-- SANS Security West 2011, San Diego, CA, May 3-12, 2011 23 courses. Bonus evening presentations include The Emerging Security Threat Panel Discussion; and Emerging Trends in Data Law and Investigation http://www.sans.org/security-west-2011/
-- SANS Cyber Guardian 2011, Baltimore, MD, May 15-22, 2011 8 courses. Bonus evening presentations include Windows Exploratory Surgery with Process Hacker and State of the Hack: Stuxnet. 8 courses. http://www.sans.org/cyber-guardian-2011/
-- SANSFIRE 2011, Washington, DC, July 15-24, 2011 40 courses. Bonus evening presentations include Ninja developers: Penetration testing and Your SDLC; and Are Your Tools Ready for IPv6? http://www.sans.org/sansfire-2011/
-- SANS Boston 2011, Boston, MA, August 8-15, 2011 12 courses. Bonus evening presentations include Cost Effectively Implementing PCI through the Critical Controls; and More Practical Insights on the 20 Critical Controls http://www.sans.org/boston-2011/
Plus Barcelona, Amsterdam, Brisbane, London and Austin all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php
********************** SPONSORED BY Athena Security ********************
Running your network without configuration analytics is like wandering a maze aimlessly. Where are the optimal places to make changes? How can you be sure the correct changes were made? What are the possible side effects?
Athena arms you with tools to simplify network visualization and management. Get a FREE trial of Athena PathFinder and start making changes with absolute clarity.
LimeWire Trial Set to Start This Week (April 28, 2011)
The copyright infringement lawsuit brought against LimeWire by the Recording Industry Association of America (RIAA) is scheduled to start on Tuesday, May 3. It's the first such lawsuit against a file-sharing software company since the Supreme Court ruled against Grokster in 2005. A federal jury will decide how much LimeWire should pay for copyright infringement conducted through its service. The record companies say LimeWire owes more than US $1 billion in damages. US District Judge Kimba Wood noted that the infringement was "willful," which significantly increases the penalty for each track that was shared illegally. Judge Wood ordered LimeWire to stop "file-distribution functionality" in October 2010. -http://www.wired.com/threatlevel/2011/04/limewire-damages-trial/ [Editor's Comment (Northcutt): We talk about the Grokster case in my class, Security Leadership Essentials, but these LimeWire folks were really cheeky. -http://www.sans.org/security-training/security-leadership-essentials-managers-kn owledge-compression-62-mid]
Malware Targets Macs (May 2, 2011)
Malware targeting Mac OS X has been detected, though it is not widespread. Those spreading the malware are exploiting users' interest in late breaking news about Bin Laden's death. MacDefender claims to be security software and tries to trick users into paying up to US $80 for what amounts to useless software. This marks the first time that rogue antivirus software has targeted Mac users. The program generates a stream of messages on users' computers that malware has been detected on their machines, and urges them to download security software. Safari users who have selected the "open 'safe' files after downloading" setting will have the malware installed immediately upon visiting one of the malicious pages. In other cases, for users to become infected, they have to open a ZIP file and manually install the malware. There is a legitimate software developer with the same name as the malware; they are not in any way connected. Internet Storm Center: -http://isc.sans.edu/diary.html?storyid=10813 (ISC has reports of $99 (via Paypal) for a price on this in addition to the $80 from other sources.) -http://www.computerworld.com/s/article/9216335/Fake_security_software_takes_aim_ at_Mac_users?taxonomyId=17 -http://www.pcworld.com/article/226846/fake_macdefender_brings_malware_to_macs.ht ml -http://thenextweb.com/apple/2011/05/02/bogus-macdefender-malware-campaign-target s-mac-users-using-google-images/ [Editor's Comment (Northcutt): As a public safety announcement, please warn your people not to open any mail messages with attachments that claim to have video, pictures etc of Bin Laden, the Navy Seal team, Amazing Grace at Ground Zero, the wife that was a human shield etc. This doesn't only apply to Macs, PCs, iPhones, Androids, just do not do it. I will bet the botnets add a million compromised systems from people clicking on this one. ]
Call For Participation: Security Architecture Workshop - 2011 Washington DC. If your organization has found effective ways to bake security into applications (and you are not a vendor) you may win a highly prized free invitation to the Security Architecture Workshop where the most effective techniques for making secure engineering and architecture cost-effective will be shared. Email SAW@sans.org if you have a process that works.
Employees Have Internet Access at Oak Ridge National Labs Again (May 2, 2011)
Internet connectivity has been restored at the Oak Ridge National Laboratory, more than two weeks after employee access to the Internet was severed to limit damage from a cyber attack. An investigation into the incident that led to the restrictions indicates that malware infiltrated laboratory systems on April 7, 2011 following a targeted phishing attack against lab employees that exploited a vulnerability in Internet Explorer. The lab became aware of the situation on April 11 and monitored systems until the decision was made to sever Internet access on April 15. -http://www.knoxnews.com/news/2011/may/02/internet-back-oak-ridge-national-labora tory-after/
Some Claim to be Selling PSN Customers' Credit Card Data (April 28 & 29, 2011)
Papers Warns of Dangers of Alarmist Cyberthreat Rhetoric (April 29, 2011)
A paper published by researchers at the Mercatus Institute at Virginia's George Mason University says that the US government's "alarmist rhetoric" about cyber threats facing the country's critical infrastructure could result in the enactment of policy based on evidence that may not have a foundation in fact. The researchers, Jerry Brito and Tate Watkins, compared the dangerous possibilities of ill-informed policy to what happened in Iraq - a decision was made to invade the country based on rumors, not hard evidence, that the country's political regime was connected to the September 11 attacks and that it possessed weapons of mass destruction. Decisions based on faulty information could lead to unnecessary regulation of network, and overspending on cyber security. -http://www.scmagazineus.com/paper-highlights-dangers-of-inflating-cyberthreats/a rticle/201822/ -http://mercatus.org/sites/default/files/publication/110421-cybersecurity.pdf [Editor's Comment (Northcutt): At first glance the paper appears to be political and sensational, however it is well researched and more even toned that I first felt. Anyone with government or governance responsibility is encouraged to read it and draw your own conclusions. (Schultz): I am sure that these researchers are very smart, but they do not appear to be very well-informed. They speculate that the US government might overspend on cyber security. The day that happens will be the day hell freezes over, trust me. ]
Amazon Provides Details About Cloud Outage (April 29, 2011)
Amazon has apologized for the outage experienced in portions of its cloud services platform and has released a statement offering more detail about the cause of the incident. The problem arose because of a configuration error that was made during a network upgrade. The error caused traffic that should have been directed to a primary network to be routed to a lower-capacity network. Amazon also detailed steps it is taking to prevent a recurrence. -http://www.computerworld.com/s/article/9216303/Amazon_cloud_outage_was_triggered _by_configuration_error?taxonomyId=17 -http://aws.amazon.com/message/65648/ -http://www.bbc.co.uk/news/business-13242782 [Editor's Note (Pescatore): Back in the day, what we called the cloud was the telecoms cloud. And back in 1990, ATT had a self-inflicted software bug that brought down just about all their 4ESS switches and the majority of US long distance calls for over 24 hours. Anyone who plans on using cloud without planning on workarounds for outages is not doing their due diligence. ]
Mozilla Releases Update for Firefox 4 (April 29 & May 2, 2011)
Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/