's are consciously written to cover a multitude of sins. If I need to consult a lawyer to figure out what I may be allowing a phone company to do when I use one of their devices, then perhaps the EULA is a tool of obfuscation, rather than explanation. (Murray): The function provided by the software is clearly being abused. However, I have to agree with the software vendor that the responsibility for its use rests with the carriers. However, while there are tens of carriers, there is only one company producing the software. ]
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of InGuardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/