Just 8 days until the early registration deadline for SANSFIRE 2011
(Washington, DC) saving you $400. 27 full-week immersion courses and a
dozen new short courses. Plus the free SANS @NIGHT presentations at
SANSFIRE are better than regular presentations at most other conferences
because they provide "what we have just learned" updates from the
incident handlers at the Internet Storm Center.
Info at: http://www.sans.org/sansfire-2011 Alan
************************************************************************* SANS NewsBites May 24, 2011 Volume: XIII, Issue: 41 *************************************************************************
-- SANS Boston 2011, Boston, MA, August 8-15, 2011
12 courses. Bonus evening presentations include Cost Effectively
Implementing PCI through the Critical Controls; and More Practical
Insights on the 20 Critical Controls
-- SANS Ottawa 2011, Ottawa, Ontario, August 28- September 2, 2011
5 courses. Bonus evening presentations include DNS Sinkhole: Peer
Into Your Network While You Sleep; and I See What You Did There:
Forensic Time Line Analysis
-- SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011
43 courses. Bonus evening presentations include Securing the Kids;
Who is Watching the Watchers?; and Emerging Trends in the Law of
information Security and Investigations
************** SPONSORED BY Raytheon Trusted Computer Solutions ***********
Automate the OS hardening process with Security Blanket. Realize
significant time savings and know your systems are hardened to industry
standards such as DISA STIGs, CIS, PCI, or SANS CAG Top 20 Critical
Controls. Managing your enterprise security is easy with 'one click'
lock down. Try it for FREE today! http://www.sans.org/info/77969
Facebook has introduced an added layer of security to prevent account hijacking. Users must opt-in to the two-factor authentication feature, called Login Approvals, which requires supplying Facebook with a mobile phone number to which a one-time security authentication code will be sent when users try to login to Facebook from new devices. A new code will be required every time users attempt to login from a device that they have not designated as safe. -http://krebsonsecurity.com/2011/05/facebook-adds-mobile-authentication/ [Editor's Note (Shcultz): Facebook's having introduced this stronger authentication method is a significant step forward for this company and also for the Facebook user community. ]
A federal judge in Colorado has stayed proceedings in 35 pending lawsuits in that state brought by Righthaven against alleged copyright violators. The Las Vegas, Nevada-based company has built a reputation for itself by using a loophole in copyright law to sue blogs for copyright infringement when they post excerpts of previously published material. Righthaven says it is suing on behalf of the copyright holders. The judge says that before allowing the cases to proceed, he wants to be sure that Righthaven has the legal standing to bring the lawsuits. -http://arstechnica.com/tech-policy/news/2011/05/judge-halts-every-righthaven-cas e-in-colorado.ars -http://www.wired.com/threatlevel/2011/05/righthaven-brouhaha/ [Editor's Comment (Northcutt): This is worth reading and taking seriously if your organization posts or handles a lot of information that is accessible on the Internet. Apparently, if you fill out a one page form and file a $105.00 filing fee to the Register of Copyrights, you can avoid a lot of trouble. There is some confusion about exactly what types of sites can receive Safe Harbor protection, but given the cost and level of difficulty to sign up, it seems to make sense. -http://www.copyright.gov/onlinesp/list/a_agents.html]
Firefox Extension Collects Surfing Habit Data (May 20, 2011)
A popular Firefox add-on has been found to collect data about every website the user visits through that browser. The extension, called Ant Video Downloader and Player, has been downloaded more than 7 million times. The tracking occurs even when users have turned on the browser's private browsing mode or are using anonymity services. A Mozilla spokesperson said that the company vets every non-experimental public extension against a list of criteria. She acknowledged that Ant Video Player collects "information about websites users visit in order to power its ranking feature ... and also includes a unique identifier in this communication." She added that the practice was not disclosed in the extension's description and that Mozilla has contacted that company and asked them to amend the description. -http://www.theregister.co.uk/2011/05/20/firefox_addon_privacy_invasion/
The extensive media coverage of the massive PlayStation Network (PSN) data breach has proven to be a lure for other hackers, as evidenced by continuing attacks against various Sony sites. Attackers have apparently stolen data from Sony BMG Greece. The information that was uploaded to the Internet came from a customer database and includes names and email addresses. The attackers claim to have obtained phone numbers and password hashes as well, but they did not upload that information. The data thieves used an SQL injection attack to gain access to the database. In another incident, Sony subsidiary So-net discovered that an intruder had stolen about US $1,225 in virtual cash. -http://www.theregister.co.uk/2011/05/23/sony_bmg_greece_hacked/ -http://www.pcmag.com/article2/0,2817,2385764,00.asp -http://www.huffingtonpost.com/2011/05/20/sony-hacks-playstation-network-back-onl ine_n_864620.html [Editor's Note (Pescatore): This is like saying publicity about a forest fire caused other forest fires. If you are storing customer data, there are criminals out there trying to steal that data so they can sell it. ]
PSN Account Management System Back Online (May 20, 2011)
The web servers that Sony uses to manage accounts are now operational after being taken offline to fix a security issue that could have been exploited to hijack accounts. The issue affected Sony PSN and Qriocity users, who can once again sign in to their accounts online. The flaw allowed anyone with a user's registered email address and date of birth to reset the password for that user's account. -http://www.h-online.com/security/news/item/Sony-s-PSN-password-server-online-aga in-1246993.html
Qakbot Behind Massachusetts Data Theft (May 20 & 23, 2011)
Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/