Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

NETSEC Archives

Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] SANS NewsBites Vol. 14 Num. 29 : Mobile Device Security Concerns, Economic Development Administration Offline for Months Following Malware Infection

  • From: The SANS Institute
  • Date: Tue Apr 10 15:19:16 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are a Facebook developer and are willing to help Consumer Reports
Magazine with a cool story, email apaller@xxxxxxxx describing your
Facebook development experience.
                                  Alan
PS SANS largest and coolest Washington DC training program, SANSFIRE
2012, is now open for registration at http://www.sans.org/sansfire-2012/

**************************************************************************
SANS NewsBites                April 10, 2012             Vol. 14, Num. 029
**************************************************************************
TOP OF THE NEWS
  Economic Development Administration Offline for Months Following
    Malware Infection
  Mobile Device Security Concerns
THE REST OF The WEEK'S NEWS
    Megaupload Data Storage Debate Continues
    US Dept. of Homeland Security Awards Contract for Gaming Console Hack
    Tool Detects Flashback on Macs
    What Information Does Facebook Give Law Enforcement When Subpoenaed?
    EU Considering Legislative Proposal That Would Criminalize Hacking Tools
    Apple Issues Second Fix to Stop Spread of Flashback Trojan
    Former Intel Engineer Pleads Guilty to Stealing Sensitive Company Documents
    More Details About Utah Medicaid Files Breach
    Twitter Sues Five Entities for Spamming

************************  SPONSORED BY SANS  *****************************

Less than 9 percent of organizations have full awareness off the mobile
devices accessing their enterprise resources! Join us to learn more
results from the SANS First Annual Mobility Security Survey and gain
practical advice for securely supporting mobility/BYOD in the
enterprise, Thursday, April 12, 1 PM EDT

http://www.sans.org/info/103249
**************************************************************************
TRAINING UPDATE
- --SANS Northern Virginia 2012, Reston, VA  April  15-20, 2012
7 courses.  Bonus evening presentations include Linux Forensics for
Non-Linux Folks; and Who Do You Trust? SSL and TLS Under Attack
http://www.sans.org/northern-virginia-2012/
- --SANS Cyber Guardian 2012, Baltimore, MD  April 30-May 7, 2012
11 courses.  Bonus evening presentations include Ninja Assessments:
Stealth Security testing for Organizations; and Adjusting Our Defenses
for 2012.
http://www.sans.org/cyber-guardian-2012/
- --SANS AppSec 2012, Las Vegas, NV  April 24-May 1, 2012
Listen to two of the best minds in Application Security, Jeremiah
Grossman and Chenxi Wang, at the AppSec Summit. Maximize your training
by also attending one or more of the 4 pre-summit courses.
http://www.sans.org/appsec-2012/
- --SANS Secure Europe 2012, Amsterdam, Netherlands  May 7-19, 2012
10 courses.
http://www.sans.org/secure-amsterdam-2012/
- --SANS Security West 2012, San Diego, CA  May 10-18, 2012
24 courses. Bonus evening presentations include Metametrics - A New
Approach to Information Security Management Metrics; and Malware
Analysis Essentials Using REMnux.
http://www.sans.org/security-west-2012/
- --SANS Toronto 2012, Toronto, ON  May 14-19, 2012
5 courses. Bonus evening presentations include I've Been Geo-Stalked!
Now What? And What Should Keep You Up at Night: The Big Picture and
Emerging Threats.
http://www.sans.org/toronto-2012/
- --SANS Rocky Mountain 2012, Denver, CO  June 4-9, 2012
10 courses. Bonus evening presentations include Adjusting Our Defenses
for 2012; and Why Do Organizations Get Compromised?
http://www.sans.org/rocky-mountain-2012/
- --Forensics & Incident Response Summit & Training, Austin, TX June 20-27, 2012
Pre-Summit Courses: June 20-25, 2012; Summit: June 26-27, 2012
Techniques and solutions to aid organizations and agencies responding
to crimes and attacks.  Maximize your training by also attending one or
more of the 4 pre-summit courses.
http://www.sans.org/forensics-incident-response-summit-2012/
- --SANS Canberra 2012, Canberra, Australia   July 2-10, 2012
5 courses.
http://www.sans.org/canberra-2012/
- --SANSFIRE 2012, Washington, DC   July 6-15, 2012
44 courses. Bonus evening presentations include Authentication Issues
Between Entities During Protocol Message Exchange in SCADA Systems;
Critical Infrastructure Control Systems Cybersecurity; and Why Don't We
Consider Our Cars Critical Infrastructure?
http://www.sans.org/sansfire-2012/
- --Looking for training in your own community?
http: sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Johannesburg, Atlanta, Brisbane, Jakarta, and Malaysia all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
***********************************************************
TOP OF THE NEWS
 --Economic Development Administration Offline for Months Following
    Malware Infection
(April 9, 2012)
When the computer systems at the US Commerce Department's Economic
Development Administration became infected with malware months ago, the
bureau unplugged the system from the Internet. The Economic Development
Administration (EDA) a small bureau within the Commerce Department which
provides grants to distressed communities. The security teams have not
been able to isolate the malware and clean the system. The offices are
reverting to old fashioned communications technologies: fax machines,
telephones, and written phone messages. Employees have contacted clients
to ask how they would prefer to communicate without the Internet. EDA
has noted that the situation has increased human interaction.
http://www.washingtonpost.com/politics/for-agency-a-loss-of-technology-has-had-down--and-upsides/2012/04/08/gIQAvpAY5S_story.html?hpid=z9
http://www.gcn.com/articles/2012/04/09/commerce-agency-offline-12-weeks-after-virus-hits.aspx

 --Mobile Device Security Concerns
(April 9, 2012)
Two separate studies of mobile devices have found serious privacy and
security issues. One of the studies found that smartphones and tablet
PCs can be eavesdropped on when they are being used to make purchases,
conduct online banking transactions, or access VPNs (virtual private
networks). Another study uncovered a number of ways to break into
Apple's iOS, its operating system for mobile devices. It is likely that
cyber criminals will increasingly turn to mobile devices in their
attacks as the devices become more and more commonplace in business
transactions.
http://www.usatoday.com/tech/news/story/2012-04-08/smartphone-security-flaw/54122468/1
[Editor's Note (Murray): That said, at least for the moment, one is
safer conducting financial transactions from an iOS device than from a
PC.  Not all vulnerabilities are problems, not all problems are the same
size.  Harry DeMaio likes to say "Doing business on the Internet is like
doing business in Times Square."  Still, a lot of business is done
there.  There are even ATMs there. ]

*************************** Sponsored Link:  **************************
1) Special Webcast: PCI - Top 5 Issues and Best Practices Surrounding
Privileged Passwords and PCI Compliance: Sponsored by Quest Software
http://www.sans.org/info/103254

************************************************************************

THE REST OF THE WEEK'S NEWS
 --Megaupload Data Storage Debate Continues
(April 9, 2012)
A Megaupload defense attorney maintains that the government has "cherry
picked" data from servers to bolster its case against Megaupload, and
to allow the destruction of the data now could potentially destroy
evidence that would prove beneficial to the defense. The staggering
volume of data - 25 petabytes - are currently being stored on servers
at US hosting company Carpathia, but because Megaupload's assets are
frozen, Carpathia is shouldering the US $9,000 daily cost of maintain
the data. A hearing on the matter is scheduled for Friday, April 13.
Carpathia wants the judge to relieve it of the burden the cost of
maintaining the data; an Ohio businessman wants the data preserved
because he has legitimate files stored on the servers and wants them
returned; the Motion Picture association of America (MPAA) wants the
data preserved so they can be used in future copyright infringement
lawsuits; and Carpathia and Megaupload have suggested a proposal wherein
Megaupload would purchase the servers and bear the cost of maintain the
data, but the government so far has refused to unfreeze the company's
assets.
http://www.wired.com/threatlevel/2012/04/megaupload-defense-hobbled/
[Editor's Note (Honan): This story should serve as an example to those
moving to the cloud that backups and business continuity strategies are
just as important in the cloud as they are in legacy hosting
environments.]

 --US Dept. of Homeland Security Awards Contract for Gaming Console Hack
(April 9, 2012)
The US Department of Homeland security (DHS) has awarded a California
company a contract worth nearly US $180,000 to develop a tool that can
harvest data from gaming consoles, like the Xbox 360, Wii, and
PlayStation 3. Obscure technologies won the contract and will develop
hardware and software tools to perform the functions, the company will
also have to purchase gaming consoles from outside the US to see  what
data left behind by former users can be harvested. DHS plans to use the
technology only on devices owned by people outside the US; the research
is aimed at targeting pedophiles and terrorists who communicate through
the consoles.
http://www.wired.com/threatlevel/2012/04/game-console-hack/
http://rt.com/usa/news/dhs-crack-video-game-624/
[Editor's Note (Honan): The Wired article quotes Simson Garfinkel, a
computer science professor associated with the project, as saying "We
do not wish to work with data regarding U.S. persons due to Privacy Act
considerations. If we find data on U.S. citizens in consoles purchased
overseas, we remove the data from our corpus."  Mr. Garfinkel should be
made aware that the European Union has even stricter privacy laws which
they will also need to respect.]

 --Tool Detects Flashback on Macs
(April 6 & 9, 2012)
A software engineer has posted a tool that allows people running Apple
computers to find out whether or not their machines are infected with
the Flashback malware. The tool, called FlashBack Checker, was developed
by software engineer Juan Leon, who works at Garmin International. Users
whose machines are infected can use commercial security software to
remove the malware from their computers. Estimates suggest that more
than 600,000 Macs have been infected with Flashback.
http://arstechnica.com/apple/news/2012/04/checking-for-mac-flashback-infestation-theres-an-app-for-that.ars
http://www.computerworld.com/s/article/9225986/Free_tool_detects_Flashback_Mac_malware_pestilence?taxonomyId=17
http://www.bbc.co.uk/news/science-environment-17623422
http://news.cnet.com/8301-1009_3-57410702-83/flashback-the-largest-mac-malware-threat-yet-experts-say/

 --What Information Does Facebook Give Law Enforcement When Subpoenaed?
(April 7, 2012)
When law enforcement authorities subpoena Facebook for account
information, the social networking site sends pages of information,
including photographs and their captions; the dates the pictures were
uploaded; who uploaded them; people tagged; wall posts; messages;
contact lists; and past activity. The Boston Phoenix published a
document that Facebook provided to Boston police during their search for
the Craigslist killer. The document was released publicly. The Phoenix
took pains to redact any information about the killer's contacts. The
packet of information Facebook provides to law enforcement authorities
reveals data about the target user as well as about the user's contacts.
http://www.zdnet.com/blog/facebook/heres-what-facebook-sends-the-cops-in-response-to-a-subpoena/11528

 --EU Considering Legislative Proposal That Would Criminalize Hacking Tools
(April 6, 2012)
The European Commission's Civil Liberties Committee has passed proposed
legislation that would criminalize the production and sale of hacking
tools. The law is part of an effort to strengthen punishments for
malicious cyber attacks. It would impose a sentence of up to five years
in prison for breaking into a website or using a botnet to launch a
distributed denial-of-service (DDoS) attack. The proposal still faces
hurdles before becoming law. Civil liberties groups have expressed
concern that the law would criminalize activity of legitimate cyber
security researchers. Some are arguing that the law needs to consider
intent instead of broadly criminalizing the creation, possession, and
use of such tools.
http://www.wired.com/threatlevel/2012/04/hacking-tools/
[Editor's Note (Murray): This "attractive" idea surfaces every few
years.  The problem is that it is impossible to distinguish between
"hacking" tools and "audit" tools except by looking at how they are
used.]

 --Apple Issues Second Fix to Stop Spread of Flashback Trojan
(April 6, 2012)
Apple has released a second update to help protect users from the
Flashback Trojan horse program. The new variant of the malware exploits
a vulnerability in Java to infect computers. It is not clear what the
second patch does, but it is just for Mac OS X 10.7, which is known as
Lion. Oracle released fixes for the Java vulnerability in February, but
Apple had not released a fix until last week, when news of the malware
variant exploiting the flaw broke. Apple has a reputation for dragging
its feet on releasing patches for third party products. The new variant
of Flashback can infect computers when users simply visit
specially-crafted web pages.
http://www.scmagazine.com/apple-releases-another-update-to-quell-flashback-spread/article/235566/
http://www.technolog.msnbc.msn.com/technology/technolog/half-million-macs-infected-apple-issues-second-anti-malware-patch-674423
[Editor's Note (Frantzen): The press is jumping to conclusions.
See: http://prod.lists.apple.com/archives/java-dev/2012/Apr/msg00022.html 
(Murray): "Fixes" are difficult.  Fixes that do not break anything else
may be even more so.  It is almost always cheaper to do it right the
first time.  Software developers appear resistant to this idea.]

 --Former Intel Engineer Pleads Guilty to Stealing Sensitive Company Documents
(April 9, 2012)
A man who once worked at Intel designing Itanium processors has pleaded
guilty to stealing confidential information from the company. Biswamohan
Pani resigned from Intel on May 29, 2008 and used his accrued vacation
time to take leave through June 11. However, Pani began working at
Advanced Micro Devices (AMD), an Intel rival, on June 2, while he still
had access to Intel servers. But in the days before his June 11 exit
interview, Pani downloaded 13 proprietary Intel design documents and
copied them from his Intel-issued laptop to an external drive. He
apparently attempted to access Intel servers again on June 13 because
he had not completed the procedure that would have allowed him to view
the encrypted documents offline. AMD did not request the information
from Pani, nor did his new employer know that he had taken the
documents.
http://www.computerworld.com/s/article/9225948/Former_Intel_employee_pleads_guilty_to_stealing_documents?taxonomyId=17
http://www.theregister.co.uk/2012/04/09/intel_ex_engineer_spy_pleads_guilty/
http://www.eweek.com/c/a/IT-Infrastructure/ExIntel-Employee-Pleads-Guilty-to-Stealing-Confidential-Documents-381709/

 --More Details About Utah Medicaid Files Breach
(April 9, 2012)
Hackers believed to be based in Eastern Europe appear to have stolen
personal information from a Utah Department of Technology Services
server; the breach affects more than 180,000 people. Initially, the
attack was reported to have affected 24,000 individuals, but now it has
been revealed that the hackers stole 24,000 files, each of which
contained information about numerous people. The breach affects Medicaid
and Children's Health Insurance Plan recipients. The hackers exploited
a configuration error on the server to gain access to the data.
http://gcn.com/articles/2012/04/09/utah-hackers-medicaid-chip-medical-recoreds-breached.aspx
[Editors Note (Murray): "Configuration error;" polite euphemism for
"default password."]

 --Twitter Sues Five Entities for Spamming
(April 6, 2012)
Twitter has filed a lawsuit against five defendants, accusing them of
involvement with spam spreading through the microblogging network. The
defendants named in the lawsuit include three companies and two
individuals.  The lawsuit alleges that the companies named provided
tools that sent automated, unsolicited tweets that try to trick users
into following links that sell bogus merchandise or spread malware.
Twitter maintains that it has spent nearly US $1 million to deal with
the effects of the defendants' alleged activity. Each of the defendants
had signed up for a twitter account, which means each had agreed to
terms that expressly forbid spamming.
http://money.cnn.com/2012/04/06/technology/twitter-spam-lawsuit/index.htm
http://www.scmagazine.com/twitter-sues-five-over-spamming-providing-automated-tools/article/235554/
http://www.theregister.co.uk/2012/04/06/twitter_suit_spammers/

************************************************************************
The Editorial Board of SANS NewsBites

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of
STI, The Premier Skills-Based Cyber Security Graduate School,
www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of CounterHackChallenges, the nation's top
producer of cyber ranges, simulations, and competitive challenges, now
used from high schools to the Air Force. He is also author and lead
instructor of the SANS Hacker Exploits and Incident Handling course, and
Penetration Testing course..

William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate
School.

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in
independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and served as President of the InfraGard National
Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa).  He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk+EeZAACgkQ+LUG5KFpTkadHwCcC3nnMQKrasyg1GR01jM3opfr
PeUAoJsfx4nraU/bajgsW8UcbhBYrPRN
=jB/j
-----END PGP SIGNATURE-----



Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.