Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
SANS NewsBites Vol. 11 Num. 83 : Second data breach brings $275,000 fine for ChoicePoint
- From: The SANS Institute
- Date: Tue Oct 20 15:12:38 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*************************************************************************
SANS NewsBites October 20, 2009 Vol. 11, Num. 83
*************************************************************************
TOP OF THE NEWS
ChoicePoint to Pay US $275,000 to Settle FTC Complaint Over Second
Data Breach
UK ISP Demonstration Aims to Reveal Problems with Proposal to Cut
Filesharers' Connections
THE REST OF THE WEEK'S NEWS
Scareware Locks Apps on Infected PCs
UK Police Granted Right to Retain Data on Old Convictions
South Korean Chemical Accident Response Information System Breached
Oracle's Quarterly Critical Patch Update Scheduled for October 20
Former Ford Engineer Arrested for Alleged Theft of Trade Secrets
GAO Report Finds Security Weaknesses at NASA
ENISA Names New Director
Postini Delivery Problems Vex Users
*********************** Sponsored By NetWitness *************************
NetWitness provides patented and award winning, next generation security
solutions that help government and private organizations discover,
prioritize and remediate complex IT risks. NetWitness solutions
concurrently solve a wide variety of information security problems
including: advanced persistent threat management; sensitive data
discovery and data leakage detection; malware activity discovery;
insider threat management; policy and controls verification and
e-discovery.
http://www.sans.org/info/49768
*************************************************************************
TRAINING UPDATE
-- SANS Chicago North Shore, Oct. 26-Nov. 2,
http://www.sans.org/chicago09/
-- SCADA Security Summit, Stockholm, Oct. 27-30,
http://www.sans.org/euscada09_summit/
-- SANS Middle East, October 31-November 11,
http://www.sans.org/middleeast09/
-- SANS San Francisco, November 9-14,
http://www.sans.org/sanfrancisco09
-- SANS Sydney, Nov.9-14
http://sans.org/sydney09/
-- SANS London, UK, Nov.28-Dec. 9,
http://sans.org/london09/
-- SANS CDI, Washington DC, Dec. 11-18,
http://www.sans.org/cyber-defense-initiative-2009
-- SANS Security East 2010, New Orleans, January 10-18, 2010
19 courses, bonus evening presentations
http://www.sans.org/security-east-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Hong Kong, Oslo and Vancouver, all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************
TOP OF THE NEWS
--ChoicePoint to Pay US $275,000 to Settle FTC Complaint Over Second
Data Breach
(October 19, 2009)
Data broker ChoicePoint has agreed to pay US $275,000 in fines to settle
a US Federal Trade Commission (FTC) complaint stemming from an April
2008 data security breach. The complaint maintains that ChoicePoint did
not abide by the terms of an earlier settlement to resolve issues
related to a 2004 breach; that settlement required ChoicePoint to
establish comprehensive cyber security measures to protect consumers'
data, and imposed US $15 million in penalties and compensation. The
earlier breach affected more than 160,000 people and resulted in at
least 800 instances of identity fraud; the April 2008 breach affected
13,750 people.
http://www.pcworld.com/article/173902/choicepoint_to_pay_fine_for_second_data_breach.html
http://voices.washingtonpost.com/securityfix/2009/10/choicepoint_breach_exposed_137.html
[Editor's Note (Schultz): Making requisite changes in corporate
information technology, operations and other areas to adequately
mitigate data security risks is not something that can be done quickly
or easily. Perhaps then it is just that ChoicePoint has escaped with not
all that large a fine after its latest data security breach. ]
--UK ISP Demonstration Aims to Reveal Problems with Proposal to Cut
Filesharers' Connections
(October 16, 2009)
UK Internet service provider (ISP) TalkTalk staged a demonstration of
how easily owners of wireless connections could be wrongly accused of
illegal filesharing. A TalkTalk security expert found 23 unsecured
wireless connections in a residential neighborhood, and with the owners'
permission, used those connections to download music. The files he
downloaded were downloaded legally. TalkTalk hopes to demonstrate that
the government's proposed plan to cut off Internet access to those who
share files in violation of copyright law could end up punishing
innocent people. The British Phonographic Industry (BPI) maintains that
it will educate users before cutting them off, and that their
information-gathering tools are sophisticated enough to prevent innocent
people from being cut off.
http://news.bbc.co.uk/2/hi/technology/8305379.stm
http://news.zdnet.co.uk/security/0,1000000189,39812831,00.htm
************************ Sponsored Links: ****************************
1) Register Today and receive 10% off for SANS vLive course SEC542, Web
App Penetration Testing and Ethical Hacking, November 2nd - November
9th. Please use the code @Risk542 when registering.
http://www.sans.org/info/49773
2) Learn network- and host-centric methods to detect intruders at the
Incident Detection Summit December 9-10.
http://www.sans.org/info/49778
***********************************************************************
THE REST OF THE WEEK'S NEWS
--Scareware Locks Apps on Infected PCs
(October 15 & 19, 2009)
A new variant of scareware has been detected that not only inundates
users with exhortations to purchase phony antivirus software called
"Total Security 2009," but that also locks users out of nearly all
applications until they purchase the disreputable product. Once their
PCs are infected with the malware, the only program users can open is
Internet Explorer, so they can navigate to the site and make a purchase.
http://blogs.usatoday.com/technologylive/2009/10/new-twist-on-scareware-locks-up-your-pc.html
http://www.pcworld.com/article/173765/a_rogue_demands_a_ransom.html
--UK Police Granted Right to Retain Data on Old Convictions
(October 19, 2009)
A UK court of appeals has ruled that police may retain data on previous
criminal convictions, even if those convictions are minor ones and are
many years old. The lower court ruling came about when individuals sued
to have records of old convictions purged from records. One of the
cases involved the theft of a 99p (US $1.62) package of meat in 1984 for
which the individual was fined GBP 15 (US $24.60).
http://news.bbc.co.uk/2/hi/uk_news/8314032.stm
--South Korean Chemical Accident Response Information System Breached
(October 19, 2009)
Attackers reportedly obtained a password for South Korea's Chemical
Accident Response Information System (CARIS) in March and used it to
access the system and steal information about manufacturers of toxic
chemicals and about toxic substances. The source of the attack has not
been determined.
http://english.chosun.com/site/data/html_dir/2009/10/19/2009101900826.html
http://english.chosun.com/site/data/html_dir/2009/10/19/2009101900401.html
--Oracle's Quarterly Critical Patch Update Scheduled for October 20
(October 16 & 19, 2009)
On Tuesday, October 20, Oracle will release its scheduled quarterly
Critical Patch Update to address 38 vulnerabilities in 21 product lines.
Sixteen of the fixes address flaws in Oracle database; of those, six can
be exploited remotely without user interaction. Eight fixes address
flaws in the Oracle Applications Suite; of those, five can be exploited
remotely without user interaction. Oracle's release comes just one week
after Microsoft and Adobe released their largest ever scheduled security
updates.
http://www.h-online.com/security/news/item/Oracle-to-patch-38-vulnerabilities-832541.html
http://www.securecomputing.net.au/News/158467,oracle-to-roll-out-huge-patch-update.aspx
http://www.computerworld.com/s/article/9139500/38_Oracle_security_patches_coming_next_week?source=rss_security
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
--Former Ford Engineer Arrested for Alleged Theft of Trade Secrets
(October 16, 2009)
A former Ford Motor Company engineer has been indicted on charges of
theft of trade secrets, attempted theft of trade secrets and
unauthorized access to protected computers. Xiang Dong Yu, also known
as Mike Yu, was arrested last week as he entered the country at Chicago
O'Hare International Airport. Yu worked as a Ford engineer from 1997
to 2007. He allegedly downloaded more than 4,000 documents from Ford
computers while still employed by Ford. In December 2006, he accepted
a position with Foxconn PCE Industry Inc. in China, but did not tell
Ford about his new job until January 2007. A year later, Yu allegedly
used the stolen documents in another job search in China. He presently
works for a Ford competitor in Beijing.
http://www.computerworld.com/s/article/9139472/Ex_Ford_engineer_charged_with_trade_secret_theft?source=rss_security
http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml;jsessionid=JO5GDW2PUKZ4TQE1GHPSKH4ATMY32JVN?articleID=220601211&subSection=Attacks/breaches
--GAO Report Finds Security Weaknesses at NASA
(October 16 & 19, 2009)
According to a report from the Government Accountability Office (GAO),
there are weaknesses in NASA's information technology systems that could
be exploited to gain unauthorized access to those systems. The controls
NASA is implementing under the requirements of the Federal Information
Security Management Act (FISMA) are inadequately enforced. The GAO's
report gathered information from NASA headquarters in Washington DC, the
Goddard Space Flight Center in Maryland, the Jet Propulsion Laboratory
in California and several other NASA facilities. The weaknesses noted
include failing to require strong passwords, not encrypting password
files, failing to restrict user access to least privileges needed, and
outdated configuration and patch management.
http://gcn.com/articles/2009/10/16/nasa-info-security-controls-broken.aspx
http://www.nextgov.com/nextgov/ng_20091016_8808.php?oref=topnews
http://www.scmagazineus.com/GAO-NASA-must-fix-cyber-vulnerabilities/article/155738/
http://www.gao.gov/new.items/d104.pdf
[Editor's Note (Pescatore): In many ways, from a security perspective
NASA looks more like a private industry firm than a government agency.
The different centers at NASA very much act like independent business
units with strong local IT management and control. These "BUs" need to
collaborate with each other, and externally with private industry,
driving a lot more external connectivity than the average government
agency. Many of the problems identified by GAO stem from this - NASA
needs to make sure that every increase in openness and connectivity is
balanced with embedded security controls and monitoring processes.]
--ENISA Names New Director
(October 16, 2009)]
Dr. Udo Helmbrecht has been appointed as the new director of the
European Network and Information Security Agency (ENISA). Helmbrecht
has been president of Germany's Federal Office for Information Security
since 2003. He hopes to work closely with other European institutions
and member states to improve cyber security. Helmbrecht also aims to
establish ENISA as a permanent organization; presently, it has a sunset
clause that would see it expire in 2012. (Helmbrecht succeeds Andrea
Pirotti in the post of ENISA Director).
http://www.v3.co.uk/v3/news/2251437/enisa-gets-boss
--Postini Delivery Problems Vex Users
(October 13, 14 & 15, 2009)
Users of email security and archiving service Postini were frustrated
last week when the service began experiencing significant delivery
problems. Users were particularly angered by Postini's lack of
communication about the problem. Postini was acquired by Google in
2007. The service scans emails for malware. The problem seems to have
been caused by a combination of a bad email filter update and "a
power-related hardware failure."
http://www.informationweek.com/news/showArticle.jhtml?articleID=220600859
http://news.cnet.com/8301-30684_3-10374344-265.html
http://www.theregister.co.uk/2009/10/15/google_postini_snafu/
http://www.computerworld.com/s/article/9139316/Postini_trouble_stymies_U.S._e_mail_users?taxonomyId=1
[Editor's Note (Pescatore): We used to call the telecommunications
infrastructure "the cloud," and we had very high expectations of
reliability. We even had required service levels for things like dial
tone. Internet-based web services are today's cloud - boy, are they far
from achieving dial-tone like reliability.]
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and eBay and
as Vice-Chair of the President's Critical Infrastructure Protection
Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkrd4dEACgkQ+LUG5KFpTkbv1QCeN/6HOZLNsDULwey5IHXMhluw
kzsAnj+sDsqVBP1PPlEO+BtiG98IENXg
=anp5
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
