Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

NETSEC Archives

Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] SANS NewsBites Vol. 13 Num. 34 : Some customer data permanently lost in Amazon Cloud outages

  • From: The SANS Institute
  • Date: Fri Apr 29 17:00:08 2011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

**************************************************************************
SANS NewsBites                April 29, 2011             Vol. 13, Num. 034
**************************************************************************
TOP OF THE NEWS    
  Some Customer Data Permanently Destroyed in Amazon Cloud Crash
  Audit Finds FBI's Cyber Security Capabilities Not Maximized
  US Federal Authorities Will Remotely Purge Coreflood from PCs with
    Written Permission
THE REST OF THE WEEK'S NEWS 
    Sony Admits Data Were Stolen in PSN Breach; Lawsuits Filed
    FBI Warns of Fraudulent Wire Transfers to China
    Chrome Update Addresses 27 Vulnerabilities
    Researcher Finds Holes in Chinese Government Networks
    Unprotected Wi-Fi Network Bring False Accusations of Illegal Activity
    Government Drops Investigation of Warrantless Wiretapping Whistleblower
    Evolution of Cyber Security Competitions

***************************************************************** 
TRAINING UPDATE
- -- SANS Security West 2011, San Diego, CA, May 3-12, 2011
23 courses.  Bonus evening presentations include The Emerging Security
Threat Panel Discussion; and Emerging Trends in Data Law and
Investigation http://www.sans.org/security-west-2011/
- -- SANS Cyber Guardian 2011, Baltimore, MD, May 15-22, 2011
8 courses.  Bonus evening presentations include Windows Exploratory
Surgery with Process Hacker and State of the Hack: Stuxnet.
8 courses.  http://www.sans.org/cyber-guardian-2011/
- -- SANS Rocky Mountain 2011, Denver, CO, June 25-30, 2011
7 courses.  Bonus evening presentations include SANS Hacklab and Why
End Users are Your Weakest Link
http://www.sans.org/rocky-mountain-2011/
- -- SANSFIRE 2011, Washington, DC, July 15-24, 2011
40 courses.  Bonus evening presentations include Ninja developers:
Penetration testing and Your SDLC; and Are Your Tools Ready for IPv6?
http://www.sans.org/sansfire-2011/
- -- SANS Boston 2011, Boston, MA, August 8-15, 2011
12 courses.  Bonus evening presentations include Cost Effectively
Implementing PCI through the Critical Controls; and More Practical
Insights on the 20 Critical Controls
http://www.sans.org/boston-2011/
- -- SANS Virginia Beach 2011, August 22- September 2, 2011
11 courses.
http://www.sans.org/virginia-beach-2011/
- -- Looking for training in your own community?
http://sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current Plus Barcelona,
Amsterdam, Brisbane, London and Austin all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org

**************************** SPONSORED BY ORACLE ************************** 
REGISTER NOW for the upcoming webcast: Balancing Strong Authentication
and Context-aware Security
WHEN: Wednesday, May 4th at 1:00 PM ET

Featuring: Mark Karlstrand

Go To: http://www.sans.org/info/76694
****************************************************************************

TOP OF THE NEWS
 --Some Customer Data Permanently Destroyed in Amazon Cloud Crash
(April 28, 2011)
The crash of Amazon's cloud services not only inconvenienced its
customers because of web site inaccessibility, but in some cases, data
were permanently destroyed.  A thorough explanation of the crash has not
yet been offered.  Two businesses that use Amazon's cloud services
managed to continue running undisrupted during the crash because they
had taken measures themselves to protect themselves from such an
incident.
http://technolog.msnbc.msn.com/_news/2011/04/28/6549775-amazons-cloud-crash-destroyed-many-customers-data
http://www.informationweek.com/news/cloud-computing/infrastructure/229402385
[Editor's Note (Ranum): You can put your data in the cloud - it's
getting it back that's the hard part.
(Schultz): Amazon has an excellent reputation as a cloud service
provider; I am baffled by what happened. At the same time, there is a
huge lesson to be learned here--never, never completely rely on a cloud
provider for anything--always have a plan B, as the two businesses
mentioned in this story so nicely illustrate.]

 --Audit Finds FBI's Cyber Security Capabilities Not Maximized
(April 27 & 28, 2011)
According to an audit report from the US Department of Justice inspector
general (IG), one-third of 36 agents interviewed lacked the necessary
skills to investigate cyber intrusions.  The audit examined the FBI's
ability to deal with the threat of national cyber security intrusions
and finds major faults in the operations of the NCIJTF - the National
Cyber Investigative Joint Task Force.  Each of the FBI's 56 field
offices has at least one cyber squad but the report finds fault in the
level of skills those field agents have.
http://www.csoonline.com/article/680869/doj-report-critical-of-fbi-ability-to-fight-national-cyber-intrusions
The redacted report is posted at: http://www.justice.gov/oig/reports/FBI/a1122r.pdf
http://www.scmagazineus.com/audit-doubts-fbis-ability-to-combat-cyberthreats/article/201657/
http://www.justice.gov/oig/reports/FBI/a1122r.pdf
[Editor's Note (Paller): This IG report is particularly defective. The
NCIJTF is one of the most valuable and effective organizations the
nation has ever had in cyber security -- measured in actual impact. It
is a huge success story. The IG's findings are equivalent to saying
that the NCIJTF cured cancer but their work is inadequate because they
haven't also cured the common cold. Further, the finding that field
offices have inadequate forensic and analytical capabilities completely
misses the fact that analytical and forensics people with the high
skills needed for those jobs are not available anywhere. Every
three-letter agency and military organization and major defense
contractor has a critical shortage (numbering in the thousands
cumulatively) of the forensics hunters and tool builders needed to do
cyber analysis at world-class levels.]

 --US Federal Authorities Will Remotely Purge Coreflood from PCs with
    Written Permission
(April 27 & 28, 2011)
Over the next month, federal authorities will remove Coreflood botnet
malware from some infected PCs remotely.  Prior to conducting the remote
activity, the Department of Justice will identify the owners of the
infected machines, and the owners must submit an authorization form to
the FBI.  Two weeks, ago, federal authorities obtained a court order
allowing them to seize five Coreflood command-and-control servers; the
US Marshall's service replaced those servers with others that disabled
the malware on most of the infected PCs.
http://www.computerworld.com/s/article/9216199/Feds_to_remotely_uninstall_Coreflood_bot_from_some_PCs?taxonomyId=82
http://www.technewsworld.com/story/72349.html?wlc=1304020269&wlc=1304033880
http://www.theregister.co.uk/2011/04/27/coreflood_mass_uninstall/
http://www.securecomputing.net.au/News/255694,fbi-details-difficulties-defanging-coreflood-botnet.aspx
http://www.wired.com/threatlevel/2011/04/coreflood_results/


THE REST OF THE WEEK'S NEWS
 --Sony Admits Data Were Stolen in PSN Breach; Lawsuits Filed
(April 28, 2011)
Sony says that the credit card information stolen in a security breach
of its PlayStation network (PSN) was encrypted.  Other information,
including names and associated email addresses, was not encrypted.  Sony
took the PSN down on Friday, April 22, three days after discovering the
intrusion, but did not acknowledge that user data were stolen until the
evening of Tuesday, April 26. As many as 77 million customers may be
affected by the breach. Lawsuits have been filed against Sony over the
situation.
Internet Storm Center: http://isc.sans.edu/diary.html?storyid=10768
http://www.pcmag.com/article2/0,2817,2384561,00.asp
http://www.informationweek.com/news/security/attacks/229402362
http://www.bbc.co.uk/news/technology-13192359
http://www.bloomberg.com/news/2011-04-28/sony-faces-lawsuit-regulators-scrutiny-over-playstation-user-data-breach.html
http://www.scmagazineus.com/sony-confirms-playstation-network-cards-were-encrypted/article/201655/
[Editor's Note (Pescatore): The credit card information may have been
encrypted, but there were quotes that a Sony admin password had been
compromised - were the data encryption keys compromised, as well?
(Honan): There are reports, yet to be confirmed, that up to 2.2 million
credit cards have actually been compromised despite Sony's claims.
http://www.siliconrepublic.com/digital-life/item/21595-psn-hackers-took-2-2/
http://bits.blogs.nytimes.com/2011/04/28/hackers-claim-to-have-playstation-users-card-data/]

 --FBI Warns of Fraudulent Wire Transfers to China
(April 26 & 27, 2011)
The FBI has issued a fraud alert warning of unauthorized wire transfers
to China. Between March 2010 and April 2011, the FBI noted 20 incidents
of fraudulent wire transfers ranging from US $50,000 to US $985,000.  In
all, cyber thieves have stolen US $20 million from US businesses using
these fraudulent wire transfers. The money has been sent to companies
in China near the Russian border. Online banking credentials were stolen
to conduct the fraudulent transactions.  The FBI recommends that banks
alert business customers of suspicious wire transfers going to any of
the cities on a list specified in the alert and that all transfers to
those locations be carefully scrutinized.
http://krebsonsecurity.com/2011/04/fbi-20m-in-fraudulent-wire-transfers-to-china/
http://www.informationweek.com/articles/229402300
http://www.scmagazineus.com/fbi-warns-of-millions-lost-in-fraudulent-transfers-to-china/article/201573/
http://www.v3.co.uk/v3-uk/news/2046033/fbi-warns-phishing-funds-flowing-china
http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf

 --Chrome Update Addresses 27 Vulnerabilities
(April 27, 2011)
Google has updated its Chrome browser, bringing the stable build of
Chrome to version 11 for Windows, Mac OS X and Linux.  The update
addresses 27 vulnerabilities, for which Google paid out US $16,000 in
bounties to 11 researchers who had reported 17 of the flaws.  None of
the vulnerabilities received a critical rating; 18 were rated high
severity.
http://www.eweek.com/c/a/Security/Google-Pays-16500-for-27-Chrome-Bugs-347739/
http://www.computerworld.com/s/article/9216220/Google_patches_27_Chrome_bugs_pays_out_record_bounties?taxonomyId=85

 --Researcher Finds Holes in Chinese Government Networks
(April 26, 2011)
Although China is often cast as the perpetrator in cyber attacks, one
researcher has found that numerous Chinese government networks are
vulnerable to attacks.  Attackers have gained access to a database
holding personal information, including names, passport numbers and
results of psychological tests, of 11,000 people, some of whom are
American citizens.  Many of the Americans were not aware that their
personal data were being held in the database, which is maintained by
an agency in China that recruits foreign specialists for work.  Other
vulnerabilities in government systems could be exploited to eavesdrop
on offices.  The flaws were discovered by a US researcher.
http://www.washingtontimes.com/news/2011/apr/26/chinese-databases-exposed-to-hackers/

 --Unprotected Wi-Fi Network Bring False Accusations of Illegal Activity
(April 26, 2011)
A Buffalo, New York man found himself the object of a home raid by
federal agents who accused him of downloading child pornography over his
wireless network.  Only after taking a desktop computer, iPads and
iPhones from the home and examining them over a few days did federal
agents clear the man of suspicion and pin the crime on a neighbor who
had accessed the unprotected Wi-Fi network. The story is not unique; a
similar incident occurred in Florida.  The stories drive home the
importance of home users securing their wireless routers.
http://www.msnbc.msn.com/id/42740201/ns/technology_and_science-wireless/
http://www.theregister.co.uk/2011/04/26/open_wifi_networks/

 --Government Drops Investigation of Warrantless Wiretapping Whistleblower
(April 26, 2011)
The US government is no longer pursuing its investigation of a former
Justice Department attorney who leaked information about the existence
of the George W. Bush administration's warrantless wiretapping program
at the National Security Agency (NSA).  Thomas Tamm told the New York
Times about the program's existence in 2004; the paper broke the story
in December 2005.
http://www.wired.com/threatlevel/2011/04/tamm/

 --Evolution of Cyber Security Competitions
(April 2011)
The dearth of skilled cyber security professionals affects all sectors
of the economy that depend on computers to function smoothly.  Cyber
security competitions help raise the visibility of the career path and
identify raw talent that can be honed into a force of cyber security
professionals with the necessary skills to protect and defend systems
into the future. Cyber security competitions have evolved from events
at hacker conferences to games of virtual capture the flag to Collegiate
Cyber Defense Competitions and Cyber Boot Camps.  Industry can help by
sponsoring competitions, in-kind support and team participation.
http://www.pymnts.com/educating-the-next-generation-of-security-professionals/
[Editor's Note (Honan): Each year at the Irish CERT's conference we run
a cyber challenge competition, HackEire www.hackeire.com, which is based
on the SANS 504 training course.  It always generates a lot of interest
in those wishing to practise and hone their skills but also
interestingly in the business people who attend the conference to
observe and learn how systems are attacked. ]

************************************************************************
The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and
the author/co-author of books on Unix security, Internet security,
Windows NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in
independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and served as President of the InfraGard National
Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa).  He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Mark Weatherford, Chief Security Officer, North American Electric
Reliability Corporation (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk268MUACgkQ+LUG5KFpTkasfwCeJyDsLqWx6pEJvZB0plwRvz2r
mBMAoI1VU0xIbFY88aKx4ejLwVL/rtc+
=Qphb
-----END PGP SIGNATURE-----




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.