Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
SANS NewsBites Vol. 11 Num. 69 : Legislation Gives President Power to Shut Down Portions of the Internet
- From: The SANS Institute
- Date: Tue Sep 01 15:35:33 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On the C-SPAN broadcast (two weeks ago) on cyber security and cyber
warfare, SAIC was singled out as the contractor that would win the
biggest share of the contracts supporting the US Cyber Command and other
military initiatives in computer network defense and offense. Many
energetic counter arguments followed, but the bottom line is that SAIC
is in the right place to win that competition because SAIC is the only
major defense contractor that is able to deliver large numbers of people
with advanced technical security skills. The military leaders know that
in cyberspace, the only effective weapons are people with advanced
technical skills, not packaged tools. That means the winning contractors
will deliver people with proven skills in intrusion detection, forensics
vulnerability analysis and exploit development, reverse engineering
malware, advanced penetration testing - especially application
penetration testing, perimeter leakage and protection and similar
skills.
Alan
*************************************************************************
SANS NewsBites September 1, 2009 Vol. 11, Num. 69
*************************************************************************
TOP OF THE NEWS
Revised Legislation Still Gives President Power to Shut Down Portions
of the Internet
Facebook Will Strengthen Privacy Practices
Phishing Attacks Diminishing (Study)
THE REST OF THE WEEKS NEWS
Gonzalez Reaches Plea Agreement But Still Faces Additional Charges
Four Arrested in Connection with Chinese Internet Outage
Directives Clarify Some Laptop Border Search Policies
Proof-of-Concept Code Published for IIS Vulnerability
Microsoft to Push out Mandatory Live Messenger Upgrades
Apache.org Offline Due to SSH Remote Administration Key Compromise
Social Engineering Pen Test Prompts National Warning
****************** Sponsored By IBM Rational AppScan *******************
IBM Security Management Solutions
74% of Web app vulnerabilities found in 2008 had no fix by year's end.
Learn more at the Service Management Resource Center.
http://www.sans.org/info/47979
*************************************************************************
TRAINING UPDATE
- - SANS Network Security, San Diego Sept. 14-22; the Fall's biggest
security training conference, http://www.sans.org/ns2009
- - The Virtualization and Cloud Security Summit on August 17-18 in
Washington; http://www.sans.org/info/43118
- - SCADA Security Summit, Stockholm, Oct. 27-30, http://www.sans.org/euscada09_summit/
- - SANS Chicago North Shore, Oct. 26-Nov. 7, http://www.sans.org/chicago09/
- - SANS San Francisco, November 9-14,http://www.sans.org/sanfrancisco09
- - SANS CDI, Washington DC, Dec. 11-18, http://www.sans.org/cyber-defense-initiative-2009
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus London, Tokyo, Dubai, Sydney Hong Kong, and Vancouver, all in the
next 90 days. For a list of all upcoming events, on-line and live:
www.sans.org
*************************************************************************
TOP OF THE NEWS
--Revised Legislation Still Gives President Power to Shut Down
Portions of the Internet
(August 28 & 31, 2009)
Proposed legislation introduced in April gave the President the power
to "declare a cybersecurity emergency and order the limitation or
shutdown of internet traffic to and from a compromised federal
government or critical infrastructure information system or network."
Despite concern from Internet companies and civil liberties groups about
the power granted, a revised version of the bill still grants the
President the power to take control of information systems, but the new
language is even more vague. The revised bill also proposes
establishing a federal cyber security professional certification program
and require that only people with the certification be permitted to
manage certain private system networks.
http://www.scmagazineus.com/Can-the-president-shut-down-the-internet/article/147799/
http://news.cnet.com/8301-13578_3-10320096-38.html
http://fcw.com/Articles/2009/08/28/Cybersecurity-bill-presidential-power.aspx
http://www.computerworld.com/s/article/9137294/Bill_giving_Obama_power_to_shut_Web_takes_on_new_tone?taxonomyId=62&pageNumber=1
[Editor's Note (Pescatore): There is actually only one sentence about
"shutting down" the Internet in the draft bill - if sanity prevails that
will get X-ed out. The language requiring the Department of Commerce to
set up a licensing and certification program for cybersecurity
professionals also needs similar delete key activity. The rest of the
bill actually has some good ideas but lots of pork barrel projects, too.
(Schultz): This bill is not really as draconian as those who have
reacted so negatively to it would have the public believe. The Internet
is so complex and geographically diverse that the notion of having
centralized control that allows quick and definitive action on the part
of anyone, let alone the US President, is a bit far-fetched. For more
see blog.emagined.com]
--Facebook Will Strengthen Privacy Practices
(August 27 & 28, 2009)
In response to an investigation launched by Canada's Office of the
Privacy Commissioner, Facebook has agreed to give users more control
about the information they share with third-party applications. The
applications will be required to get permission from users for every
category of personal information they want to access. In addition,
users will have the option to deactivate or to even to delete their
accounts. If users delete their accounts, all information belonging to
that user will be deleted from Facebook servers.
http://www.scmagazineus.com/Facebook-to-modify-privacy-practices-after-investigation/article/147556/
http://technology.timesonline.co.uk/tol/news/tech_and_web/article6812783.ece
--Phishing Attacks Diminishing (Study)
(August 27, 2009)
A report from IBM indicates that phishing attacks appear to be
declining. Cyber criminals now appear to be leaning toward malicious
links and Trojan horse programs designed to steal passwords and other
sensitive information. The X-Force report says that in 2008, phishing
attacks accounted for 0.5 percent of all spam; during the first half of
2009, that figure fell to 0.1 percent. The report also says that the
number of malicious links on the web is up 508 percent in the first half
of 2009.
http://voices.washingtonpost.com/securityfix/2009/08/phishing_attacks_on_the_wane.html
http://www.h-online.com/security/IBM-Report-Phishing-is-going-out-of-style--/news/114113
************************ Sponsored Links: ****************************
1) Register today for SANS vLive course, Audit 423: SANS(r) +S(tm(tm))
Training for the CISA(r) Certification Exam and receive 10% discount.
http://www.sans.org/info/47984
2) Be sure to register NOW for the Tool Talk Webcast: Mitigating
Insider Threats through Proactive Identity Management
http://www.sans.org/info/47989
***********************************************************************
THE REST OF THE WEEK'S NEWS
--Gonzalez Reaches Plea Agreement But Still Faces Additional Charges
(August 29, 2009)
Albert Gonzalez has agreed to plead guilty to 19 counts of wire fraud,
conspiracy, aggravated identity theft, and money laundering. Gonzalez
is believed to have masterminded the largest data thefts in the US; the
scheme stole more information on more than 170 million credit and debit
card accounts from TJX Companies, Barnes & Noble, Office Max and several
other large US companies. According to the terms of the deal, Gonzalez
will spend 15 to 25 years in prison and will forfeit more than US $2.8
million. Additional charges filed against Gonzalez are not included in
the agreement; the new charges involve the breaches at Heartland Payment
Systems, Hannaford Bros. and 7-Eleven and two unnamed companies.
http://www.washingtonpost.com/wp-dyn/content/article/2009/08/28/AR2009082803779.html
http://news.cnet.com/8301-1009_3-10320761-83.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://www.computerworld.com/s/article/9137228/Update_Mastermind_of_TJX_Heartland_breaches_to_plead_guilty?source=rss_security
--Four Arrested in Connection with Chinese Internet Outage
(August 28, 2009)
Police in Foshan, Guangdong Province (China) have arrested four people
in connection with a denial-of-service attack that caused Internet
outages in parts of the country earlier this year. The attack is
believed to have been launched by an Internet game provider retaliating
against his competitors who had launched similar attacks against him.
http://arstechnica.com/web/news/2009/08/game-server-admins-arrested-for-chinese-dns-attacks.ars
[Editor's Note (Northcutt): There appears to be a bit of a state change
in China. Ten years ago people were executed for hacking. Then, as the
government tried to develop an advanced cyber capability they overlooked
a lot of hacking or recruited the hackers. Now, especially for hackers
that attack internal Chinese sites, they are starting to crack down.
http://www.techspot.com/news/17248-top-hacker-arrested.html
http://www.rjkoehler.com/2008/05/08/auction-hacker-arrested-in-china/
http://www.highbeam.com/doc/1G1-155310910.html ]
--Directives Clarify Some Laptop Border Search Policies
(August 27 & 28, 2009)
Two new directives from the US Department of Homeland Security (DHS)
regarding laptop border searches do not address the issue of whether
laptop owners can be compelled to surrender passwords and encryption
keys to allow authorities to examine the devices' contents. Earlier
this year, the US Supreme Court chose not to reconsider an appeals court
ruling that said laptops are like suitcases and can therefore be
searched without reasonable suspicion. The directives specify a
five-day search limit for Customs and Border Patrol; Immigration and
Customs Enforcement Special Agents have a 30-day limit for searches of
electronic devices. All must obtain a supervisor's approval before
confiscating devices and travelers must be told where confiscated
devices are being kept.
http://www.techweb.com/article/showArticle?articleID=219500468§ion=News
http://www.nextgov.com/nextgov/ng_20090828_7022.php?oref=topnews
http://fcw.com/Articles/2009/08/28/DHS-sets-new-policy-on-computer-searches-at-border.aspx
http://www.dhs.gov/xlibrary/assets/cbp_directive_3340-049.pdf
http://www.dhs.gov/xlibrary/assets/ice_border_search_electronic_devices.pdf
--Proof-of-Concept Code Published for IIS Vulnerability
(August 31, 2009)
Proof-of-concept exploit code has been published for a vulnerability in
Microsoft's Internet Information Services (IIS) server. The exploit
could allow attackers to gain root access to servers running IIS version
5 on Windows 2000 with Service Pack 4. The vulnerability also
reportedly affects IIS version 6. The vulnerability lies in IIS's File
Transfer Protocol (FTP) software; for an attack to be successful, users
would need to have FTP enabled. Microsoft is investigating the reports
of the vulnerability; the company says it is not aware of any active
attacks that exploit the flaw.
http://www.theregister.co.uk/2009/08/31/iis_bug_reported/
http://www.computerworld.com/s/article/9137305/Unpatched_flaw_could_take_down_Microsoft_s_IIS_server?source=rss_security
http://www.h-online.com/security/FTP-service-of-Microsoft-IIS-5-and-6-vulnerable-to-attacks--/news/114127
http://news.cnet.com/8301-13860_3-10322459-56.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://isc.sans.org/diary.html?storyid=7039
--Microsoft to Push out Mandatory Live Messenger Upgrades
(August 31, 2009)
In September, Microsoft plans to push out a mandatory upgrade for
certain Windows Live Messenger users to fix a vulnerability in an Active
Template Library (ATL). Users running Messenger 8.1 and 8.5 will be
required to install the upgrade if they want to continue to use the
instant messaging service. Messenger 8.1 and 8.5 users have already
been sent notifications about the mandatory upgrade. Users running a
build of Messenger 14 will get mandatory upgrades in October, with
notifications being sent earlier in the month. Microsoft has already
issued fixes for a number of other products that use the affected ATL.
http://www.computerworld.com/s/article/9137307/Microsoft_Upgrade_Messenger_or_else?source=rss_security
--Apache.org Offline Due to SSH Remote Administration Key Compromise
(August 28, 2009)
The Apache.org website was offline for several hours late last week
after the SSH remote administration key for one of its servers was
compromised. It is not yet known if the site's downloads were affected
by the intrusion. Initial reports from the investigation indicate that
the attackers were not able to gain elevated privileges on the server.
http://www.theregister.co.uk/2009/08/28/apache_hack/
http://www.h-online.com/security/SSH-Key-compromise-takes-Apache-org-offline-Update-2--/news/114115
http://isc.sans.org/diary.html?storyid=7030
--Social Engineering Pen Test Prompts National Warning
(August 28, 2009)
A social engineering portion of a sanctioned penetration test of
computer systems at an unnamed credit union prompted the National Credit
Union Administration (NCUA) to issue a warning to all federally insured
credit unions. The warning said that a credit union had received a
letter that purported to be from the NCUA and included two CDs that were
touted as containing anti-fraud training materials. The NCUA says the
test involved "an unauthorized and improper use of the NCUA logo."
Despite the confusion, the credit union being tested did the right thing
by reporting it to the NCUA.
http://www.cutimes.com/News/2009/8/Pages/NCUA-Chastises-Computer-Security-Test.aspx
http://www.computerworld.com/s/article/9137215/Security_test_prompts_federal_fraud_alert?source=rss_security
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and eBay and
as Vice-Chair of the President's Critical Infrastructure Protection
Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkqdYKAACgkQ+LUG5KFpTkaKNgCgizcMZPA7LekFc0PAD6M93qOo
F9cAni6qC9hJKp3mY9VWn7LF5gRo5JUl
=BZ5t
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
