Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
SANS NewsBites Vol. 11 Num. 87 : Worms Remain Top Threat to Enterprise
- From: The SANS Institute
- Date: Tue Nov 03 14:12:43 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For our more technically advance readers:
Have you ever written a new Snort rule but had no test traffic to see
if it alerts? Or tried to craft traffic to perform some pen testing
using a restrictive command line packet crafting tool, but gave up
because it couldn't do what you wanted it to do? A new one-day,
hands-on course by network security guru Judy Novak, called SEC567 Power
Packet Crafting with Scapy will be offered in Sacramento
(http://www.sans.org/packet-crafting-scapy-2009/description.php?tid=3712).
And for the CISOs and security tools vendors:
On November 12-13 at the 1105 Summit on the Critical Security Controls
(http://1105govinfoevents.com/EventOverview.aspx?Event=csc09), we'll
announce the 2009 selection of products that have been user-verified to
automate one or more of the continuous security controls now being
prioritized by federal and DIB and critical infrastructure employers.
There are about 48 hours left to get any other tools that work into the
list. If you market a product that automates one of them, make sure
George King (gking@sans.org) has had the chance to vet it with a major
federal user.
Alan
*************************************************************************
SANS NewsBites November 3, 2009 Vol. 11, Num. 87
*************************************************************************
TOP OF THE NEWS
Microsoft Report Says Worms Top Threat List in Enterprise Environments
European Commission Wants UK to Beef Up Privacy
House Ethics Committee Report Accidentally Leaked Through P2P Network
THE REST OF THE WEEK'S NEWS
Global Information Security Report Sees Security Spending Stabilizing
Facebook Awarded US $711 Million in Damages in Spam Case
Former YouSendIt CTO Indicted on Charges Related to DoS Attacks Against Company
Former Bank of New York Mellon Employee Indicted on Identity Theft Charges
IP Address Indicates North Korean Involvement in July Cyber Attacks
National Cybersecurity and Communications Integration Center Opens
Automated Tools Will Help Reduce Costs of FISMA Compliance
******************* Sponsored By BreakingPoint **************************
Preparing for DDoS Attacks: Tomorrow's Exclusive Webcast
Learn how to prepare your network for DDoS and botnet attacks from
leading security experts.
http://www.sans.org/info/50253
*************************************************************************
TRAINING UPDATE
-- SANS San Francisco, November 9-14,
http://www.sans.org/sanfrancisco09
-- SANS Sydney, November 9-14
http://sans.org/sydney09/
-- SANS Hong Kong, November 9-14
http://www.sans.org/hong-kong-forensics-2009/
-- SANS Vancouver, November 14-19
http://www.sans.org/vancouver09/
-- SANS London, UK, November 28-December 9,
http://sans.org/london09/
-- SANS CDI, Washington DC, December 11-18,
http://www.sans.org/cyber-defense-initiative-2009
-- SANS Security East 2010, New Orleans, January 10-18, 2010
19 courses, bonus evening presentations
http://www.sans.org/security-east-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Oslo, New Delhi, Geneva and Qatar all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************
TOP OF THE NEWS
--Microsoft Report Says Worms Top Threat List in Enterprise Environments
(November 2, 2009)
According to Microsoft's Security Intelligence Report, Conficker was the
top threat to enterprise computers during the first half of 2009. Worm
infections overall doubled between the second half of 2008 and the first
half of this year; worms rose from the fifth most prevalent cyber threat
to the second most prevalent. Worms are not as big a security concern
to home users; the most prevalent cyber security threat in the home
environment during the first half of 2009 was miscellaneous Trojans,
including rogue security software. The volume of phishing was four
times higher in May and June of this year than in the preceding 10
months due to concentrated attacks on social networking sites.
http://www.informationweek.com/news/global-cio/security/showArticle.jhtml?articleID=221400323
http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=221500012&subSection=Attacks/breaches
http://www.microsoft.com/downloads/details.aspx?FamilyID=037f3771-330e-4457-a52c-5b085dc0a4cd&displaylang=en
[Editor's Note (Schultz): It's funny how just two or three years ago
many information security professionals, myself very much included,
falsely proclaimed that the worm threat was vanishing.]
--European Commission Wants UK to Beef Up Privacy
(November 2, 2009)
The European Commission says that the UK government has not adequately
protected citizens' privacy. The concerns centers on 2006 and 2007
trials of the Phorm targeted behavioral advertising technology in which
people were not informed that their surfing habits were being tracked.
European Union telecommunications commissioner Viviane Reding wants "the
UK authorities to change their national laws to ensure that British
citizens fully benefit from the safeguards set out in EU law concerning
confidentiality of electronic communications." The UK has two months to
respond to the Commission's letter.
http://news.bbc.co.uk/2/hi/technology/8337685.stm
[Editor's Note (Schultz): With all the emphasis on privacy in the UK,
it seems odd that the UK government has not pushed protecting privacy
in computing more than it has so far.]
--House Ethics Committee Report Accidentally Leaked Through P2P Network
(October 30, 31 & November 2, 2009)
A confidential House Ethics Committee report was inadvertently leaked
through a P2P file-sharing network. The report details inquiries into
ethics issues involving more than 30 legislators and legislative aides.
Ethics Committee members sign oaths not to reveal activities relating
to any investigations past or present. Committee chairman Zoe Lofgren
(D-Calif.) interrupted a series of House votes on Thursday afternoon to
notify legislators of the breach. The leak is being blamed on a junior
staff member's use of P2P software while working from home. That staff
member has been fired. The leak has prompted House Speaker Nancy Pelosi
(D-Calif.) and Minority Leader John A. Boehner (R-Ohio) to call for an
"immediate and comprehensive assessment" of cyber security policies.
http://www.washingtonpost.com/wp-dyn/content/article/2009/10/29/AR2009102904597_pf.html
http://www.theregister.co.uk/2009/10/30/confidential_congress_report_leaked/
http://www.computerworld.com/s/article/9140154/Leaked_House_Ethics_document_spreads_on_the_Net_via_P2P?taxonomyId=17
http://www.wired.com/threatlevel/2009/11/ethics-leak
http://www.washingtonpost.com/wp-dyn/content/article/2009/10/30/AR2009103003749_pf.html
http://www.politico.com/news/stories/1009/28967.html
[Editor's Note (Pescatore): This is just one of many incidents where the
use of consumer PCs and consumer web services without security controls
ends up in a critical business information disclosure. Relying on policy
("we told them not to do that") is just passing the buck, especially
when you know they *will* and often *have to* do that. There are many
ways to support secure telework.]
************************ Sponsored Links: ****************************
1) Can someone please help me streamline and deploy my Security
Awareness Training(SAT)?
http://www.sans.org/info/50258
2) UPCOMING WEBCAST: Making Database Security an IT Security Priority
Wednesday, November 4, 2009 at 1:00 PM EST
http://www.sans.org/info/50263
Sponsored by Oracle. Sign up to receive a new, comprehensive whitepaper
on this subject.
3) Learn network- and host-centric methods to detect intruders at the
Incident Detection Summit December 9-10.
http://www.sans.org/info/50268
***********************************************************************
THE REST OF THE WEEK'S NEWS
--Global Information Security Report Sees Security Spending Stabilizing
(November 2 & October 30 & 14, 2009)
According to PricewaterhouseCoopers's 7th Annual Global State of
Information Security Survey 2010, 63 percent of CIOs around the world
say that they intend to maintain or increase information security
spending, despite economic conditions. The study surveyed more than
7,200 executives at companies in 130 countries. The report also
indicates that while social networking and cloud computing are
increasing in popularity and hold promise for increased productivity,
they are also the source of increased security threats.
http://www.siliconrepublic.com/news/article/14288/cio/cios-unwilling-to-scrimp-on-security-in-tough-times
--Facebook Awarded US $711 Million in Damages in Spam Case
(October 30 & November 2, 2009)
A California court has awarded Facebook US $711 million in damages for
spam sent through its network. Sanford Wallace accessed Facebook
accounts without authorization and used them to send spam to other
Facebook users. Wallace has been ordered to pay the damages, but as he
has declared bankruptcy, it is unlikely that Facebook will see much of
the money. In May 2008, Wallace and a business associate were ordered
to pay US $223 million in damages for a similar spam campaign that
targeted MySpace users.
http://www.scmagazineus.com/Facebook-wins-711-million-in-damages-against-spam-king/article/156665/
http://www.siliconrepublic.com/news/article/14282/digital-life/spam-king-ordered-to-pay-us-711-million-to-facebook
http://www.informationweek.com/news/global-cio/security/showArticle.jhtml?articleID=221400140
http://www.theregister.co.uk/2009/10/30/facebook_wallace_judgement_october_09/
[Editor's Note (Schultz): From all appearances, sentencing Wallace to
jail time would be a much more appropriate punishment than assessing him
a fine that he cannot pay.]
--Former YouSendIt CTO Indicted on Charges Related to DoS Attacks
Against Company
(October 30, 2009)
A US federal grand jury has indicted Khalid Shaikh on four counts of
mail fraud for allegedly launching denial-of-service (DoS) attacks
against servers at YouSendIt, a company Shaikh co-founded in 2004. He
served as CEO and then CTO until November 2006 following disagreements
with company investors and other executives. The attacks took place
between December 2008 and June 2009. If he is convicted of the charges
against him, he could face up to 20 years in prison and a US $1 million
fine. Shaikh denies the allegations.
http://www.computerworld.com/s/article/9140159/Former_YouSendIt_CEO_charged_with_cyberattack_on_firm?taxonomyId=17
http://news.zdnet.co.uk/security/0,1000000189,39852055,00.htm
--Former Bank of New York Mellon Employee Indicted on Identity Theft Charges
(October 28 & 30, 2009)
Adeniyi Adeyemi has been charged with grand larceny, identity theft
and money laundering in connection with the theft and misuse of Bank
of New York Mellon employee information. Adeyemi had worked as a
computer technician at the bank's headquarters. He allegedly stole
and used the information between November 2001 and April 2009. The
stolen information was used to open phony bank and brokerage accounts
in which Adeyemi allegedly deposited stolen money.
http://www.scmagazineus.com/NY-bank-computer-technician-charged-with-ID-theft/article/156711/
http://cityroom.blogs.nytimes.com/2009/10/28/former-bank-employee-is-charged-in-fraud-scheme/
--IP Address Indicates North Korean Involvement in July Cyber Attacks
(October 30 & November 2, 2009)
The July cyber attacks that targeted US and South Korean websites have
been traced to an IP (Internet protocol) address at North Korea's
Ministry of Post and Telecommunications. The attacks affected
government websites in both the US and South Korea, including the US
White House site and that of South Korea's presidential Blue House. The
IP address was leased from China. South Korean police plan to ask China
for help in determining the source of the attacks.
http://www.msnbc.msn.com/id/33550486/ns/technology_and_science-security/
http://news.smh.com.au/breaking-news-technology/skorean-spy-chief-blames-nkorea-for-cyber-attacks-20091030-hp9n.html
http://news.smh.com.au/breaking-news-technology/skorea-seeks-chinese-help-to-track-cyber-attacks-20091102-htis.html
--National Cybersecurity and Communications Integration Center Opens
(October 30 & 31, 2009)
The US Department of Homeland Security (DHS) has unveiled a cyber
security operations center designed to help the government coordinate
cyber attack response. The National Cybersecurity and Communications
Integration Center merges the US Computer Emergency Readiness Team
(US-CERT) and the National Coordinating Center for Telecommunications.
Legislation currently being drafted would require agencies and
private companies to establish a system to share cyber threat
information.
http://www.msnbc.msn.com/id/33557123/ns/technology_and_science-security/
http://www.tgdaily.com/security-features/44495-us-government-opens-9m-cyber-security-center
--Automated Tools Will Help Reduce Costs of FISMA Compliance
(October 30, 2009)
The Office of Management and Budget (OMB) has introduced a Federal
Information Security Management Act (FISMA) reporting tool that
automates the process and significantly reduces the amount of paper used
in compliance reporting; the system is expected to cut associated costs
as well. Federal CIO Vivek Kundra says that the White House also plans
to release a security dashboard in spring 2010, possibly modeled on one
already in use at the US Department of State, to help agencies address
cyber security issues effectively.
http://www.techweb.com/article/showArticle?articleID=221400138§ion=security
http://voices.washingtonpost.com/securityfix/2009/10/a_makeover_for_federal_cyberse.html?wprss=securityfix
http://www.govinfosecurity.com/articles.php?art_id=1894
[Editor's Note (Pescatore): The updates in 800-53 rev3 and the proposed
FISMA enhancements are much more important to the security of federal
systems than is making it easier to produce reams of reports, or have a
dashboard that is not connected to the engine. Like many compliance
regimes (see Sarbanes Oxley), FISMA has stayed static and the goal
becomes compliance vs. security - the money spent has brought way less
increase in security than it should have.]
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security
Forum (ISF) and author who has served as CSO for Microsoft and eBay and
as Vice-Chair of the President's Critical Infrastructure Protection
Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkrwc2YACgkQ+LUG5KFpTkbCtgCeIBbiRR2gnnEIJX5Y/R9C+PJ/
R5EAnAqlOxiQ/t+BVNcQZcyd7NNNyopV
=AgH7
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
