****************** SPONSORED BY ArcSight, an HP Company ***************
Logs, Liberty and the Pursuit of Happiness. ArcSight Logger is the first Universal Log Management solution that unifies searching, reporting, alerting and analysis across any type of enterprise log data. Logger is unique in its ability to collect, analyze and store massive amounts of data. Get your FREE ArcSight Logger - download it today! http://www.sans.org/info/80754
- --SANSFIRE 2011, Washington, DC, July 15-24, 2011 42 courses. Bonus evening presentations include Ninja developers: Penetration testing and Your SDLC; and Are Your Tools Ready for IPv6? http://www.sans.org/sansfire-2011/
- --SANS Boston 2011, Boston, MA, August 8-15, 2011 13 courses. Bonus evening presentations include Cost Effectively Implementing PCI through the Critical Controls; and More Practical Insights on the 20 Critical Controls http://www.sans.org/boston-2011/
- --SANS Virginia Beach 2011, August 22- September 2, 2011 11 courses. Bonus evening presentations include SANS Hacklab; Offensive Countermeasures; and Evolving VoIP Threats http://www.sans.org/virginia-beach-2011/
- --SANS Ottawa 2011, Ottawa, Ontario, August 28- September 2, 2011 6 courses. Bonus evening presentations include DNS Sinkhole: Peer Into Your Network While You Sleep; and I See What You Did There: Forensic Time Line Analysis http://www.sans.org/ottawa-2011/
- --SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011 46 courses. Bonus evening presentations include Securing the Kids; Who is Watching the Watchers?; and Emerging Trends in the Law of information Security and Investigations http://www.sans.org/network-security-2011/
- --SANS Chicago 2011, Chicago, IL, October 23-28, 2011 6 courses. Bonus evening presentations include Computer Forensics in the Virtual Realm and Electrical Grid Security http://www.sans.org/chicago-2011/
DHS Moves To Boost Security of Software (June 27, 2011)
The Homeland Security Department unveiled a new system of guidance on Monday intended to help make the software behind Web sites, power grids and other services less susceptible to hacking. The system includes an updated list of the top 25 programming errors that enable today's most serious hacks. The list, topped by SQL-injection vulnerabilities, is an attempt to address the "root-cause issues" behind cyberattacks, one official said. The announcement also includes a way to rate programming errors for importance in differing environments from embedded systems to web applications. The overall initiative is designed to help software programmers eliminate the most dangerous types of mistakes and enable organizations to demand and buy more secure products. Colleges and trade schools need to take far more responsibility for ensuring their graduates who write programs can do so securely. -http://www.nytimes.com/2011/06/28/technology/28secure.html -http://www.forbes.com/feeds/ap/2011/06/27/technology-us-protecting-websites_8538 005.html
[Editor's Note (Paller): More than 180 news organizations from the New York Times to the Financial Times, and from SC Magazine to InformationWeek to NextGov, and even AP and Reuters covered this important, industry-changing move by the US Department of Homeland Security. It's one of several examples where DHS is demonstrating strong technical innovation in cybersecurity making it increasingly more qualified to be the organization that should be called upon to protect the US government and critical infrastructure networks and systems from cyber attacks. ]
Supreme Court to Consider Issue of Warrantless GPS Tracking (June 27, 2011)
The US Supreme Court will review the constitutionality of surreptitiously placing GPS devices on suspects' vehicles without a warrant. The Justice Department maintains that "a person has no reasonable expectation of privacy in his movements from one place to another," and is seeking to overturn a lower court decision that reversed the conviction and subsequent life sentence in prison for a cocaine dealer whose movements were tracked in this way. That case was decided in the US Court of Appeals for the District of Columbia Circuit; three other circuit courts of appeal have ruled that using a GPS device to track a vehicle does not require a warrant. The court will not make a decision before its next term begins in October. -http://www.wired.com/threatlevel/2011/06/warrantless-gps-monitoring-scotus/
Film Industry Seeks to Block Site That Hosts Pirated Movies (June 27, 2011)
The Motion Picture Association is seeking an injunction that would force BT to sever access to a website that hosts pirated films. The MPA wants BT to use the same technology that it uses to block child pornography sites to block the Newzbin site. BT was chosen as the target of the injunction because it is the largest Internet service provider (ISP) in the UK and because it provides a site blocking system called Cleanfeed to other ISPs. The MPA is the international counterpart to the Motion Picture Association of America (MPAA). -http://www.bbc.co.uk/news/technology-13927335
Class Action Lawsuit Filed Against Sony (June 24, 2011)
Sony is facing a class action lawsuit over the attack earlier this year on its PlayStation Network (PSN) and Qriocity. The lawsuit alleges that Sony took steps to protect proprietary information but did not take adequate precautions to protect customer data. "Confidential witnesses cooperating in [the ] investigation" have reportedly said that Sony did not install a permanent firewall on PSN despite having suffered smaller attacks on the network prior to the one that made headlines. The suit also alleges that Sony fired security workers several days before the attacks began. -http://www.scmagazineus.com/sony-faces-new-lawsuit-following-psn-hack/article/20 6106/
2) Learn how to secure your network during the IPv6 transition at the Security Impact of IPv6 Summit July 15th in Washington DC and take advantage of the post-Summit IPv6 Essentials course July 16th. http://www.sans.org/info/80764/
3) REGISTER NOW for the upcoming Analyst Webcast: Protecting Access and Data: A Review of DigitalPersona Pro Version 5.1 NEW DATE - Thursday, July 14, 2011 Start Time: 1:00 PM EDT (1700 UTC/GMT) Featuring: Jim Hietala & Fabio Santini http://www.sans.org/info/80769
Righthaven Claims Legal Standing to Sue After Modifying Agreement with Publisher (June 24, 2011)
Righthaven has told a judge that it now has full copyright ownership over some of the content of the Las Vegas Review Journal, giving it the right to sue alleged copyright violators. Several recent decisions found that Righthaven lacked legal standing to sue for copyright infringement because it did not have ownership of the content in question. Righthaven said its agreement with Stephens Media, of which the Las Vegas Review-Journal is one publication, has been altered so it has legal standing to sue alleged violators. -http://www.wired.com/threatlevel/2011/06/righthaven-survival-bid/
Apple Updates Mac OS X; Will Release Lion 10.7 Next Month (June 24, 2011)
Oregon Police Have Surveillance Video of Suspects in Michaels Skimming Case (June 24, 2011)
Police in Beaverton, Oregon are seeking the public's help in identifying four people who were caught on surveillance video using cloned payment cards made with information stolen through skimmers on point-of-sale terminals at Michaels craft stores. The group behind the skimming scheme has affected debit accounts in 20 US states. Michaels is facing four lawsuits as a result of the breach. -http://www.bankinfosecurity.com/articles.php?art_id=3785
Vermont Law Barring Use of Prescription Data for Marketing Found Unconstitutional (June 23 & 24, 2011)
Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/