Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

NETSEC Archives

Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] SANS NewsBites Vol. 14 Num. 32 : House Information Sharing Bill (CISPA) Raises Privacy Concerns; Attackers Target Android Devices Exploiting Instagram; Google Warns Sites of Redirect Infections

  • From: The SANS Institute
  • Date: Fri Apr 20 15:20:16 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

**************************************************************************
SANS NewsBites                April 20, 2012             Vol. 14, Num. 032
**************************************************************************
TOP OF THE NEWS
  House Information Sharing Bill (CISPA) Raises Privacy Concerns
  Attackers Exploiting Instagram's Popularity to Target Android Devices
  Google Warns Sites of Redirect Infections
THE REST OF The WEEK'S NEWS
    Latest Flashback Attack Started on WordPress Sites
    Man Charged in Online Brokerage Account Hacks
    Piracy for Dummies
    Austrian Police Arrest 15-Year-Old for Hacking
    Grand Jury Charges Two With Software Piracy
    US Dept. of Energy Lab Releases Network Attack Detection Tool
    Comcast's Bandwidth Cap Exemption for Xfinity Xbox 360 App is Questioned

************************  SPONSORED BY Firemon  **************************

Every security pro faces the same challenge each morning - "what to do
first?" Upcoming infrastructure upgrades, the latest breach headlines,
and urgent requests for system access compete for attention every
day. How can you and your team be the most effective?  Special Webcast:
Highway Congestion, Risk Prevention & Business Unit Requests: How
Effective Security Engineers Get It Done: Thursday, April 26th 1:00 EDT

http://www.sans.org/info/103804

**************************************************************************
TRAINING UPDATE
- - --SANS AppSec 2012, Las Vegas, NV  April 24-May 1, 2012
Listen to two of the best minds in Application Security, Jeremiah
Grossman and Chenxi Wang, at the AppSec Summit. Maximize your training
by also attending one or more of the 4 pre-summit courses.
http://www.sans.org/appsec-2012/
- - --SANS Cyber Guardian 2012, Baltimore, MD  April 30-May 7, 2012
11 courses.  Bonus evening presentations include Ninja Assessments:
Stealth Security testing for Organizations; and Adjusting Our Defenses
for 2012.
http://www.sans.org/cyber-guardian-2012/
- - --SANS Secure Europe 2012, Amsterdam, Netherlands  May 7-19, 2012
10 courses.
http://www.sans.org/secure-amsterdam-2012/
- - --SANS Security West 2012, San Diego, CA  May 10-18, 2012
24 courses. Bonus evening presentations include Metametrics - A New
Approach to Information Security Management Metrics; and Malware
Analysis Essentials Using REMnux.
http://www.sans.org/security-west-2012/
- - --SANS Toronto 2012, Toronto, ON  May 14-19, 2012
5 courses. Bonus evening presentations include I've Been Geo-Stalked!
Now What? And What Should Keep You Up at Night: The Big Picture and
Emerging Threats.
http://www.sans.org/toronto-2012/
- - --SANS Rocky Mountain 2012, Denver, CO  June 4-9, 2012
10 courses. Bonus evening presentations include Adjusting Our Defenses
for 2012; and Why Do Organizations Get Compromised?
http://www.sans.org/rocky-mountain-2012/
- - --Forensics & Incident Response Summit & Training, Austin, TX June 20-27, 2012
Pre-Summit Courses: June 20-25, 2012; Summit: June 26-27, 2012
Techniques and solutions to aid organizations and agencies responding
to crimes and attacks.  Maximize your training by also attending one or
more of the 4 pre-summit courses.
http://www.sans.org/forensics-incident-response-summit-2012/
- - --SANS Canberra 2012, Canberra, Australia   July 2-10, 2012
5 courses. Bonus evening presentations include Tales From the Crypt: TrueCrypt Analysis.
http://www.sans.org/canberra-2012/
- - --Security Impact of IPv6 Summit, Washington, DC July 6, 2012
Walk away with best practices from some who have already implemented
IPv6, in large networks, for a few years.
http://www.sans.org/ipv6-summit-2012/
- - --SANSFIRE 2012, Washington, DC   July 6-15, 2012
44 courses. Bonus evening presentations include Authentication Issues
Between Entities During Protocol Message Exchange in SCADA Systems;
Critical Infrastructure Control Systems Cybersecurity; and Why Don't We
Consider Our Cars Critical Infrastructure?
http://www.sans.org/sansfire-2012/
- - --Vulnerability Management Summit & Training, San Antonio, TX August 14-17, 2012
Listen to strategies and best practices that allow network
administrators and asset owners to understand the best approaches to
creating vulnerability management strategies.
http://www.sans.org/vulnerability-summit-2012/
- - --SCADA Security Advanced Training, Houston, TX August 20-24, 2012
5 day course combining advanced topics from SCADA and IT Security into
the first hands-on Ethical Hacking course for Industrial Control Systems.
http://www.sans.org/scada-sec-training-2012/
- - - - --Looking for training in your own community?
http: sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Johannesburg, Atlanta, Brisbane, Jakarta, Boston, New York, and
Malaysia all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org


********************************************************************
TOP OF THE NEWS
 --House Information Sharing Bill (CISPA) Raises Privacy Concerns
(April 16, 17, & 18, 2012)
The White House has spoken out against the US House's Cyber
Intelligence Sharing and Protection Act (CISPA) because of what it
sees as a lack of adequate privacy protection measures as well as an
absence of mandatory security standards for elements of the country's
critical infrastructure. CISPA would allow Internet service providers
(ISPs) and Internet companies to collect user data and share them with
the government. The Business Software Alliance, which supports the
proposed legislation, met with the Center for Democracy and Technology
(CDT) to try and see if they could come to an understanding about
CISPA. CDT and other groups concerned with civil liberties and privacy
and led protests against the proposed legislation. The bill is likely
to come before the House for a vote next week.
http://arstechnica.com/tech-policy/news/2012/04/analysis-cybersecurity-bill-endangers-privacy-rights.ars
http://thehill.com/blogs/hillicon-valley/technology/222143-white-house-criticizes-cybersecurity-bill-cispa
http://www.computerworld.com/s/article/9226330/White_House_raises_concerns_over_CISPA_bill_?taxonomyId=17
http://thehill.com/blogs/hillicon-valley/technology/221769-technology-industry-huddles-with-privacy-group-over-cybersecurity-bill
[Editor's Comment (Northcutt): The heart of this is privacy. Police
can listen to cell phones without warrants. Until recently, track
vehicles with GPS. Since 9/11 we have seen an unprecedented loss of
privacy rights in the USA. Does it actually keep us safe, is there
really a benefit? Not according to former DHS Cyber Security Division
Director Purdy:
http://www.lossofprivacy.com/index.php/category/privacy/usa-privacy/
http://www.usatoday.com/news/washington/judicial/story/2012-01-23/supreme-court-GPS/52754354/1
http://www.csmonitor.com/2007/0403/p02s01-ussc.html
http://www.readwriteweb.com/enterprise/2012/04/former-dhs-cyber-chief-cyberse.php 
(Murray): The problem with CISPA is fundamental, not semantic.
It conflates the issue of "intelligence sharing" with that of
"intellectual property."  That is not a problem that can be fixed
by tweaking the language.  Moreover it is motivated more by good
intentions than by an understanding of the problem.
(Honan): Legislators might do well to recall Thomas Jefferson's words,
"Those who surrender freedom for security will not have, nor do they
deserve, either one."]

 --Attackers Exploiting Instagram's Popularity to Target Android Devices
(April 19, 2012)
Attackers are exploiting the popularity of photo sharing app Instagram
by creating phony websites to spread malware to Android mobile
devices. Instagram has been the focus of significant attention in
recent weeks. Originally developed for iOS devices, an Android version
of Instagram was released earlier this month and was downloaded more
than one million times in the first day it was available. Last week,
Facebook acquired the company that developed Instagram. One of the
phony Instagram sites includes Russian text and attempts to install
a Trojan horse program on Android devices that sends SMS messages
to premium rate numbers with no user interaction or notification.
http://www.computerworld.com/s/article/9226363/Android_malware_writers_exploit_Instagram_craze_to_distribute_SMS_Trojan_horse?taxonomyId=17
[Editor's Note (Pescatore): I'd like to see the Android side of Google
follow the lead of the search engine side of Google and make it much
harder for users to get impacted by malware and compromised web sites.]

 --Google Warns Sites of Redirect Infections
(April 18 & 19, 2012)
Google has sent messages to 20,000 websites, informing them that they
may have been injected with JavaScript that redirects visitors to
other, maliciously crafted websites. Google has recommended that the
site owners search for files containing a specific string, which would
indicate an infection. The sites were also warned that the attackers
may have compromised server configuration files.
http://www.computerworld.com/s/article/9226356/Google_warns_20_000_websites_they_could_be_infected_with_malware?taxonomyId=17
http://www.h-online.com/security/news/item/Google-warns-the-operators-of-thousands-of-hacked-web-sites-1542374.html
[Editor's Note (Pescatore): I'd like to see the search engine side of
Google evangelize the Android side of Google to make similar advances
in security on the mobile app side...]

*************************** Sponsored Links:  *************************
1) SANS First Mobility Security Survey featuring SANS mobility expert,
Kevin Johnson http://www.sans.org/info/103809

2) Special Webcast: PCI - Top 5 Issues and Best Practices Surrounding
Privileged Passwords and PCI Compliance. Wednesday April 25th 1:00
EDT http://www.sans.org/info/103814

3) New Analyst paper in the SANS Reading Room: A Review of Oracle
Entitlement Server, by SANS Oracle Security expert, Tanya Baccam.
Paper: http://www.sans.org/info/103819

************************************************************************

THE REST OF THE WEEK'S NEWS
 --Latest Flashback Attack Started on WordPress Sites
(April 19, 2012)
Researchers say that the initial vector of attack for the Flashback
Trojan horse program, was WordPress sites that had been infected with
malware. Between 30,000 and 100,000 WordPress sites were infected
in February and March of this year; the attackers placed code on the
sites that redirected users to a server that would attempt to infect
vulnerable machines. Flashback managed to infect an estimated 700,000
Mac computers, but researchers say that because of the availability
of a tool to scrub Flashback from computers, the number of infected
machines has been reduced to an estimated 140,000.
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/232900618/apple-mac-attack-began-with-infected-wordpress-sites.html

 --Man Charged in Online Brokerage Account Hacks
(April 18 & 19, 2012)
The US Department of Justice has charged Petr Murmylyuk with conspiracy
to commit wire fraud, securities fraud, and unauthorized access to
computers for allegedly breaking into online brokerage accounts
and conducting fraudulent transactions. Murmylyuk is a Russian
national living in New York. The affected brokerage firms say that the
transactions cost them more them US $1 million. The Manhattan District
attorney's office alleges that Murmylyuk also stole people's identities
and used the information to file tax returns and collect US $450,000
in IRS refunds. Murmylyuk is presently in custody facing other charges.
http://www.zdnet.com/blog/security/us-charges-russian-over-145-million-hacking-scheme/11631?tag=mantle_skin;content
http://www.computerworld.com/s/article/9226351/Russian_charged_with_hacking_into_brokerage_accounts?taxonomyId=17

 --Piracy for Dummies
(April 18, 2012)
A US publisher has filed a lawsuit against four people who have
allegedly copied the company's books. John Wiley & Sons, the publisher
of the X for Dummies series of how-to books, says its books have been
shared through peer-to-peer networks. Wiley is seeking a jury trial
for four people it alleges have copied books to which it owns the
rights. The company says that more than 74,000 copies of Photoshop
CS5 All-In-One For Dummies have been obtained illegally.
http://www.bbc.co.uk/news/technology-17763218
http://www.thebookseller.com/news/wiley-seeks-piracy-trial.html

 --Austrian Police Arrest 15-Year-Old for Hacking
(April 17 & 18, 2012)
Authorities in Austria have arrested a 15-year-old for allegedly
breaking into servers at more than 250 companies over a three-month
period. The teenager allegedly bragged about his exploits and posted
information he had stolen online. He confessed when he was arrested.
http://www.h-online.com/security/news/item/Austrian-police-task-force-arrests-country-s-youngest-hacker-1541837.html
http://www.zdnet.com/blog/security/15-year-old-arrested-for-hacking-259-companies/11585

 --Grand Jury Charges Two With Software Piracy
(April 18, 2012)
A US grand jury has charged two people from China with copyright
infringement and illegal export of technology for allegedly selling
pirated software online; the pirated software is worth an estimated
US $100 million. Xiang Li and Chun Yan Li allegedly operated several
websites that sold software pirated from 150 companies. Xiang Li
was arrested in June; Chun Yan Li is still at large. In addition,
a former NASA employee has pleaded guilty to conspiracy to commit
criminal copyright infringement for purchasing more than US $1 million
worth of pirated software from Xiang Li.
http://www.computerworld.com/s/article/9226354/Chinese_residents_charged_with_selling_100M_worth_of_pirated_software?taxonomyId=17
[Editor's Note (Murray): Assertions as to the value of software in
criminal charges are often exaggerated.  They refer more to the value
of the application than to the cost to the victim or the value to
the perpetrator.]

 --US Dept. of Energy Lab Releases Network Attack Detection Tool
(April 17 & 18, 2012)
A US Department of Energy lab has released an open-source tool that
gathers information during cyber attacks. The Pacific Northwest
National Laboratory's Hone tool is designed to help identify and
pinpoint the source of malware's activity on networks.
http://gcn.com/articles/2012/05/07/feature-1-tool-spots-net-breach-sidebar.aspx
http://www.darkreading.com/advanced-threats/167901091/security/application-security/232900471/doe-lab-releases-open-source-attack-intelligence-tool.html
[Editor's Note (Murray): This is a "network activity visualization"
tool that enables network managers to both recognize and better
understand attacks.  It is an advance over Marcus Ranum's Network
Flight Recorder.]

 --Comcast's Bandwidth Cap Exemption for Xfinity Xbox 360 App is Questioned
(April 16, 2012)
Netflix CEO Reed Hastings has said that Comcast is not abiding by net
neutrality principles because it is exempting its Xfinity Xbox 360
video app from bandwidth limits. Customers who have the app can use
it to watch movies and television shows On Demand. Comcast normally
puts a monthly cap of 250 GB on consumers' accounts.
http://thehill.com/blogs/hillicon-valley/technology/221703-netflix-ceo-cries-foul-on-comcast-xfinity-xbox-exclusion-from-data-cap-
http://www.washingtonpost.com/business/technology/netflixs-reed-hastings-takes-a-swing-at-comcast-in-the-name-of-net-neutrality/2012/04/16/gIQAhMfsLT_story.html
[Editor's Note (Murray): This is only one of the policy questions
that will arise when ISPs attempt to meter traffic.  I am convinced by
George Gilder's argument that it is cheaper to provision the network to
meet the traffic demand than to control the traffic.  It also avoids
a plethora of policy issues.  The wireless companies argue that they
have to limit traffic because of the fundamental limits of wireless
spectrum.  Gilder argues that spectrum can be infinitely reused
by deploying more cells and reducing signal amplitude.  Many other
countries are adopting the Gilder strategies. The reasons that we do
not are more historical and political than technical or economic.]

************************************************************************
The Editorial Board of SANS NewsBites

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President
of STI, The Premier Skills-Based Cyber Security Graduate School,
www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet
Storm Center and Dean of the Faculty of the graduate school at the
SANS Technology Institute.

Ed Skoudis is co-founder of CounterHackChallenges, the nation's top
producer of cyber ranges, simulations, and competitive challenges,
now used from high schools to the Air Force. He is also author and
lead instructor of the SANS Hacker Exploits and Incident Handling
course, and Penetration Testing course..

William Hugh Murray is an executive consultant and trainer
in Information Assurance and Associate Professor at the Naval
Postgraduate School.

Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in
independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and
he is a founder with Secure Anchor Consulting.  Ron Dick directed
the National Infrastructure Protection Center (NIPC) at the FBI and
served as President of the InfraGard National Members Alliance -
with more than 22,000 members.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune
50 company (Alcoa).  He is leading SANS' global initiative to improve
application security.

David Hoelzer is the director of research & principal examiner
for Enclave Forensics and a senior fellow with the SANS Technology
Institute.

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and
is widely recognized as a security products designer and industry
innovator.

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Brian Honan is an independent security consultant based in Dublin,
Ireland.

David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) or to update a current subscription, visit
https://www.sans.org/account

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFPka4G+LUG5KFpTkYRAvgcAJ9G2GIZf2JiFEKi44ei3drJdJp6aQCff9dm
BHDFWHOiXHeAbR3p9vKLqsI=
=wItu
-----END PGP SIGNATURE-----



Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.