Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
SANS NewsBites Vol. 11 Num. 77 : Judge Orders Personal Email Account Locked After Bank Error
- From: The SANS Institute
- Date: Tue Sep 29 17:40:10 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*************************************************************************
SANS NewsBites September 29, 2009 Vol. 11, Num. 77
*************************************************************************
TOP OF THE NEWS
Judge Orders Google to Deactivate Account
Court Upholds Decision to Revoke Bottle Domains' Registrar Accreditation
House Subcommittee Approves Cyber Security R&D Bill Amendment
THE REST OF THE WEEK'S NEWS
Cyber Criminals Targeting Foreign Journalists in China
Reddit Fixes Cross-Site Scripting Hole
Inmate Tapped to Help With Computer Program Accessed Hard Drive
US-CERT Warns of Spam Pretending to be From IRS
UNC Notifying Mammography Research Project Participants of Data Breach
FBI Investigating Cyber Theft of School District Funds
Plea Deal for DOD Intelligence Analyst
********************** Sponsored By Q1 Labs ***************************
** THE SECURITY MANAGEMENT EVOLUTION: WHAT'S NEXT? **
GET THE WHITE PAPER NOW: http://www.sans.org/info/49149
Respected industry analyst firm Enterprise Strategy Group (ESG) provides
a unique perspective on the evolution of security information and event
management (SIEM) solutions from niche firewall log analyzers to highly
strategic security management solutions. How can organizations like
yours identify and leverage the newest, most sophisticated tools in the
next phase of the Evolution?
*************************************************************************
TRAINING UPDATE
-- SANS Chicago North Shore, Oct. 26-Nov. 2,
http://www.sans.org/chicago09/
-- SCADA Security Summit, Stockholm, Oct. 27-30,
http://www.sans.org/euscada09_summit/
-- SANS San Francisco, November 9-14,
http://www.sans.org/sanfrancisco09
-- SANS Sydney, Nov.9-14
http://sans.org/sydney09/
-- SANS London, UK, Nov.28-Dec. 9,
http://sans.org/london09/
-- SANS CDI, Washington DC, Dec. 11-18,
http://www.sans.org/cyber-defense-initiative-2009
- --- SANS Security East 2010, New Orleans, January 10-18, 2010
19 courses, bonus evening presentations
http://www.sans.org/security-east-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Tokyo, Dubai, Hong Kong, and Vancouver, all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************
TOP OF THE NEWS
--Judge Orders Google to Deactivate Account
(September 24 & 28, 2009)
A US District Court Judge in California has ordered Google to deactivate
the Gmail account of a user who was accidentally sent confidential bank
information. An employee of Wyoming-based Rocky Mountain Bank sent the
data to the account in error; the data include names, Social Security
Numbers (SSNs) and loan information of more than 1,300 bank customers.
Upon recognizing the mistake, the bank sent another email to the same
address, requesting that the recipient destroy the previous email and
contact Rocky Mountain Bank. After receiving no reply, the bank asked
Google for information about the account holder. Google said that it
would not surrender any information without a court order. The judge's
order is controversial because it appears to violate the account
holder's First Amendment rights. Additionally, deactivating an
individual's Gmail account could have far-reaching effects.
http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=114264
http://www.theregister.co.uk/2009/09/28/google_rocky_mountain_bank_suit_rollls_on/
[Editor's Note (Northcutt): I had to read this, drink a cup of hot tea,
and read it again to comprehend how significant this case is. Please
take the time to read the story. There are a couple of issues here. One
is that the legal system follows technology by some number of years.
Looking backward five years, you can sort of see Judge Ware's point of
view, "It is just an email account, the person can get another one."
Looking forward two or three years, in the words of Charlene Li, "In the
future, two pieces of information will identify you, your email address
and your mobile phone number". Bottom line, Judge Ware made a bad call.]
--Court Upholds Decision to Revoke Bottle Domains' Registrar Accreditation
(September 26 & 28, 2009)
Last week, an Australian court upheld a decision made by the Australian
Domain Name Administrator (auDA) to terminate domain registrar Bottle
Domains' accreditation after the company failed to disclose a data
security breach that occurred in 2007. That issue was unearthed when
information from the Bottle Domains database was stolen and sold on the
Internet. The court noted Bottle Domains' "extraordinary indifference
to the effect of credit card fraud on its victims." Company owner
Nicholas Bolton appears to have "acknowledged that it was his consistent
position that no warning should be given to registrants concerning the
possible misuse of their credit card details until further information
was received from the [Australian Federal Police]." The compromised
data include credit card details of 25,000 Bottle Domains customers.
http://www.securecomputing.net.au/News/156951,court-slams-bottle-domains-lax-security.aspx
http://www.businessday.com.au/business/second-blow-for-bolton-as-company-is-banned-20090925-g696.html
[Editor's Note (Pescatore): Registrars really should be held to higher
security standards, both of their infrastructure and of their practices
in validating customers' identity. The .org domain has been doing good
work, good to see auDA take a tough stand.
(Schultz): For better or worse, domain registrars and ISPs that do not
cooperate with law enforcement and other investigations are ultimately
bound to suffer the fate that auDA did.]
--House Subcommittee Approves Cyber Security R&D Bill Amendment
(September 25, 2009)
A US House subcommittee has approved legislation aimed at bolstering the
Cybersecurity Research and Development Act. If the proposed law is
enacted, federal agencies would be required to submit long term research
and development plans that are "based on an assessment of cybersecurity
risk." The bill now goes to the House Committee on Science and
Technology.
http://www.scmagazineus.com/House-subcommittee-passes-cybersecurity-RD-bill/article/149714/
************************ Sponsored Links: ****************************
1) IBM Security Management & Compliance Solutions - In the US nearly
114,000 regulations have been introduced since 1981.Learn more at the
Service Management Resource Center.
http://www.sans.org/info/49154
2) WEBCAST: Defending against Web 2.0 and Browser Hacks & Attacks. Can
SaaS Web Security Deliver Higher Protection & Lower Cost? Keynote by
Peter Firstbrook of Gartner
http://www.sans.org/info/49159
3) Register today for an upcoming Novell sponsored SANS web cast on 10/6
titled, Ask The Expert: Offense and Defense: Better Correlation.
http://www.sans.org/info/49164
***********************************************************************
THE REST OF THE WEEK'S NEWS
--Cyber Criminals Targeting Foreign Journalists in China
(September 28, 2009)
Cyber attackers have been targeting foreign journalists in China with
malicious email. The English messages are well-written and are
accompanied by a PDF attachment that contains malicious code. The
emails appear to be from various news outlets' economics editors. The
information contained in the body of the email message appears
legitimate; the contacts listed are real people who are professionally
involved in the issues described in the message.
http://www.infowar-monitor.net/2009/09/targeted-malware-attack-on-foreign-correspondents-based-in-china/
http://www.theglobeandmail.com/news/national/foreign-journalists-in-china-target-of-computer-attack/article1303450/
[Editor's Note (Northcutt): Pssst, this has been going on for years. We
call it spear phishing. One thing to consider is posting some incorrect
information on Twitter etc, so you can see if that is the source of the
information collection.
(Schultz): Interestingly, the kinds of attacks described in this news
item are the same kinds of attacks (ostensibly originating from China)
that have been haunting the US and UK governments for years.]
--Reddit Fixes Cross-Site Scripting Hole
(September 28, 2009)
Administrators of the Reddit social news aggregator site have fixed a
cross-site scripting (XSS) security hole that was being exploited to
post spam comments to Reddit threads. The attack took advantage of "the
fact that Reddit wasn't filtering out JavaScript in certain instances
when [a user] was hovering [the] mouse over text." Administrators are
also deleting the rogue postings.
http://www.theregister.co.uk/2009/09/28/reddit_xss_worm/
http://www.h-online.com/security/Reddit-Attacked-by-XSS-Exploit--/news/114337
http://www.f-secure.com/weblog/archives/00001777.html
--Inmate Tapped to Help With Computer Program Accessed Hard Drive
(September 27, 2009)
Prison officials at Ranby Prison in Nottinghamshire, UK who wanted to
create an internal television station at the facility asked an inmate
to help create a program to facilitate the process. The man, Douglas
Havard, was serving a six year jail sentence for his role in a phishing
scheme that stole an estimated GBP 6.5 million (US $10.4 million). He
allegedly accessed the computer system hard drive while left unattended
and created a labyrinth of passwords that locked others out of the
system. A Prison System spokesperson said Havard "was not able to
access records of any other prisoners." Havard is a US citizen serving
time in a UK prison.
http://www.mirror.co.uk/news/top-stories/2009/09/27/conputer-meltdown-115875-21703149/
Story from June 2005 about Havard's original sentence:
http://www.spamdailynews.com/publish/Doug_Havard_jailed_for_6_years_over_identity_theft_crimes.asp
[Editor's Note (Schmidt): This makes about as much sense as asking a
child molester to watch your kids while you run to the store. We will
see more of these incidents as people put cyber criminals in positions
of access, based on their "perceived" technical expertise. Maybe they
should have him sign a non-disclosure agreement.]
--US-CERT Warns of Spam Pretending to be From IRS
(September 25 & 28, 2009)
The US Computer Emergency Readiness team (US-CERT) has issued an alert
warning of a spam attack in which the messages are spoofed to appear to
come from the US Internal Revenue Service (IRS) regarding underreported
income. The messages encourage the recipients to open an attachment or
click on a link to view their tax statement, but the attachment contains
malware and the link leads to a malicious website. The IRS warns people
not to open attachments in emails claiming to be from the agency. The
malware used in this attack is the Zeus Trojan horse program, which is
difficult to detect. Zeus is used to help cyber criminals steal money
from bank accounts.
http://www.computerworld.com/s/article/9138527/IRS_scam_now_world_s_biggest_e_mail_virus_problem?source=CTWNLE_nlt_dailyam_2009-09-28
http://voices.washingtonpost.com/securityfix/2009/09/irs_scam_e-mail_could_be_costl.html
http://www.us-cert.gov/current/#malicious_code_spreading_via_irs
--UNC Notifying Mammography Research Project Participants of Data Breach
(September 25, 2009)
The University of North Carolina at Chapel Hill (UNC) is notifying
163,000 women whose personal information was exposed in a computer
security breach. The compromised server at the UNC School of Medicine
contains data collected as part of a mammography research project, and
received data from 31 sites across the state. The breach was discovered
over the summer, but may have occurred as long ago as 2007. Once the
breach was detected, the server was taken offline.
http://www.computerworld.com/s/article/9138529/UNC_data_breach_exposes_163_000_SSNs?source=rss_security
http://www.charlotteobserver.com/local/story/967722.html
--FBI Investigating Cyber Theft of School District Funds
(September 25 & 28, 2009)
The FBI is looking into a series of cyber attacks across the country
including several at public school districts in Illinois. The attacks
may involve malware known as Clampi that is sued to steal bank account
login data. The attackers stole $350,000 from Crystal Lake District
47's bank account over the summer.
http://www.nwherald.com/articles/2009/09/24/r_81bg6yrarwyi8zmka9p1q/index.xml
http://www.computerworld.com/s/article/9138636/School_boards_hit_with_cash_stealing_Trojan?source=rss_security
--Plea Deal for DOD Intelligence Analyst
(September 24, 2009)
A US Defense Department intelligence analyst has agreed to a plea deal
that clears him of charges of felony hacking. Brian Keith Montgomery,
who held top secret clearance in connection with his work at the
National Geospatial-Intelligence Agency, saw a message regarding an
unrelated, classified anti-terrorism operation. He logged into a system
associated with the operation twice using a password he had obtained
from a classified message that he was authorized to access. Authorities
maintain that by logging into the system, Montgomery damaged a terrorism
investigation and "caused harm to the US Army and the FBI." Montgomery
pleaded guilty to a lesser charge of exceeding authorized access to a
computer.
http://www.wired.com/threatlevel/2009/09/montgomery_plea/
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and eBay and
as Vice-Chair of the President's Critical Infrastructure Protection
Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkrCbV4ACgkQ+LUG5KFpTkb40gCgiuC7stO46ubpjoJzvBWcaDtO
xPsAn0oVDTR2Pd3fORWeQqDxlHhv3byD
=cOUs
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
