SCADA Security is back in the news with DHS's announcement this week of
Siemens' system vulnerabilities. The key issues is not what
vulnerabilities exist, but what to do first to ensure power systems and
other critical infrastructures are defensible. Substantially all the key
players from industry and government are meeting in Orlando at the end
of January to review progress on that question and to launch at least
one and possibly two important new initiatives that may reshape
cybersecurity in the power industry and in other elements of the
critical infrastructure. Hotel and registration information at:
************************************************************************* SANS NewsBites December 27, 2011 Volume: XIII, Issue: 102 *************************************************************************
--SANS Security East 2012, New Orleans, LA January 17-26, 2012 11 courses. Bonus evening presentations include Advanced VoIP Pen Testing: Current Threats and Methods; and Helping Small Businesses with Security. http://www.sans.org/security-east-2012/
--SANS North American SCADA 2012, Lake Buena Vista, FL January 21-29, 2012 Gain the most current information regarding SCADA and Control System threats and learn how to best prepare to defend against them. Hear what works and what doesn't from peer organizations. Network with top individuals in the field of SCADA security. Return from the summit with solutions that you can immediately put to use in your organization. Pre-Summit courses: January 21-25, 2012 Summit: January 26-27, 2012 Post-Summit Courses: January 28-29, 2012 http://www.sans.org/north-american-scada-2012/
--SANS Monterey 2012, Monterey, CA January 30-February 4, 2012 6 courses. Bonus evening presentations include Who Do You Trust? SSL and TLS Under Attack; and IOS Programming Demo. http://www.sans.org/monterey-2012/
--SANS Phoenix 2012, Phoenix, AZ February 13-18, 2012 7 courses. Bonus evening presentations include Desktop Betrayal: Exploiting Clients Through the Features They Demand; and Windows Exploratory Surgery with Process Hacker. http://www.sans.org/phoenix-2012/
--SANS 2012, Orlando, FL March 23-39, 2012 42 courses. Bonus evening presentations include Why Our Defenses Are Failing Us: One Click is all It Takes ...; Evolving Threats; and Windows Exploratory Surgery with Process Hacker. http://www.sans.org/sans-2012/
Plus Atlanta, Bangalore, Stuttgart, and Nashville, all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php **************************************************************************
TOP OF THE NEWS
DHS ICS-CERT Warns of SCADA Flaws in Siemens Products (December 22 & 23, 2011)
Mobile Phone Security Needs Improvement (December 27, 2011)
Research scheduled to be presented at a Chaos Computer Club convention later this week indicates that mobile network security is nowhere near as robust as it should be, especially given recent events involving certain British journalists. A study of mobile operators in Morocco, Thailand, and Europe found that most provided weak or non-existent protection from unauthorized surveillance and identity theft. Armed with a seven-year-old mobile phone and free decryption software, the person who will be making the presentation found that he was able to access conversations and text messages and spoof account identities. At least one of the vulnerabilities that allowed him to intercept voice and data could be addressed with the application of an available patch. -http://www.smh.com.au/it-pro/security-it/lax-security-exposes-voice-mail-to-hack ing-study-says-20111227-1pavx.html
Hacktivists Expose Those Who Censor and Conduct and Aid Surveillance (December 26, 2011)
In August 2011, an international group of hackers known as Telecomix exploited vulnerabilities in a variety of devices to display warnings to people in Syria that their online activity was being monitored. During that **event***, one of the members noticed an FTP server containing logs of surveillance data that were gathered using an appliance made by an American company. Telecomix published 54 gigabytes of the logs, and the company, California-based Blue Coat Systems, has been forced to admit that its technology is being used in Syria, a violation of international sanctions imposed against the country. Telecomix had its genesis at a 2009 conference in Gothenburg, Sweden; it was formed in reaction to European Union laws that would have severed Internet connections of habitual copyright violators. Telecomix also helped people in Egypt get Internet access after Mubarak shut down all Internet service providers (ISPs) in that country but one. -http://www.forbes.com/sites/andygreenberg/2011/12/26/meet-telecomix-the-hackers- bent-on-exposing-those-who-censor-and-surveil-the-internet/
Anonymous Targets Think Tank (December 23, 25 & 26, 2011)
Indian Court Orders Internet Companies to Remove Objectionable Content (December 24 & 26, 2011)
An Indian court has ordered nearly two dozen Internet companies to remove content it finds objectionable. Indian Minister for Communications Kapil Sibal wants the companies to develop a system to make sure that similar content does not appear online in the future. Critics of the order, which was the result of a private complaint, say that the government is seeking to suppress content that criticizes Indian politicians. The Internet companies, which include Google and Facebook, have until February 6, 2012, to comply with the order. The country's Information Technology Act gives Internet service providers and other similar entities 36 hours to comply with content takedown orders after being notified of the content's presence. -http://www.computerworld.com/s/article/9223017/Report_Indian_court_orders_22_web sites_to_remove_offensive_content?taxonomyId=17 -http://www.thehindu.com/news/cities/bangalore/article2749051.ece [Editor's Note (Murray): Making the ISPs responsible for content, even at the margins, will break the model on which the Internet is based. States that try to do this will find themselves increasingly isolated. ]
Closing Arguments in Manning Hearing (December 22 & 23, 2011)
The US government made its closing statement in a hearing that will decide whether Pfc Bradley Manning will face a court-martial. The hour-long statement contained new exhibits, including excerpts of chat logs between Manning and Julian Assange. In one, Manning appears to ask Assange for help cracking a password that would allow him anonymous access to SIPRnet. Manning's attorney said in his closing arguments that the seriousness of the leaks was being exaggerated and that his client was a disturbed young man. Government attorneys said they have real-time records of Manning's SIPRnet searches and evidence that he uploaded documents to WikiLeaks. It may be several months before Manning learns what charges, if any, he will face. The Article 32 hearing is similar to a civilian grand jury hearing, but it is open rather than closed and the defense is allowed to cross-examine witnesses and present witnesses and evidence of its own. -http://www.wired.com/threatlevel/2011/12/army-manning-hearing/ -http://www.cnn.com/2011/12/23/justice/manning-hearing/index.html
Chinese Computer Users Experience Large Data Breach (December 24, 2011)
Hackers appear to have leaked the personal information of millions of computer users in China. More than six million users of the China Software Developer Network had their user IDs, passwords, and email addresses exposed in clear text. In addition, an undetermined number of subscribers to various websites, including gaming and social networking sites, had their personal information compromised as well. The total number of accounts reported to be affected has been estimated at 50 million, but the figure has not been verified. -http://www.chinadaily.com.cn/china/2011-12/24/content_14320027.htm
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of InGuardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/