***************** SPONSORED by ArcSight, an HP Company *****************
Love Thy Logs. Now you can get true, enterprise-class log management from ArcSight - absolutely FREE! ArcSight Logger is the first Universal Log Management solution that unifies searching, reporting, alerting and analysis across any type of enterprise log data. What's not to love? Download Logger for FREE today!
- --SANSFIRE 2011, Washington, DC, July 15-24, 2011 42 courses. Bonus evening presentations include Ninja Developers: Penetration Testing and Your SDLC; and Are Your Tools Ready for IPv6? http:www.sans.org/sansfire-2011/
- --SANS Boston 2011, Boston, MA, August 8-15, 2011 12 courses. Bonus evening presentations include When Prevention Fails: Extending IR and Digital Forensics Capabilities to the Corporate Network; and More Practical Insights on the 20 Critical Controls http:www.sans.org/boston-2011/
- --SANS Virginia Beach 2011, August 22- September 2, 2011 11 courses. Bonus evening presentations include SANS Hacklab; Offensive Countermeasures; and Evolving VoIP Threats http:www.sans.org/virginia-beach-2011/
- --SANS Ottawa 2011, Ottawa, Ontario, August 28- September 2, 2011 6 courses. Bonus evening presentations include DNS Sinkhole: Peer Into Your Network While You Sleep; and I See What You Did There: Forensic Time Line Analysis http:www.sans.org/ottawa-2011/
- --SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011 45 courses. Bonus evening presentations include Securing the Kids; Who is Watching the Watchers?; and Emerging Trends in the Law of Information Security and Investigations http:www.sans.org/network-security-2011/
- --SANS Chicago 2011, Chicago, IL, October 23-28, 2011 6 courses. Bonus evening presentations include Computer Forensics in the Virtual Realm and Electrical Grid Security http:www.sans.org/chicago-2011/
- --Looking for training in your own community? http:sans.org/community/
Save on On-Demand training (30 full courses) - See samples at http:www.sans.org/ondemand/discounts.php#current
Plus Melbourne, Tokyo, Delhi, London and Baltimore all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php
Private Companies Turn Down Offer of Free Security Audit from ICO (July 11, 2011)
According to UK's information Commissioner Christopher Graham, nearly one-third of data breaches reported over the past 12 months occurred in the private sector. But when private sector firms were contacted by the Information Commissioner's office (ICO) offering a free data protection audit, just 19 percent accepted. In the public sector, 71 percent of organizations accepted the offer. -http://www.scmagazineuk.com/ico-reports-that-private-sector-was-responsible-for- a-third-of-data-breaches-yet-most-businesses-refuse-an-audit/article/207158/ [Editor's Note (Hoelzer): My suspicion is that it has nothing to do with wanting to hide what executives suspect is wrong and a great deal to do with the IT security and audit communities failing to adequately connect the important role that auditing for effective controls, IT and otherwise, has in the overall risk management strategy for a business today. (Ranum): The way this is written makes me wonder - it seems to be a bit "spun"; perhaps those firms chose not to be audited because they were busy. Or, perhaps the results of an audit would be discoverable and outside their control. If I knew some government agency would audit me, and I wasn't given adequate guarantees they would protect the results, I'd also say "no" if I had the option. And, as we see in this article, they're willing to quote statistics about their audit process to the press, I think it goes without saying that any security practitioner in their right mind would decline such an audit unless it were absolutely mandatory. ]
Case Will Test Applicability of Fifth Amendment to Cryptographic Keys (July 11, 2011)
A case involving a Colorado woman who refused to provide authorities with the key necessary to decrypt a laptop found in her home during a raid marks the first time a US appeals court will decide whether the demand violated the Fifth Amendment, which gives people the right to refrain from self-incrimination. Ramona Fricosu is accused of perpetrating a mortgage scam. Prosecutors maintain that they are not asking for her key, but a plaintext version of the data on the computer. An amicus brief filed by the Electronic Frontier Foundation (EFF) says that "ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court." -http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-t hat-laptop/ [Editor's Note (Murray): It is naive to think that courts will allow the 5th Amendment to trump their historic right to the "best evidence." If one records it, the court is entitled to the record. One cannot deny the court access to the record by putting it in a vault or encrypting it. The courts will not equate police coercion with their own orders. They will not equate torture with the punishment of contempt, the failure to comply with a court's legitimate demand for access to a record. ]
News of the World Editors Arrested in Connection With Phone Hacking Scandal (July 8, 2011)
Arrests have been made in the News of the World (NotW) phone hacking scandal. Former editor Andy Coulson and former royal correspondent Clive Goodman have been arrested. Until January, Coulson had been Prime Minister David Cameron's senior media adviser. He was editor of the 168-year old tabloid at the time of the alleged phone hacking. Goodman has already served four months in prison for intercepting phone calls made to and from members of the royal family. Prime Minister Cameron is launching inquiries into the matter. -http://www.csmonitor.com/World/Europe/2011/0708/Tabloid-phone-hacking-scandal-sp reads-former-Cameron-aide-arrested An important update to this story is the former UK's Prime Minister Gordon Brown has revealed that he has been victim of various intrusions to his privacy by newspapers and that the British Royal Family were also targeted. -http://www.bbc.co.uk/news/uk-politics-14119225 [Editor's Note (Honan): There are a lot of lessons organisations should learn from these stories to identify common security weaknesses in their own systems. Many of the intrusions were the result of default passwords not being changed, users clicking on links in emails or the result of social engineering. ]
1) New ForeScout CounterACT Virtual Appliance ForeScout CounterACT is now available as a virtual appliance. ForeScout CounterACT provides real-time visibility and control over everything on the network - users, devices, applications, smartphones, etc. With ForeScout CounterACT Virtual Appliance, organizations can readily deploy and scale-out CounterACT leveraging their VMware investment. http://www.sans.org/info/81844
Proposed Data Protection Rule Irks Government Contractors (July 10, 2011)
Some US government contractors are unhappy with a proposed rule from the Pentagon requiring that all unclassified data that are shared with the Department of Defense (DoD) be protected in certain ways. The central complaint is the significant expense they face in installing systems to safeguard the data and be in compliance. More than 64,000 small businesses were awarded DoD contracts last year; under the proposed rule, more than three-quarters of them would have to step up their security. The proposed rule, which appeared in the Federal Register on June 29, sets two levels of control. The basic level would prohibit contractors from accessing shared DoD data on public computers or posting the data on public websites. The critical level would require the contractors to implement controls similar to those used at DoD. The contractors would also be required to notify DoD of cyber attacks with 72 hours of learning of the incident. Civil liberties groups have expressed concerns about the rule as well because they view it as "an effort to restrict access to public information." -http://www.federaltimes.com/article/20110710/ACQUISITION03/107100303/ [Editor's Note (Ranum): The central complaint is the significant expense they face in installing systems to safeguard the data and be in compliance. Complaining "Oh gosh, we'd have to actually DO SOMETHING to protect data" seems like very poor strategy indeed. (Paller): Marcus is correct. And of extraordinary significance: DoD's new rule (posted at -http://www.gpo.gov/fdsys/pkg/FR-2011-06-29/html/2011-16399.htm) excludes the many, many low-priority controls in NIST SP 800-53, allowing contractors to focus on the most critical controls. Kudos to the DoD leaders who made this change possible. (Pescatore): Sorry, if you don't want to protect data then don't bid on the contracts. ]
DHS Official Acknowledges That Some Imported Devices Pre-Loaded Malware (July 8, 9 & 11, 2011)
Artist's Computer Seized in Surreptitious Webcam Case (July 8, 2011)
The US Secret Service has seized a New York City artist's computer after the man allegedly installed software on computers in Apple stores around the city, took pictures of people looking at computers without their knowledge, and posted them to a blog. Kyle McDonald maintains he asked security guards at the stores for permission to take pictures, but it is not clear if he specified that he would be installing software on the display machines. The warrant used in the raid on McDonald's home allege that he violated US Code Title 18, section 1030, which includes "fraud and related activity in connection with computers." -http://www.bbc.co.uk/news/technology-14080438 -http://www.pcmag.com/article2/0,2817,2388270,00.asp
More Than 900 UK Police Disciplined for Data Protection Act Violations (July 8, 2011)
Pentagon to Release Cyberspace Operations Strategy (July 8, 2011)
An unclassified draft of the Pentagon's forthcoming cyberspace defense strategy indicates that DOD will incorporate "active defenses" into military networks to help detect malicious code and prevent it from affecting their systems. The plan does not call for militarizing cyber space, but instead aims to "dissuade military actors from using cyberspace for hostile purposes." Because DOD cannot monitor civilian networks, the department will give certain industry partners classified threat intelligence to help them protect their own networks. The practice has been tested in a pilot program and has already proven successful at stopping intrusions. The strategy is scheduled to be released on July 14. -http://www.nextgov.com/nextgov/ng_20110708_6484.php?oref=topstory
UCLA Health System Fined US $865,000 for HIPAA Violations (July 7, 2011)
Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account/login