Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

NETSEC Archives

Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] SANS NewsBites Vol. 13 Num. 35 : Sony Gaming Hit Again; Macs Targeted By Malware; Apple Files Patent on Tracking Technology

  • From: The SANS Institute
  • Date: Tue May 03 15:13:46 2011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

**************************************************************************
SANS NewsBites                  May 4, 2011              Vol. 13, Num. 035
**************************************************************************
TOP OF THE NEWS    
  Sony Shuts Down Online Gaming Site
  Apple Filed Patent Application for Tracking Technology
  LimeWire Trial Set to Start This Week
  Malware Targets Macs
THE REST OF THE WEEK'S NEWS 
  Employees Have Internet Access at Oak Ridge National Labs Again
  Sony Says Parts of PSN to be Back Online This Week
  Some Claim to be Selling PSN Customers' Credit Card Data
  Papers Warns of Dangers of Alarmist Cyberthreat Rhetoric
  Amazon Provides Details About Cloud Outage
  Mozilla Releases Update for Firefox 4
  Seattle School District Officials Suspect Students in Online Grade Changes

***************************************************************** 
TRAINING UPDATE
 -- SANS Security West 2011, San Diego, CA, May 3-12, 2011
23 courses.  Bonus evening presentations include The Emerging Security
Threat Panel Discussion; and Emerging Trends in Data Law and
Investigation http://www.sans.org/security-west-2011/
 -- SANS Cyber Guardian 2011, Baltimore, MD, May 15-22, 2011
8 courses.  Bonus evening presentations include Windows Exploratory
Surgery with Process Hacker and State of the Hack: Stuxnet.
8 courses.  http://www.sans.org/cyber-guardian-2011/
 -- SANS Rocky Mountain 2011, Denver, CO, June 25-30, 2011
7 courses.  Bonus evening presentations include SANS Hacklab and Why
End Users are Your Weakest Link
http://www.sans.org/rocky-mountain-2011/
 -- SANSFIRE 2011, Washington, DC, July 15-24, 2011
40 courses.  Bonus evening presentations include Ninja developers:
Penetration testing and Your SDLC; and Are Your Tools Ready for IPv6?
http://www.sans.org/sansfire-2011/
 -- SANS Boston 2011, Boston, MA, August 8-15, 2011
12 courses.  Bonus evening presentations include Cost Effectively
Implementing PCI through the Critical Controls; and More Practical
Insights on the 20 Critical Controls
http://www.sans.org/boston-2011/
 -- SANS Virginia Beach 2011, August 22- September 2, 2011
11 courses.
http://www.sans.org/virginia-beach-2011/
 -- Looking for training in your own community?
http://sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current Plus Barcelona,
Amsterdam, Brisbane, London and Austin all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org

********************** SPONSORED BY Athena Security ********************

Running your network without configuration analytics is like wandering
a maze aimlessly.  Where are the optimal places to make changes?  How
can you be sure the correct changes were made?  What are the possible
side effects?

Athena arms you with tools to simplify network visualization and
management.  Get a FREE trial of Athena PathFinder and start making
changes with absolute clarity.

http://www.sans.org/info/76813

****************************************************************************

TOP OF THE NEWS
 --Sony Shuts Down Online Gaming Site
(May 2, 2011)
Late Sunday night, Sony shut down Sony Online Entertainment, its online
PC games site, fueling speculation that the attack that prompted the PSN
outage gained a deeper grasp in company systems than has been
acknowledged.  Sony did not provide much information about their reasons
beyond having "discovered an issue that warrants enough concern ... to
take the service down effective immediately."
http://www.theregister.co.uk/2011/05/02/sony_online_entertainment_closed/
http://latimesblogs.latimes.com/technology/2011/05/sony-online-games-attack-hacker.html
http://www.pcmag.com/article2/0,2817,2384771,00.asp
http://www.bbc.co.uk/news/technology-13260041

 --Apple Filed Patent Application for Tracking Technology
(April 27 & 29, 2011)
In 2009, Apple filed a patent application for technology to track users
through smartphones.  Apple has recently been the focus of attention
because it was found that iPhones were tracking and storing user
location data.  Apple had said that it was not tracking users and that
a bug was to blame for the retained data.  The September 2009 patent
application refers to "Location Histories for Location Aware Devices."
http://www.securecomputing.net.au/News/255860,apple-snooping-plot-thickens--iphone-tracker-was-patented.aspx
http://blogs.forbes.com/kashmirhill/2011/04/27/apple-filed-a-patent-application-in-2009-for-what-its-now-calling-a-bug/

 --LimeWire Trial Set to Start This Week
(April 28, 2011)
The copyright infringement lawsuit brought against LimeWire by the
Recording Industry Association of America (RIAA) is scheduled to start
on Tuesday, May 3.  It's the first such lawsuit against a file-sharing
software company since the Supreme Court ruled against Grokster in 2005.
A federal jury will decide how much LimeWire should pay for copyright
infringement conducted through its service.  The record companies say
LimeWire owes more than US $1 billion in damages.  US District Judge
Kimba Wood noted that the infringement was "willful," which
significantly increases the penalty for each track that was shared
illegally.  Judge Wood ordered LimeWire to stop "file-distribution
functionality" in October 2010.
http://www.wired.com/threatlevel/2011/04/limewire-damages-trial/
[Editor's Comment (Northcutt): We talk about the Grokster case in my
class, Security Leadership Essentials, but these LimeWire folks were
really cheeky.
http://www.sans.org/security-training/security-leadership-essentials-managers-knowledge-compression-62-mid ]

- --Malware Targets Macs
(May 2, 2011)
Malware targeting Mac OS X has been detected, though it is not
widespread.  Those spreading the malware are exploiting users' interest
in late breaking news about Bin Laden's death. MacDefender claims to be
security software and tries to trick users into paying up to US $80 for
what amounts to useless software. This marks the first time that rogue
antivirus software has targeted Mac users. The program generates a
stream of messages on users' computers that malware has been detected
on their machines, and urges them to download security software.  Safari
users who have selected the "open 'safe' files after downloading"
setting will have the malware installed immediately upon visiting one
of the malicious pages.  In other cases, for users to become infected,
they have to open a ZIP file and manually install the malware.  There
is a legitimate software developer with the same name as the malware;
they are not in any way connected.
Internet Storm Center: http://isc.sans.edu/diary.html?storyid=10813
(ISC has reports of $99 (via Paypal) for a price on this in addition to
the $80 from other sources.)
http://www.computerworld.com/s/article/9216335/Fake_security_software_takes_aim_at_Mac_users?taxonomyId=17
http://www.pcworld.com/article/226846/fake_macdefender_brings_malware_to_macs.html
http://thenextweb.com/apple/2011/05/02/bogus-macdefender-malware-campaign-targets-mac-users-using-google-images/
[Editor's Comment (Northcutt): As a public safety announcement, please warn
your people not to open any mail messages with attachments that claim to
have video, pictures etc of Bin Laden, the Navy Seal team, Amazing Grace at
Ground Zero, the wife that was a human shield etc. This doesn't only apply
to Macs, PCs, iPhones, Androids, just do not do it. I will bet the botnets
add a million compromised systems from people clicking on this one.]

***************************  Sponsored Link: *******************************
Call For Participation: Security Architecture Workshop - 2011 Washington DC.  
If your organization has found effective ways to bake security into
applications (and you are not a vendor) you may win a highly prized free
invitation to the Security Architecture Workshop where the most
effective techniques for making secure engineering and architecture
cost-effective will be shared.
Email SAW@xxxxxxxx if you have a process that works.
****************************************************************************

THE REST OF THE WEEK'S NEWS
 --Employees Have Internet Access at Oak Ridge National Labs Again
(May 2, 2011)
Internet connectivity has been restored at the Oak Ridge National
Laboratory, more than two weeks after employee access to the Internet
was severed to limit damage from a cyber attack. An investigation into
the incident that led to the restrictions indicates that malware
infiltrated laboratory systems on April 7, 2011 following a targeted
phishing attack against lab employees that exploited a vulnerability in
Internet Explorer.  The lab became aware of the situation on April 11
and monitored systems until the decision was made to sever Internet
access on April 15.
http://www.knoxnews.com/news/2011/may/02/internet-back-oak-ridge-national-laboratory-after/

 --Some Claim to be Selling PSN Customers' Credit Card Data
(April 28 & 29, 2011)
While Sony says that the credit card information compromised in the PSN
attack were encrypted, those apparently involved with the attack claim
that they are already selling the information in online carder forums.
It is possible that both claims could be true; Sony has not said what
sort of encryption was used, and the attackers could conceivably have
broken it by now.
http://www.pcworld.com/businesscenter/article/226737/sony_says_data_is_protected_attackers_say_its_for_sale.html

 --Papers Warns of Dangers of Alarmist Cyberthreat Rhetoric
(April 29, 2011)
A paper published by researchers at the Mercatus Institute at Virginia's
George Mason University says that the US government's "alarmist
rhetoric" about cyber threats facing the country's critical
infrastructure could result in the enactment of policy based on evidence
that may not have a foundation in fact.  The researchers, Jerry Brito
and Tate Watkins, compared the dangerous possibilities of ill-informed
policy to what happened in Iraq - a decision was made to invade the
country based on rumors, not hard evidence, that the country's political
regime was connected to the September 11 attacks and that it possessed
weapons of mass destruction.  Decisions based on faulty information
could lead to unnecessary regulation of network, and overspending on
cyber security.
http://www.scmagazineus.com/paper-highlights-dangers-of-inflating-cyberthreats/article/201822/
http://mercatus.org/sites/default/files/publication/110421-cybersecurity.pdf
[Editor's Comment (Northcutt): At first glance the paper appears to be
political and sensational, however it is well researched and more even
toned that I first felt. Anyone with government or governance
responsibility is encouraged to read it and draw your own conclusions.
(Schultz): I am sure that these researchers are very smart, but they do
not appear to be very well-informed. They speculate that the US
government might overspend on cyber security. The day that happens will
be the day hell freezes over, trust me.]

 --Amazon Provides Details About Cloud Outage
(April 29, 2011)
Amazon has apologized for the outage experienced in portions of its
cloud services platform and has released a statement offering more
detail about the cause of the incident. The problem arose because of a
configuration error that was made during a network upgrade.  The error
caused traffic that should have been directed to a primary network to
be routed to a lower-capacity network.  Amazon also detailed steps it
is taking to prevent a recurrence.
http://www.computerworld.com/s/article/9216303/Amazon_cloud_outage_was_triggered_by_configuration_error?taxonomyId=17
http://aws.amazon.com/message/65648/
http://www.bbc.co.uk/news/business-13242782
[Editor's Note (Pescatore): Back in the day, what we called the cloud
was the telecoms cloud. And back in 1990, ATT had a self-inflicted
software bug that brought down just about all their 4ESS switches and
the majority of US long distance calls for over 24 hours. Anyone who
plans on using cloud without planning on workarounds for outages is not
doing their due diligence.]

 --Mozilla Releases Update for Firefox 4
(April 29 & May 2, 2011)
Mozilla has released security updates for Firefox 4, Firefox 3.5 and
Firefox 3. In all, Mozilla fixed 53 flaws in the browsers, 12 of which
were rated critical.  The flaws addressed in the new version of Firefox
4 include a pair of issues in WebGLES graphics libraries that could be
exploited to bypass certain security protections in Windows.
http://www.theregister.co.uk/2011/04/29/firefox_security_update/
http://www.computerworld.com/s/article/9216294/Mozilla_patches_Firefox_4_fixes_programming_bungle
http://www.eweek.com/c/a/Security/Mozilla-Patches-Critical-Firefox-Security-Flaws-536391/

 --Seattle School District Officials Suspect Students in Online Grade Changes
(April 28 & May 1, 2011)
School district officials suspect students at Seattle area high schools
of breaking into school computer systems.  Systems at three Seattle high
schools have been affected.  Although some grades in an online grade
book system were altered, no final grades were changed.  The district
has begun monitoring systems for anomalous activity.  Teachers received
a memo that told them "network login credentials are being stolen and
used to inappropriately access district systems." Officials suspect the
information was stolen through the use of a keystroke logging device.
The district is checking to see if other information was stolen.
http://www.seattlepi.com/local/article/Students-suspected-of-changing-grades-on-hacked-1357382.php
http://seattletimes.nwsource.com/html/editorials/2014914193_edit02grades.html

************************************************************************
The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and
the author/co-author of books on Unix security, Internet security,
Windows NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in
independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and served as President of the InfraGard National
Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa).  He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Mark Weatherford, Chief Security Officer, North American Electric
Reliability Corporation (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk3AQUIACgkQ+LUG5KFpTkaRaACgmQh+JwCMaIcHyfZhRuqs5rAV
jmQAoIBEoL8JJuBV2lfqWURHJg7j0iBR
=9b9p
-----END PGP SIGNATURE-----




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.