Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
SANS NewsBites Vol. 11 Num. 72
- From: The SANS Institute
- Date: Fri Sep 11 13:55:17 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tuesday at noon EDT a new Top Cyber Risks report will be released
summarizing current data from the largest network of intrusion
prevention sensors and the largest network of vulnerability testers
(millions of systems). It shows that the top two cyber risks are far
more critical than previously thought, and at the same time that
enterprises are acting very slowly to mitigate the risks. In fact
the data show that enterprises are investing in less important risks
and skimping on the important ones. This is the first time a threat
report has been based on a combination of these two data sources on
a global scale. Very cool because the findings are authoritative (and
were vetted by the Storm Center folks and SANS' top instructors). If
you have wanted to get your organization to fix the key problems,
you'll find this report to be a powerful tool to move executive
decision making forward. If you are a press person and want to be
included in the press conference call, please email apaller@sans.org
and tell me which publication.
Alan
*************************************************************************
SANS NewsBites September 11, 2009 Vol. 11, Num. 72
*************************************************************************
TOP OF THE NEWS
Microsoft Issues Advisory Regarding Zero-Day SMB Vulnerability
Microsoft and Cisco Fix TCP Stack Vulnerability
THE REST OF THE WEEKS NEWS
Musicians Oppose UK's Plan to Cut Filesharers Off from Internet
Four Indicted in Piracy Case
Apple Releases iPhone and QuickTime Updates
Snow Leopard Update Fixes Flash Player Downgrade Issue
Firefox Update Addresses Security and Stability Issues
Guilty Plea in Phishing Case
Scientist Sued for Trade Secret Theft
Microsoft Releases Five Critical Security Bulletins
SQL Injection Flaw Exposes Carpoolers' Personal Information
Server Reliability Study
******************** Sponsored by BigFix, Inc. *************************
Staying Ahead of the Latest Endpoint Security Threats Featuring
highlights from the IBM X-Force 2009 Mid-year Trend and Risk Report
Attend this session to hear highlights from the IBM X-Force 2009 Mid-year
Trend and Risk Report. We'll also cover how to stay ahead of the latest
endpoint security threats through:
* Unified management of endpoint security technologies
* Continuous configuration management - even for your roaming laptops
* Integrated assessment and remediation - within minutes, across your
enterprise
http://www.sans.org/info/48342
*************************************************************************
TRAINING UPDATE
- - SANS Network Security, San Diego Sept. 14-22; the Fall's biggest
security training conference, http://www.sans.org/ns2009
- - SCADA Security Summit, Stockholm, Oct. 27-30,
http://www.sans.org/euscada09_summit/
- - SANS Chicago North Shore, Oct. 26-Nov. 2,
http://www.sans.org/chicago09/
- - SANS San Francisco, November 9-14,http://www.sans.org/sanfrancisco09
- - SANS CDI, Washington DC, Dec. 11-18,
http://www.sans.org/cyber-defense-initiative-2009
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus London, Tokyo, Dubai, Sydney Hong Kong, and Vancouver, all in the
next 90 days. For a list of all upcoming events, on-line and live:
www.sans.org
*************************************************************************
TOP OF THE NEWS
--Microsoft Issues Advisory Regarding Zero-Day SMB Vulnerability
(September 8 & 9, 2009)
Microsoft has issued an advisory regarding a zero-day flaw in
Windows Vista and Windows Server 2008. The vulnerability lies in
the Microsoft Server Message Block (SMB) implementation; it could
be exploited to gain control of vulnerable systems. While the
vulnerability does affect the release candidate version of Windows 7,
the final version of Windows 7 is not affected. Microsoft is less
than pleased that the vulnerability was disclosed without allowing
sufficient time for the company to prepare a fix. Until a patch is
available, Microsoft suggests deactivating SMB2 in the registry or
blocking ports 139 and 445 as workarounds.
http://news.cnet.com/8301-13860_3-10347289-56.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://www.securityfocus.com/brief/1009
http://www.h-online.com/security/Microsoft-warns-of-SMB-vulnerability-in-Windows-Server-2008-and-Vista--/news/114198
http://www.microsoft.com/technet/security/advisory/975497.mspx
--Microsoft and Cisco Fix TCP Stack Vulnerability
(September 9, 2009)
Microsoft and Cisco have issued updates to address a vulnerability
in the transmission control protocol (TCP) that could be exploited to
cause denial-of-service conditions. The flaw was discovered in 2005
and made public last year. Microsoft's fix was part of its scheduled
monthly security update for September. Cisco's update addresses the
problem in several of the company's products. Other companies whose
products are affected by the flaw are beginning to issue advisories
as well. What is particularly concerning about this vulnerability
is that it requires a relatively small amount of malicious traffic
to exploit.
http://www.computerworld.com/s/article/9137774/Cisco_fixes_TCP_denial_of_service_bug?taxonomyId=17
http://www.theregister.co.uk/2009/09/09/microsoft_cisco_patch_tcp_vuln/
http://www.h-online.com/security/Cisco-TCP-stack-vulnerable-to-DoS-attacks--/news/114199
************************ Sponsored Links: ****************************
(1) Register today to get 10% off tuition on SANS
vLive course SEC542, Web App Penetration Testing and
Ethical Hacking, Nov. 2-Nov. 9. Use the code @Risk542 when
registering. https://www.sans.org/sans-2010/
(2) Be sure to register for the upcoming webcast:
SIEM and DLP - Strength in Integration Sponsored by: RSA
http://www.sans.org/info/48352
(3) WEBCAST: Defending against Web 2.0 and Browser Hacks &
Attacks. Can SaaS Web Security Deliver Higher Protection
& Lower Cost? Keynote by Peter Firstbrook of Gartner
http://www.sans.org/info/48357
***********************************************************************
THE REST OF THE WEEK'S NEWS
--Musicians Oppose UK's Plan to Cut Filesharers Off from Internet
(September 10, 2009)
Members of the music industry say they "vehemently oppose"
the UK's proposal to boot illegal filesharers off the Internet.
The Featured Artists Coalition (FAC), which represents musicians,
song writers, and producers, acknowledged that filesharing takes a
bite out of their profits, but cautioned that "what's going on is
a huge paradigm shift." FAC noted that filesharing can actually
encourage people to buy music for themselves and attend concerts.
Members are concerned that fans will become disenchanted with the
music industry and say that "the sensible thing to do is to see how
we can monetize all this filesharing activity."
http://www.scmagazineuk.com/Musicians-speak-for-file-sharing-and-against-government-plans-to-kick-file-sharers-off-the-internet/article/148518/
http://news.bbc.co.uk/2/hi/entertainment/8247376.stm
--Four Indicted in Piracy Case
(September 10, 2009)
Adil R. Cassim, Bennie Glover, Matthew D. Chow and Edward L. Mohan
II have been indicted on charges of conspiracy to commit copyright
infringement in connection with an alleged music piracy group.
The four men are allegedly members of a music sharing group known
as Rapid Neurosis (RNS), which is known for making pirated music,
video games, movies and software available for downloading from the
Internet. Each of the men faces a maximum prison term of five years,
a fine of up to US $250,000 and up to three years of supervised
release. Two other alleged RNS members, Patrick L. Saunders and
James A. Dockery, have already been charged with conspiracy to commit
copyright infringement. Saunders pleaded guilty to the charges against
him earlier this week.
http://www.computerworld.com/s/article/9137813/Four_indicted_on_music_piracy_charges?source=rss_security
--Apple Releases iPhone and QuickTime Updates
(September 10, 2009)
Apple has released updates for its iPhone and QuickTime player.
The iPhone update fixes 10 vulnerabilities, including one that could
be exploited to disrupt SMS text messaging. The update also addresses
other flaws that could be exploited to expose users' Microsoft Exchange
email accounts and access deleted email messages and other sensitive
information. The QuickTime player update addresses four critical
flaws, all of which lie in the way QuickTime handles file formats.
http://www.computerworld.com/s/article/9137832/Apple_patches_10_iPhone_bugs_4_QuickTime_flaws?source=rss_security
http://support.apple.com/kb/HT3860
http://support.apple.com/kb/HT3859
[Editor's Note (Schultz): As good a product as the iPhone is,
it has a disproportionate number of vulnerabilities. The fact that
Apple is releasing another set of updates for the iPhone is at least
a good sign.]
--Snow Leopard Update Fixes Flash Player Downgrade Issue
(September 10, 2009)
Apple has released an update for Mac OS X Snow Leopard to fix a
problem with Flash Player. Snow Leopard was released late last month,
and it was quickly noted that the new OS installed an outdated version
of Adobe Flash Player. Even if users had an updated version of the
program installed, Snow Leopard downgraded it to the older version.
The updated version of Snow Leopard, 10.6.1, released on Thursday,
September 10, updates Flash Player to version 10.0.32.18, the most
recent release.
http://news.cnet.com/8301-13579_3-10350001-37.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://support.apple.com/kb/HT3810
--Firefox Update Addresses Security and Stability Issues
(September 9 & 10, 2009)
Mozilla has released Firefox version 3.5.3 for Mac, Windows and
Linux to fix several vulnerabilities and stability issues. The flaws
could be exploited to execute arbitrary code, spoof URLs or cause
denial-of-service. Users still running Firefox 3.0.x also need to
update to version 3.0.14 to protect their machines. Mozilla pushes
out the updates to users who have its automated update system enabled.
The new version of Firefox also checks to see if users are running
the most current versions of Adobe Flash Player.
http://www.theregister.co.uk/2009/09/10/firefox_update/
http://www.computerworld.com/s/article/9137799/Mozilla_patches_10_Firefox_3.5_vulnerabilities?source=rss_security
http://www.computerworld.com/s/article/9137786/Mozilla_releases_Flash_checking_security_update?source=rss_security
http://www.h-online.com/security/Numerous-holes-in-Firefox-3-0-and-3-5-fixed--/news/114206
http://www.scmagazineus.com/Firefox-updated-for-security-flaws/article/148582/
http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
http://blog.mozilla.com/security/2009/09/04/helping-users-keep-plugins-updated/
--Guilty Plea in Phishing Case
(September 9, 2009)
Tien "Tim" Truong Nguyen has pleaded guilty to charges of fraud and
identity theft for his role in a phishing scheme in which personal
information was stolen and used to establish fraudulent Wal-Mart
credit card accounts. Nguyen allegedly worked with Romanian cyber
criminals, establishing phishing websites and supplying the stolen
personal information that was used to create the accounts. The scheme
was uncovered thanks to an anonymous tip that two of Nguyen's alleged
accomplices had fraudulently obtained Wal-Mart merchandise stashed
in a garage. Nguyen apparently supplied the information in exchange
for methamphetamine.
http://www.computerworld.com/s/article/9137775/Man_pleads_guilty_in_Wal_Mart_card_phishing_scheme?source=rss_security
[Editor's Note (Ranum): The story said he "supplied the information
in exchange for Methamphetamine." There has to be a good T-shirt in
that. Perhaps something about "cloud computing" but I just can't put
my finger on it.]
--Scientist Sued for Trade Secret Theft
(September 9, 2009)
DuPont is suing a former employee for theft of trade secrets.
Hong Meng has been accused of stealing proprietary information from
DuPont while employed there as a senior research scientist. Meng,
who is a Chinese citizen with permanent US residence status, allegedly
accepted a position at Peking University while still employed at
DuPont. Shortly before he was scheduled to be transferred to a DuPont
facility in China, a standard review of his hard drive revealed an
"illicit connection to Peking University." The university is perceived
as a research rival because both entities are working on thin computer
display technology known as "organic light-emitting diode" (OLED).
Information gathered from Meng's company laptop indicated that he had
downloaded files pertinent to OLED technology development and copied
them to an external drive.
http://www.darkreading.com/database_security/security/perimeter/showArticle.jhtml?articleID=219700380
http://www.computerworld.com/s/article/9137780/DuPont_sues_Chinese_scientist_for_trade_secret_theft?source=rss_security
--Microsoft Releases Five Critical Security Bulletins
(September 8 & 9, 2009)
Microsoft has issued five security bulletins to fix eight
vulnerabilities in Windows. All five bulletins have maximum severity
ratings of critical; all address flaws that could be exploited to
gain access to vulnerable system with no user interaction. The flaws
lie in the DHTML Editing Component ActiveX control, Windows TCP/IP,
Windows Media Format, Wireless LAN AutoConfig Service, and the Jscript
scripting engine.
http://voices.washingtonpost.com/securityfix/2009/09/microsoft_fixes_eight_security.html
http://news.cnet.com/8301-13860_3-10346665-56.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx
--SQL Injection Flaw Exposes Carpoolers' Personal Information
(September 8, 2009)
An SQL injection vulnerability on a website used to coordinate
worker carpools in Southern California is exposing site users'
personally identifiable information, including names, home addresses,
commuting times and some employee numbers. The website's developer was
notified of the vulnerability several weeks ago, but the flaw remains
active. At least one US military installation uses the website.
http://www.theregister.co.uk/2009/09/08/ridematch_website_vulnerability/
--Server Reliability Study
(September 8, 2009)
An Information Technology Intelligence Corp. (ITIC) study based on
a survey of more than 400 C-level executives at a variety of companies
worldwide examined data about server outages on various platforms.
The study identified three levels of outages: Tier 1 outages can
usually be resolved quickly; Tier 2 outages result in between 30
minutes and four hours of downtime; Tier 3 outages last longer than
four hours and can result in data loss. IBM AIX UNIX running on the
Power series servers garnered the highest reliability rating.
http://www.theregister.co.uk/2009/09/08/itic_server_availability_rankings/print.html
http://itic-corp.com/blog/2009/07/itic-2009-global-server-hardware-server-os-reliability-survey-results/
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and
the author/co-author of books on Unix security, Internet security,
Windows NT/2000 security, incident response, and intrusion detection
and prevention. He was also the co-founder and original project manager
of the Department of Energy's Computer Incident Advisory Capability
(CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked
in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently
serves as President of the SANS Technology Institute, a post graduate
level IT Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet
Storm Center and Dean of the Faculty of the graduate school at the
SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at
TippingPoint, where he leads the Digital Vaccine and ThreatLinQ
groups. His group develops protection filters to address
vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other
applications for use in TippingPoint's Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information
Security Forum (ISF) and author who has served as CSO for Microsoft
and eBay and as Vice-Chair of the President's Critical Infrastructure
Protection Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and
he is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center
(NIPC) at the FBI and is the incoming President of the InfraGard
National Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the
information security field who have held a top management position in
a Fortune 50 company (Alcoa). He is leading SANS' global initiative
to improve application security.
David Hoelzer is the director of research & principal examiner
for Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security
Officer of the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and
is widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center
for Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFKqnk0+LUG5KFpTkYRAvhgAJ9pvMNlQOAXynhJZU1JKUZL2+Ma4ACeIMO0
NAHxDOQk5jMNEp8P/vneIxk=
=Wkgt
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
