Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
SANS NewsBites Vol. 11 Num. 84 : Chinese cyber threat likely to be a long term issue
- From: The SANS Institute
- Date: Fri Oct 23 14:24:09 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Here's the bottom line on security in Windows 7, from NewsBites
editorial board member John Pescatore:
"From a security perspective, Windows 7 offers definite improvements
over Windows XP, but there is no major security reason to move to
Windows 7 before it makes business sense. The biggest improvement in
Windows desktop security comes from getting off of the IE6 browser and
moving to IE8 or the latest version of Firefox - and you don't need
Windows 7 to do that."
This issue also has a great "guest editor's note" about the actual value
of this week's report on the Chinese cyber attacks.
Alan
*************************************************************************
SANS NewsBites October 23, 2009 Vol. 11, Num. 84
*************************************************************************
TOP OF THE NEWS
Report Warns of Chinese Cyber Threat
European Parliament Shifts Stance on Disconnecting Illegal Filesharers
FCC Moves Forward on Net Neutrality
Legislators Take Aim at Certain Patriot Act Provisions
THE REST OF THE WEEK'S NEWS
Microsoft Releases Windows 7
Bill Increases DHS Budget for Internal Cyber Security Improvements
"Cautious Optimism" About Rapid7's Acquisition of Metasploit
Bing Bug Fix Expected by End of Week
Scareware Goes Hybrid
Air Force Association Announces Cyber Challenge for High School Students
**************************** Sponsored By SANS **************************
The Incident Detection Summit December 9-10 is a user-to-user,
non-commercial conference on What Works in Incident Detection. It is the
only place where you can learn about the strengths and weaknesses of
competing technologies, where experts will share their knowledge on
detecting intruders in both large and small enterprises.
http://www.sans.org/info/49894
*************************************************************************
TRAINING UPDATE
-- SANS Chicago North Shore, Oct. 26-Nov. 2,
http://www.sans.org/chicago09/
-- SCADA Security Summit, Stockholm, Oct. 27-30,
http://www.sans.org/euscada09_summit/
-- SANS Middle East, October 31-November 11,
http://www.sans.org/middleeast09/
-- SANS San Francisco, November 9-14,
http://www.sans.org/sanfrancisco09
-- SANS Sydney, Nov.9-14
http://sans.org/sydney09/
-- SANS London, UK, Nov.28-Dec. 9,
http://sans.org/london09/
-- SANS CDI, Washington DC, Dec. 11-18,
http://www.sans.org/cyber-defense-initiative-2009
-- SANS Security East 2010, New Orleans, January 10-18, 2010
19 courses, bonus evening presentations
http://www.sans.org/security-east-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Hong Kong, Oslo and Vancouver, all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************
TOP OF THE NEWS
--Report Warns of Chinese Cyber Threat
(October 22, 2009)
The US-China Economic and security Review Commission this week released
a report titled "Capability of the People's Republic of China to Conduct
Cyber Warfare and Computer Network Exploitation." According to the
report, domination of an adversary's information flow is central to
Chinese military strategy. It also warns that China will likely conduct
"a long term, sophisticated computer network exploitation campaign."
http://www.scmagazineus.com/Security-report-finds-Chinese-cyberspying-threat-growing/article/156013/
http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved%20Report_16Oct2009.pdf
[Guest Editor's Note (Ed Giorgio, CSIS Commission member): Playing the
devil's advocate, when (uninformed) policy makers read the executive
summary, they will learn:
1. That China has a cyber doctrine very much like ours ("information
dominance", "network centric warfare", etc.) - *boring*
2. They have an espionage program very much like ours - *boring*
3. They can reach out to industry (as we do) to get specialized talent - *boring*
4. They are gradually discouraging hactivism as it is a source of
embarrassment and stuff like defacing whitehouse.gov doesn't achieve a
long term military or economic objective (they are catching up to us on
this policy) - *positive and* *boring*
5. While the case studies and time line are fascinating, I believe they
are only the tip of the iceberg. The (all important) scale on which this
is (apparently) happening (about 3 per year) is not convincing, and
hence *does not require immediate attention*.
*** What is really needed it something we did in the cold war, a *"Net
Assessment"* where we juxtapose operational capabilities (count nukes,
missiles, tests, etc.) and decide if we are winning or losing. Only our
government could make an informed statement of the scale on which this
is currently happening and they would have to declassify a lot of
information to do it; something I think is needed.
(Honan): RAND has just released a whitepaper on Cyber Warfare that I
highly recommend people interested in this topic should read.
http://www.rand.org/pubs/monographs/2009/RAND_MG877.pdf]
--European Parliament Shifts Stance on Disconnecting Illegal Filesharers
(October 23, 2009)
The European Parliament has removed an amendment to its
telecommunications legislation that would have made it difficult for
member countries to cut off Internet service to file sharing copyright
violators without a court order. The European parliament earlier
indicated it viewed Internet access as a basic human right. Now member
countries will have the leeway to make their own decisions about
punishments for illegal filesharing. France has already adopted a
three-strikes policy that would allow illegal filesharers to be cut off
from the Internet for as long as one year.
http://news.bbc.co.uk/2/hi/technology/8322308.stm
http://www.siliconrepublic.com/news/article/14225/comms/eu-in-web-u-turn-to-allow-member-states-to-ban-illegal-file-sharers
[Editor's Note (Liston): While I'm not sure I would agree that Internet
access is a "basic human right," I don't see the two stances as being
irreconcilable. Our judicial system is grounded on the notion of the
removal of basic human rights as punishment for illegal activity.]
--FCC Moves Forward on Net Neutrality
(October 22, 2009)
On Thursday, the US Federal Communications Commission (FCC) voted
unanimously to begin the rulemaking proceeding to codify existing Net
neutrality principles. Under the new rules, broadband providers could
use "reasonable" traffic management to prevent bottlenecks, but they
would have to be forthcoming with their customers about those practices.
The rules would also prohibit the providers from giving certain network
traffic preferential treatment. Users would be allowed to run legal
applications and visit legal websites. US Senator John McCain said the
Internet Freedom Act that would block the FCC from enacting rules that
would create "onerous federal regulation."
http://www.msnbc.msn.com/id/33430848/ns/technology_and_science-tech_and_gadgets/
http://www.pcworld.com/article/174155/mccain_introduces_bill_to_block_fccs_net_neutrality_rules.html
http://bits.blogs.nytimes.com/2009/10/22/fcc-begins-crafting-rules-on-network-neutrality/
http://voices.washingtonpost.com/posttech/2009/10/fcc_moves_forward_on_net_neutr.html
http://www.wired.com/epicenter/2009/10/fcc-net-neutrality/
http://www.pcworld.com/article/174173/what_happens_in_an_fcc_rulemaking_proceeding.html
http://www.pcworld.com/article/174173/what_happens_in_an_fcc_rulemaking_proceeding.html
--Legislators Take Aim at Certain Patriot Act Provisions
(October 21, 2009)
US legislators have introduced proposals that would reform certain
provisions of 2001's USA Patriot Act, some of which are set to expire
at the end of this calendar year. Among the proposed changes are
restricting the circumstances under which National Security Letters are
issued. (National Security Letters allow the FBI to obtain a variety
of information pertinent to government investigations without a court
order.) Another proposal is to nullify legislation - not part of the
Patriot Act - that grants US telecommunications companies immunity from
prosecution for gathering communications data without warrants. The
Patriot Act was enacted just weeks after the September 11 attacks.
http://www.wired.com/threatlevel/2009/10/conyers_bill/
[Editor's Note (Liston): Many portions of this ill-conceived legislation
deserve to die. Rewarding telecom companies with immunity for
conspiring with the government on warrant-less wiretaps is simply one
small part of what needs to go.]
************************ Sponsored Links: ****************************
1) Register Today and receive 10% off for SANS vLive course SEC542, Web
App Penetration Testing and Ethical Hacking, November 2nd - November
9th. Please use the code @Risk542 when registering.
http://www.sans.org/info/49899
2) REGISTER NOW for the upcoming Analyst Webcast: Making Database
Security an IT Security Priority
http://www.sans.org/info/49904
***********************************************************************
THE REST OF THE WEEK'S NEWS
--Microsoft Releases Windows 7
(October 18, 21 & 22, 2009)
Microsoft Windows 7 is now available to the general public. The company
is hoping its new operating system gets a warmer reception than Vista
received. Vista was criticized for its use of excessive pop-ups from
the User Account Control (UAC) security feature, causing users to turn
the feature off entirely. In Windows 7, the UAC is not as intrusive;
however, its off-the-shelf default setting is not the most secure
setting available.
http://www.msnbc.msn.com/id/33429899/ns/technology_and_science-tech_and_gadgets/
http://www.washingtonpost.com/wp-dyn/content/article/2009/10/16/AR2009101600707.html
http://www.informationweek.com/news/software/operatingsystems/showArticle.jhtml?articleID=220900239
http://www.computerworld.com/s/article/9136500/Review_Windows_7_a_closer_look
[Editor's Note (Schultz): Although the intrusiveness of security
mechanisms such as UAC was only one of many things that made Vista so
unpopular, this problem stood out in the minds of Vista users. The moral
of this story is that usability problems in connection with security
mechanisms are especially apparent and distasteful, a lesson that
vendors such as Microsoft are likely to remember well into the future. ]
--Bill Increases DHS Budget for Internal Cyber Security Improvements
(October 22, 2009)
The US Senate approved a bill designating a budget of nearly US $43
billion to the Department of Homeland Security (DHS). Of that, nearly
US $400 million is allocated to spend on improving internal cyber
security, a 27 percent increase over last year's allocation. The Senate
wants DHS to use the funds to decrease the number of Internet access
points at the agency and to improve cyber security training and
management. Additional portions of the overall budget could also be
used to address cyber security issues; for instance, nearly US $1
billion is allocated for the DHS department of science and technology,
which conducts cyber security research as part of its mission.
http://www.computerworld.com/s/article/9139785/DHS_to_get_big_boost_in_cybersecurity_spending_in_2010?source=rss_security
[Editor's Note (Pescatore): Hmmm, reducing the number of Internet
connections should *reduce* security spending, not increase it.]
--"Cautious Optimism" About Rapid7's Acquisition of Metasploit
(October 21, 2009)
Concerns about Rapid7's acquisition of Metasploit appear to be fading
after it was announced that the terms of the deal call for Metasploit
to continue operating as an open source enterprise. Rapid7 president
and CEO Mike Tuchen said the company plans to "leverage Metasploit
technology to enhance [its] vulnerability management" product NeXpose.
http://www.scmagazineus.com/Rapid7-buys-Metaploit-remains-committed-to-open-source/article/155921/
http://www.csoonline.com/article/505574/Making_Sense_of_Rapid7_s_Metasploit_Acquisition
--Bing Bug Fix Expected by End of Week
(October 21, 2009)
Microsoft is fixing a bug in its Bing search engine that was being
exploited by spammers to get around filters. The attack involved a bug
in Bing's redirection mechanism and a link-shortening technique. The
trouble lies in the way Bing formats links in RSS (really simple
syndication) feeds. Microsoft expects to have fixed the problem by
Friday October 23.
http://news.cnet.com/8301-27080_3-10380846-245.html
[Editor's Note (Liston): Microsoft has, once again, failed to learn from
the mistakes of others. Back in the day, Google had similar issues that
were exploited by spammers.]
--Scareware Goes Hybrid
(October 20, 2009)
According to information from both Symantec and Panda Security,
scareware purveyors have begun releasing hybrid malware. One recently
detected piece of scareware infects victims' PCs with additional malware
that makes them part of a botnet. Another type of scareware prevents
users from opening any applications until they purchase the fraudulent
product. Symantec's study also found that between July 2008 and June
2009, it received reports of 43 million attempts to install scareware
on users PCs.
http://lastwatchdog.com/scareware-purveyors-advance-blackmail-creating-botnets/
--Air Force Association Announces Cyber Challenge for High School Students
(October 19, 2009)
Starting on November 7, 200 teams of high school students from the US,
Japan and South Korea will compete in the US Air Force Association's
CyberPatriot II, a series of live cyber war games aimed at promoting
careers in related fields. The field will be winnowed down to 25 teams
that will participate in a final competition in February 2010.
http://www.thedailytell.com/2009/10/nonprofit-air-force-association-recruits-youth-for-cyber-war-games/
http://www.afa.org/media/press/cyberpat09.asp
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and eBay and
as Vice-Chair of the President's Critical Infrastructure Protection
Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkrh4IMACgkQ+LUG5KFpTkZh8gCeLpjMA5X39zUkaiGJKLzoEQd0
FGcAnio63wVYOQ76iqe/DvKPD5hG0fEG
=ptM5
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
