Surprisingly effective and innovative new security enhancements for
organizations running VMWare are being unveiled at the National
Cybersecurity Innovation Conference in DC in October.
See the Cloud and Mobile Security agenda at
************************************************************************* SANS NewsBites August 26, 2011 Volume: XIII, Issue: 68 *************************************************************************
************************ Sponsored By MANDIANT **************************
Register for MIRcon, Oct. 11-12, Alexandria, VA, MANDIANT?s conference for the information security industry. Now in its second year, MIRcon promises to build on a successful inaugural debut with relevant topics that have made headlines within the last year.
- -- SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011 45 courses. Bonus evening presentations include Securing the Kids; Who is Watching the Watchers?; and Emerging Trends in the Law of Information Security and Investigations http://www.sans.org/network-security-2011/
- -- NCIC: The National Cybersecurity Innovations Conference, DC, Oct. 11-12, 2011 3 tracks - Cloud computing, Continuous Monitoring and Enterprise Mobile Security training http://www.sans.org/ncic-2011/
- --SANS Chicago 2011, Chicago, IL, October 23-28, 2011 6 courses. Bonus evening presentations include Computer Forensics in the Virtual Realm and Electrical Grid Security http://www.sans.org/chicago-2011/
- --SANS Seattle 2011, Seattle, WA, November 2-7, 2011 5 courses. Bonus evening presentations include Future Trends in Network Security; and Ninja Developers: Penetration Testing and Your SDLC http://www.sans.org/seattle-2011/
- --SANS San Francisco 2011, San Francisco, CA, November 14-19, 2011 6 courses. Bonus evening presentations include The Worst Mistakes in Cloud Computing Security; Offensive Countermeasures; and Watching the Wire at Home http://www.sans.org/san-francisco-2011/
- --SANS San Antonio 2011, San Antonia, TX, November 28-December 5, 2011 7 courses. Bonus evening presentations include Effective Methods for Implementing the 20 Critical Security Controls; and Assessing Deception: Are They Lying to You? http://www.sans.org/san-antonio-2011/
Plus Melbourne, Delhi, London, Baltimore and Singapore all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ****************************************************************************
TOP OF THE NEWS
US Department of Homeland Security Launches Internet Security Awareness Campaign. (August 26)
The US Department of Homeland Security has partnered with the Boys & Girls Clubs of America in a national campaign to raise awareness on Internet security. The Stop.Think.Connect campaign will provide the Boys & Girls Club of America with tools and materials to raise Internet security awareness among the young. Commenting on the campaign President Barack Obama said "Cybersecurity is not an end unto itself; it is instead an obligation that our governments and societies must take on willingly, to ensure that innovation continues to flourish, drive markets, and improve lives." -http://www.msnbc.msn.com/id/44289394/ns/us_news/t/dhs-partners-boys-girls-clubs- america-cybersecurity/ [Editor's Note (Paller): To support the national security awareness campaign, more than a dozen states and many leading universities have banded together in a cooperative buying program to provide their hundreds of thousands of users with state of the art security awareness training, using their combined economic power to bring the cost down by more than 90%. Email firstname.lastname@example.org if you have security awareness responsibility at a university or state or local government agency that should be allowed to be included in the cooperative program. ]
Online Crime Gang Steals US $13 Million in One Day (August 26)
A security breach at a Florida based debit card processing company, Fidelity National Information Services Inc. (FIS), resulted in criminals using cloned prepaid debit cards to withdraw US $13 million from ATMs around the world over a 24 hour period. The criminals had previously gained access to Fidelity National Information Services Inc.'s prepaid debit card database and cloned 22 cards which were sent to conspirators in different countries. At the close of business on Saturday May 5, the criminals coordinated to withdraw the money over the next 24 hours from ATMs in countries such as Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom. When the prepaid balance on each debit card reached its limit, the criminals remotely updated the balance on each card. It is not clear who was behind the attack, but journalist Brian Krebs, who investigated the breach in detail, said the attack has the characteristics of Russian or Easter European based criminal gangs -http://www.msnbc.msn.com/id/44291945/ns/technology_and_science-security/ -http://www.ksl.com/index.php?nid=895&sid=17006686 -http://krebsonsecurity.com/2011/08/coordinated-atm-heist-nets-thieves-13m/
ComScore Sued Over Extensive Privacy Violations (August 24)
A class action lawsuit filed in a federal court in Chicago alleges that the Internet tracking and analytics firm comScore has been using highly aggressive tactics to surreptitiously collect large amounts of personal data on individuals. The lawsuit cites the Stored Communications Act, the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act and Illinois Consumer Fraud and Deceptive Practices Act. The plaintiffs to the lawsuit claim comScore collects information such as Social Security numbers, credit card numbers, passwords and other data from individuals' computers. It also alleges that comScore's software, when installed, will modify the computer's security settings, open backdoors, redirect Internet traffic and scan documents and emails for information. On one of their websites comScore states their software "monitors all of the Internet behavior that occurs on the computer on which you install the application, including both your normal web browsing and the activity that you undertake during secure sessions, such as filling a shopping basket, completing an application form or checking your online accounts". The software from comScore is usually installed when the user downloads free software products such as screen savers or music sharing software. A spokesman for comScore called the lawsuit meritless. -http://www.theregister.co.uk/2011/08/24/comscore_privacy_lawsuit/ -http://www.computerworld.com/s/article/9219444/Lawsuit_accuses_comScore_of_exten sive_privacy_violations -http://www.eweek.com/c/a/Security/comScore-Accused-of-Aggressive-Surreptitious-O nline-Data-Collection-in-Lawsuit-759357/ [Editor's Note (Schultz): The amount of personally-identifiable information that is typically collected in the course of users browsing Web sites is appalling. Citizens of EU countries should in particular be outraged, but instead there is a kind of collective ignorance that keeps Internet users, whether from EU countries or elsewhere, from waking up to reality. ]
3) Be entered in a drawing to WIN a $100 American Express gift card. Please take five minutes to help us improve the type and quality of Vendor Programs at SANS Conferences http://www.sans.org/info/85824
Fraudulent Google Web Certificate Discovered (August 29)
Researchers have discovered a counterfeit web certificate for *.Google.com has been available on the Internet for a number of weeks. The forged certificate was issued on July 10 by DigiNotar, a certificate authority based in the Netherlands and could provide attackers with the encryption keys needed to impersonate Google services that use SSL such as Gmail. The forgery was first detected by a user in Iran leading to concerns that the forged certificate is being used to intercept emails of dissidents. Google and Mozilla have issued updates to the Chrome and Firefox browsers to block all certificates issued by DigiNotar. -http://www.theregister.co.uk/2011/08/29/fraudulent_google_ssl_certificate/ -http://www.computerworld.com/s/article/9219569/Hackers_acquire_Google_certificat e_could_hijack_Gmail_accounts [Editor's Note (Schultz): Certificates have for a long time been promoted as a way to strengthen authentication. Recent events such as theft of certificates from certificate providers whose servers have been compromised and the discovery of forged certificates are rapidly eroding confidence in certificate-based authentication, however.
Missing USB Key Results in Suspension for British Detective (August 28)
A detective constable working with the serious crime team for the Greater Manchester police force in the United Kingdom has been suspended pending an investigation after a USB key containing sensitive information was stolen from his home. The information contained on the USB stick includes the details of people who confidentially provided the Greater Manchester police with information on those involved in criminal activity such as drug dealing. The information on the USB stick was not encrypted, contrary to policy, and should not have been in the detective's home. The police have been in touch with those impacted by the breach. -http://www.dailymail.co.uk/news/article-2030949/Detective-suspended-thieves-stea l-vital-police-data-home.html
Facebook Bug Bounty Program Pays Out US $40K (August 29)
Since its inception earlier this month the Facebook bug bounty program has already paid out more than US $40,000 to people who identified security vulnerabilities in the company's social networking site. In a blog post Facebook's Chief Security Officer, Joe Sullivan, said the company has "paid more than US $40,000 to security experts around the world. One person has received more than US $7,000 for 6 different issues flagged." He added that one person got US $5,000 for "one really good report". The bug bounty program only applies to the main Facebook website and not to the Facebook platform which hosts third party apps. -http://www.networkworld.com/news/2011/082911-in-just-three-weeks-facebook-250212 .html -http://www.pcmag.com/article2/0,2817,2392041,00.asp [Editor's Note (Schultz): Before these statistics can be meaningfully evaluated, definitions of nebulous terms such as "good" and "responsible" need to be offered. ]
Effective National CERTs and ISPs Reduce Malware Infection Rates (August 28)
Student Sentenced to 30 Days and Fined US $15,000 (August 26)
Omar Khan, a 21 year old high school graduate, was sentenced to 30 days in jail and fined US $15,000 for repeatedly breaking into the computer systems of Tesoro High School in Orange County. The computer intrusions occurred in 2008 when Khan was a student at the school and broke into the systems to change his school grades and steal test papers. Khan was also ordered to serve 500 hours of community service and remain on probation for three years. -http://articles.ocregister.com/2011-08-26/news/29936687_1_plea-agreement-plea-de al-service-projects
Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/