[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Netsec] SANS NewsBites Vol. 13 Num. 40 : Smartphone and Cloud Privacy, SCADA Brief Cancellation; Who Will Replace Reitinger at DHS



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just 13 days until the early registration deadline for SANSFIRE 2011
(Washington, DC) saving you $400.  27 full-week immersion courses and a
dozen new short courses. Plus the free SANS @NIGHT presentations at
SANSFIRE are better than regular presentations at most other conferences
because they tell "what have we just learned" updates from the handlers
at the Internet Storm Center.
Info at: http://www.sans.org/sansfire-2011
                                       Alan

**************************************************************************
SANS NewsBites                  May 20, 2011             Vol. 13, Num. 040
**************************************************************************
TOP OF THE NEWS    
  Senators Want Laws to Address Smartphone Data Privacy
  Researchers Cancel Presentation on SCADA Vulnerabilities
  Proposed Update to Electronic Surveillance Law Addresses Cloud Privacy Concerns
  Reitinger Confident His Team Will Successfully Implement Cybersecurity
    Plans at DHS
THE REST OF THE WEEK'S NEWS 
    Sony Treading Carefully After PSN Relaunch
    Google Rolling out Fix for Android Vulnerability
    P2P Monitoring Company Leaks Data
    Terry Childs Completes Prison Sentence, Now Must Pay US $1.5 Million
    Suspended Sentence for Stealing Log-in Credentials
    SpyEye Targets Verizon Customers
    South Korean Financial Authority Will Penalize Hyundai Capital Over Breach
INVITATION: Get Involved in SCORE
***************************************************************** 
TRAINING UPDATE
- -- SANS Rocky Mountain 2011, Denver, CO, June 25-30, 2011
7 courses.  Bonus evening presentations include SANS Hacklab and Why
End Users are Your Weakest Link
http://www.sans.org/rocky-mountain-2011/
- -- SANSFIRE 2011, Washington, DC, July 15-24, 2011
40 courses.  Bonus evening presentations include Ninja developers:
Penetration testing and Your SDLC; and Are Your Tools Ready for IPv6?
http://www.sans.org/sansfire-2011/
- -- SANS Boston 2011, Boston, MA, August 8-15, 2011
12 courses.  Bonus evening presentations include Cost Effectively
Implementing PCI through the Critical Controls; and More Practical
Insights on the 20 Critical Controls
http://www.sans.org/boston-2011/
- -- SANS Virginia Beach 2011, August 22- September 2, 2011
11 courses.   Bonus evening presentations include SANS Hacklab;
Offensive Countermeasures; and Evolving VoIP Threats
http://www.sans.org/virginia-beach-2011/
- -- SANS Ottawa 2011, Ottawa, Ontario, August 28- September 2, 2011
5 courses.   Bonus evening presentations include DNS Sinkhole: Peer
Into Your Network While You Sleep; and I See What You Did There:
Forensic Time Line Analysis
http://www.sans.org/ottawa-2011/
- -- SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011
43 courses.   Bonus evening presentations include Securing the Kids;
Who is Watching the Watchers?; and Emerging Trends in the Law of
information Security and Investigations
http://www.sans.org/network-security-2011/
- -- Looking for training in your own community?
http://sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current Plus Barcelona,
London, Austin, and Canberra all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org

************************* SPONSORED BY Symantec ***************************

Modern malware rarely strikes the same way twice. Today's malicious code
rapidly mutates, bypassing traditional defenses.  Traditional antivirus
approaches no longer work. Download the Symantec Endpoint Protection 12
beta to see how Symantec can help mitigate threats today and tomorrow
for both small businesses and the largest enterprises.
http://www.sans.org/info/77844

****************************************************************************

TOP OF THE NEWS
 --Senators Want Laws to Address Smartphone Data Privacy
(May 19, 2011)
US legislators are calling for laws that protect smartphone users from
having their location tracked. Senators Jay Rockefeller (D-WVa.) and
John Kerry (D-Mass.) told the Senate Commerce, Science and
Transportation Committee Subcommittee on Consumer Protection that there
needs to be legislation that gives consumers control of their location
information on smartphones and personal data on the Internet.  They also
said that the smartphone app market needs to be regulated; because this
particular sector of the market is expanding so rapidly, "many consumers
do not understand the privacy implications of their actions."
http://www.bloomberg.com/news/2011-05-19/google-s-davidson-defends-company-s-use-of-mobile-location-data.html
http://www.computerworld.com/s/article/9216864/Senators_New_smartphone_tracking_law_needed?taxonomyId=17
[Editor's Note (Pescatore): I really don't think new laws are needed,
the FTC is doing a good job chasing this kind of stuff down. Increase
the FTC funding to enforce existing regulations would be much better
than more laws at the same time enforcement budgets are being cut.]

 --Researchers Cancel Presentation on SCADA Vulnerabilities
(May 18 & 19, 2011)
A scheduled presentation about vulnerabilities in certain supervisory
control and data acquisition (SCADA) products has been cancelled. The
presentation on flaws in the programmable logic controllers in certain
Siemens products was to have been made on Wednesday, May 18 at the
Takedown Security conference in Texas. However, Siemens and the US
Department of Homeland Security (DHS) contacted the presenters and asked
them to postpone presenting the information until Siemens has time to
issue a fix.
http://www.wired.com/threatlevel/2011/05/siemens-scada-vulnerabilities/
http://www.computerworld.com/s/article/9216867/
http://www.theregister.co.uk/2011/05/19/scada_vuln_talk_cancelled/
http://news.cnet.com/8301-27080_3-20064112-245.html?tag=mncol;title

 --Proposed Update to Electronic Surveillance Law Addresses Cloud
    Privacy Concerns
(May 17 & 18, 2011)
US Senator Patrick Leahy (D-Vermont) has introduced legislation that
would reform electronic surveillance law. The Electronic Communications
Privacy Act Amendments Act would require US law enforcement agencies to
obtain probable cause warrants prior to accessing data stored with
third-party providers, an increasingly timely issue with the growing
popularity of cloud services.  The ECPA, enacted in 1986, allows law
enforcement agencies to access certain email and files stored in the
cloud for more than 180 days with a subpoena. The proposed legislation
would also require warrants when law enforcement agencies want to obtain
geolocation information of mobile phone users.
http://www.computerworld.com/s/article/9216796/Senator_introduces_electronic_surveillance_reform_bill?taxonomyId=17
http://www.wired.com/threatlevel/2011/05/cloud-content-warrants/
http://thehill.com/blogs/hillicon-valley/technology/161903-industry-privacy-advocates-praise-digital-privacy-bill
[Editor's Note (Honan): The US government's ability to access data held
on US providers' systems raises a lot of concerns with CISOs outside of
the US.   Despite setting up regional only clouds, such as European
clouds to meet with EU Data Protection requirements, many European
companies are looking at non-US providers over fears their data could
be accessed under the US Patriot Act.  The following article from "ZDNET
USA PATRIOT Act: The myth of a secure European cloud?" gives a good
overview of the issues
http://www.zdnet.com/blog/igeneration/usa-patriot-act-the-myth-of-a-secure-european-cloud/8807
(Schultz): Law enforcement access to data in the cloud is yet another
of many very serious issues concerning data confidentiality in the
cloud. Data security issues comprise the number one security risk in
connection with cloud services.]

 --Reitinger Confident His Team Will Successfully Implement
    Cybersecurity Plans at DHS
(May 19, 2011)
Top DHS cyber security official Philip Reitinger will step down from his
position as Deputy Undersecretary of the National Protection and
Programs Directorate and Director of the National Cyber Security Center
on June 3, 2011. In his time at DHS, Reitinger has been instrumental in
nearly tripling agency cyber security staff. He is also responsible for
helping create cyber security legislation that would give DHS increased
authority, including oversight of cyber security at civilian federal
agencies. Reitinger will testify at three hearings regarding the
proposed legislation before his departure. He is confident that his team
will implement plans.  One name that has been cited as a potential
successor to Reitinger is former Air Force CIO John Gilligan.
http://thehill.com/blogs/hillicon-valley/technology/162279-top-dhs-cyber-security-official-explains-departure
http://www.nextgov.com/nextgov/ng_20110519_5961.php?oref=topnews
http://www.theatlantic.com/technology/archive/2011/05/homeland-securitys-top-cybersecurity-official-resigns/239136/
[Editor's Note (Paller):  Gilligan is a brilliant choice for leadership
in cyber at DHS.  No one else in government has shown that security can
be radically improved while lowering costs - an absolute necessity in
the coming era of tight budgets. If the White House and DHS choose a
proven operational leader like Gilligan, they will be demonstrating that
they believe cybersecurity is important enough to take action to make
the government's internal cybersecurity a model of effectiveness for the
critical infrastrucuture.]

****************************************************************************

THE REST OF THE WEEK'S NEWS
 --Sony Treading Carefully After PSN Relaunch
(May 18, 2011)
In the midst of restoring its PlayStation network (PSN), Sony had to
take part of it offline for a short while on May 18 due to an issue that
could have allowed people to take over other users' accounts. The online
sign-in feature for PSN, Qriocity and other sites remains unavailable;
users may reset their passwords on their PS3 consoles.  Despite reports
to the contrary, Sony says PSN did not suffer another attack.
http://www.computerworld.com/s/article/9216834/Sony_takes_down_part_of_PlayStation_Network_after_URL_error?taxonomyId=17
http://www.informationweek.com/news/security/attacks/229502476
http://www.theregister.co.uk/2011/05/18/sony_playstation_account_hijacking/
http://www.bbc.co.uk/news/technology-13454201
http://www.reuters.com/article/2011/05/18/us-sony-idUSTRE74C70420110518
[Editor's Note (Pescatore): If they really want to tread carefully, they
should remove all requirements for credit cards to be used until they
have had a ground up review and can be positive they will not put
customers at risk.
(Honan): Looks like one of Sony's servers, not part of the PSN, got
hacked and is serving up a Phishing site
http://www.theregister.co.uk/2011/05/20/sony_phishing/]

 --Google Rolling out Fix for Android Vulnerability
(May 18 & 19, 2011)
Google is rolling out a fix for a vulnerability in the majority of
Android phones that allows attackers to access and modify users' Google
contacts and calendar when they are being accessed over unsecured Wi-Fi
networks. The flaw affects versions 2.3.3 and earlier of the Android
platform, which is running on 99.7 percent of Android devices. The fix
does not require action from users; it will be pushed out automatically.
http://www.washingtonpost.com/blogs/faster-forward/post/google-fixing-android-security-flaw/2011/05/18/AF8FkZ6G_blog.html?wprss=faster-forward
http://www.theregister.co.uk/2011/05/18/google_android_security_fix/
http://www.bbc.co.uk/news/technology-13454198

 --P2P Monitoring Company Leaks Data
(May 17, 18 & 19, 2011)
A company that helps the French government with its anti-piracy efforts
has come under cyber attack. Trident Media Guard monitors filesharing
networks for illegal activity to help the government with its
three-strikes anti-piracy policy. Hadopi, the French government agency
responsible for enforcing the filesharing policy, has temporarily
suspended its connection with TMG after the company suffered an attack
that compromised sensitive information. The leaked information
reportedly includes the IP addresses of some suspected illegal
filesharers.
http://www.infosecurity-magazine.com/view/18069/french-piracy-monitoring-firms-website-hacked/
http://www.scmagazineuk.com/french-p2p-monitoring-firm-hit-by-hackers/article/203122/
http://www.wired.com/threatlevel/2011/05/tmg/
http://www.theregister.co.uk/2011/05/17/french_piracy_monitor_hacked/
http://www.h-online.com/security/news/item/Report-data-leak-slows-French-copyright-agency-1245914.html

 --Terry Childs Completes Prison Sentence, Now Must Pay US $1.5 Million
(May 18 & 19, 2011)
Terry Childs, the former San Francisco Department of Technology network
engineer who used passwords to lock users out of a city government
computer network, has been ordered to pay nearly US $1.5 million to the
city for costs incurred because of the lockout. The network was
inaccessible for 12 days in July 2008. Childs has completed his prison
sentence and is now on parole.
http://www.theregister.co.uk/2011/05/18/sf_bofh_damages/
http://www.sfgate.com/cgi-bin/blogs/crime/detail?entry_id=89240&tsp=1
http://www.v3.co.uk/v3-uk/silicon-valley-sleuth-blog/2072106/rogue-san-francisco-administrator-gbp15m-fine
http://abcnews.go.com/Technology/wireStory?id=13634087

 --Suspended Sentence for Stealing Log-in Credentials
(May 18, 2011)
UK university student Paul McLouglin received an eight-month suspended
sentence for using a Trojan horse program to gain access to people's
computers. McLouglin tricked users into downloading the malware by
disguising it as a code-generation key for online gaming and making it
available on a filesharing network. The Trojan, Istealer, harvests
online account login credentials and uploads them to a remote server.
Authorities say that McLouglin accessed at least 20 accounts through
information he obtained with the malware.
http://www.theregister.co.uk/2011/05/18/gaming_trojan_conviction/

 --SpyEye Targets Verizon Customers
(May 18, 2011)
Users whose computers were infected with the SpyEye Trojan horse program
may have exposed their personal information to attackers. The malware
waits until users log into certain sites, in this case Verizon, then
serves up a form asking for sensitive information such as Social
security numbers (SSNs) and credit card data.  Because users have
already logged in to the site on their own, they are more likely to
trust that the requests for information are legitimate. The attacks
targeting Verizon customers occurred between May 7 and 13.
http://redtape.msnbc.msn.com/_news/2011/05/19/6672216-verizon-wireless-customers-targeted-in-nearly-invisible-trojan-horse-scam

 --South Korean Financial Authority Will Penalize Hyundai Capital Over Breach
(May 18, 2011)
South Korea's Financial Supervisory Service (FSS) will impose a penalty
on Hyundai Capital Services Inc. for failing to take adequate
precautions with computer system maintenance. Between March 6 and April
7 of this year, attackers broke into Hyundai Capital computer systems,
stole sensitive customer information and threatened to post it to the
Internet if they were not paid 500 million won (US $462,000) cash.
According to the FSS, the breach affected 1.75 million customers.  The
FSS will send the case to its disciplinary decision committee to
determine what the penalty will be.
http://english.yonhapnews.co.kr/business/2011/05/18/55/0503000000AEN20110518003500320F.HTML
http://www.koreatimes.co.kr/www/news/biz/2011/05/123_87197.html


INVITATION: Get Involved with SCORE

Want to get more involved with SANS? Want to share your IT Security
knowledge? Join the SANS Security Consensus Operational Readiness
Evaluation (SCORE) Project!

Help SCORE make the online world a safer place.  SCORE guides recently
added/updated include:

 -Installing RedHat/CentOS
 -Malicious File Investigation Procedures
 -Rootkits Investigation Procedures

We are currently looking for contributors and authors in the following
technical areas (If your area is not in this list and you'd like to
contribute, don't be afraid to contact us with your idea.):

 -Microsoft Windows 7 Security
 -OS X (iPad/iPhone) Security
 -OS X Security
 -Microsoft Windows 2008 Server Security
 -Virtual Machines
 -How/Where Trojans hide
 -Ubuntu Linux
 -Redhat Linux
 -General Linux
 -Cloud Security
 -Rootkits
 -Malware Analysis Static
 -Malware Analysis Dynamic
 -Using Olly Debug for malware analysis
 -Using IDA Pro for malware analysis
 -MySQL Security
 -Webserver Security and Testing
 -Juniper JunOS
 -PostgreSQL

If you are a subject matter expert or aspiring to be one, are interested
in becoming more involved in the security community (specifically SANS)
and/or would like to have the opportunity to benefit from contributing
to projects of this type, please email the following information to the
SCORE project lead - Darren Bennett (dlbennett@gmail.com).

- ------------------------------------------------------------------------
Name:
Area(s) of expertise:
Contact information (Email):
Availability:
- ------------------------------------------------------------------------

While I haven't been asked this question; I'd personally be asking
"What's in it for me?" The following is a list of benefits for
contributing to SCORE:

*Helping to increase security awareness.
*Having your name credited as an author (or contributor) on one of the projects.
*Networking. This is a great way to meet other security experts and
share information.
*CPE's for CISSP credits.
*Recognition within the security community.
*Becoming more involved with a great organization SANS!

To see some examples of popular SCORE checklists, checkout the following:

The SCORE RedHat/CentOS Checklist
http://www.sans.org/score/redhatchecklist.php

The SCORE Oracle Checklist (V3.1)
- -http://www.sans.org/score/oraclechecklist.php

The SCORE OSX Checklist **
- -http://www.sans.org/score/macosxchecklist.php

The SCORE Windows 2000/XP DSS Auditing Checklist **
- -http://www.sans.org/score/win2k_xp_checklist.php

** This list is popular and could use updating. If you are a subject
matter expert in this area, please let me know!

- -http://www.sans.org/score/index.php
(Security Consensus Operational Readiness Evaluation)

I look forward to hearing from you! Please email me the information
requested above and I will put you in contact with other team members,
the team leader or the SANS contact you will be working with. Do not
hesitate to email me with questions or suggestions.

"Opportunity is missed by most people because it is dressed in
overalls and looks like work." - Thomas A. Edison

V/r,

Darren Bennett

dlbennett@gmail.com


************************************************************************
The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and
the author/co-author of books on Unix security, Internet security,
Windows NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in
independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and served as President of the InfraGard National
Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa).  He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Mark Weatherford, Chief Security Officer, North American Electric
Reliability Corporation (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk3WpFQACgkQ+LUG5KFpTkbFewCeJ22xhoV6COpcU1cgNC801F9O
VHwAnRfSiYCaxmcSVj8okWO8DHwM4dsB
=Jc8A
-----END PGP SIGNATURE-----