Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

NETSEC Archives

Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] SANS NewsBites Vol. 14 Num. 19 : Ex-CIA Director Sees New Phase Of Warfare Where Cyberweapons Create Physical Destruction; Lulzsec Arrests; FCC Seeking Comment on Cell Phone Blocking

  • From: The SANS Institute
  • Date: Tue Mar 06 13:45:07 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

**************************************************************************

SANS NewsBites                March 6, 2012              Vol. 14, Num. 019

**************************************************************************

TOP OF THE NEWS

  Ex-CIA Director Sees New Phase Of Warfare Where Cyberweapons Create

    Physical Destruction

  Global Arrests And Charges Against Members of Lulzsec Hacking Group

  FCC Seeking Public Comment on Cell Phone Blocking

  

THE REST OF THE WEEK'S NEWS

    Hackers Stole Michael Jackson's Entire Catalog From Sony

    Senator Asks FTC to Investigate Google and Apple Over Possible App

      Privacy Violations

    Google Updates Chrome

    Adobe Issues Another Flash Player Fix

    US Authorities Start Extradition Process in Megaupload Case

    Anonymous Hacking Tool Infected With Trojan

    NASA Suffered Intrusion at Jet Propulsion Lab

    Cable Modem Hacker Convicted

    Federal Agencies and Fortune 500 Companies Eradicating DNSChanger

  

********************** SPONSORED BY F5 Networks, Inc. ******************



WHITE PAPER: THE NEW DATA CENTER FIREWALL PARADIGM 



The increasing sophistication, frequency, and diversity of today's

network attacks are overwhelming conventional stateful security devices

at the edge of the data center. Learn how to combat modern attacks while

reducing capital expenditures. Download The New Data Center Firewall

Paradigm



http://www.sans.org/info/100974



**************************************************************************

TRAINING UPDATE

- -- SANS Mobile Device Security Summit: The Growing and Constantly

Changing Challenge,  Nashville, TN 

Summit: March 12-13, 2012; Post-Summit Courses: March 14-15, 2012

Mobile device security experts and practitioners from organizations

that have implemented successful programs will discuss the most

promising approaches to this new and evolving challenge.

http://www.sans.org/mobile-device-security-summit-2012/

- --SANS 2012, Orlando, FL  March 23-29, 2012

40 courses.  Bonus evening presentations include Exploiting

Vulnerabilities: 60 Minutes from Discovery to Exploit; Evolving

Threats; and Harbinger of Evil: The Forensic Art of Finding Malware.

http://www.sans.org/sans-2012/

- --SANS Northern Virginia 2012, Reston, VA  April  15-20, 2012

7 courses.  Bonus evening presentations include Linux Forensics for

Non-Linux Folks; and Who Do You Trust? SSL and TLS Under Attack

http://www.sans.org/northern-virginia-2012/

- --SANS Cyber Guardian 2012, Baltimore, MD  April 30-May 7, 2012

11 courses.  Bonus evening presentations include Ninja Assessments:

Stealth Security testing for Organizations; and Adjusting Our Defenses

for 2012.

http://www.sans.org/cyber-guardian-2012/

- --SANS AppSec 2012, Las Vegas, NV  April 24-May 1, 2012

Listen to two of the best minds in Application Security, Jeremiah

Grossman and Chenxi Wang, at the AppSec Summit. Maximize your training

by also attending one or more of the 4 pre-summit courses.

http://www.sans.org/appsec-2012/

- --SANS Secure Europe 2012, Amsterdam, Netherlands  May 7-19, 2012

12 courses.

http://www.sans.org/secure-amsterdam-2012/

- --SANS Security West 2012, San Diego, CA  May 10-18, 2012

24 courses. Bonus evening presentations include Metametrics - A New

Approach to Information Security Management Metrics; and Malware

Analysis Essentials Using REMnux.

http://www.sans.org/security-west-2012/

- --SANS Rocky Mountain 2012, Denver, CO  June 4-9, 2012

10 courses. Bonus evening presentations include Adjusting Our Defenses

for 2012; and Why Do Organizations Get Compromised?

http://www.sans.org/rocky-mountain-2012/

- --Looking for training in your own community?

http: sans.org/community/ Save on On-Demand training (30 full

courses) - See samples at

http://www.sans.org/ondemand/discounts.php#current

Plus Abu Dhabi, Toronto, Brisbane, and Bangalore all in the next 90 days.

For a list of all upcoming events, on-line and live: www.sans.org

***********************************************************



TOP OF THE NEWS

 --Ex-CIA Director Sees New Phase Of Warfare Where Cyberweapons Create

    Physical Destruction

(March 4, 2012)

US television news magazine 60 Minutes recently ran a segment on

Stuxnet, which was detected in June 2010. Former head of the National

Security Agency and former CIA director Ret. Gen. Michael Hayden tells

60 Minutes, "We have entered into a new phase of conflict in which we

use a cyberweapon to create physical destruction." He goes on to say

that "A cyberweapon doesn't [destroy itself when it is used], so there

are those out there who can take a look at this, study it, and maybe

even attempt to turn it to their own purposes."

http://news.cnet.com/8301-1009_3-57390326-83/60-minutes-profiles-threat-posed-by-stuxnet/



 --Global Arrests And Charges Against Members of Lulzsec Hacking Group

(March 6, 2012)

Law enforcement agents on two continents arrested three and charged two

more members the hacking group LulzSec early this morning, charged with

conspiracy. Law enforcement acted largely on evidence gathered by the

organization's leader -- who sources say has been secretly working for

the government for months.

http://www.foxnews.com/scitech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/#ixzz1oM0suc7h

http://www.foxnews.com/scitech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/

 

 --FCC Seeking Public Comment on Cell Phone Blocking

(March 3, 2012)

The US Federal Communications Commission (FCC) is seeking public comment

on intentional disruptions of wireless communications. The question was

prompted by the shutdown of such services by San Francisco's Bay Area

Rapid Transit (BART) subway police in August 2011 in the hopes of

quelling planned protests. According to the FCC, 70 percent of 911 calls

now come from mobile phones.  The FCC is accepting comments through

April 30, 2012 and will respond by May 30.

http://arstechnica.com/tech-policy/news/2012/03/who-can-shut-down-cell-phone-service-fcc-seeks-public-comment.ars

http://news.cnet.com/8301-1009_3-57389838-83/fcc-seeks-comment-on-police-shutdowns-of-cell-service/

http://transition.fcc.gov/Daily_Releases/Daily_Business/2012/db0301/DA-12-311A1.pdf



***********************  SPONSORED LINKS:  *****************************

1) Webinar: Experts from Google, Identropy, Ping Identity and UnboundID

 discuss 2012 Top Security Threats. 

http://www.sans.org/info/100979



2) Demystifying External Authorization: Oracle Entitlements Server Review

Featuring: Tanya Baccam and Roger Wigenstam

http://www.sans.org/info/100984

************************************************************************



THE REST OF THE WEEK'S NEWS

 --Hackers Stole Michael Jackson's Entire Catalog From Sony

(March 5, 2012)

Authorities in the UK have charged two men in connection with the theft

of Michael Jackson's entire back catalog from Sony servers. The catalog

comprises more than 50,000 tracks and includes a number of unreleased

songs. Sony bought the catalog for US $250 million in 2010. The theft

of the tracks is believed to have been discovered shortly after the Sony

PlayStation network attack last April. The two men have denied the

theft.

http://news.cnet.com/8301-1009_3-57390339-83/michael-jackson-back-catalog-stolen-in-sony-hack/

http://www.bbc.co.uk/newsbeat/17256870

http://www.theregister.co.uk/2012/03/05/jackson_catalogue_hack_charges/

http://www.guardian.co.uk/music/2012/mar/05/michael-jackson-back-catalogue-stolen?newsfeed=true

http://www.wired.com/threatlevel/2012/03/sony-music-hack/



 --Senator Asks FTC to Investigate Google and Apple Over Possible App

    Privacy Violations

(March 5, 2012)

US Senator Chuck Schumer (D-New York) has asked the Federal Trade

Commission (FTC) to investigate Google and Apple over concerns that some

of their Android and iOS applications are collecting users' personal

data and sharing them with third parties. In a letter, Schumer wondered

if the applications are violating citizens' privacy rights, noting that

there have been accusations that the applications' data collection

practices go "beyond what a reasonable user understands himself to be

consenting to when he allows an app to access data on the phone for

purposes of ... functionality." The FTC has not yet responded to

Schumer's request.

http://www.v3.co.uk/v3-uk/news/2157055/ftc-investigate-apple-google-personal-collection

http://news.cnet.com/8301-1009_3-57390567-83/new-york-senator-asks-ftc-to-investigate-google-apple/

[Editor's Note (Pescatore): In the past the FTC has gone a very good job

(using existing regulations and regulatory authority) to police privacy

violations. It would be good to see attention paid to privacy when we

are still relatively early in the evolution of mobile apps.

(Ullrich): This is a usability vs. granular access control issue. Right

now, mobile operating systems define "super permissions" like Internet

access and access to the address book that implicitly include access to

images. However, offering the user a large list of security access

control will likely cause more confusion and lead to the same "click

accept to make it work" issue that has broken so many other security

controls.

(Murray): Are Apple and Google to be guilty for attempting, but failing,

to do the right thing while Microsoft, Adobe et. al., are innocent by

virtue of not trying?]



 --Google Updates Chrome

(March 5, 2012)

Google has released a new stable version of its Chrome browser. The

newest version of Chrome addresses 17 vulnerabilities and includes an

update for the bundled Flash Player. The browser will be automatically

updated. Google said it paid researchers between US $500 and US $3,000

for the flaws they reported.

http://www.h-online.com/security/news/item/Chrome-security-update-and-researchers-bonuses-1463415.html

http://www.computerworld.com/s/article/9224881/Google_patches_14_Chrome_bugs_pays_record_47K_in_bounties_and_bonuses?taxonomyId=17



 --Adobe Issues Another Flash Player Fix

(March 5, 2012)

Adobe has issued a fix for Flash Player to address two security flaws;

the update comes less than three weeks after Adobe last patched Flash.

One of the flaws is a memory corruption vulnerability, which could be

exploited to execute code. The second flaw is an information disclosure

issue. Neither flaw is being actively exploited. The February 15 patch

addressed seven flaws, one of which was being actively exploited at the

time. Administrators are urged to apply the most recent update within

30 days.

http://www.computerworld.com/s/article/9224885/Adobe_patches_Flash_Player_for_second_time_in_20_days?taxonomyId=17

http://krebsonsecurity.com/2012/03/adobe-patches-critical-flash-flaws/

[Editor's Note (Ullrich): Adobe released the bulletin and update

yesterday, but the version of Flash player offered on the Adobe site

today is still the old vulnerable version. Adobe also released a tool

to investigate flash issues (see

http://www.adobe.com/devnet/security/articles/inroducing-adobe-swf-investigator.html)

(Murray): Flash is "historically broken."  Get over it.]



 --US Authorities Start Extradition Process in Megaupload Case

(March 5, 2012)

US federal prosecutors have filed paper work in New Zealand to begin the

extradition process of Megaupload founder Kim Dotcom. The request also

seeks the extradition of three additional Megaupload senior staff

members: Mathias Ortmann, Bran van der Kolk, and Finn Batato. The people

named in the papers are accused of racketeering, copyright infringement,

money laundering, wire fraud, and other charges. Dotcom was arrested in

New Zealand in January and has been released on bail.

http://www.bbc.co.uk/news/technology-17257308

http://www.wired.com/threatlevel/2012/03/dotcom-extradition/



 --Anonymous Hacking Tool Infected With Trojan

(March 5, 2012)

Some supporters of the Anonymous hacking collective who believed they

were downloading only a distributed denial-of-service (DDoS) attack tool

were actually tricked into downloading Zeus malware onto their computers

as well. This variant harvests email passwords and online banking

account access credentials. The users thought they were downloading

Slowloris, but the software was infected with the ZeuS variant.

http://www.computerworld.com/s/article/9224856/Hacker_on_hacker_Zeus_bot_master_dupes_Anonymous_backers_into_installing_password_stealer?taxonomyId=17

http://www.informationweek.com/news/security/attacks/232602010

http://www.zdnet.com/blog/security/anonymous-reacts-to-symantec-trojan-report/10485



 --NASA Suffered Intrusion at Jet Propulsion Lab

(March 1, 2 & 5, 2012)

More details are emerging about the depth of intrusion hackers have made

into NASA networks over the last several years. In testimony provided

to a Congressional panel last week, NASA inspector general Paul Martin

said that intruders gained "full functional control" of computers

systems at Jet Propulsion Laboratory in late 2011. The attack appeared

to originate from IP addresses in China. In 2010 and 2011, NASA

experienced more than 5,400 cyber security incidents. Martin said two

factors play heavily into NASA's networks as cyber targets: the value

of the data they hold and the large number of entry points.

http://www.telegraph.co.uk/technology/news/9123276/Hackers-had-full-control-of-hijacked-Nasa-network.html

http://www.bbc.co.uk/news/technology-17231695

http://www.wired.com/threatlevel/2012/03/jet-propulsion-lab-hacked/

http://www.usatoday.com/tech/science/space/story/2012-03-05/nasa-cybersecurity-lawmakers/53372826/1

http://latimesblogs.latimes.com/lanow/2012/03/jpl-computers-hacked-repeatedly-in-2010-and-2011-nasa-report-says.html



 --Cable Modem Hacker Convicted

(March 2, 2012)

A jury in federal court in Boston has convicted Ryan Harris of seven

counts of wire fraud for helping people steal Internet service. Harris

was involved in selling hacked cable modems and software that helped

people circumvent device restrictions such as bandwidth limits. Harris

faces up to 20 years in prison and a fine of up to US $250,000 for each

count.

http://www.computerworld.com/s/article/9224838/Ore._man_convicted_for_helping_thousands_steal_Internet_service?taxonomyId=17

http://www.wired.com/threatlevel/2012/03/ryan-harris-convicted/



 --Federal Agencies and Fortune 500 Companies Eradicating DNSChanger

(March 1, 2012)

US federal agencies appear to be making headway into identifying

computers infected with DNSChanger and scrubbing the malware from

machines. A month ago, data suggested that half of Fortune 500 companies

and US government agencies were still infected with DNSChanger. As of

February 23, the number of companies still infected was down to 94, and

just three government agencies still had infected machines, according

to a member of the DNSChanger Working Group. The infected computers are

communicating with servers run by the Internet Systems Consortium, which

has a court order to operate them until Thursday, March 8.

http://gcn.com/articles/2012/03/01/rsa-13-federal-dnschanger-cleanup.aspx

[Editor's Note (Murray): Such precise counts suggest that identifying

them is easy.  How much more difficult can it be to isolate or cleanse

them?

(Northcutt): The working group also has instructions for home users to

see if they are infected:

http://www.dcwg.org/checkup.html 

(Honan): The court order has was extended today to the 9th of July 2012

http://www.marketwatch.com/story/iid-reports-downturn-in-fortune-500-and-major-us-government-agencies-infected-with-dnschanger-malware-2012-03-05#]



************************************************************************

The Editorial Board of SANS NewsBites



John Pescatore is Vice President at Gartner Inc.; he has worked in

computer and network security since 1978.



Stephen Northcutt founded the GIAC certification and is President of

STI, The Premier Skills-Based Cyber Security Graduate School,

www.sans.edu.



Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm

Center and Dean of the Faculty of the graduate school at the SANS

Technology Institute.



Ed Skoudis is co-founder of CounterHackChallenges, the nation's top

producer of cyber ranges, simulations, and competitive challenges, now

used from high schools to the Air Force. He is also author and lead

instructor of the SANS Hacker Exploits and Incident Handling course, and

Penetration Testing course..



William Hugh Murray is an executive consultant and trainer in

Information Assurance and Associate Professor at the Naval Postgraduate

School.



Rob Lee is the curriculum lead instructor for the SANS Institute's

computer forensic courses (computer-forensics.sans.org) and a Director

at the incident response company Mandiant.



Rohit Dhamankar is a security professional currently involved in

independent security research.



Tom Liston is a Senior Security Consultant and Malware Analyst for

InGuardians, a handler for the SANS Institute's Internet Storm Center,

and co-author of the book Counter Hack Reloaded.



Dr. Eric Cole is an instructor, author and fellow with The SANS

Institute. He has written five books, including Insider Threat and he

is a founder with Secure Anchor Consulting.



Ron Dick directed the National Infrastructure Protection Center (NIPC)

at the FBI and served as President of the InfraGard National

Members Alliance - with more than 22,000 members.



Mason Brown is one of a very small number of people in the information

security field who have held a top management position in a Fortune 50

company (Alcoa).  He is leading SANS' global initiative to improve

application security.



David Hoelzer is the director of research & principal examiner for

Enclave Forensics and a senior fellow with the SANS Technology

Institute.



Alan Paller is director of research at the SANS Institute.



Marcus J. Ranum built the first firewall for the White House and is

widely recognized as a security products designer and industry

innovator.



Clint Kreitner is the founding President and CEO of The Center for

Internet Security.



Brian Honan is an independent security consultant based in Dublin, Ireland.



David Turley is SANS infrastructure manager and serves as production

manager and final editor on SANS NewsBites.



Please feel free to share this with interested parties via email, but

no posting is allowed on web sites. For a free subscription, (and for

free posters) or to update a current subscription, visit

http://portal.sans.org/





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk9WTg8ACgkQ+LUG5KFpTkbdtACfX0oYOFgK1K3du3tdhMELccJ6
TeYAn2bSUYvBrJhLGnsf3AKmohKNPWe4
=YR3G
-----END PGP SIGNATURE-----



Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.