*********************** SPONSORED BY SANS ******************************* 1. Take the SANS 8th Annual Log and Event Management Survey and be entered to WIN a $250 American Express Card. http://www.sans.org/info/99594
2. SANS Analyst Webcast: Needle in a Haystack? Getting to Attribution in Control Systems, featuring control systems expert Matt Luallen on Wednesday, February 22 http://www.sans.org/info/99599 ************************************************************************** TRAINING UPDATE
--SANS Secure Singapore 2012, Singapore, Singapore March 5-17, 2012 5 courses. Bonus evening presentations include Introduction to Windows Memory Analysis; and Why Our Defenses are Failing Us: One Click is All It Takes ... http://www.sans.org/singapore-2012/
-- SANS Mobile Device Security Summit: The Growing and Constantly Changing Challenge, Nashville, TN Summit: March 12-13, 2012; Post-Summit Courses: March 14-15, 2012 Mobile device security experts and practitioners from organizations that have implemented successful programs will discuss the most promising approaches to this new and evolving challenge. http://www.sans.org/mobile-device-security-summit-2012/
--SANS 2012, Orlando, FL March 23-29, 2012 40 courses. Bonus evening presentations include Exploiting Vulnerabilities: 60 Minutes from Discovery to Exploit; Evolving Threats; and Harbinger of Evil: The Forensic Art of Finding Malware. http://www.sans.org/sans-2012/
--SANS Northern Virginia 2012, Reston, VA April 15-20, 2012 7 courses. Bonus evening presentations include Linux Forensics for Non-Linux Folks; and Who Do You Trust? SSL and TLS Under Attack http://www.sans.org/northern-virginia-2012/
--SANS Cyber Guardian 2012, Baltimore, MD April 30-May 7, 2012 11 courses. Bonus evening presentations include Ninja Assessments: Stealth Security testing for Organizations; and Adjusting Our Defenses for 2012. http://www.sans.org/cyber-guardian-2012/
--SANS Security West 2012, San Diego, CA May 10-18, 2012 25 courses. Bonus evening presentations include Metametrics - A New Approach to Information Security Management Metrics; and Malware Analysis Essentials Using REMnux. http://www.sans.org/security-west-2012/
Plus Bangalore, San Francisco, Stuttgart, Boston, and Abu Dhabi all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ************************************************************************
TOP OF THE NEWS
FBI Says Social Network Monitoring Plan Will Abide By Privacy Rules (February 14, 2012)
The FBI is attempting to allay concerns about user privacy over its plan to monitor social networking sites by making assurances that all its activity will comply with privacy and civil rights requirements. The FBI says that quick analysis of information posted on sites like Facebook and Twitter will help detect imminent threats. The US Department of Homeland Security (DHS) has conducted similar monitoring; that activity has prompted the Electronic Frontier Foundation (EFF) and Electronic Privacy Information Center (EPIC) to call for greater transparency of such undertakings. -http://www.computerworld.com/s/article/9224247/FBI_says_social_media_monitoring_ won_t_infringe_privacy_rights?taxonomyId=17 [Editor's Note (Murray): I have been expecting this since Facebook emerged. Most Facebook users have no idea what they are doing when they "friend" someone. Few of us have "six degrees' of separation from a rogue, terrorist, or pornography fan. We saw in the fifties that FBI monitoring of association inevitably gives rise to a presumption of guilt. ]
EU Court of Justice Says Social Networks Cannot be Forced to Filter for Piracy (February 16, 2012)
Adobe Issues Out of Cycle Fix for Flash (February 16, 2012)
Adobe has released an updated version of Flash that addresses seven vulnerabilities, one of which is currently being actively exploited in the wild. The cross site scripting (XSS) flaw is being exploited in targeted attacks through email; the messages contain links to malicious sites, where the attackers could then take action on the users' behalf. The zero-day attacks for the XSS flaw are targeting only Windows versions of Flash. The other six flaws could be exploited to crash vulnerable systems and possibly take control of them; there have been no reported attacks that exploit these flaws. Users are urged to upgrade as soon as possible. The current version of Flash is now 184.108.40.206 for Windows, Mac, Linux, and Solaris. -http://www.informationweek.com/news/security/vulnerabilities/232600976 -http://www.scmagazine.com/adobe-patches-flash-because-of-ongoing-attacks/article /227935/
Microsoft Patches 21 Flaws (February 15 & 16, 2012)
Stolen Stratfor Data Used in Targeted Attacks (February 15, 2012)
Information stolen from Stratfor is reportedly being used to send email containing malicious links to government clients of the geopolitical analysis company. To help protect customers from falling prey to the attacks, Stratfor has instituted a "no-link" policy for official email. The data breach occurred in late 2011; it exposed information of as many as 860,000 subscribers from both the public and private sectors. The compromised data include email addresses and some credit card information. The hackers are sending emails that appear to be instructing recipients to protect themselves from attacks, but the link provided, which the message claims is antivirus software, infects their computers with malware. -http://www.nextgov.com/nextgov/ng_20120215_5840.php
UK Police Shutter Alleged Filesharing Site (February 15, 2012)
Nortel Execs Knew About Data Breach Years Ago (February 14, 2012)
Emerging news stories indicate that executives at Nortel knew of a breach of their data systems that occurred more than a decade ago, but took no action. A former Nortel employee conducted an investigation that uncovered evidence of the breach in 2004, but company executives blocked him from doing anything about it. Evidence suggests that hackers had been accessing the company's computer systems and stealing technical papers, business plans, research and development reports, and email. The attackers gained access to the system with seven passwords that belonged to Nortel executives. -http://www.zdnet.com/blog/security/nortel-hacking-attack-went-unnoticed-for-almo st-10-years/10304 -http://www.csoonline.com/article/700193/nortel-executives-knew-of-data-breach-ch ose-to-do-nothing [Editor's Note (Hoelzer): While some may wonder how important this story is given the economic problems of Nortel, it actually should give you pause if you have service contracts for your infrastructure equipment. Unless the device is being actively managed day to day through that service contract, I always prefer a policy of keeping out of band channels disconnected. Such a policy protects you not only from errors made by the company offering the service, but from security practices like this. I can only wonder how many people who previously ran Nortel infrastructures are wondering, as am I, whether their networks were penetrated through inside information stolen from Nortel years ago. (Murray): I once asked a Nortel executive what the Nortel ethical culture was. He said "Behave as though your mother is watching." Making ethical choices is really difficult. ]
Cryptome Infected With Drive-By Download Exploit (February 14, 2012)
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of CounterHackChallenges, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course..
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/
SANS provides the best up to date training relating to security issues. The sessions are relevant and well presented with well written manuals. -Ravindranath Goswami, The Power Generation Company of Trinidad and Tobago Ltd.