|
NETSEC Archives Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] SANS NewsBites Vol. 13 Num. 91 : Bank Sued for Cyber Fraud; South Korea Asks ISPs to Help Stop Spam; Facebook Settling FTC Privacy Action
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**************************************************************************
SANS NewsBites November 15, 2011 Vol. 13, Num. 91
**************************************************************************
TOP OF THE NEWS
Title Company Suing Bank Over Fraudulent Transactions
South Korea Wants ISPs to Help Stop Spam
Facebook Reaching Settlement with FTC Over Privacy
THE REST OF THE WEEK'S NEWS
World Wide Web Consortium Seeks "Do Not Track" Standard
Inquiry Finds That Many Reporters Used Phone Hacker Services
Malware Signed with Stolen Digital Certificate
Flaw in Mac OS X Sandboxing
Cyclist and Manager Draw Suspended Sentences for Drug Test Lab Hack
Researchers are Finding Evidence that Duqu is Designer Malware
Adobe Patches Critical Flash Flaws
******************** Sponsored By ForeScout Technologies ***********
Sign up and view SANS Analyst Webcast-Your Pad or Mine? Enabling
Personal and Mobile Device Use On the Network. How to Apply Guest
Networking, BYOD (Bring Your Own Device) and Endpoint Security. Go to
http://www.sans.org/info/91146
**************************************************************************
TRAINING UPDATE
- --EURO SCADA & Process Control System Security Summit, Rome, Dec 1-2, 2011
Pre-Summit Courses November 26-30, 2011
Post-Summit Courses December 3-4, 2011
Gain the most current information regarding SCADA and Control System
threats and learn how to best prepare to defend against them.
http://www.sans.org/eu-scada-2011/
- --SANS San Antonio 2011, San Antonio, TX, November 28-December 5, 2011
7 courses. Bonus evening presentations include Effective Methods for
Implementing the 20 Critical Security Controls; and Assessing
Deception: Are They Lying to You?
http://www.sans.org/san-antonio-2011/
- --SANS London 2011, London, UK, December 3-12, 2011
18 courses. Bonus evening presentations include IPv6 Challenges for
Intrusion Detection and Understanding How Attackers Bypass Network and
Content Restrictions.
http://www.sans.org/london-2011/
- --Incident Detection & Log Management Summit, Washington DC,
December 7-8, 2011
Learn the latest techniques to detect breaches and intrusions!
http://www.sans.org/incident-detection-summit-2011/
- --SANS CDI 2011, Washington, DC, December 9-16, 2011
27 courses. Bonus evening presentations include Emerging Trends in
Data Law and Investigations, and Critical Infrastructure Control
Systems Cybersecurity.
http://www.sans.org/cyber-defense-initiative-2011/
- --SANS Security East 2012, New Orleans, LA January 17-26, 2012
11 courses. Bonus evening presentations include Advanced VoIP Pen
Testing: Current Threats and Methods; and Helping Small Businesses
with Security.
http://www.sans.org/security-east-2012/
- --Looking for training in your own community?
http:sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Tokyo, Perth and Atlanta all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
**************************************************************************
TOP OF THE NEWS
--Title Company Suing Bank Over Fraudulent Transactions
(November 14, 2011)
A Virginian title insurance company is suing its bank over cyber thefts
that resulted in losses of US $200,000. After computers at Global Title
Services became infected with ZeuS malware, cyber thieves based in
Eastern Europe stole online banking account access credentials that they
used to make unauthorized wire transfers out of the company's account
at what was then Chevy Chase Bank; it is now Capital One. The thieves
conducted fraudulent transactions totaling US $2 million; the bank was
able to recover all but US $200,000 of the stolen funds. The suit filed
by Global Title against Capital One alleges failure to act in good faith
and failure to implement reasonable online banking security procedures.
http://krebsonsecurity.com/2011/11/title-firm-sues-bank-over-207k-cyberheist/
[Editor's Note (Murray and Paller): It is hard to believe that it is
easier for the banks to defend these suits than to fix the problem.
Token-based or out-of-band authentication just is not that expensive.
They could even charge a fee for it. Of course, the regulators, the
FFIEC, are not helping; they could easily require it, rather than giving
the banks the "risk assessment" escape clause. Banks are not equipped
to assess this risk or to choose methods without guidance. They
actually believe that whatever the FFIEC Guidance permits is secure.]
--South Korea Wants ISPs to Help Stop Spam
(November 14, 2011)
South Korea is urging Internet service providers (ISPs) in that country
to agree to a national anti-spam plan. Dubbed "Block 25," the plan would
require the IPSs to restrict email to official gateways, or block all
email except that sent from official servers. The plan is facing
criticism from those who say it does not go far enough.
http://www.bbc.co.uk/news/technology-15720599
http://www.zdnet.com/blog/networking/south-korea-proposes-restricting-all-e-mail-sending-to-official-e-mail-servers/1647
http://securitywatch.pcmag.com/spam/290525-radical-korean-spam-block-can-it-work
--Facebook Reaching Settlement with FTC Over Privacy
(November 11, 2011)
Facebook is close to a settlement with the US Federal Trade Commission
(FTC) that would require the network to make any changes to its privacy
practices opt-in. Facebook has been the target of many complaints for
making users' personal information public by default. In the past,
every time Facebook has changed the way it facilitates sharing
information, users have had to dig deep into the site's privacy settings
to find the new default settings and decide which settings they want to
change. The settlement would also require Facebook submit to privacy
audits for the next 20 years.
http://arstechnica.com/tech-policy/news/2011/11/facebook-settlement-will-make-all-future-privacy-changes-opt-in.ars
http://www.latimes.com/business/la-fi-1112-facebook-privacy-20111112,0,4467952.story
[Editor's Note Murray): Facebook's stock in trade is the "social graph,"
the information about our associations. Opt-in is a huge price to pay
but if it preserves their right to monetize the graph, they will pay
it.]
*************************** SPONSORED LINKS: *****************************
1) See Active Cyber Attack and Defense Demo Showing the Power of Corero
Network Security's IPS. http://www.sans.org/info/91151
****************************************************************************
THE REST OF THE WEEK'S NEWS
--World Wide Web Consortium Seeks "Do Not Track" Standard
(November 14, 2011)
The World Wide Web Consortium (W3C) is developing tools that will warn
users when they visit websites that are not complying with privacy
requests. W3C is seeking help from users, businesses and browser makers
to finalize the specifications, which are aimed at helping users because
browsers do not use common Do Not Track mechanisms. The tools will be
privacy friendly, helping users to divulge as little information as
possible. They will also be able to alert users when sites are not
respecting their requests.
http://www.bbc.co.uk/news/technology-15723407
http://www.informationweek.com/news/security/privacy/231902974
--Inquiry Finds That Many Reporters Used Phone Hacker Services
(November 14, 2011)
The inquiry into the News of the World phone hacking scandal has
revealed that dozens of News International employees used the services
of private investigator Glenn Mulcaire, who has been convicted of
breaking into other people's mobile phones. The Leveson Inquiry was
established earlier this year after news of the scandal broke. The
discovery in Mulcaire's notebooks of the names of more than two dozen
people who had used his services suggests that the one News of the World
journalist who has been convicted of phone hacking "was not a rogue
reporter."
http://www.guardian.co.uk/media/2011/nov/14/phone-hacking-news-international-staff-named?newsfeed=true
http://edition.cnn.com/2011/11/14/world/europe/uk-phone-hacking-scandal/
--Malware Signed with Stolen Digital Certificate
(November 14, 2011)
F-Secure is reporting that a Malaysian governmental digital certificate
was used to sign malware, which is spreading through infected PDF files
that exploit a vulnerability in Adobe Reader 8. The certificate, which
belongs to the Malaysian Agricultural Research and Development
Institute, expired on September 29, 2011.
http://news.cnet.com/8301-1009_3-57324501-83/f-secure-finds-rare-digitally-signed-malware/
http://www.h-online.com/security/news/item/Stolen-government-certificate-signed-malware-1378914.html
http://www.theregister.co.uk/2011/11/14/stolen_certificate_discovered/
--Flaw in Mac OS X Sandboxing
(November 12, 2011)
A vulnerability in Mac OS X could be exploited to circumvent sandboxing
restrictions. This flaw is especially notable given Apple's recent
announcement that all applications sold through the Mac App Store will
be required to implement sandboxing as of March 1, 2012. The company
that discovered the flaw says it notified Apple in September.
http://threatpost.com/en_us/blogs/mac-os-x-sandbox-security-hole-uncovered-111211
http://news.cnet.com/8301-1009_3-57324583-83/sandboxing-flaw-is-no-real-problem-for-os-x/
[Editor's Note (Murray): Sandboxing in iOS has proven to be very
effective. It is much more difficult to retrofit the concept to an
existing system and without breaking applications. However I will
continue to hope and to give Apple credit for trying.]
--Cyclist and Coach Draw Suspended Sentences for Drug Test Lab Hack
(November 12, 2011)
A French court has given US cyclist Floyd Landis and his former coach,
Arnie Baker, 12-month suspended sentences for their roles in a scheme
involving hacking into a computer at a drug-testing laboratory. A
computer at Laboratoire National de Depistage du Dopage was infected
with a Trojan horse program in 2006; a subsequent investigation revealed
that intruders had downloaded more than 1,700 files, some of which
turned up on a website questioning the credibility of the lab's
findings. The lab had run tests that found Landis had been using
unauthorized substances when he won the 2006 Tour de France; he was
stripped of that title. There was apparently no evidence suggesting that
the men were directly involved with the cyber attack, but "both ...
benefitted from the illegal intrusion."
http://www.theregister.co.uk/2011/11/12/floyd_landis_sentenced/
http://www.npr.org/blogs/thetwo-way/2011/11/10/142211319/french-court-convicts-cyclist-floyd-landis-in-hacking-of-doping-lab
http://www.securitynewsdaily.com/floyd-landis-hacking-doping-1330/
http://www.usatoday.com/sports/cycling/story/2011-11-10/floyd-landis-convicted/51152204/1
--Researchers are Finding Evidence that Duqu is Designer Malware
(November 11, 2011)
Analysis of Duqu suggests that the malware has been in development for
at least four years. Kaspersky Labs has found that at least one
component dates back to August 2007. Researchers also say that each
instance in which Duqu was used, the malware was tailored specifically
for the targeted systems.
http://www.computerworld.com/s/article/9221760/Hackers_may_have_spent_years_crafting_Duqu?taxonomyId=85
http://www.theregister.co.uk/2011/11/11/duqu_analysis/
--Adobe Patches Critical Flash Flaws
(November 9 & 10, 2011)
Adobe has issued a critical update for Flash player to address a dozen
flaws, some of which allow remote code execution. Flash version
11.1.102.55 is available for Windows, Mac, Linux and Solaris. Adobe has
also released Flash version 11.1.102.59 for Android, which is expected
to be the last time it updates Flash for mobile. In addition, Adobe has
released AIR version 3.1.0.4880 for Windows, Mac, and Android.
Internet Storm Center: https://isc.sans.edu/diary.html?storyid=12007
http://www.scmagazineus.com/adobe-fixes-12-flash-flaws-many-allow-for-code-execution/article/216511/
http://www.h-online.com/security/news/item/Adobe-closes-12-critical-holes-in-Flash-1377759.html
http://krebsonsecurity.com/2011/11/critical-flash-update-plugs-12-security-holes/
http://www.wired.com/gadgetlab/2011/11/adobe-kills-mobile-flash
************************************************************************
The Editorial Board of SANS NewsBites
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of
STI, The Premier Skills-Based Cyber Security Graduate School,
www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of InGuardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate
School.
Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in
independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for
InGuardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and served as President of the InfraGard National Members
Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, Chief Security Officer, North American Electric
Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAk7CtqIACgkQ+LUG5KFpTkbbqwCeKXKvBPubndSu/Mg2YxEvarSC
n8MAn0ZyK+/5swOfOOHLa4xg2ZXogEx7
=oyh1
-----END PGP SIGNATURE-----
|