- --SANS London 2011, London, UK, December 3-12, 2011 18 courses. Bonus evening presentations include IPv6 Challenges for Intrusion Detection and Understanding How Attackers Bypass Network and Content Restrictions. http://www.sans.org/london-2011/
- --SANS CDI 2011, Washington, DC, December 9-16, 2011 27 courses. Bonus evening presentations include Emerging Trends in Data Law and Investigations, and Critical Infrastructure Control Systems Cybersecurity. http://www.sans.org/cyber-defense-initiative-2011/
- --SANS Security East 2012, New Orleans, LA January 17-26, 2012 11 courses. Bonus evening presentations include Advanced VoIP Pen Testing: Current Threats and Methods; and Helping Small Businesses with Security. http://www.sans.org/security-east-2012/
- --SANS Monterey 2012, Monterey, CA January 30-February 4, 2012 6 courses. Bonus evening presentations include Who Do You Trust? SSL and TLS Under Attack; and IOS Programming Demo. http://www.sans.org/monterey-2012/
- --SANS Phoenix 2012, Phoenix, AZ February 13-18, 2012 7 courses. Bonus evening presentations include Desktop Betrayal: Exploiting Clients Through the Features They Demand; and Windows Exploratory Surgery with Process Hacker. http://www.sans.org/phoenix-2012/
Plus Perth, Atlanta, Bangalore, and Stuttgart, all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php **************************************************************************
TOP OF THE NEWS
FBI Discloses: Hackers Accessed Three Cities' Infrastructure via SCADA (November 29, 2011)
GAO Report Being Used To Cause Waste and Abuse in Federal Cybersecurity (December 1, 2011)
An article in the December issue of Government Executive magazine, delivered to government officials this morning, shines a bright light on a GAO report that appears to be causing waste rather than promoting efficiency in federal IT management and cybersecurity. The report is being used to slow the adoption of efficiency-improving technology, thereby allowing waste, documented at more than $300 million each year, to continue. The GAO report evaluated a continuous security monitoring implementation, but failed to compare the continuous monitoring approach against the 3-year, annual or quarterly reporting that continuous monitoring replaces. Instead GAO looked for areas in which continuous monitoring can be expanded. By failing to make the key comparison, the report became useful to people who profit from report writing, allowing them to continue to make money writing reports instead of improving operational security. -http://www.govexec.com/features/1211-01/1211-01adan1.htm
House Committee Passes Cyber Threat Info Sharing Legislation (November 30 & December 1, 2011)
In a 17-1 vote, the House Intelligence Committee has approved the Cyber Intelligence Sharing and Protection Act of 2011. The bill would encourage cyber threat information sharing between the public and private sectors. Under the proposed legislation, private companies would be exempt from liability for sharing information with the government and for failing to use the information to improve their networks' security. Data sharing would not be required of companies, and they would be permitted to choose which agencies they share information with. Critics of the bill say it does not make provisions for protecting citizens' privacy. Some of the bill's language has been modified to specify that only data that have to do with cyber security and national security could be shared. -http://www.bloomberg.com/news/2011-12-01/verizon-supported-cybersecurity-bill-ad vances-in-u-s-house.html -http://www.politico.com/news/stories/1211/69583.html -http://www.washingtonpost.com/world/national-security/cybersecurity-bill-promote s-exchange-of-data-white-house-civil-liberty-groups-fear-measure-could-harm-priv acy-rights/2011/11/30/gIQAD3EPEO_story.html -http://gcn.com/articles/2011/12/01/cybersecurity-bill-info-sharing-no-privacy.as px [Editor's Note (Murray): It is not simply liability that resists sharing. Sharing is fundamentally dangerous. Too much of it makes leaks inevitable. When government asks the private sector why they do not share, they use liability as an excuse; it is rude to say, "We do not trust you because you leak." (Honan): Data sharing initiatives look good on paper. However such initiatives have failed often because government agencies do not seem to understand that sharing needs to go both ways. Too often information shared by the private sector is seen to not be acted upon with no feedback given and also government agencies not being transparent enough on how that information will be used. (Ranum): "Sharing" only makes sense if the information flow is two directional (otherwise it's called "information gathering" not "information sharing") and if it's relevant - if there's something practical that can be done with it. Historically, security alerts from agency sources haven't been much more useful than "be on the lookout for hacking attacks." These sharing initiatives seem to amount to little more than public relations. ]
THE REST OF THE WEEK'S NEWS
Massive Iranian Missile Explosion: Was it Stuxnet 2? (November 18, 2011)
The massive explosion of the Sejil-2 ballistic missile at Iran's Revolutionary Guards Alghadir base may be due to a technical fault originating in the computer system controlling the missile and not the missile itself. The head of Iran's ballistic missile program Maj. Gen. Hassan Moghaddam was among the 36 officers killed in the blast which rocked Tehran 46 kilometers away. (Tehran reported 17 deaths although 36 funerals took place.) -http://www.debka.com/article/21496/ Before and after photos of missile explosion. -http://isis-online.org/isis-reports/detail/satellite-image-showing-damage-from-n ovember-12-2011-blast-at-military-base/ [Guest Editor's Note (Eric Bassell): Seems to me there is a third plausible explanation for the Iran's newest warhead exploding, one the article does not cover: poor engineering by Iranian scientists, resulting in an accidental discharge and premature explosion. ]
U.S. Legislator Wants Answers About Carrier IQ (December 1, 2011)
Windows Data Execution Prevention Could Have Helped Thwart RSA Hack (December 1, 2011)
New research suggests that the attacks on RSA might have been prevented if the targeted machines had been running Windows 7 instead of Windows XP. The Data Execution Prevention (DEP) that is baked into Windows 7 could have stopped the breach that led to the data breach. The machines compromised in the attack appear to have been running XP without DEP enabled. -http://www.informationweek.com/news/security/attacks/232200534 [Editor's Note (Ranum): Application white listing could have also helped thwart the attack. So could attachment stripping. It's easy to be Monday morning quarterbacks, isn't it? ]
Cyber Criminals Using 1-2 Punch of ACH Fraud and DDoS (November 30, 2011)
Cyber Attacks on Canadian Government Systems Part of Broader Scheme (November 30, 2011)
A cyber forensics expert says that the hackers responsible for attacks on Canadian government computers also launched attacks on a number of private sector companies. Daniel Tobok maintains that the attacks were all aimed at gathering information about an attempted corporate takeover. Tobok was called in to investigate a number of intrusions; he and his team began to see similarities between the incidents they were investigating. -http://news.ca.msn.com/top-stories/foreign-hackers-targeted-canadian-firms-61?oc id=tweet
US Government Wants Details of Telecoms' Imported Network Components (November 30, 2011)
The US government is asking telecommunications companies to provide detailed information about their networks in an effort to determine if China and other countries are using exported network equipment to conduct espionage. The US Commerce Department has asked the companies to list both foreign-made components of their networks and security incidents. Congress's interest in this issue was prompted by "very specific material provided them [by the National Security Agency ] in a classified setting." -http://www.bloomberg.com/news/2011-11-30/obama-invokes-cold-war-security-powers- to-unmask-chinese-telecom-spyware.html
US Cyber Command Conducts Week-Long Cyber Exercise (November 30, 2011)
Three hundred people participated in Cyber Flag, the US Cyber Command's first major exercise. The event took place at the Air Force Red Flag Facility at Nellis Air Force Base in Nevada. The US Cyber Command is part of the US Strategic Command and became operational last September. -http://www.informationweek.com/news/government/security/232200508
HP Refutes Claim That Printer Flaw Could Be Exploited to Cause Fire (November 29 & 30, 2011)
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of InGuardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/