One Day Left! Get an iPad, Tab A, or $250 Off with your OnDemand registration

Newsletters: NewsBites

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XV - Issue #84

October 22, 2013

A note from John Pescatore:

Now that the federal government is back to work, the DHS Continuous Diagnostics and Mitigation (CDM) contract will restart its innovative program to increase the security levels of federal, state and local agencies. The CDM program will make over $1B available to reduce vulnerabilities and reward proactive efforts to improving government security levels.

A one-day workshop in Washington DC on November 6th, free for federal employees, brings together key representatives from government and industry to discuss, debate and educate. Speakers include Jane Lute of the Council for Cybersecurity Action, Gene Dodaro the head of GAO and John Streufert from DHS. Vendor shootouts where you can actually decide which tools make sense: participants include Forescout, IBM, McAfee, Symantec, Tripwire, Qualys and others.

Workshop attendance is free to government attendees. Others pay a fee. Register to join us in person at ( or via simulcast for remote attendees at (


UK's National Crime Agency Will Hire 400 Cyberintelligence Officer Trainees
UK's Cyber Reserve Unit Could Hire Convicted Hackers
Former US Vice President Disabled Wireless Capability of His Implanted Defibrillator


Cybersecurity Profession Suffers From Lack of Female Role Models
Working the Kinks Out of the US's Health Insurance Online Marketplace
Windows 8.1 Update Freezes RT Devices
Experian Subsidiary Sold Data to Underground Identity Fraud Site
North Korea Stepping Up its Offensive Cyber Presence
Emergency Alert System Still Vulnerable to Hacking
CryptoLocker Ransomware
Vulnerabilities in Mandatory Ship Tracking System
Survey Finds Some Federal Cybersecurity Policies At Odds With Workers' Needs



******************** Sponsored By WhiteHat Security ********************
ALERT: How a Hacker Breaks An Application with Vulnerability Daisy Chaining. With such a wide range of vulnerabilities it is easy to see how a malicious attacker can exploit seemingly "minor" vulnerabilities to create a truly devastating attack that could compromise an entire application. Learn key insights into how a hacker can daisy chain a series of web application exploits together to open the door to an application and steal real user accounts.

- --Securing the Internet of Things Summit (October 17-22, 2013) San Francisco, CA The Internet of Things summit focuses on new solutions, demonstrates security technology that already works and provides a force multiplier to make the Internet of Things more secure.

- --Health Care Cyber Security Summit (October 17-24, 2013) San Francisco, CA Meet leaders from the top health care organizations and see what really works in securing and succeeding in the new health care environment - balance security, compliance, and innovation.

- --SANS Chicago 2013 Chicago, IL October 28-November 2, 2013 7 courses. Bonus evening presentations include SANS 8 Mobile Device Security Steps; and Privileged Domain Account Protection: How to Limit Credentials Exposure.

- --South Florida 2013 Ft. Lauderdale, IL November 4-9, 2013 5 courses. Bonus evening presentations include The Security Impact of IPv6; Evolving Threats; and Real-World Risk - What Incident Responders Can leverage from IT Operations.

- --October Singapore 2013 Singapore, Singapore October 21-November 2, 2013 5 courses. Bonus evening presentations include Pen Testing the Smart Grid; and You Can Panic Now. Host Protection is (Mostly) Dead.

- --SANS Dubai 2013 Dubai, UAE October 26 - November 7, 2013 SANS returns to Dubai with four essential courses at the Hilton Jumeirah Beach.

- --SANS London 2013 London, UK November 16-25, 2013 17 courses. Bonus evening presentations include Real World Risk - What Incident Responders Can Leverage From IT Operations; Information Assurance Metrics: Practical Steps to Measurement; and APT: It Is Time To Act.

- --Multi-week Live SANS training

- --Looking for training in your own community?

- --Save on On-Demand training (30 full courses) - See samples at

Plus Ft. Lauderdale, Sydney, San Diego, and Muscat all in the next 90 days.

For a list of all upcoming events, on-line and live:


UK's National Crime Agency Will Hire 400 Cyberintelligence Officer Trainees (October 21, 2013)

The UK National Crime Agency plans to hire and train 400 cyberintelligence officers within the next year. The UK is struggling with a shortage of skilled cybersecurity professionals, a problem BT cyber security director Bob Nowill attributes to teachers and businesses not making the field interesting enough to young people. The recruitment process will focus on assessed potential aptitude rather than educational credentials.

UK's Cyber Reserve Unit Could Hire Convicted Hackers (October 21, 2013)

The UK's new Cyber Reserve Unit force plans to hire hundreds of people to help defend the country's critical systems from attacks and to launch cyberattacks if deemed necessary. The reserve unit will work along with members of the armed forces. The unit's director, Lt. Col. Michael White, said he would not rule out hiring someone with a criminal hacking record. "We're looking at capability development rather than setting hard and fast rules about individual personality traits." Defence Secretary Philip Hammond concurred, noting that "each individual case would be looked at on its merits."

Former US Vice President Disabled Wireless Capability of His Implanted Defibrillator (October 19 & 21, 2013)

Former US vice-president Dick Cheney acknowledges that he had modifications made to his implanted defibrillator to prevent the device from being hacked. In 2007, Cheney had the device's wireless feature disabled.


*************************** Sponsored Links: ******************************
1) Meet the challenges of Continuous Diagnostics & Mitigation (CDM). Get real-time discovery and assessment of all network endpoints. Download the tech note: ForeScout CounterACT Continuous Diagnostics & Mitigation.

2) LIVE WEBINAR: Malware Detection Comes of Age. Get the latest G2 on advanced threat detection technology and how to keep your organization protected. Register Today

3) SANS Webcast Series in cooperation with the Center for Internet Security (CIS) and National Association of Counties (NACo) is proud to present the story of Iowa Counties - Paying IT Forward. Presented by Alan Paller. Tuesday, October 29 at 4:00 PM EDT.


Cybersecurity Profession Suffers From Lack of Female Role Models (October 18, 2013)

The UK Cyber Security Challenge and the Women's Security Society recently held an event honoring women in those fields at Bletchley Park, the UK's headquarters for decryption during WWII. During the war years, hundreds of women were employed to work on significant projects, including deciphering codes generated by the Enigma machine. The level of women in the security field has never again been as high. Dr. Brooke Hoskins, director of strategy and government relations at Raytheon, said that women need to move into leadership positions at technology organizations: "The whole leadership and promotion structure is written around male competencies and in a male language ... so it's only by having more women that you get a different image of leadership."

Working the Kinks Out of the US's Health Insurance Online Marketplace (October 21, 2013)

President Barack Obama is launching a "tech surge" to address glitches in, the web online marketplace designed to help people find health insurance under the Affordable Care Act. Improvements that have been implemented since the site's launch include increasing server capacity to deal with high levels of traffic and allowing people to preview plans without having to fill out a form.



Windows 8.1 Update Freezes RT Devices (October 21, 2013)

A recent update for Window 8.1 causes Microsoft Surface RT devices to freeze during boot-up. Microsoft has taken the Windows 8.1 RT update off its website while it looks into the problem. There are also reports that the version of Internet Explorer 11 that shipped with Windows 8.1 causes functionality problems with Outlook and certain Google services. The Windows 8.1 update was initially released on October 17.



Experian Subsidiary Sold Data to Underground Identity Fraud Site (October 20, 2013)

An underground website that sold data that could be used to commit identity fraud appears to have purchased a significant amount of information from the US credit bureau Experian. The site, Supergetinfo, sold Social Security numbers (SSNs), drivers license numbers, and financial data. Some of the data available on the site were obtained from a company called Court Ventures, which Experian acquired in March 2012. Court Ventures "aggregates, prepackages, and distributes public record data." The data thieves operating Superget pretended to be a US-based private investigator to gain access to the data.

[Editor's Note (Pescatore): Know Your Customer regulations and Enchanced Due Diligence approaches are aimed at preventing this kind of thing. ]

North Korea Stepping Up its Offensive Cyber Presence (October 19, 2013)

A series of attacks on South Korean computer systems over the past four years indicates that North Korea may be stepping up its game in the cyberarms arena. South Korean banks, media outlets, telecommunications companies, and organizations focused on military policy have all been hit. The objective appears to be intelligence gathering for possible future communications disruptions.

Emergency Alert System Still Vulnerable to Hacking (October 18, 2013)

Earlier this year, researchers pointed to vulnerabilities in the US's Emergency Alert System (EAS) that could be exploited to transmit phony emergency messages. Although a patch was issued to address some of the issues raised, the problems still exist.

CryptoLocker Ransomware (October 18, 2013)

Ransomware known as CryptoLocker has been spreading to Windows computers. The malware encrypts files on infected machines and the attackers demand US $300 to release the data. CryptoLocker generally spreads through botnets and as attachments to phishing emails.

Vulnerabilities in Mandatory Ship Tracking System (October 18, 2013)

The Automatic Identification System (AIS) used to track ships around the world appears to be vulnerable to attacks. Malicious hackers could conceivably manipulate the system so that real ships disappear and fake ones appear. AIS is mandatory on all passenger vessels and on cargo ships of more than a certain weight. The system could also be used to manipulate the locations of lighthouses and navigational buoys and to emit phony emergency alerts. AIS signals do not "currently have any authentication or encryption mechanism." A vessel-tracking specialist said that attacks spoofing vessel locations would be easily detected.


Survey Finds Some Federal Cybersecurity Policies At Odds With Workers' Needs (October 17, 2013)

A survey from MeriTalk and underwritten by Akamai, found that some federal cybersecurity professionals are so focused on establishing policies to protect data that they do not consider what the effects of those policies will be on the people who need to work with the data. As a result, government workers find security policies a hindrance; 31 percent say they use workarounds to get circumvent the policies. The cybersecurity professionals said that nearly half of the security breaches of federal systems are attributable to non-compliance with policy.


[Editor's Note (Pescatore): I think security policies are often blamed for lack of corporate solutions to meet business needs. Now, often security is part of that problem - for example, when implementations of "Need to Know" controls are so byzantine and manual that no one can get their job done. But, the policy "Do not put customer information on Dropbox" isn't the problem - not having a secure corporate solution to meet the business need for lightweight collaboration usable across multiple devices *is* the real problem. ]


PR Newswire Breached

Verizon Messages Leak

Google Address Book Syncing Doesn't Use SSL

Google Providing Anti-DDOS Protection for non-profits

NFTables: New Linux Firewall to be included in kernel soon

WHMCS Exploit

.QA DNS Hijack


Using Fragments in DNS Cache Poisoning Attacks

Convincing Microsoft Phish

Apple iMessage Analysis

Square allows sending money via e-mail

The Editorial Board of SANS NewsBites

John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service.

Shawn Henry recently retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response. He is now president of CrowdStrike Services.

Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school,

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course.

Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries.

Mark Weatherford is a Principal at The Chertoff Group and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security.

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT.

Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (

Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and non-profits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project.

Alan Paller is director of research at the SANS Institute.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit