Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

NETSEC Archives

Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] SANS NewsBites Vol. 13 Num. 70 : Exposed WikiLeaks File Contains More Than 250,000 US State Dept. Cables; New California Law Stipulates Additional Breach Notification Requirements; Chinese Cyber Security Documentary Disappears

  • From: The SANS Institute
  • Date: Fri Sep 02 17:14:16 2011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Now that a consensus is forming among the more sophisticated defenders
that the 20 Critical Controls are the most important defenses to put in
place, many organizations are searching for guidance on best practices
for implementing each of them quickly and cost-effectively.  Internet
Storm Center will, during October's National Security Awareness Month,
publish a series of daily diaries on each critical control and how to
automate it where possible. Also Johannes Ullrich, director of the
Internet Storm Center just told me about a newly published SANS gold
paper on how to implement the 20 critical controls if you don't have a
big budget. It is posted at
http://www.sans.org/reading_room/whitepapers/hsoffice/small-business-budget-implementation-20-security-controls_33744

                                      Alan
**************************************************************************
SANS NewsBites                September 2, 2011           Vol. 13, Num. 70
**************************************************************************

TOP OF THE NEWS    
  Exposed WikiLeaks File Contains More Than 250,000 US State Dept. Cables
  New California Law Stipulates Additional Breach Notification Requirements
  Footage of Cyber Security Documentary Disappears from Chinese State TV Site
  More Forged Digital Certificates Detected
  Judge Says Lawsuit Against Company That Tracks Lost Laptop May Proceed
THE REST OF THE WEEK'S NEWS 
    Two Arrested in Connection with Anonymous-Related Attack on Fine Gael Site
    Six-Year Sentence for Cyber Extortion
    Linux Kernel Servers Compromised
    Many Skeptical of Rumors That iPhone 5 Prototype Was Lost at Restaurant
    Former Akamai Employee Pleads Guilty to Espionage Charges

************************ Sponsored By Zscaler  **************************
ONLINE WEBCAST with GARTNER: WHY ADVANCED THREAT PROTECTION IS BETTER
DONE IN THE CLOUD
Are you doing enough to manage your security risks in today's Web 2.0
World?
Join Peter Firstbrook of GARTNER who will detail why cloud security is
better for advanced threat protection. Sept 8 at 10am PST / 1pm EST

http://www.sans.org/info/85919

**************************************************************************
TRAINING UPDATE
 -- SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011
45 courses.   Bonus evening presentations include Securing the Kids;
Who is Watching the Watchers?; and Emerging Trends in the Law of
Information Security and Investigations
http://www.sans.org/network-security-2011/
 -- The National Security Architecture Workshop, DC, Sept. 29-30,2011
2-day workshop discussing techniques to ensure security is considered
in every step of the development life cycle,
http://www.sans.org/baking-security-applications-networks-2011/
 -- NCIC: The National Cybersecurity Innovations Conference, DC, Oct.
11-12, 2011
3 tracks - Cloud computing, Continuous Monitoring and Enterprise Mobile
Security training
http://www.sans.org/ncic-2011/
 --SANS Chicago 2011, Chicago, IL, October 23-28, 2011
6 courses.  Bonus evening presentations include Computer Forensics in
the Virtual Realm and Electrical Grid Security
http://www.sans.org/chicago-2011/
 --SANS Seattle 2011, Seattle, WA, November 2-7, 2011
5 courses.  Bonus evening presentations include Future Trends in
Network Security; and Ninja Developers: Penetration Testing and Your SDLC
http://www.sans.org/seattle-2011/
 --SANS San Francisco 2011, San Francisco, CA, November 14-19, 2011
6 courses.  Bonus evening presentations include The Worst Mistakes in
Cloud Computing Security; Offensive Countermeasures; and Watching the
Wire at Home
http://www.sans.org/san-francisco-2011/
 --SANS San Antonio 2011, San Antonia, TX, November 28-December 5, 2011
7 courses.  Bonus evening presentations include Effective Methods for
Implementing the 20 Critical Security Controls; and Assessing
Deception: Are They Lying to You?
http://www.sans.org/san-antonio-2011/
 --Looking for training in your own community?
http:sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Melbourne, Delhi, London, Baltimore and Singapore all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org

****************************************************************************

TOP OF THE NEWS
 --Exposed WikiLeaks File Contains More Than 250,000 US State Dept. Cables
(September 1, 2011)
Allegations are flying about who is responsible for the apparent
inadvertent leak of a WikiLeaks file containing more than a quarter of
a million unredacted US diplomatic cables. The file and decryption
passphrase appeared on Cryptome last week following rumors that they had
been accessible on the Internet for several months. Some of the cables
have been released before, but they had been edited to remove names of
US informants who could be in danger if their identities became known
in their home countries. WikiLeaks maintains that The Guardian is
responsible for the release of the file because one of its reporters
revealed the password in a book. The Guardian newspaper countered that
the book was published months ago and that they were told that the
password was temporary.
http://www.washingtonpost.com/blogs/checkpoint-washington/post/wikileaks-suffers-major-breach-prompting-accusations-and-a-theory-on-what-went-wrong/2011/09/01/gIQABguMuJ_blog.html
http://www.wired.com/threatlevel/2011/09/wikileaks-unredacted-cables/

 --New California Law Stipulates Additional Breach Notification Requirements
(September 1, 2011)
California governor Jerry Brown has signed into law a bill that enhances
existing data breach notification requirements. California law already
requires that organizations notify residents if their personally
identifiable information is compromised. California was the first state
to enact such a law, and since its introduction in 2003, nearly all of
the other US states have enacted similar laws. The enhancement to the
California law requires that breach notification letters specify what
data have been compromised, describe the incident, and offer advice for
protection against identity fraud. In addition, breaches affecting 500
or more individuals must be reported to the state attorney general's
office by letter. The enhancement bill has been vetoed twice before by
former Governor Schwarzenegger.
http://www.scmagazineus.com/california-blazes-trail-again-with-enhanced-breach-alert-law/article/211005/
[Editor's Note (Murray): Elections have consequences, some for our
readers.  It is reasonable to assume that legislation working its way
through Congress will preempt state law in the interest of uniformity.
Such legislation often sets the bar closer to that of the most lenient
states rather than that of California.]

 --Footage of Cyber Security Documentary Disappears from Chinese State
    TV Site
(August 25, 2011)
Chinese state television reportedly aired footage of software that
appeared to be designed for launching distributed denial-of-service
(DDoS) attacks against websites. Analysts say the footage could be a
mock-up and is likely a decade old. The clip was included in a cyber
security documentary aired on the country's military channel last month.
Some have called it "possibly the first direct piece of visual evidence
from an official Chinese government source to undermine Beijing's
official claims never to engage in overseas hacking of any kind for
government purposes." The documentary has been removed from the
state-run television station's website.
http://www.guardian.co.uk/world/2011/aug/25/china-cyber-attack-tv-hacking
http://www.washingtonpost.com/blogs/checkpoint-washington/post/chinese-vanish-cyberwar-video-that-caused-stir/2011/08/25/gIQAAK8edJ_blog.html
http://news.yahoo.com/chinese-state-media-shows-military-cyber-hacking-clip-045637266.html
[Editor's Note (Murray): Deniability may be "plausible" but rarely better than that.]
 
 --More Forged Digital Certificates Detected
(August 31, 2011)
The people responsible for a forged Google digital certificate may also
have forged as many as 200 other certificates from high profile Internet
entities including Mozilla and Yahoo. DigiNotar, a Dutch certificate
authority, experienced a security breach in July 2011.  Updated versions
of the Firefox and Chrome browsers have been released to disable or
delete entries for DigiNotar.
http://www.wired.com/threatlevel/2011/08/diginotar-breach/
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
[Editor's Note (Honan): DigiNotar, the CA in question, is a fully owned
subsidiary of Vasco which is a manufacturer of secure tokens and a
competitor to RSA.  Vasco has issued a press release stating the forged
certificates were the result of a security breach detected by DigiNotar
in July.   Vasco also state the security breach did not compromise
their secure token business.
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
http://www.scmagazineus.com/diginotar-said-attack-is-to-blame-for-certificate-compromise/article/210891/
(Murray): There are now more than 600 issuers whose root certificates
are recognized by major software vendors.  The advantage is that they
are better able to authenticate their applicants.  The disadvantage is
that we are dependent on so many that compromises are more likely. ]

 --Judge Says Lawsuit Against Company That Tracks Lost Laptops May Proceed
(August 30 & September 1, 2011)
A federal judge has determined that a lawsuit filed against Absolute
Software, a company that provides tracking services to help find lost
Devices, may proceed. One of the plaintiffs, Susan Clements-Jeffrey,
purchased what she believed to be a used laptop from one of her
students. The device was actually stolen from the school district.  When
the tracking software was activated, the person conducting the search
captured sexually explicit exchanges between Clements-Jeffrey and the
other plaintiff, Carlton Smith, printouts of which the police brought
to the woman's home when they arrested her for receiving stolen
property. Those charges were ultimately dropped. The plaintiffs allege
that the defendants, which include an Absolute employee, the City of
Springfield, Ohio and its police department, violated their privacy by
illegally intercepting their communications. The defendants filed a
motion for a summary judgment, maintaining that the plaintiffs had no
expectation of privacy while using the stolen device. US District Judge
Walter Herbert Rice disagreed, writing that "It is one thing to cause a
stolen computer to report its IP address or geographical location in an
effort to track it down. It is something entirely different to violate
federal wiretapping laws by intercepting communications of the person
using the stolen laptop."
http://www.informationweek.com/news/security/privacy/231600626
http://www.wired.com/threatlevel/2011/08/absolute-sued-for-spying/
http://digitallife.today.com/_news/2011/09/01/7554439-tracking-no-excuse-to-record-teachers-naked-chat-pics

***************************  SPONSORED LINKS  ******************************
1) Be entered in a drawing to WIN a $100 American Express gift card.
Please take five minutes to help us improve the type and quality of
Vendor Programs at SANS Conferences. http://www.sans.org/info/85924
****************************************************************************

THE REST OF THE WEEK'S NEWS 
 --Two Arrested in Connection with Anonymous-Related Attack on Fine Gael Site
(September 1, 2011)
Two Irish teenagers have been arrested in connection with a January 2011
cyber attack on the website of the Fine Gael political party.  The
attack compromised the personally identifiable information of 2,000
people who had provided information to register to make comments on the
site.  Authorities have seized equipment from the teens' homes. The
arrests are reportedly part of a larger investigation into activities
of the Anonymous hacking collective and involving authorities in other
jurisdictions. Two men were arrested in the UK as well.
http://www.rte.ie/news/2011/0901/hacking.html
http://www.irishtimes.com/newspaper/breaking/2011/0901/breaking47.html
http://www.thejournal.ie/teenagers-arrested-over-fine-gael-site-hacking-216136-Sep2011/
http://www.belfasttelegraph.co.uk/news/local-national/republic-of-ireland/councillors-son-held-over-hacking-16044120.html
http://www.zdnet.co.uk/blogs/security-bullet-in-10000166/police-charge-two-more-anonymous-suspects-10024247/

 --Six-Year Sentence for Cyber Hacking and Wiretapping
(September 1, 2011)
A California man has been sentenced to six years in prison for infecting
computers with malware in an attempt to steal financial data and
personal information. Luis Mijangos also used the computers' integrated
webcams and microphones to spy on his victims and used some of the
information he stole to blackmail women into providing him with nude
photographs of themselves.
http://www.computerworld.com/s/article/9219701/Man_gets_six_years_for_hacking_girls_to_extort_photographs?taxonomyId=17

 --Linux Kernel Servers Compromised
(August 31, 2011)
The Linux Kernel Organization has said that several of their servers
became infected with malware that obtained root access. The malware also
modified files and harvested users' passwords and transactions. The
malware infected the system on or before August 12 but was not detected
until August 29. Administrators believe that Linux source code remained
unaffected by the malware infection. Law enforcement authorities have
been notified and all site users have been made to change their
passwords and SSH keys.
http://www.theregister.co.uk/2011/08/31/linux_kernel_security_breach/
http://www.computerworld.com/s/article/9219671/Hackers_break_into_Linux_source_code_site?taxonomyId=17

 --Many Skeptical of Rumors That iPhone 5 Prototype Was Lost at Restaurant
(August 31, 2011)
CNET is reporting that a prototype of a new Apple iPhone was left in a
restaurant/bar earlier this summer. In spring 2010, a man who found an
iPhone 4 prototype left in a German beer garden in Redwood City,
California, sold it to Gawker Media blog Gizmodo. The incident reported
this week has the iPhone 5 prototype lost in a Mexican eating
establishment in San Francisco and possibly sold on Craigslist for US
$200. Bloggers have expressed doubt about the story, citing Apple's
refusal to comment on the incident and the lack of a police report.
While Apple has made no formal announcement, there are hints that the
iPhone 5 is slated for an October release.
http://news.cnet.com/8301-13579_3-20099899-37/apple-loses-another-unreleased-iphone-exclusive/?tag=topStories
http://blogs.computerworld.com/18895/iphone_5_lost_in_bar_or_just_a_stunt?ua

 --Former Akamai Employee Pleads Guilty to Espionage Charges
(August 30 & 31, 2011)
Elliot Doxer has pleaded guilty to espionage charges for trying to sell
confidential information belonging to his employer to a man he believed
was an Israeli intelligence officer. Over an 18-month period starting
in September 2007, Doxer gave the man, who was actually an FBI
counterintelligence agent, confidential documents belonging to Akamai.
The information included lists of clients and contracts, Akamai security
practices and information about Akamai employees.  Doxer was employed
in the finance office at Akamai's Boston office.
http://www.computerworld.com/s/article/9219628/Akamai_employee_tried_to_sell_secrets_to_Israel?taxonomyId=82
http://www.csmonitor.com/USA/Justice/2011/0831/From-finance-department-clerk-to-Israeli-007-or-so-he-thought

************************************************************************
The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and
the author/co-author of books on Unix security, Internet security,
Windows NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of
STI, The Premier Skills-Based Cyber Security Graduate School,
www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate
School.

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in
independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and served as President of the InfraGard National
Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa).  He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Mark Weatherford, Chief Security Officer, North American Electric
Reliability Corporation (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk5hMPUACgkQ+LUG5KFpTkZAoQCdHyCsEGUi+4jkKNaWDtb7egou
6ygAn0INDDksePA6WwktiUMqSOzlzbXB
=KzQc
-----END PGP SIGNATURE-----




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.