Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

NETSEC Archives

Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] SANS NewsBites Vol. 14 Num. 30 : US Army Running Short, Lowering Standards for Security Staff; FBI Concerned About Smart Meter Hacking; Schmidt: Energy Companies Need to Monitor Security

  • From: The SANS Institute
  • Date: Fri Apr 13 14:54:24 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

**************************************************************************
SANS NewsBites                April 13, 2012             Vol. 14, Num. 030
**************************************************************************
TOP OF THE NEWS
  US Army Running Short on Qualified IT Security Staff; Lowering Standards
  FBI Concerned About Smart Meter Hacking
  Howard Schmidt: Energy Companies Need to Monitor Security Issues
THE REST OF The WEEK'S NEWS
    Apple Steps Up Account Security
    Oracle's Quarterly Critical Patch Update Set for April 17
    Court Publishes Opinion in Goldman Sachs Source Code Download Case
    Apple Delivers Flashback Removal Tool
    HP Warns of Malware on Flash Cards Accompanying Certain Network Switches
    US Appeals Court Says CFAA is for Prosecuting Hackers
    Microsoft Patch Tuesday Includes Patch for Zero-Day ActiveX Flaw
    Adobe Updates Reader and Acrobat
    Retailers Using Return and Exchange Tracking Service
**********************  SPONSORED BY Tripwire, Inc. **********************

Analyst webcast! SANS 20 Critical Security Controls and Federal Systems
featuring G. Mark Hardy Thursday, April 19, 1 PM EDT.
http://www.sans.org/info/103319

**************************************************************************
TRAINING UPDATE
 --SANS Northern Virginia 2012, Reston, VA  April  15-20, 2012
7 courses.  Bonus evening presentations include Linux Forensics for
Non-Linux Folks; and Who Do You Trust? SSL and TLS Under Attack
http://www.sans.org/northern-virginia-2012/
 --SANS Cyber Guardian 2012, Baltimore, MD  April 30-May 7, 2012
11 courses.  Bonus evening presentations include Ninja Assessments:
Stealth Security testing for Organizations; and Adjusting Our Defenses
for 2012.
http://www.sans.org/cyber-guardian-2012/
 --SANS AppSec 2012, Las Vegas, NV  April 24-May 1, 2012
Listen to two of the best minds in Application Security, Jeremiah
Grossman and Chenxi Wang, at the AppSec Summit. Maximize your training
by also attending one or more of the 4 pre-summit courses.
http://www.sans.org/appsec-2012/
 --SANS Secure Europe 2012, Amsterdam, Netherlands  May 7-19, 2012
10 courses.
http://www.sans.org/secure-amsterdam-2012/
 --SANS Security West 2012, San Diego, CA  May 10-18, 2012
24 courses. Bonus evening presentations include Metametrics - A New
Approach to Information Security Management Metrics; and Malware
Analysis Essentials Using REMnux.
http://www.sans.org/security-west-2012/
 --SANS Toronto 2012, Toronto, ON  May 14-19, 2012
5 courses. Bonus evening presentations include I've Been Geo-Stalked!
Now What? And What Should Keep You Up at Night: The Big Picture and
Emerging Threats.
http://www.sans.org/toronto-2012/
 --SANS Rocky Mountain 2012, Denver, CO  June 4-9, 2012
10 courses. Bonus evening presentations include Adjusting Our Defenses
for 2012; and Why Do Organizations Get Compromised?
http://www.sans.org/rocky-mountain-2012/
 --Forensics & Incident Response Summit & Training, Austin, TX June 20-27, 2012
Pre-Summit Courses: June 20-25, 2012; Summit: June 26-27, 2012
Techniques and solutions to aid organizations and agencies responding
to crimes and attacks.  Maximize your training by also attending one or
more of the 4 pre-summit courses.
http://www.sans.org/forensics-incident-response-summit-2012/
 --SANS Canberra 2012, Canberra, Australia   July 2-10, 2012
5 courses.
http://www.sans.org/canberra-2012/
 --Security Impact of IPv6 Summit, Washington, DC July 6, 2012 
Walk away with best practices from some who have already implemented
IPv6, in large networks, for a few years.
http://www.sans.org/ipv6-summit-2012/
 --SANSFIRE 2012, Washington, DC   July 6-15, 2012
44 courses. Bonus evening presentations include Authentication Issues
Between Entities During Protocol Message Exchange in SCADA Systems;
Critical Infrastructure Control Systems Cybersecurity; and Why Don't We
Consider Our Cars Critical Infrastructure?
http://www.sans.org/sansfire-2012/
 --Vulnerability Management Summit & Training, San Antonio, TX August 14-17, 2012 
Listen to strategies and best practices that allow network
administrators and asset owners to understand the best approaches to
creating vulnerability management strategies.
http://www.sans.org/vulnerability-summit-2012/
 --SCADA Security Advanced Training, Houston, TX August 20-24, 2012 
5 day course combining advanced topics from SCADA and IT Security into
the first hands-on Ethical Hacking course for Industrial Control Systems.
http://www.sans.org/scada-sec-training-2012/
- - --Looking for training in your own community?
http: sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Johannesburg, Atlanta, Brisbane, Jakarta, Boston, New York, and
Malaysia all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
***********************************************************

TOP OF THE NEWS
 --US Army Running Short on Qualified IT Security Staff; Lowering Standards
(April 10, 2012)
The US Army is finding itself without enough qualified IT staff to fill
available positions. Defense Department (DOD) Directive 8570.01-M spells
out the training and certifications that military personnel and
contractors must have to be considered for positions in which they
operate DOD information systems. The Army is changing guidelines so that
fewer employees will be required to have the training and
certifications. Those with the necessary credentials will have greater
network access and likely higher pay.
http://www.computerworld.com/s/article/9226053/US_Army_Military_finds_IT_security_certification_difficulties?taxonomyId=17
[Editor's Comment (Northcutt): First this article appears to be based
on a single source; always dangerous journalism. Second, the US Army is
always running short on something, but when you look at the details, you
always find the Army is very, very big. So while they may feel they are
running short, they are still the largest consumer on planet earth.
Finally, this article is very simplistic, the Army has an entire
certification schoolhouse/factory operation. Suggest that we encourage
Computerworld reporter Mesmer to do a bit of digging. ]

 --FBI Concerned About Smart Meter Hacking
(April 9, 2012)
According to an FBI cyber bulletin, an unnamed utility company in Puerto
Rico was the target of attacks against smart meters, costing the company
hundreds of millions of dollars. This appears to be the first report of
such attacks and the FBI expects that the occurrence of similar attacks
will rise as the smart grid technology is more widely adopted. The FBI
believes that former employees of the meter manufacturer reprogrammed
meters for between US $300 and US $3,000 so that the associated
buildings appeared to be consuming less power than they actually used.
Most meters are read remotely, making fraud detection difficult. The
alterations require physical access.
http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/
 
 --Howard Schmidt: Energy Companies Need to Monitor Security Issues
(April 11 & 12, 2012)
White House Cybersecurity official Howard Schmidt says that the
country's utilities need to actively and continuously identify security
risks in their systems. The administration, along with the Departments
of Energy and Homeland Security plan to run a pilot program for power
companies to voluntarily share information about their security postures
and pinpoint where best to focus attention on improving security.
Schmidt also noted that smart meters are becoming targets for hackers.
http://www.executivegov.com/2012/04/howard-schmidt-energy-companies-need-continuous-monitoring-practices/
http://www.nextgov.com/nextgov/ng_20120411_4285.php?oref=topstory
[Editor's Note (Murray); The power grid is a special case.  While it is
a small part of SCADA, it is fundamentally fragile.  We have not even
identified the scope of the exposure and only speculate about the
threat.  However, the potential consequences are so high that it
constitutes a risk, one that we need not and should not tolerate.]

*************************** Sponsored Links:  *************************
1) Is Your Encryption Solution A Nightmare? Do you have Tales of
Encryption?  Wake up to a new Reality with WinMagic.  Join us for our
live broadcast on Wed, Apr 18, 2012 1:00 PM - 2:00 PM EDT to learn how
WinMagic SecureDoc can dispel encryption myths and secure your data.
Register Today http://www.sans.org/info/103324

2) Read this new whitepaper, Privileged Password Sharing: "root" of All
Evil, from Quest Software to learn how to effectively manage privileged
accounts. http://www.sans.org/info/103329

3) Webinar: OpenID Connect-How it Can Work for You
Link: http://www.sans.org/info/103334
************************************************************************

THE REST OF THE WEEK'S NEWS
 --Apple Steps Up Account Security
(April 12, 2012)
Apple has tightened account security to protect users from having their
App Store accounts hijacked. The changes were made on April 11 and
include choosing three security questions that users will have to answer
correctly before being permitted to download apps from the App Store.
Users are also being asked to supply a backup email address. Users have
expressed frustration that Apple did not let them know ahead of time
that the new measures were going to be put in place.
http://news.cnet.com/8301-1009_3-57413072-83/apple-ratchets-up-app-store-security/

 --Oracle's Quarterly Critical Patch Update Set for April 17
(April 12, 2012)
Oracle's quarterly critical patch update is due to be released on
Tuesday, April 17. The update is expected to include 88 fixes for
numerous Oracle products. Six of the patches are for Oracle's database,
and three of those could be exploited remotely.  There will be 11
patches for Oracle Fusion Middleware, nine of which are remotely
exploitable.
http://www.computerworld.com/s/article/9226169/Oracle_to_issue_88_security_patches_on_Tuesday?taxonomyId=17

 --Court Publishes Opinion in Goldman Sachs Source Code Download Case
(April 11, 2012)
The 2nd US Circuit Court of Appeals has published its opinion in the
case regarding Sergey Aleynikov, who was released from prison in
February after the court reversed his December 2010 conviction for
source code theft from his former employer. The ruling states that the
high-frequency trading system source code Aleynikov downloaded from
Goldman Sachs before leaving the company in 2009 does not satisfy the
definition of being a physical object, and because Aleynikov did not
"assume physical control" over any object when he took the code, he did
not violate the National Stolen Property Act. The court also said that
Aleynikov is not guilty of violating the Economic Espionage Act because
the source code was not made for interstate or foreign commerce, which
is a requirement of being charged under that law. With regard to the
NSPA, the court wrote, "We decline to stretch or update statutory words
of plain and ordinary meaning in order to better accommodate the digital age."
http://arstechnica.com/tech-policy/news/2012/04/a-federal-appeals-court-has-2.ars
http://news.cnet.com/8301-1009_3-57412779-83/code-cant-be-stolen-under-federal-law-court-rules/
http://www.wired.com/threatlevel/2012/04/code-not-physical-property/

 --Apple Delivers Flashback Removal Tool
(April 11, 2012)
Apple is developing a tool to remove Flashback malware from Macs. Last
week, Apple released an update to fix the hole in the Java
implementation for Mac OS X that the malware exploits to infect
machines. Apple has not said when the tool will be available. Apple is
encouraging users to install the most recent update to fix the Java
vulnerability. Mac users who are running versions prior to 10.6 (Snow
Leopard) are urged to disable Java in their browsers as Java is no
longer supported for those versions of the operating system. An
estimated 600,000 Macs are already infected with Flashback. Apple also
said that it is working with Internet service providers (ISPs) to
disrupt the malware's command-and-control network.
Internet Storm Center announces tool is delivered:
http://isc.sans.edu/diary.html?storyid=12973
http://www.h-online.com/security/news/item/Apple-announces-Flashback-removal-tool-1518781.html
http://www.computerworld.com/s/article/9226088/Apple_Developing_Flashback_Malware_Removal_Tool?taxonomyId=17
http://www.bbc.co.uk/news/technology-17675314

 --HP Warns of Malware on Flash Cards Accompanying Certain Network Switches
(April 11 & 12, 2012)
HP is warning its customers that compact flash cards sent with its one
of its networking kits are infected with malware. The cards in question
were bundled with HP ProCurve 5400zl switches that were purchased after
April 30, 2011. The infected flash card would not have an adverse effect
on the switch, but if the card were to be used in a PC, that machine
could become infected. HP has not said how the cards became infected,
but the company has made available a script that performs a software
purge to delete the flash card's contents.
http://www.theregister.co.uk/2012/04/11/hp_ships_malware_cards_with_switches_oops/
http://www.zdnet.com.au/hp-spots-virus-on-own-network-switches-339335811.htm

 --US Appeals Court Says CFAA is for Prosecuting Hackers
(April 10 & 12, 2012)
The 9th US Circuit Court of Appeals has ruled that employees may not be
tried under the Computer Fraud and Abuse Act (CFAA) merely for violating
the employers' computer use policy. The CFAA became law in 1984 and is
aimed at prosecuting individuals who gain access to computers to steal
data or damage the machines. The defendant in the case in question may
have been spared the hacking charges, he still faces theft of trade
secrets, mail fraud, and conspiracy charges.
http://www.wired.com/threatlevel/2012/04/computer-fraud-and-abuse-act/
http://news.cnet.com/8301-1009_3-57412137-83/court-narrows-prosecutors-use-of-anti-hacking-law/
http://arstechnica.com/tech-policy/news/2012/04/terms-of-service-violations-not-a-crime-appeals-court-rules.ars
http://www.scmagazine.com/court-ruling-limits-reach-of-us-anti-hacking-law/article/236335/
http://www.technolog.msnbc.msn.com/technology/technolog/court-facebooking-work-not-federal-crime-even-when-forbidden-710056

 --Microsoft Patch Tuesday Includes Patch for Zero-Day ActiveX Flaw
(April 10 & 11, 2012)
On Tuesday, April 10, Microsoft released six security bulletins to patch a total of 11 vulnerabilities. The bulletins address security issues in Windows, Internet Explorer (IE), Office and several other Microsoft products. One of the flaws is already being actively exploited. Bulletin MS12-027 addresses a critical flaw in an ActiveX control that comes with 32-bit versions of Office 2003, 2007, and 2010. The patch also applies to SQL Server, Commerce Server, BizTalk Server, Visual FoxPro, and Visual Basic.
Internet Storm Center descriptions: http://isc.sans.edu/diary.html?storyid=12949
http://www.theregister.co.uk/2012/04/11/ms_april_patch_tuesday/
http://www.computerworld.com/s/article/9226060/Microsoft_patches_critical_Windows_zero_day_bug_that_hackers_are_now_exploiting?taxonomyId=17
http://www.h-online.com/security/news/item/Patch-Tuesday-closes-critical-Windows-Office-and-IE-holes-1518553.html
http://www.scmagazine.com/microsoft-patches-11-security-issues-attacks-underway/article/235953/
http://technet.microsoft.com/en-us/security/bulletin/ms12-apr

 --Adobe Updates Reader and Acrobat
(April 11, 2012)
Adobe has released security updates for Reader and Acrobat. The newest
versions of the products, 10.1.3 and 9.5.1, fix a handful of arbitrary
code execution vulnerabilities. The update also removes the bundled
Flash Player from 9.x versions of the software. The fixes are available
for all supported platforms. Windows and Mac versions now have built-in
update mechanisms.
Internet Storm Center: http://isc.sans.edu/diary.html?storyid=12952
http://krebsonsecurity.com/2012/04/adobe-microsoft-issue-critical-updates/
http://www.h-online.com/security/news/item/Adobe-fixes-critical-vulnerabilities-in-Reader-and-Acrobat-1518711.html
http://www.computerworld.com/s/article/9226087/Adobe_Reader_update_patches_bugs_removes_bundled_Flash_Player?taxonomyId=17
http://www.adobe.com/support/security/bulletins/apsb12-08.html

 --Retailers Using Return and Exchange Tracking Service
(April 9, 2012)
Retail stores in the US are starting to use a service that tracks
consumers' product return histories. A man who brought a defective
Blu-Ray disk back to a BestBuy store in Connecticut was asked for his
driver's license before the disk was accepted. He was told that the
store would not be able to authorize any returns or exchanges for 90
days following the activity, regardless of whether or not he had a valid
receipt. The service is provided by a California-based company called
The Retail Equation that tracks consumers' return and exchange activity.
The Retail Equation says that its software identifies the roughly 1
percent of consumers who routinely commit return fraud or abuse. The
Connecticut man had returned or exchanged several items earlier in the
year, each with a valid receipt, apparently enough activity for the
software to flag him.
http://www.courant.com/business/custom/consumer/hc-bottom-line-best-buy-returns-20120409,0,5063368.column

************************************************************************
The Editorial Board of SANS NewsBites

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of
STI, The Premier Skills-Based Cyber Security Graduate School,
www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.

Ed Skoudis is co-founder of CounterHackChallenges, the nation's top
producer of cyber ranges, simulations, and competitive challenges, now
used from high schools to the Air Force. He is also author and lead
instructor of the SANS Hacker Exploits and Incident Handling course, and
Penetration Testing course..

William Hugh Murray is an executive consultant and trainer in
Information Assurance and Associate Professor at the Naval Postgraduate
School.

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in
independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and served as President of the InfraGard National Members
Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa).  He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk+IZpEACgkQ+LUG5KFpTkZK8wCdGjsRPrLp1CH65nCbv8v0N42K
xmoAniNNfnWTf7Ro/8nCbLfFSZPSL5VM
=dM10
-----END PGP SIGNATURE-----



Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.