Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

NETSEC Archives

Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] SANS NewsBites Vol. 14 Num. 18 : NSA Addresses Mobile Security; Republican Senators Introduce Cyber Security Legislation; Air Force Makes Cyber A Career Option; Arrest 25 in Connection with Anonymous

  • From: The SANS Institute
  • Date: Fri Mar 02 15:12:00 2012

Hash: SHA1

The biggest story from the RSA conference this week is the first story

in this issue: NSA found and described a path to security for mobile

devices - not one they will build exclusively for military use but one

all large organizations can use by ensuring their vendors deliver tools

and services that follow the NSA roadmap. The second biggest story from

RSA isn't in the news, because reporters were excluded from the meeting

where it played out. Top US and Canadian government cybersecurity

leaders met to discuss why and how to standardize (as the Brits have

done) on the 20 Critical Controls and on automated continuous (daily)

monitoring and mitigation were now the sensible path forward.  With the

President adding $200 million to the Budget for rapid acquisition and

implementation of the tools for automated continuous monitoring of those

controls across government, "we have reached the tipping point," wrote

one of the US officials who was at the meeting.

Checks are flowing in for the Paul Bartock Scholarship Fund, the total

passed $10,500 today. Some people stopped me at RSA and asked if they

could use credit cards. To do so, go to; on

right hand side of web site click on DONATE; where it says "What would

you like to donate to?" hit the drop down menu and select Paul Bartock

Scholarship (it will be under P); complete the form including amount you

would like to donate and credit card info; submit form.




SANS NewsBites                  March 2, 2012            Vol. 14, Num. 018



  NSA Addresses Mobile Security

  Republican Senators Introduce Cyber Security Legislation

  US Air Force Makes Cyber A Career Option 

  Police in South America and Europe Arrest 25 in Connection with

    Anonymous Activity


    Cyber Challenge Competitions Offer Hands-on Training

    Malware Launches Man-in-the-Middle Attacks on Online Banking Transactions

    Two Arrested in France in Connection with Mobile Trojan

    Microsoft Acknowledges Attack on Microsoft Store India

    The Pirate Bay Switches to Magnet Links

    NIST Releases Draft Update of Security and Privacy Guidance for

      Federal Agencies

    Officials Crack Encryption on Defendant's Laptop

    Stolen NASA Laptop Was Unencrypted

    Ireland Passes Copyright Act Amendment

********************** SPONSORED BY LogLogic, Inc. **********************

Manage your Big Data with the most scalable log & security intelligence

platform for the Enterprise & Cloud.

Don't take our word. Try it yourself! For a limited time, download here:



 --SANS Secure Singapore 2012, Singapore, Singapore  March 5-17, 2012

5 courses. Bonus evening presentations include Introduction to Windows

Memory Analysis; and Why Our Defenses are Failing Us: One Click is All

It Takes ...

 -- SANS Mobile Device Security Summit: The Growing and Constantly

Changing Challenge,

Nashville, TN Summit: March 12-13, 2012; Post-Summit Courses: March 14-15, 2012

Mobile device security experts and practitioners from organizations

that have implemented successful programs will discuss the most

promising approaches to this new and evolving challenge.

 --SANS 2012, Orlando, FL  March 23-29, 2012

40 courses.  Bonus evening presentations include Exploiting

Vulnerabilities: 60 Minutes from Discovery to Exploit; Evolving

Threats; and Harbinger of Evil: The Forensic Art of Finding Malware.

 --SANS Northern Virginia 2012, Reston, VA  April  15-20, 2012

7 courses.  Bonus evening presentations include Linux Forensics for

Non-Linux Folks; and Who Do You Trust? SSL and TLS Under Attack

 --SANS Cyber Guardian 2012, Baltimore, MD  April 30-May 7, 2012

11 courses.  Bonus evening presentations include Ninja Assessments:

Stealth Security testing for Organizations; and Adjusting Our Defenses

for 2012.

 --SANS AppSec 2012, Las Vegas, NV  April 24-May 1, 2012

5 courses.

 --SANS Secure Europe 2012, Amsterdam, Netherlands  May 7-19, 2012

12 courses.

 --SANS Security West 2012, San Diego, CA  May 10-18, 2012

25 courses. Bonus evening presentations include Metametrics - A New

Approach to Information Security Management Metrics; and Malware

Analysis Essentials Using REMnux.

 --Looking for training in your own community?

http: Save on On-Demand training (30 full

courses) - See samples at

Plus Stuttgart, Abu Dhabi, Toronto, Brisbane, and Bangalore all

in the next 90 days.

For a list of all upcoming events, on-line and live:



- --NSA Addresses Mobile Security

(February 29, 2012)

A national Security Agency (NSA) pilot program aims to model secure

classified communications over commercial mobile devices. However, the

NSA has found that off-the-shelf products are inconsistent in their

implementation of the standards and protocol that NSA requires. The

agency would prefer not to have to be tied to one platform, but for the

time being, they have no choice.

[Editor's Note (Pescatore): Back in the late 80s NSA and the DoD tried

to push multi-level secure versions of Windows, Solaris, Unix etc

because the commercial versions weren't "consistent in their

implementation of..." and after a few years even the DoD and

Intelligence community found they could not use the MLS versions and had

to use the commercial versions. The use of encrypted data containers,

mobile device management and "business strength" app stores on mobile

devices will be more mainstream approaches.

(Paller): On the other hand, perhaps NSA learned a great deal from those

experiences in the 80s and a joint approach involving major industrial

buyers and other nations will have a different outcome this time.]

 --Republican Senators Introduce Cyber Security Legislation

(February 29 & March 1, 2012)

Republican legislators have introduced their own cyber security bill in

the US Senate. The SECURE IT Act is being promoted as less regulatory

than the Cyber Security Act. The bill aims to encourage cyber threat

information sharing through incentives. Most information sharing would

be voluntary; the only case in which it would be required is if the

threat information is related to a federal contract. The newer bill

would also stiffen penalties for those convicted of certain cyber


 --US Air Force Makes Cyber A Career Option 

(March 1, 2012)

The Air Force has established career paths for both enlisted personnel

and officers that allow them to stay in the field of computers for the

duration of their careers. Previously, people were given one tour in the

cyber arena followed by tours in other areas. People with an interest

in computers left to work for private industry so they could stay in the

areas they enjoyed. The Air Force is aware that it cannot compete with

a private sector salary, but "when you're working with the right

authorities here, you can do a lot of things that can get you put in

jail in the private sector," according to Skip Runyan, technical

director for the Air Force's main cyber training unit.

 --Police in South America and Europe Arrest 25 in Connection with

    Anonymous Activity

(February 28 & 29, 2012)

Police in Argentina, Chile, Colombia, and Spain have arrested a total

of 25 people in connection with the Anonymous hacking collective. The

arrests are part of "Operation Unmask," which also resulted in the

seizure of 250 pieces of equipment.  The action was taken in response

to cyber attacks on government, political, and corporate websites.

***********************  SPONSORED LINKS:  *****************************

1) Privileged Password Sharing: Root of All Evil. Featuring Senior SANS 

Analyst, J. Michael Butler, and Jason Fehrenbach from Quest Software

2) Take the SANS 8th Annual Log and Event Management Survey and be entered 

to WIN a $250 American Express Card.

3) Demystifying External Authorization: Oracle Entitlements Server Review.

Featuring: Tanya Baccam and Roger Wigenstam



 --Cyber Challenge Competitions Offer Hands-on Training

(February 29, 2012)

Panelists speaking at the RSA Conference in San Francisco earlier this

week said that according to the Cyber Challenge, colleges are not

adequately preparing students to work in the field of cyber security.

Cyber Challenge national director Karen Evans compared the problem to

"trying to field a professional baseball team when there's no little

league team out there." One competitor, Alex Levinson, said his college

education did not prepare him to work in cyber security, and that the

Cyber Challenge competitions provide the opportunity "to go through and

learn the actual hands-on skills that you're going to use in the

workplace." Cyber Challenge is a public-private partnership that offers

cyber security competitions and camps for high school and college

students as well as working professionals.

 --Malware Launches Man-in-the-Middle Attacks on Online Banking Transactions

(February 28, 2012)

A new piece of malware dubbed Shylock is being used to conduct

man-in-the-middle attacks on customers who use online banking services.

The attacks have focused mainly on business banking customers. Shylock

hijacks sessions after users log in to their accounts; it pops up a live

chat session window in which users are told the session has been

suspended for one reason or another, and then the attacker poses as a

customer service representative, who transmits information to the bank

and steals funds. The live chat session seeks the information necessary

to carry out the fraudulent transaction.

 --Two Arrested in France in Connection with Mobile Trojan

(February 28, 2012)

Law enforcement authorities in France have arrested two people in

connection with a malware scam involving Android phones. The pair

allegedly infected the devices with the Foncy Trojan horse program,

which sent text messages to premium rate numbers, costing infected users

4.5 euros (US$6) each. The two allegedly netted 100,000 euros

(US$133,000) through the scheme.

 --Microsoft Acknowledges Attack on Microsoft Store India

(February 28, 2012)

Microsoft is now acknowledging that an attack on its Microsoft Store

India website may have compromised the credit card information and other

financial data of customers who have used that site. The site has been

offline since early February, when the attack was detected. Microsoft

said it has notified all potentially affected customers.

 --The Pirate Bay Switches to Magnet Links

(February 28, 2012)

As of February 29, The Pirate Bay is no longer providing torrent files.

Instead, the site is offering magnet links, which allow users to

download files from other BitTorrent users. In an interview, members of

The Pirate Bay team said that "it shouldn't make that much of a

difference for the average user." Their explanation for the change is

that Torrents consume a lot of space and time. Aside from using fewer

resources, magnet links are also less likely to get a site shut down.

 --NIST Releases Draft Update of Security and Privacy Guidance for

   Federal Agencies

(February 29, 2012)

The National Institute of Standards and Technology (NIST) has issued the

first public draft of the updated version of Special Publication 800-53,

Security and Privacy Controls for Federal Information Systems and

Organizations. The document was last updated in 2009, before the

widespread adoption of cloud computing and the WikiLeaks scandal. The

new draft document includes guidance on spotting and dealing with an

employee who may pose a threat to data security. The publication also

address smartphone security issues, including the recommendation that

ensuring that data on the devices can be remotely purged if they are

lost or stolen. NIST is accepting comments on the draft document through

April 6, 2012.

 --Officials Crack Encryption on Defendant's Laptop

(February 29 & March 1, 2012)

Federal law enforcement officials have decrypted a seized laptop

belonging to Ramona Fricosu, rendering moot a judge's order for her to

decrypt the drive or face jail time for contempt of court. Fricosu and

her former husband are defendants in a mortgage fraud case. The case was

being closely watched because it was addressing the question of whether

or not ordering a defendant to decrypt a laptop violated the defendant's

Fifth Amendment rights.

 --Stolen NASA Laptop Was Unencrypted

(February 29 & March 1, 2012)

A laptop computer stolen from NASA last March contained information used

to send commands to the International Space Station. In written

testimony provided to US legislators, NASA inspector general Paul Martin

said that the laptop was not encrypted. Martin's testimony also

mentioned that between April 2009 and April 2011, NASA reported 48

laptops or mobile devices lost or stolen. Martin also noted that NASA's

IT chief lacks the authority to enforce IT security policies.

[Editor's Note (Honan): Policies that are not enforced are about as

useful as a chocolate coffee pot.]

 --Ireland Passes Copyright Act Amendment

(February 29 & March 1, 2012)

Irish lawmakers have passed an amendment to the Copyright Act that is

being compared to the US's now-defunct SOPA bill. The law allows

copyright holders to seek injunctions against Internet service providers

(ISPs) that let users access websites offering pirated content.

Opposition to the amendment is being expressed through an online

petition. The public outcry has prompted the Irish government to

undertake a review of existing copyright law.


The Editorial Board of SANS NewsBites

John Pescatore is Vice President at Gartner Inc.; he has worked in

computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of

STI, The Premier Skills-Based Cyber Security Graduate School,

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm

Center and Dean of the Faculty of the graduate school at the SANS

Technology Institute.

Ed Skoudis is co-founder of CounterHackChallenges, the nation's top

producer of cyber ranges, simulations, and competitive challenges, now

used from high schools to the Air Force. He is also author and lead

instructor of the SANS Hacker Exploits and Incident Handling course, and

Penetration Testing course..

William Hugh Murray is an executive consultant and trainer in

Information Assurance and Associate Professor at the Naval Postgraduate


Rob Lee is the curriculum lead instructor for the SANS Institute's

computer forensic courses ( and a Director

at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in

independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for

InGuardians, a handler for the SANS Institute's Internet Storm Center,

and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS

Institute. He has written five books, including Insider Threat and he

is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC)

at the FBI and served as President of the InfraGard National Members

Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information

security field who have held a top management position in a Fortune 50

company (Alcoa).  He is leading SANS' global initiative to improve

application security.

David Hoelzer is the director of research & principal examiner for

Enclave Forensics and a senior fellow with the SANS Technology


Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is

widely recognized as a security products designer and industry


Clint Kreitner is the founding President and CEO of The Center for

Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production

manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but

no posting is allowed on web sites. For a free subscription, (and for

free posters) or to update a current subscription, visit

Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools -


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.