For cybersecurity people in Washington DC, Government Executive is
hosting a free breakfast on Thursday morning, 7:30 - 9:30 at the Ronald
Reagan Center. It features both the Estonian Ambassador to the United
States who was Ambassador to Russia during the 2007 Russian attack, and
Dmitry Alperovitch who just left McAfee and has some great stories to
tell about ShadyRAT. It's a unique opportunity to get authoritative
inside stories on major cyber events.
************************************************************************* SANS NewsBites December 06, 2011 Volume: XIII, Issue: 96 *************************************************************************
************************* Sponsored By Bit9 *****************************
FREE Webcast 12/7: Application Whitelisting 101
It sounds simple: Application Whitelisting ensures only authorized software runs. But success requires an adaptable approach. Learn how the largest of enterprises - including 30 of the Fortune 100 - use this flexible, powerful solution to protect against advanced threats. FREE webcast 12/7 @ 9am and 2pm Eastern.
--SANS CDI 2011, Washington, DC, December 9-16, 2011 27 courses. Bonus evening presentations include Emerging Trends in Data Law and Investigations, and Critical Infrastructure Control Systems Cybersecurity. http://www.sans.org/cyber-defense-initiative-2011/
--SANS Security East 2012, New Orleans, LA January 17-26, 2012 11 courses. Bonus evening presentations include Advanced VoIP Pen Testing: Current Threats and Methods; and Helping Small Businesses with Security. http://www.sans.org/security-east-2012/
--SANS Monterey 2012, Monterey, CA January 30-February 4, 2012 6 courses. Bonus evening presentations include Who Do You Trust? SSL and TLS Under Attack; and IOS Programming Demo. http://www.sans.org/monterey-2012/
--SANS Phoenix 2012, Phoenix, AZ February 13-18, 2012 7 courses. Bonus evening presentations include Desktop Betrayal: Exploiting Clients Through the Features They Demand; and Windows Exploratory Surgery with Process Hacker. http://www.sans.org/phoenix-2012/
Swiss Federal Council Downplays Filesharing Concerns (December 5, 2011)
A report from Switzerland's Federal Council, compiled at the request of the country's legislature, says that illegal filesharing is not a significant problem. The report rejects three proposals aimed at combating the issue: a three-strikes plan, similar to that codified in France; Internet filtering; and a collective licensing plan that would allow unlimited filesharing for a fee. The report says that consumers still spend money on entertainment products, and that filesharing is a concern only for "large foreign production companies," which need to adapt their business models to include consumer behavior instead of trying to push for legislation that seeks to maintain an outdated system. -http://arstechnica.com/tech-policy/news/2011/12/swiss-government-file-sharing-no -big-deal-some-downloading-still-ok.ars -http://www.eweekeurope.co.uk/news/swiss-government-rules-downloading-to-remain-l egal-48351 [Editor's Note (Murray): Legislation is a blunt tool. It almost always has unintended consequences. Nothing is so difficult to remedy as bad legislation. Legislation should be used late, cautiously, and only after all other measures have been tried. ]
Carrier IQ Facing Lawsuits Over Tracking Software (December 5, 2011)
A class action lawsuit filed over the use of Carrier IQ tracking software names eight companies: four handset makers, three wireless service carriers, and Carrier IQ itself. The suit alleges violations of the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act. The carriers and handset makers named in the suit have all admitted that they use Carrier IQ's software; the carriers say they use the software for network diagnostic purposes only, and the handset makers say they allowed the software on the phones at the request of the carriers. At least two other lawsuits have been filed over the use of Carrier IQ. Apple has already announced plans for an iPhone update that will remove Carrier IQ from its handsets. -http://www.computerworld.com/s/article/9222424/8_companies_hit_with_lawsuit_over _Carrier_IQ_software?taxonomyId=17 -http://news.cnet.com/8301-1009_3-57335851-83/carrier-iq-faces-lawsuits-lawmaker- seeks-ftc-probe/ [Editor's Note (Pescatore): This is sort of like suing your neighbor's dog when it does its business in your yard, when you should be suing your neighbor. The carriers install CarrierIQs software on the phones and collect the data and determine how much data is collected and what is done with it. The carriers are also the ones who have not made this explicit to the users of the phone. CarrierIQ shouldn't be demonized over this, any more than GPS chip vendors would be for having GPS chips in phones. ]
Carrier IQ Put Under the Microscope in Europe (December 5, 2011)
A vulnerability in Yahoo Messenger that can be exploited to change users' status messages can also be used to send spam messages to other users. The flaw lies in the way Yahoo Messenger's file transfer application programming interface (API) processes malformed requests. The exploit does not require any action from users. Until a fix is available, Yahoo Messenger users can protect themselves by configuring the application to ignore users who are not in their Messenger lists, although attacks are still possible through known contacts that become infected. -http://www.computerworld.com/s/article/9222360/Yahoo_Messenger_flaw_enables_spam ming_through_other_people_s_status_messages?taxonomyId=85
US Military Cyber Security Education and Training is Evolving to Meet Current Needs (November 18, 2011)
Understanding the need for a dynamic cyber security education and training strategy, the US military is pursuing new models for training troops for cyber warfare. Collaboration is increasing, both between branches of the military and with industry partners. Each branch of the military has developed cyber security education and training that it tailored for its needs. The US Naval Academy requires all midshipmen to participate in cyber education, and all Marines must take courses every year to update their cyber security knowledge. The Air Force has collaborated with SANS to use NetWars in its training program, and the Army has teamed with a number of technology companies to help train and certify soldiers. -http://fcw.com/Articles/2011/11/28/FEAT-Military-cyber-training.aspx
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of InGuardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/