************************* SPONSORED BY Symantec ************************** The results are in. Symantec Endpoint Protection rated best in independent, real-world tests recently published by Dennis Technology Labs. These tests were designed to more accurately reflect what would happen if a user is actually using one of these products. Symantec Endpoint Protection received a AAA rating and beat all tested competitors in total accuracy. Learn More.
--SANS Security East 2013 New Orleans, LA January 16-23, 2013 11 courses. Bonus evening presentations include The Next Wave - Data Center Consolidation; Top Threats to Cloud for 2013; and Hacking Your Friends and Neighbors for Fun. Special Event: NetWars Tournament of Champions. http://www.sans.org/event/security-east-2013">http://www.sans.org/event/security-east-2013
--North American SCADA and Process Control Summit 2013 Lake Buena Vista, FL February 6-13, 2013 The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. The Security Summit is an action conference designed so that every attendee leaves with new tools and techniques they can put to work immediately when they return to their office. The Summit is the place to come and interact with top SCADA experts, key government personnel, researchers and asset owners at the multiple special networking events. 8 courses. Bonus evening presentation: The SANS SCADA Dinner Theater Players Present: From Exposure to Closure - Act III. http://www.sans.org/event/north-american-scada-2013">http://www.sans.org/event/north-american-scada-2013
--SANS Secure Singapore 2013 February 25-March 2, 2013 6 courses. Bonus evening presentation: Security of National eID (smartcard-based) Web Applications. http://www.sans.org/event/singapore-2013">http://www.sans.org/event/singapore-2013
--SANS 2013 Orlando, FL March 8-March 15, 2013 46 courses. Bonus evening presentations include Why Our Defenses Are Failing Us: One Click Is All It Takes ...; Human Nature and Information Security: Irrational and Extraneous Factors That Matter; and Over-Zealous Social Media Investigations: Beware the Privacy Monster. http://www.sans.org/event/sans-2013">http://www.sans.org/event/sans-2013
--SANS Monterey 2013 Monterey, CA March 22-March 27, 2013 7 courses. Bonus evening presentations include Base64 Can Get You Pwned!; and The 13 Absolute Truths of Security. http://www.sans.org/event/monterey-2013">http://www.sans.org/event/monterey-2013
--Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/specials">http://www.sans.org/ondemand/specials Plus Anaheim, New Delhi, Scottsdale, Brussels, Johannesburg, and Canberra all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org ***************************************************************************
TOP OF THE NEWS
Wells Fargo Web Site Buckles; Bank Tells Online Users to "Go to a Bank Branch" (December 21, 2012)
White House Releases National Security Information Sharing Guidelines (December 20, 2012)
The White House has released the National Strategy for Information Sharing and Safeguarding (NSISS) provides guidance for establishing polices to share national security information between government agencies and between the government and authorized private entities. -http://www.eweek.com/security/obama-administration-outlines-national-information -sharing-strategy/ -http://www.whitehouse.gov/sites/default/files/docs/2012sharingstrategy_1.pdf [Editor's Note (Pescatore): As a high level strategy document, it touches all the bases. I would have liked to see more focus on some "near term wins," especially in the area of " Strengthen Information Safeguarding through Structural Reform, Policy, and Technical Solutions." (Henry): Section 4.1 regarding actionable intelligence sharing to protect against external intrusions is right on the money. This is an incredibly complex issue, however, and this has been formulated by the government for years. Actually executing it will be a significant challenge. (Shpantzer): This event is descriptive of some of the information-sharing activities the feds are working on, outside of cyber-intelligence: -http://www.ijis.org/_newsroom/workshop.html (Murray): It is not clear to me to whom this document is addressed, what its authority is, or what it requires. My sense is that industry will continue to share threat and attack data while protecting vulnerability data and personally identifiable information. We will continue to share breach information via reports from such firms as Verizon and Mandiant in cooperation with international law enforcement. It should be noted that the vulnerability information exploited by criminals is not their own product but that of so-called and self-styled "security researchers." Identification and publication of vulnerability information is neither "security research" or helpful.]
Cyber forensic experts are examining the hard drive of the Connecticut shooting suspect's computer, which he attempted to destroy prior to the attack. The seized computer is in the possession of the Connecticut State Police computer crimes unit. The FBI has offered to help with the investigation. -http://www.washingtonpost.com/investigations/cybersleuths-try-to-mine-killers-ha rd-drive/2012/12/19/412cc81c-4a02-11e2-b6f0-e851e741d196_story.html [Editor's Note (Murray): While the article focuses on the hard drive, I think that most of us would focus on his e-mail service provider and his correspondents. Most of us leave more of a persistent mark in the network than we do on our hard drives. Hitting a hard-dive with a hammer greatly increases the cost of reading it.]
************************* Sponsored Link: ******************************** 1) Getting (and Staying) Ahead of Advanced Threats - A workbook for assessing your advanced threat protection posture. Learn More: http://www.sans.org/info/119700 ****************************************************************************
Symantec and Singapore Mgmt. University to Collaborate on Cybersecurity Education (December 19, 2012)
Subhendu Sahu, Symantec's business development director for government and network security, told ZDNet Asia that internships are not long enough for students to acquire necessary IT security skills. He also noted that Singapore IT professionals tend to be focused on traditional perimeter and network security. Steven Miller, vice provost of research and dean of School of Information Systems at Singapore Management University (SMU) added that IT security is constantly evolving and that "whatever [students ] learn during the internship would be irrelevant by the time they come out and work." Symantec and SMU have developed a Memorandum of Understanding (MoU) to help provide students with applicable skills and knowledge. The partnership will include internships, mentorships, in-depth discussions, and security intelligence briefings. -http://www.zdnet.com/internships-alone-insufficient-for-cybersecurity-education- 7000009005/ [Editor's Note (Henry): While internships described here, in and of themselves, are not a panacea, they certainly can go a long way in introducing young professionals to explore the cybersecurity field as a career, and to encourage their continued technical education. Internship opportunities will be increasingly necessary as we push the STEM initiative, and seek to excite people about these fields. ]
Judge Says Warrantless Cell Location Data are Permissible Evidence (December 18, 2012)
A US District Judge has ruled that federal prosecutors may introduce cell-phone location data obtained without a warrant in the retrial of Antoine Jones. The case has received media attention recently because of the Supreme Court ruling that law enforcement should obtain probable cause warrants from judges to place GPS tracking devices on suspects' vehicles, which meant that placement of GPS device on Jones's vehicle constituted an illegal search, thus disallowing the evidence and overturning Jones's conviction. US District Judge Ellen Segal Huvelle focused on the "good faith exemption," which allows evidence that was gathered prior to a court ruling prohibiting its use. -http://www.wired.com/threatlevel/2012/12/warrantless-cell-site-data/ -https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2005cr0386-658
Four-Year Prison Sentence for Man Who Processed Scareware Payments (December 18, 2012)
A Swedish man has been given a four-year prison sentence for processing payments for a scareware operation. He has also been fined US $650,000. Mikael Patrick Sallnert admitted to providing the infrastructure that facilitating payments for phony anti-virus software even though he was aware of the fraudulent nature of the operation. Sallnert was arrested in Denmark last January and was extradited to the US in March 2012. He pleaded guilty to conspiracy to commit wire fraud and accessing a protected computer in furtherance of fraud in August 2012. This particular operation was international in scope and earned its perpetrators US $71 million and affected nearly one million people. -http://www.h-online.com/security/news/item/Four-year-sentence-for-processing-sca reware-payments-1771615.html -http://www.justice.gov/opa/pr/2012/December/12-crm-1503.html [Editor's Note (Murray): This is an important case because criminals are using black markets to specialize and cooperate in ways that avoid accountability and make investigation and prosecution difficult. ]
Costs Associated with NASA Laptop Theft Climbing (December 18, 2012)
The costs associated with a stolen NASA laptop are approaching US $1 million, according to a report from NASA inspector general (IG) Paul Martin. The machine held personally identifiable information of 10,000 current and former agency employees. The October 31 incident prompted NASA to move up its target date for encrypting all hard drives on agency laptops to December 21, 2012. The former encryption deadline target was March 2013. The IG's report says that "it is extremely unlikely that the agency will meet its December goal primarily because the agency does not have a full account of the number of laptops in its possession." The cost of credit monitoring is estimated to be US $700,000, while the cost of moving up the encryption deadline is US $259,000. -http://www.nextgov.com/cybersecurity/2012/12/costs-mount-nasa-responds-october-d ata-breech/60232/?oref=ng-channeltopstory [Editor's Note (Murray): This case illustrates the efficiency of using full-disk encryption and lock words or phrases on portable devices. ]
************************************************************************ The Editorial Board of SANS NewsBites
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Shawn Henry recently retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response. He is now president of CrowdStrike Services.
Stephen Northcutt founded the GIAC certification and is President of STI, the premier skills-based cyber security graduate school, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course..
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was Vice President and Chief Security Officer for American Electric Power.
Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and non-profits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project.
Alan Paller is director of research at the SANS Institute.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/