NETSEC Archives
Date Prev | Date Next |
Date Index |
Author Index |
Historical
[Netsec] SANS NewsBites Vol. 14 Num. 19 : Ex-CIA Director Sees New Phase Of Warfare Where Cyberweapons Create Physical Destruction; Lulzsec Arrests; FCC Seeking Comment on Cell Phone Blocking
- From: The SANS Institute
- Date: Tue Mar 06 13:45:07 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
**************************************************************************
SANS NewsBites March 6, 2012 Vol. 14, Num. 019
**************************************************************************
TOP OF THE NEWS
Ex-CIA Director Sees New Phase Of Warfare Where Cyberweapons Create
Physical Destruction
Global Arrests And Charges Against Members of Lulzsec Hacking Group
FCC Seeking Public Comment on Cell Phone Blocking
THE REST OF THE WEEK'S NEWS
Hackers Stole Michael Jackson's Entire Catalog From Sony
Senator Asks FTC to Investigate Google and Apple Over Possible App
Privacy Violations
Google Updates Chrome
Adobe Issues Another Flash Player Fix
US Authorities Start Extradition Process in Megaupload Case
Anonymous Hacking Tool Infected With Trojan
NASA Suffered Intrusion at Jet Propulsion Lab
Cable Modem Hacker Convicted
Federal Agencies and Fortune 500 Companies Eradicating DNSChanger
********************** SPONSORED BY F5 Networks, Inc. ******************
WHITE PAPER: THE NEW DATA CENTER FIREWALL PARADIGM
The increasing sophistication, frequency, and diversity of today's
network attacks are overwhelming conventional stateful security devices
at the edge of the data center. Learn how to combat modern attacks while
reducing capital expenditures. Download The New Data Center Firewall
Paradigm
http://www.sans.org/info/100974
**************************************************************************
TRAINING UPDATE
- -- SANS Mobile Device Security Summit: The Growing and Constantly
Changing Challenge, Nashville, TN
Summit: March 12-13, 2012; Post-Summit Courses: March 14-15, 2012
Mobile device security experts and practitioners from organizations
that have implemented successful programs will discuss the most
promising approaches to this new and evolving challenge.
http://www.sans.org/mobile-device-security-summit-2012/
- --SANS 2012, Orlando, FL March 23-29, 2012
40 courses. Bonus evening presentations include Exploiting
Vulnerabilities: 60 Minutes from Discovery to Exploit; Evolving
Threats; and Harbinger of Evil: The Forensic Art of Finding Malware.
http://www.sans.org/sans-2012/
- --SANS Northern Virginia 2012, Reston, VA April 15-20, 2012
7 courses. Bonus evening presentations include Linux Forensics for
Non-Linux Folks; and Who Do You Trust? SSL and TLS Under Attack
http://www.sans.org/northern-virginia-2012/
- --SANS Cyber Guardian 2012, Baltimore, MD April 30-May 7, 2012
11 courses. Bonus evening presentations include Ninja Assessments:
Stealth Security testing for Organizations; and Adjusting Our Defenses
for 2012.
http://www.sans.org/cyber-guardian-2012/
- --SANS AppSec 2012, Las Vegas, NV April 24-May 1, 2012
Listen to two of the best minds in Application Security, Jeremiah
Grossman and Chenxi Wang, at the AppSec Summit. Maximize your training
by also attending one or more of the 4 pre-summit courses.
http://www.sans.org/appsec-2012/
- --SANS Secure Europe 2012, Amsterdam, Netherlands May 7-19, 2012
12 courses.
http://www.sans.org/secure-amsterdam-2012/
- --SANS Security West 2012, San Diego, CA May 10-18, 2012
24 courses. Bonus evening presentations include Metametrics - A New
Approach to Information Security Management Metrics; and Malware
Analysis Essentials Using REMnux.
http://www.sans.org/security-west-2012/
- --SANS Rocky Mountain 2012, Denver, CO June 4-9, 2012
10 courses. Bonus evening presentations include Adjusting Our Defenses
for 2012; and Why Do Organizations Get Compromised?
http://www.sans.org/rocky-mountain-2012/
- --Looking for training in your own community?
http: sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Abu Dhabi, Toronto, Brisbane, and Bangalore all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
***********************************************************
TOP OF THE NEWS
--Ex-CIA Director Sees New Phase Of Warfare Where Cyberweapons Create
Physical Destruction
(March 4, 2012)
US television news magazine 60 Minutes recently ran a segment on
Stuxnet, which was detected in June 2010. Former head of the National
Security Agency and former CIA director Ret. Gen. Michael Hayden tells
60 Minutes, "We have entered into a new phase of conflict in which we
use a cyberweapon to create physical destruction." He goes on to say
that "A cyberweapon doesn't [destroy itself when it is used], so there
are those out there who can take a look at this, study it, and maybe
even attempt to turn it to their own purposes."
http://news.cnet.com/8301-1009_3-57390326-83/60-minutes-profiles-threat-posed-by-stuxnet/
--Global Arrests And Charges Against Members of Lulzsec Hacking Group
(March 6, 2012)
Law enforcement agents on two continents arrested three and charged two
more members the hacking group LulzSec early this morning, charged with
conspiracy. Law enforcement acted largely on evidence gathered by the
organization's leader -- who sources say has been secretly working for
the government for months.
http://www.foxnews.com/scitech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/#ixzz1oM0suc7h
http://www.foxnews.com/scitech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/
--FCC Seeking Public Comment on Cell Phone Blocking
(March 3, 2012)
The US Federal Communications Commission (FCC) is seeking public comment
on intentional disruptions of wireless communications. The question was
prompted by the shutdown of such services by San Francisco's Bay Area
Rapid Transit (BART) subway police in August 2011 in the hopes of
quelling planned protests. According to the FCC, 70 percent of 911 calls
now come from mobile phones. The FCC is accepting comments through
April 30, 2012 and will respond by May 30.
http://arstechnica.com/tech-policy/news/2012/03/who-can-shut-down-cell-phone-service-fcc-seeks-public-comment.ars
http://news.cnet.com/8301-1009_3-57389838-83/fcc-seeks-comment-on-police-shutdowns-of-cell-service/
http://transition.fcc.gov/Daily_Releases/Daily_Business/2012/db0301/DA-12-311A1.pdf
*********************** SPONSORED LINKS: *****************************
1) Webinar: Experts from Google, Identropy, Ping Identity and UnboundID
discuss 2012 Top Security Threats.
http://www.sans.org/info/100979
2) Demystifying External Authorization: Oracle Entitlements Server Review
Featuring: Tanya Baccam and Roger Wigenstam
http://www.sans.org/info/100984
************************************************************************
THE REST OF THE WEEK'S NEWS
--Hackers Stole Michael Jackson's Entire Catalog From Sony
(March 5, 2012)
Authorities in the UK have charged two men in connection with the theft
of Michael Jackson's entire back catalog from Sony servers. The catalog
comprises more than 50,000 tracks and includes a number of unreleased
songs. Sony bought the catalog for US $250 million in 2010. The theft
of the tracks is believed to have been discovered shortly after the Sony
PlayStation network attack last April. The two men have denied the
theft.
http://news.cnet.com/8301-1009_3-57390339-83/michael-jackson-back-catalog-stolen-in-sony-hack/
http://www.bbc.co.uk/newsbeat/17256870
http://www.theregister.co.uk/2012/03/05/jackson_catalogue_hack_charges/
http://www.guardian.co.uk/music/2012/mar/05/michael-jackson-back-catalogue-stolen?newsfeed=true
http://www.wired.com/threatlevel/2012/03/sony-music-hack/
--Senator Asks FTC to Investigate Google and Apple Over Possible App
Privacy Violations
(March 5, 2012)
US Senator Chuck Schumer (D-New York) has asked the Federal Trade
Commission (FTC) to investigate Google and Apple over concerns that some
of their Android and iOS applications are collecting users' personal
data and sharing them with third parties. In a letter, Schumer wondered
if the applications are violating citizens' privacy rights, noting that
there have been accusations that the applications' data collection
practices go "beyond what a reasonable user understands himself to be
consenting to when he allows an app to access data on the phone for
purposes of ... functionality." The FTC has not yet responded to
Schumer's request.
http://www.v3.co.uk/v3-uk/news/2157055/ftc-investigate-apple-google-personal-collection
http://news.cnet.com/8301-1009_3-57390567-83/new-york-senator-asks-ftc-to-investigate-google-apple/
[Editor's Note (Pescatore): In the past the FTC has gone a very good job
(using existing regulations and regulatory authority) to police privacy
violations. It would be good to see attention paid to privacy when we
are still relatively early in the evolution of mobile apps.
(Ullrich): This is a usability vs. granular access control issue. Right
now, mobile operating systems define "super permissions" like Internet
access and access to the address book that implicitly include access to
images. However, offering the user a large list of security access
control will likely cause more confusion and lead to the same "click
accept to make it work" issue that has broken so many other security
controls.
(Murray): Are Apple and Google to be guilty for attempting, but failing,
to do the right thing while Microsoft, Adobe et. al., are innocent by
virtue of not trying?]
--Google Updates Chrome
(March 5, 2012)
Google has released a new stable version of its Chrome browser. The
newest version of Chrome addresses 17 vulnerabilities and includes an
update for the bundled Flash Player. The browser will be automatically
updated. Google said it paid researchers between US $500 and US $3,000
for the flaws they reported.
http://www.h-online.com/security/news/item/Chrome-security-update-and-researchers-bonuses-1463415.html
http://www.computerworld.com/s/article/9224881/Google_patches_14_Chrome_bugs_pays_record_47K_in_bounties_and_bonuses?taxonomyId=17
--Adobe Issues Another Flash Player Fix
(March 5, 2012)
Adobe has issued a fix for Flash Player to address two security flaws;
the update comes less than three weeks after Adobe last patched Flash.
One of the flaws is a memory corruption vulnerability, which could be
exploited to execute code. The second flaw is an information disclosure
issue. Neither flaw is being actively exploited. The February 15 patch
addressed seven flaws, one of which was being actively exploited at the
time. Administrators are urged to apply the most recent update within
30 days.
http://www.computerworld.com/s/article/9224885/Adobe_patches_Flash_Player_for_second_time_in_20_days?taxonomyId=17
http://krebsonsecurity.com/2012/03/adobe-patches-critical-flash-flaws/
[Editor's Note (Ullrich): Adobe released the bulletin and update
yesterday, but the version of Flash player offered on the Adobe site
today is still the old vulnerable version. Adobe also released a tool
to investigate flash issues (see
http://www.adobe.com/devnet/security/articles/inroducing-adobe-swf-investigator.html)
(Murray): Flash is "historically broken." Get over it.]
--US Authorities Start Extradition Process in Megaupload Case
(March 5, 2012)
US federal prosecutors have filed paper work in New Zealand to begin the
extradition process of Megaupload founder Kim Dotcom. The request also
seeks the extradition of three additional Megaupload senior staff
members: Mathias Ortmann, Bran van der Kolk, and Finn Batato. The people
named in the papers are accused of racketeering, copyright infringement,
money laundering, wire fraud, and other charges. Dotcom was arrested in
New Zealand in January and has been released on bail.
http://www.bbc.co.uk/news/technology-17257308
http://www.wired.com/threatlevel/2012/03/dotcom-extradition/
--Anonymous Hacking Tool Infected With Trojan
(March 5, 2012)
Some supporters of the Anonymous hacking collective who believed they
were downloading only a distributed denial-of-service (DDoS) attack tool
were actually tricked into downloading Zeus malware onto their computers
as well. This variant harvests email passwords and online banking
account access credentials. The users thought they were downloading
Slowloris, but the software was infected with the ZeuS variant.
http://www.computerworld.com/s/article/9224856/Hacker_on_hacker_Zeus_bot_master_dupes_Anonymous_backers_into_installing_password_stealer?taxonomyId=17
http://www.informationweek.com/news/security/attacks/232602010
http://www.zdnet.com/blog/security/anonymous-reacts-to-symantec-trojan-report/10485
--NASA Suffered Intrusion at Jet Propulsion Lab
(March 1, 2 & 5, 2012)
More details are emerging about the depth of intrusion hackers have made
into NASA networks over the last several years. In testimony provided
to a Congressional panel last week, NASA inspector general Paul Martin
said that intruders gained "full functional control" of computers
systems at Jet Propulsion Laboratory in late 2011. The attack appeared
to originate from IP addresses in China. In 2010 and 2011, NASA
experienced more than 5,400 cyber security incidents. Martin said two
factors play heavily into NASA's networks as cyber targets: the value
of the data they hold and the large number of entry points.
http://www.telegraph.co.uk/technology/news/9123276/Hackers-had-full-control-of-hijacked-Nasa-network.html
http://www.bbc.co.uk/news/technology-17231695
http://www.wired.com/threatlevel/2012/03/jet-propulsion-lab-hacked/
http://www.usatoday.com/tech/science/space/story/2012-03-05/nasa-cybersecurity-lawmakers/53372826/1
http://latimesblogs.latimes.com/lanow/2012/03/jpl-computers-hacked-repeatedly-in-2010-and-2011-nasa-report-says.html
--Cable Modem Hacker Convicted
(March 2, 2012)
A jury in federal court in Boston has convicted Ryan Harris of seven
counts of wire fraud for helping people steal Internet service. Harris
was involved in selling hacked cable modems and software that helped
people circumvent device restrictions such as bandwidth limits. Harris
faces up to 20 years in prison and a fine of up to US $250,000 for each
count.
http://www.computerworld.com/s/article/9224838/Ore._man_convicted_for_helping_thousands_steal_Internet_service?taxonomyId=17
http://www.wired.com/threatlevel/2012/03/ryan-harris-convicted/
--Federal Agencies and Fortune 500 Companies Eradicating DNSChanger
(March 1, 2012)
US federal agencies appear to be making headway into identifying
computers infected with DNSChanger and scrubbing the malware from
machines. A month ago, data suggested that half of Fortune 500 companies
and US government agencies were still infected with DNSChanger. As of
February 23, the number of companies still infected was down to 94, and
just three government agencies still had infected machines, according
to a member of the DNSChanger Working Group. The infected computers are
communicating with servers run by the Internet Systems Consortium, which
has a court order to operate them until Thursday, March 8.
http://gcn.com/articles/2012/03/01/rsa-13-federal-dnschanger-cleanup.aspx
[Editor's Note (Murray): Such precise counts suggest that identifying
them is easy. How much more difficult can it be to isolate or cleanse
them?
(Northcutt): The working group also has instructions for home users to
see if they are infected:
http://www.dcwg.org/checkup.html
(Honan): The court order has was extended today to the 9th of July 2012
http://www.marketwatch.com/story/iid-reports-downturn-in-fortune-500-and-major-us-government-agencies-infected-with-dnschanger-malware-2012-03-05#]
************************************************************************
The Editorial Board of SANS NewsBites
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of
STI, The Premier Skills-Based Cyber Security Graduate School,
www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of CounterHackChallenges, the nation's top
producer of cyber ranges, simulations, and competitive challenges, now
used from high schools to the Air Force. He is also author and lead
instructor of the SANS Hacker Exploits and Incident Handling course, and
Penetration Testing course..
William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate
School.
Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in
independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for
InGuardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and served as President of the InfraGard National
Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAk9WTg8ACgkQ+LUG5KFpTkbdtACfX0oYOFgK1K3du3tdhMELccJ6
TeYAn2bSUYvBrJhLGnsf3AKmohKNPWe4
=YR3G
-----END PGP SIGNATURE-----
|
