********************** SPONSORED BY F5 Networks, Inc. ****************** WHITE PAPER: THE NEW DATA CENTER FIREWALL PARADIGM The increasing sophistication, frequency, and diversity of today's network attacks are overwhelming conventional stateful security devices at the edge of the data center. Learn how to combat modern attacks while reducing capital expenditures. Download The New Data Center Firewall Paradigm http://www.sans.org/info/100974 ************************************************************************** TRAINING UPDATE - -- SANS Mobile Device Security Summit: The Growing and Constantly Changing Challenge, Nashville, TN Summit: March 12-13, 2012; Post-Summit Courses: March 14-15, 2012 Mobile device security experts and practitioners from organizations that have implemented successful programs will discuss the most promising approaches to this new and evolving challenge. http://www.sans.org/mobile-device-security-summit-2012/
- --SANS 2012, Orlando, FL March 23-29, 2012 40 courses. Bonus evening presentations include Exploiting Vulnerabilities: 60 Minutes from Discovery to Exploit; Evolving Threats; and Harbinger of Evil: The Forensic Art of Finding Malware. http://www.sans.org/sans-2012/
- --SANS Northern Virginia 2012, Reston, VA April 15-20, 2012 7 courses. Bonus evening presentations include Linux Forensics for Non-Linux Folks; and Who Do You Trust? SSL and TLS Under Attack http://www.sans.org/northern-virginia-2012/
- --SANS Cyber Guardian 2012, Baltimore, MD April 30-May 7, 2012 11 courses. Bonus evening presentations include Ninja Assessments: Stealth Security testing for Organizations; and Adjusting Our Defenses for 2012. http://www.sans.org/cyber-guardian-2012/
- --SANS AppSec 2012, Las Vegas, NV April 24-May 1, 2012 Listen to two of the best minds in Application Security, Jeremiah Grossman and Chenxi Wang, at the AppSec Summit. Maximize your training by also attending one or more of the 4 pre-summit courses. http://www.sans.org/appsec-2012/
- --SANS Security West 2012, San Diego, CA May 10-18, 2012 24 courses. Bonus evening presentations include Metametrics - A New Approach to Information Security Management Metrics; and Malware Analysis Essentials Using REMnux. http://www.sans.org/security-west-2012/
- --SANS Rocky Mountain 2012, Denver, CO June 4-9, 2012 10 courses. Bonus evening presentations include Adjusting Our Defenses for 2012; and Why Do Organizations Get Compromised? http://www.sans.org/rocky-mountain-2012/
Plus Abu Dhabi, Toronto, Brisbane, and Bangalore all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ***********************************************************
TOP OF THE NEWS
Ex-CIA Director Sees New Phase Of Warfare Where Cyberweapons Create Physical Destruction (March 4, 2012)
US television news magazine 60 Minutes recently ran a segment on Stuxnet, which was detected in June 2010. Former head of the National Security Agency and former CIA director Ret. Gen. Michael Hayden tells 60 Minutes, "We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction." He goes on to say that "A cyberweapon doesn't [destroy itself when it is used ] , so there are those out there who can take a look at this, study it, and maybe even attempt to turn it to their own purposes." -http://news.cnet.com/8301-1009_3-57390326-83/60-minutes-profiles-threat-posed-by -stuxnet/
Global Arrests And Charges Against Members of Lulzsec Hacking Group (March 6, 2012)
Senator Asks FTC to Investigate Google and Apple Over Possible App Privacy Violations (March 5, 2012)
US Senator Chuck Schumer (D-New York) has asked the Federal Trade Commission (FTC) to investigate Google and Apple over concerns that some of their Android and iOS applications are collecting users' personal data and sharing them with third parties. In a letter, Schumer wondered if the applications are violating citizens' privacy rights, noting that there have been accusations that the applications' data collection practices go "beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of ... functionality." The FTC has not yet responded to Schumer's request. -http://www.v3.co.uk/v3-uk/news/2157055/ftc-investigate-apple-google-personal-col lection -http://news.cnet.com/8301-1009_3-57390567-83/new-york-senator-asks-ftc-to-invest igate-google-apple/ [Editor's Note (Pescatore): In the past the FTC has gone a very good job (using existing regulations and regulatory authority) to police privacy violations. It would be good to see attention paid to privacy when we are still relatively early in the evolution of mobile apps. (Ullrich): This is a usability vs. granular access control issue. Right now, mobile operating systems define "super permissions" like Internet access and access to the address book that implicitly include access to images. However, offering the user a large list of security access control will likely cause more confusion and lead to the same "click accept to make it work" issue that has broken so many other security controls. (Murray): Are Apple and Google to be guilty for attempting, but failing, to do the right thing while Microsoft, Adobe et. al., are innocent by virtue of not trying? ]
US Authorities Start Extradition Process in Megaupload Case (March 5, 2012)
US federal prosecutors have filed paper work in New Zealand to begin the extradition process of Megaupload founder Kim Dotcom. The request also seeks the extradition of three additional Megaupload senior staff members: Mathias Ortmann, Bran van der Kolk, and Finn Batato. The people named in the papers are accused of racketeering, copyright infringement, money laundering, wire fraud, and other charges. Dotcom was arrested in New Zealand in January and has been released on bail. -http://www.bbc.co.uk/news/technology-17257308 -http://www.wired.com/threatlevel/2012/03/dotcom-extradition/
Anonymous Hacking Tool Infected With Trojan (March 5, 2012)
Federal Agencies and Fortune 500 Companies Eradicating DNSChanger (March 1, 2012)
US federal agencies appear to be making headway into identifying computers infected with DNSChanger and scrubbing the malware from machines. A month ago, data suggested that half of Fortune 500 companies and US government agencies were still infected with DNSChanger. As of February 23, the number of companies still infected was down to 94, and just three government agencies still had infected machines, according to a member of the DNSChanger Working Group. The infected computers are communicating with servers run by the Internet Systems Consortium, which has a court order to operate them until Thursday, March 8. -http://gcn.com/articles/2012/03/01/rsa-13-federal-dnschanger-cleanup.aspx [Editor's Note (Murray): Such precise counts suggest that identifying them is easy. How much more difficult can it be to isolate or cleanse them? (Northcutt): The working group also has instructions for home users to see if they are infected: -http://www.dcwg.org/checkup.html
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of CounterHackChallenges, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course..
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/
This course, on the first day, made clear several topics that I had questions on for years. The explanations provided were unlike other information contained on websites and in books -M. Cook, Arrowhead International