DHS will unveil a very cool new way to measure the security of software
in a meeting Monday afternoon at 1 PM in McLean, open to their software
assurance working groups. They have also opened it up to others on a
space-available basis. It's in a building that requires data on who is
there so if you want to come send name, title, organization and
nationality to me (firstname.lastname@example.org) with subject "DHS Software Security
Announcement" and I'll get you on the list and get the exact location
for you. Please don't ask for a place unless you really will attend.
************************************************************************* SANS NewsBites June 24, 2011 Volume: XIII, Issue: 50 *************************************************************************
******************* SPONSORED By ForeScout Technologies *******************
New ForeScout CounterACT Virtual Appliance ForeScout CounterACT is now available as a virtual appliance. ForeScout CounterACT provides real-time visibility and control over everything on the network - users, devices, applications, smartphones, etc. With ForeScout CounterACT Virtual Appliance, organizations can readily deploy and scale-out CounterACT leveraging their VMware investment. Go to http://www.sans.org/info/80249
- -- SANS Rocky Mountain 2011, Denver, CO, June 25-30, 2011 7 courses. Bonus evening presentations include SANS Hacklab and Why End Users are Your Weakest Link http://www.sans.org/rocky-mountain-2011/
- -- SANSFIRE 2011, Washington, DC, July 15-24, 2011 42 courses. Bonus evening presentations include Ninja developers: Penetration testing and Your SDLC; and Are Your Tools Ready for IPv6? http://www.sans.org/sansfire-2011/
- -- SANS Boston 2011, Boston, MA, August 8-15, 2011 13 courses. Bonus evening presentations include Cost Effectively Implementing PCI through the Critical Controls; and More Practical Insights on the 20 Critical Controls http://www.sans.org/boston-2011/
- -- SANS Virginia Beach 2011, August 22- September 2, 2011 11 courses. Bonus evening presentations include SANS Hacklab; Offensive Countermeasures; and Evolving VoIP Threats http://www.sans.org/virginia-beach-2011/
- -- SANS Ottawa 2011, Ottawa, Ontario, August 28- September 2, 2011 6 courses. Bonus evening presentations include DNS Sinkhole: Peer Into Your Network While You Sleep; and I See What You Did There: Forensic Time Line Analysis http://www.sans.org/ottawa-2011/
- -- SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011 46 courses. Bonus evening presentations include Securing the Kids; Who is Watching the Watchers?; and Emerging Trends in the Law of information Security and Investigations http://www.sans.org/network-security-2011/
Conflicts Inside The Anonymous Group (June 23, 2011)
An illuminating look at what goes on inside Anonymous with particular focus on the Dutch man who admits taking part in several attacks, but had a change of heart as some hackers adopted increasingly aggressive tactics. "People are starting to grow tired of" the hackers, he said in an interview. "People are also starting to realize that Anonymous is a loose cannon." -http://online.wsj.com/article/SB10001424052702304887904576399871831156018.html
EU Banks and Other Businesses Will be Required to Report Serious Data Breaches (June 20, 21 & 22, 2011)
1) Learn how to secure your network during the IPv6 transition at the Security Impact of IPv6 Summit July 15th in Washington DC and take advantage of the post-Summit IPv6 Essentials course July 16th. http://www.sans.org/info/80254
The security of a fifth certificate authority was breached earlier this month. While the attackers do not appear to have gained access to information that would allow them to issue valid certificates to themselves, the company, StartSSL, has indefinitely suspended issuing digital certificates. StartSSL says that existing certificates have not been compromised. In the past several months, several other certificate authorities have been attacked. A compromise at Comodo resulted in cyber thieves stealing valid certificates for some highly visible domains, including Google and Skype. Internet Storm Center: -http://isc.sans.edu/diary.html?storyid=11071 -http://www.eweek.com/c/a/Security/Another-Certificate-Authority-Compromised-No-F ake-SSL-Certificates-Issued-107625/ [Editor's Note (Pescatore): The CA/Browser Forum has been very slow to move in doing anything to make any meaningful changes in CA security practices. More than 4 years ago they introduced Extended Validation certificates in an attempt to have some form of high price/high trust certificates, but it wasn't until after the Comodo incident in April that the CA/Browser Forum issued a draft of baseline requirements for improving CA security for public comment. ]
iPad User Data Hacker Pleads Guilty (June 23, 2011)
Two Scareware Rings Busted in Worldwide Operation (June 22 & 23, 2011)
Law enforcement authorities seized servers and bank accounts in raids at various locations around the world, targeting two different scareware crime rings as part of an investigation dubbed Operation Trident Tribunal. The groups had earned a combined US $74 million from their operations. The raids on homes and server farms in the US were coordinated with similar raids by authorities in the UK, Netherlands, Latvia, Lithuania, Germany, France and Sweden. [Brian Krebs did a very nice piece highlighting that the Security Service of Ukraine claim the criminals used Conficker to deploy the scareware which was then used to defraud the victims -http://krebsonsecurity.com/2011/06/72m-scareware-ring-used-conficker-worm/]
EFF No Longer Accepting Donations Through Bitcoin (June 22, 2011)
In the wake of the attack on the Bitcoin exchange MTGox, the Electronic Frontier Foundation (EFF) has said it will no longer take donations through Bitcoin. While not a member of the virtual currency trading group itself, the EFF had taken donations through a Bitcoin account established by an anonymous third party. The EFF cited Bitcoin's "untested legal concerns related to securities law, the Stamp Payments Act, tax evasion, consumer protection and money laundering" as reasons for its decision. MTGox is calling the attack a "force majeure," which allows it to take the extraordinary measure of rolling back transactions to pre-attack conditions. -http://www.theregister.co.uk/2011/06/22/eff_drops_bitcoin/ -http://www.techdirt.com/articles/20110621/02402314783/eff-drops-bitcoin-over-con cerns-about-legality.shtml [Editor's Comment (Northcutt): I almost lost $500.00 this week purchasing an e-gift certificate from Home Depot. The gift certificate was emailed to a contractor's email account, however the contractor had lost access to the account. Once the gift certificate is emailed, it cannot be canceled. The credit card issuer, Bank of America, declined to dispute the charge. Fortunately Home Depot elected to stand by their product. However, it was a painful reminder how easy it is to lose digital cash. If you know of other examples, please drop a note to email@example.com. ]
European Commission Tells Web Companies to Finalize Do-Not-Track Standard (June 22 & 23, 2011)
Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account/login