Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
SANS NewsBites Vol. 11 Num. 82 : Broadband Internet Access Deemed a Legal Right
- From: The SANS Institute
- Date: Fri Oct 16 14:33:45 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
************************************************************************
SANS NewsBites October 16, 2009 Vol. 11, Num. 82
************************************************************************
TOP OF THE NEWS
Finland Declares 1Mb Broadband Access a Legal Right
Microsoft Releases Bumper Crop of Bulletins
THE REST OF THE WEEK'S NEWS
More Breach Woes at PayChoice
Schwarzenegger Nixes Data Breach Notification Bill
Guilty Pleas in Natwest Phishing Case
Missing Flash Drive Holds Virginia Adult Ed. Student Information
Most Sidekick Data Recovered
Alleged VoIP Hacker Extradited
Mozilla Releases Plug-In Check Service for Firefox
Adobe Security Update Fixes Nearly 30 Flaws
Rising Online Banking Theft Spurs New Recommendations
Malware Infection Prompts Michigan Airport to Take Website Offline
One Third of Japanese Web Sites Have Flaws That Enable Unauthorized Access
*********************** Sponsored By BigFix, Inc. **********************
UPCOMING WEBCAST: Network Control Meets Endpoint Security Featuring:
Kimber Spradlin
This live web presentation and Q&A with a panel of experts from BigFix
and ForeScout will provide an overview of the many different dimensions
of security, including best practices for achieving continuous
compliance at the endpoint and on the network.
http://www.sans.org/info/49753
************************************************************************
TRAINING UPDATE
- -- SANS Tokyo, October 19-24,
http://www.sans.org/sanstokyo2009_autumn/
- -- SANS Chicago North Shore, Oct. 26-Nov. 2,
http://www.sans.org/chicago09/
- -- SCADA Security Summit, Stockholm, Oct. 27-30,
http://www.sans.org/euscada09_summit/
- -- SANS Middle East, October 31-November 11,
http://www.sans.org/middleeast09/
- -- SANS San Francisco, November 9-14,
http://www.sans.org/sanfrancisco09
- -- SANS Sydney, Nov.9-14
http://sans.org/sydney09/
- -- SANS London, UK, Nov.28-Dec. 9,
http://sans.org/london09/
- -- SANS CDI, Washington DC, Dec. 11-18,
http://www.sans.org/cyber-defense-initiative-2009
- -- SANS Security East 2010, New Orleans, January 10-18, 2010
19 courses, bonus evening presentations
http://www.sans.org/security-east-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Hong Kong, Oslo and Vancouver, all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************
TOP OF THE NEWS
--Finland Declares 1Mb Broadband Access a Legal Right
(October 14 & 15, 2009)
The Finnish government has enacted a law making 1Mb broadband Internet
access a legal right. The law will take effect in July 2010. The
country may eventually guarantee its citizens the right to 100Mb
broadband connections. Finland's Transport and Communications Ministry
spokesperson Laura Vikkonen was quoted as saying that "We think [the
Internet is] something you cannot live without in modern society. Like
banking services or water or electricity, you need an Internet
connection." Earlier this year, France declared Internet access to be
a human right.
http://news.cnet.com/8301-17939_109-10374831-2.html
http://network.nationalpost.com/np/blogs/posted/archive/2009/10/15/finland-makes-broadband-internet-a-legal-right.aspx
--Microsoft Releases Bumper Crop of Bulletins
(October 13 & 14, 2009)
Microsoft released a record 13 security bulletins on Tuesday, October
13. The bulletins address a total of 34 vulnerabilities, including a
flaw in the File Transfer Protocol (FTP) service in Internet Information
Services (IIS) and a trio of Server Message Block (SMB) flaws. Exploit
code for one of the SMBv2 flaws was posted to the Internet before the
fix was released. The release includes fixes for all supported versions
of Windows. Two of the critical patches address flaws in Windows 7; the
official release date for the new operating system is October 22, but
it has been available to certain entities since this summer.
ISC: http://isc.sans.org/diary.html?storyid=7345
http://news.cnet.com/8301-27080_3-10374134-245.html
http://www.h-online.com/news/item/Microsoft-Patch-Tuesday-34-security-vulnerabilities-addressed-828128.html
http://www.scmagazineus.com/Microsoft-Patch-Tuesday-bonanza-13-fixes-for-34-flaws/article/152214/
http://www.theregister.co.uk/2009/10/14/microsoft_patch_tuesday_oct_2009/
http://www.computerworld.com/s/article/9139371/Microsoft_patches_last_major_ATL_bugs?source=rss_security
http://www.computerworld.com/s/article/9139307/Microsoft_delivers_massive_Patch_Tuesday_fixes_34_flaws?
http://www.msnbc.msn.com/id/33310782/ns/technology_and_science-security/
http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx
Editor's Note (Schultz): Interestingly, over the six years since the
first "Patch Tuesday," Microsoft has released nearly 400 bulletins that
have described nearly 750 vulnerabilities, over half of which have been
labeled "critical." See blog.emagined.com for a full commentary. ]
************************ Sponsored Links: ****************************
1) Register Today and receive 10% off for SANS vLive course SEC542, Web
App Penetration Testing and Ethical Hacking, November 2nd - November
9th. Please use the code @Risk542 when registering.
http://www.sans.org/info/49758
2) REGISTER NOW for the upcoming Webcast, brought to you by: Breach
Security, Inc. Achieving Web Application Integrity with WebDefend
http://www.sans.org/info/49763
***********************************************************************
THE REST OF THE WEEK'S NEWS
--More Breach Woes at PayChoice
(October 15, 2009)
Online payroll services provider PayChoice has taken its onlineemployer.
com portal offline for the second time in a month. In an email to its
customers, PayChoice said that "we determined that valid user
credentials for an Online Employer user were used in an unauthorized
manner to add ... fictitious employees in an attempt to have payments
made to fraudulent bank accounts." Last month, cyber criminals hacked
into PayChoice servers, stole customer information and used it to send
customized emails messages that urged the recipients to download a
plug-in to ensure uninterrupted service. The download was actually
malware that stole login credentials.
http://voices.washingtonpost.com/securityfix/2009/10/paychoice_suffers_another_data.html
--Schwarzenegger Nixes Data Breach Notification Bill
(October 13 & 15, 2009)
California Governor Arnold Schwarzenegger has vetoed legislation that
would have required data breach notification letters to include more
specific information about each incident. SB-20 would have mandated
that entities experiencing data breaches provide affected consumers with
details of the incident, the type of data compromised, and
recommendations for guarding against identity fraud. It also would have
required organizations to send copies of notification letters to the
state attorney general's office if the breach affected more than 500
people. The governor said he declined to sign the bill because there
is no evidence that the additional information would help consumers.
http://www.scmagazineus.com/Schwarzenegger-negs-update-to-California-breach-law/article/152379/
Editor's Note (Schultz): Schwarzenegger's veto of yet another bill that
would have greatly benefited consumers in California amounts to just one
of many nails in the coffin of what initially appeared to be a promising
political career. ]
--Guilty Pleas in Natwest Phishing Case
(October 15, 2009)
Four people have pleaded guilty to conspiracy to defraud and money
laundering for their roles in a phishing scheme that targeted Natwest
online banking customers. The group used a Trojan horse program to
steal account information from 138 of the UK bank's customers; they
stole GBP 600,000 (US $982,000), of which GBP 140,000 (US $229,000) has
been recovered. The pleas mark the conclusion of the first successful
case for the Police Central e-Crime Unit.
http://www.itpro.co.uk/616339/london-cyber-criminals-face-jail-for-natwest-fraud
http://www.google.com/hostednews/ukpress/article/ALeqM5hbgMgqo5cerMbHLegx9daws4Q5oA
--Missing Flash Drive Holds Virginia Adult Ed. Student Information
(October 15, 2009)
Virginia Department of Education officials have acknowledged that a
missing flash drive contains personally identifiable information of more
than 103,000 former adult education students. The unencrypted data
include names, Social Security numbers (SSNs) and employment
information. The information on the drive was intended to be used in
research. Transferring unencrypted data is a violation of agency
policy.
http://www.washingtonpost.com/wp-dyn/content/article/2009/10/14/AR2009101402118.html
Editor's Note (Honan): Time and time again we hear the line "violation
of policies" being trotted out when a breach such as this happens.
Policies without controls are as ineffective as guns without bullets. ]
--Most Sidekick Data Recovered
(October 15, 2009)
According to a Microsoft executive, "most if not all" of the Sidekick
data believed to have been lost last week has been recovered. The
company expects to start restoring the data to users' devices soon. The
statement offered little in the way of explanation for the outage, but
notes that it has implemented a "more resilient back-up process" to
guard against data loss in the future. New Sidekick sales are still
suspended.
http://www.h-online.com/news/item/Microsoft-restores-Sidekick-customer-data-830189.html
http://voices.washingtonpost.com/fasterforward/2009/10/microsoft_says_it_can_recover.html
http://www.computerworld.com/s/article/9139407/Microsoft_recovers_most_Sidekick_data?taxonomyId=17
http://news.bbc.co.uk/2/hi/technology/8309218.stm
http://news.cnet.com/8301-13860_3-10375994-56.html
--Alleged VoIP Hacker Extradited
(October 15, 2009)
Edwin Pena is being extradited from Mexico to the US to face charges
related to the theft and resale of voice over Internet protocol (VoIP)
services. Pena has been a fugitive for more than three years. Pena was
arrested in June 2006 and was released on US $100,000 bail,
http://www.computerworld.com/s/article/9139434/Fugitive_hacker_headed_back_to_U.S._for_arraignment?source=rss_security
--Mozilla Releases Plug-In Check Service for Firefox
(October 14, 2009)
Mozilla now has a service that checks to make sure that Firefox users
are running the most recent versions of browser plug-ins. The first
version of the service checks the status of about 15 plug-ins; Mozilla
plans to add others in the future. There are also plans to embed the
service in Firefox 3.6, which is scheduled for a November release.
Firefox already has the capability to check if add-ons are up to date.
According to Mozilla, out-of-date plug-ins are responsible for about 30
percent of browser crashes.
http://www.theregister.co.uk/2009/10/14/mozilla_firefox_security_plugin/
http://www.computerworld.com/s/article/9139372/To_boost_security_Mozilla_launches_plug_in_checker?source=rss_security
http://voices.washingtonpost.com/securityfix/2009/10/mozilla_firefox_users_check_yo.html
http://www.informationweek.com/news/internet/browsers/showArticle.jhtml?articleID=220600898
--Adobe Security Update Fixes Nearly 30 Flaws
(October 13 & 14, 2009)
Adobe's scheduled quarterly security update for October addresses nearly
30 security flaws in Adobe Reader and Acrobat. One of the critical
vulnerabilities has already been exploited in the wild. The update
affects Reader and Acrobat version 9.1.3; Acrobat version 8.1.6 for
Windows, Mac and Unix; and Reader and Acrobat version 7.1.3 for Windows
and Mac. Users are urged to upgrade to the most recent versions of
Acrobat and Reader. Also included in this release is a new software
updater for Reader and Acrobat.
ISC: http://isc.sans.org/diary.html?storyid=7348
http://news.cnet.com/8301-27080_3-10374264-245.html
http://www.h-online.com/news/item/Adobe-closes-29-vulnerabilities-in-Acrobat-and-Reader-828796.html
http://www.theregister.co.uk/2009/10/13/adobe_reader_updater_update/
http://www.adobe.com/support/security/bulletins/apsb09-15.html
--Rising Online Banking Theft Spurs New Recommendations
(October 12 & 14, 2009)
The Clampi Trojan horse program infected computers at the Cumberland
County (PA) Redevelopment Authority, allowing cyber thieves to steal
nearly US $480,000 from the organization's bank account. Just over US
$100,000 of the stolen money has been recovered. The incident is one
of a growing number affecting organizations that offer online banking
services. Because Clampi affects only Windows operating systems, one
possible solution to the problem is for organizations that choose to
conduct their banking online to use a Live CD, a read-only, bootable
operating system such as Ubuntu.
http://www.theregister.co.uk/2009/10/14/microsoft_windows_bank_thefts/
http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html
Editor's Note (Schultz): Cybercrooks will go wherever the money is. If
Ubuntu-based online banking services are used increasingly, the crooks
will quickly figure out how to defraud customers despite a change in the
underlying operating system on which these services are built.
(Honan): As with all matters relating to information security we should
not use a knee jerk reaction, such as asking users to use Live CDs for
their banking. Rather we need to look at the methods of attack and
device better ways of preventing, detecting and reacting to them. ]
--Malware Infection Prompts Michigan Airport to Take Website Offline
(October 12 & 13, 2009)
The Gerald R. Ford International Airport in Grand Rapids, Michigan took
its website offline on Monday because of a suspected malware infection.
Travelers were directed to airline websites for flight information until
the site was put back online on Tuesday morning. Airport officials made
the decision to take the site down to protect users from getting
infected while visiting the site. The infection manifested itself as a
pop-up that purported to be from Adobe, urging users to download an
Adobe Reader update; the download was actually malware. The malware
also appears to have infected the airport's administrative system.
http://www.theregister.co.uk/2009/10/13/airport_malware_infection/
http://www.woodtv.com/dpp/news/local/grand_rapids/Airport_Web_site_down_with_virus_issues
--One Third of Japanese Web Sites Have Flaws That Enable Unauthorized Access
(October 16, 2009)
Japan's largest security organization, NRI SecureTechnologies, just
published an English translation of its authoritative annual study of
web site security issues and trends in Japan. Interesting reading.
http://www.nri-secure.co.jp/news/2009/1009_report.html
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and eBay and
as Vice-Chair of the President's Critical Infrastructure Protection
Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkrYrFEACgkQ+LUG5KFpTkZLLwCeNnksM3I16a3neSdfKjYOhOdS
qIAAoKFmWD9cFigowckZGH+mNr0fqcXA
=LJBx
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
