|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Fri May 02 2008 - 13:47:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The SANS Secure Programming Council has completed a first draft of
procurement language that ensures software developers build security
into the applications they deliver. The Council is looking for other
large user organizations that have created procurement language to
ensure custom programs and COTS software have few or no security flaws.
Email apallersans.org and tell us what you have done so far.
Alan
*************************************************************************
SANS NewsBites May 2, 2008 Vol. 10, Num. 35
*************************************************************************
TOP OF THE NEWS
US Court Says Making Music Available is Not Copyright Infringement
Court Ruling on Electronic Border Searches
THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
HSBC Clerk Charged with Trying to Steal 70 Million GBP
Man Draws 18-Month Sentence for Infecting NASA Employee's Computer
Former UCLA Medical Center Employee Indicted For Allegedly
Selling Celebrity Medical Info
Warez Purveyor Sentenced to Two-and-a-Half Years in Prison
Israeli PIs Sentenced for Using Trojan to Steal Data
21 Months in Prison for Spammer
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Kraken Cracked; Now What?
MISCELLANEOUS
HMRC Says 600 Have Been Disciplined for Unauthorized Record Access
Childnet Campaign Focuses on Dangers of Illegal Filesharing
Jerome Kerviel Has New Job
LIST OF UPCOMING FREE SANS WEBCASTS
******************** Sponsored By PacketMotion **************************
How do you safeguard intellectual property, sensitive information and
compliance-relevant data without hampering employee and contractor
productivity? Find the facts, blind spots and new technology regarding
real-time visibility and control of network user transactions and
information assets.
Download the FREE, must-read whitepaper "TRUST BUT VERIFY: 24/7 User
Activity Monitoring to Protect Business Critical Information" now.
http://www.sans.org/info/28488
*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, both
new Pen Testing courses, CISSP, and SANS' other top-rated courses plus
evening sessions with Internet Storm Center handlers.
- - SANSFire 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
with many bonus sessions and a big exhibition of security products:
http://www.sans.org/info/26774
- - London (6/2-6/7) and Amsterdam (6/16-6/21)
http://www.sans.org/secureeurope08
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any time: www.sans.org
*************************************************************************
TOP OF THE NEWS
--US Court Says Making Music Available is Not Copyright Infringement
(April 29 & 30, 2008)
A US District Court judge in Arizona has denied the Recording Industry
Association of America's (RIAA) request for a summary judgment against
Pamela and Jeffrey Howell for making music files on their computer
available to filesharers. The Howells copied music files from CDs they
owned onto their computer and downloaded peer-to-peer file sharing
software onto the same machine. Judge Neil V. Wake said that merely
making music files available is not tantamount to distribution or
primary copyright infringement. Even if the Howells had placed the
files in a shared folder, which they maintain they did not, they would
be responsible only for contributing to copyright infringement if
someone copied the file. The RIAA maintains the couple is guilty of
piracy and offered screenshots that show the music files as publicly
available. Jeffrey Howell said that Kazaa copied content from folders
that were not public. The Electronic Frontier Foundation (EFF) has
filed an amicus brief on behalf of the Howells. The suit will now go
to trial.
http://www.informationweek.com/news/personal_tech/music/showArticle.jhtml;?articleID=207403664
http://www.news.com/8301-10784_3-9932004-7.html?part=rss&subj=news&tag=2547-1_3-0-20
[Editor's Note (Shpantzer): In a separate federal court decision, the
songwriters and publishers are owed untold millions by online music
streaming companies, including RealNetworks, Yahoo! and AOL in this
recent case:
http://www.news.com/8301-10784_3-9933626-7.html?tag=nefd.top ]
--Court Ruling on Electronic Border Searches
(April 23, 30 & May 1, 2008)
The Association of Corporate Travel Executives (ACTE) is warning members
"and all business travelers to limit proprietary information on laptop
computers when crossing US borders." ACTE issued the warning after an
April 21 federal appeals court decision that "gives customs officials
the unfettered authority to examine, copy, and seize traveler's laptops
- - without reasonable suspicion." The decision covers a range of
electronic devices; in addition to seizing data from laptops, US Customs
and Border protection officials can seize data from cell pones, handheld
computers, digital cameras and USB drives. The EFF, the American Civil
Liberties Union (ACLU), and the Business Travel Coalition have written
a letter asking that the House Committee on Homeland Security "consider
legislation to prevent abusive search practices by border agents and
protect all Americans against suspicionless digital border inspections."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081358&source=rss_topic17
http://www.acte.org/resources/press_release.php?id=284
http://www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/print.html
[Editor's Note (Ranum): It's as if someone in the administration mistook
his copy of "1984" for a road-map not a novel.
(Schultz): Customs officials' ability to seize any kind of property
without reasonable suspicion lamentably once again shows the current
level of disregard for individual rights in the United States. Big
brother is not only watching; big brother is being totalitarian.
(Honan) A number of organisations outside the US have banned staff from
travelling to the US with laptops or other electronic devices.]
********************** Sponsored Links: *******************************
1) Upcoming SANS Webcast on May 8th at 1pm EDT, Ask The Expert Webcast:
Enterprise Incident Management with Security Monitoring. Register Today!
http://www.sans.org/info/28493
*************************************************************************
THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
--HSBC Clerk Charged with Trying to Steal 70 Million GBP
(May 1 & 2, 2008)
HSBC administrative clerk Jagmeet Channa has been charged with
conspiracy to defraud, money laundering and abusing a position of trust
for attempting to steal GBP 70 million from the bank. Channa's
responsibilities included checking trade records at the end of the day.
He allegedly used his position to transfer funds from one account into
another; the bank detected the suspicious activity and notified police.
http://www.mailonsunday.co.uk/pages/live/articles/news/news.html?in_article_id=563304&in_page_id=1770
http://www.independent.co.uk/news/business/news/hsbc-calls-in-police-over-alleged-16370m-fraud-attempt-819796.html
--Man Draws 18-Month Sentence for Infecting NASA Employee's Computer
(May 1, 2008)
A Nigerian man has received an 18-month prison sentence for tricking a
NASA employee into installing spyware on her computer. Posing as a man
from Texas, Akeem Adejumo met the woman on an online dating site. He
sent a phony photograph to the woman at her work email address; when she
opened it, her computer was infected with spyware. While it did not
spread to other NASA computers, it did capture her email, passwords,
Social Security number (SSN) and other sensitive information, including
25,000 screen shots. Some NASA information was taken as well, but the
woman did not have access to sensitive data. NASA IT security team
sensors detected the screenshots being sent from the network and began
an investigation. Through analysis of traffic logs, and email account
information obtained through warrants and subpoenas, investigators
determined the attacker's IP address and contacted law enforcement
officials in Nigeria.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081838&source=rss_topic17
[Editor's Note (Northcutt): A key point is that he did the online dating
scam from Nigeria pretending to be in Texas and tried this on several
hundred women with more than a few successes. According to the DOJ press
release NASA Office of Inspector General worked pretty hard on this one.
But the big key is that NASA detected the information being sent out. A
lot of organizations that blindly trust in their IPS would not detect
the bad event:
http://www.usdoj.gov/usao/dc/Press_Releases/2008%20Archives/April/08-099.html ]
--Former UCLA Medical Center Employee Indicted For Allegedly
Selling Celebrity Medical Info
(April 30, 2008)
A federal grand jury has indicted Lawanda Jackson for allegedly using
her position as an administrative specialist at UCLA Medical Center to
access celebrities' health records and selling the information to
tabloids. Lawanda Jackson could receive a prison sentence of up to 10
years if she is convicted. Additional defendants may be charged in the
case. Jackson allegedly accessed information about Farrah Fawcett,
Maria Shriver, and 60 other well-known people, and allegedly leaked
medical information about Fawcett to a tabloid. The charges against
Jackson were brought under the Health Insurance Portability and
Accountability Act (HIPAA). Jackson resigned from UCLA Medical Center
last summer.
http://www.latimes.com/news/local/la-me-ucla30apr30,0,6169637,full.story
[Editor's Note (Ranum): Ultimately, all computer security problems
resolve down to trust. The broader question is "why did an
administrative specialist" have unfettered read access to a patient
database?"
(Paller): Databases can lock down access as Marcus points out. The
counter question is whether medical service will be substantively
damaged by limiting access to information. This is one of a series of
tough issues medical facilities are facing as organized crime groups
increasingly target them for data theft/extortion schemes. ]
--Warez Purveyor Sentenced to Two-and-a-Half Years in Prison
(April 29, 30 & May 1, 2008)
David M. Fish, of Woodbury, Connecticut, has been sentenced to 30 months
in prison for operating warez websites. Fish pleaded guilty to charges
of criminal copyright infringement and circumvention. The websites
offered pirated copies of music, movies and software for downloading.
The arrest and conviction are part of Operation Copycat, a joint
investigation by the FBI and the US Attorney's Office. Fish will serve
three years of supervised release upon completion of his prison
sentence; he will also forfeit all equipment, including computers, used
to commit the offenses.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081198&source=rss_topic17
http://www.usdoj.gov/usao/can/press/2008/2008_04_29_fish.sentenced.press.html
--Israeli PIs Sentenced for Using Trojan to Steal Data
(April 28 & 29, 2008)
Four Israeli private investigators have been sentenced for using Trojan
horse programs to steal sensitive data. All four worked at the Modi'in
Ezrahi private investigation firm. Three of the four were given jail
terms of between nine and 18 months; the other was fined 250,000 Israeli
shekels (US $72,565) and given 10 months of probation. Three other
defendants were also fined and had their private investigator's licenses
revoked. The malware used in the case was developed by Michael and Ruth
Haephrati and sold to the agency; the Haephratis were sentenced to jail
in 2006.
http://www.theregister.co.uk/2008/04/29/spyware-for-hire/print.html
http://www.jpost.com/servlet/Satellite?cid=1208870514347&pagename=JPost%2FJPArticle%2FShowFull
http://www.techworld.com/security/news/index.cfm?newsID=12121&pagtype=all
http://www.vnunet.com/vnunet/news/2215484/gumshoes-come-unstuck-trojan
--21 Months in Prison for Spammer
(April 28 & 29, 2008)
Edward Davidson has been sentenced to 21 months in federal prison for
tax evasion and sending spam. Davidson sent hundreds of thousands of
spam messages with falsified header data over a period of nearly five
years. According to authorities, Davidson made US $3.5 million sending
the spam for a number of companies; some of the spam attempted to
manipulate stock prices with false investment tips. Davidson was also
ordered to pay more than US $700,000 to the Internal Revenue Service
(IRS).
http://www.usatoday.com/tech/news/computersecurity/2008-04-29-spam-sentencing_N.htm?csp=34
http://www.denverpost.com/news/ci_9094336
http://www.lawfuel.com/show-release.asp?ID=17786
[Editor's Note (Shpantzer): Manipulating stock prices with false
investment tips, the old 'pump and dump' scheme of the boiler room
callers, transferred to fax and then went online years ago, along with
other forms of fraud. The SEC's watching and taking action on this and
other cases. Start looking here
http://www.sec.gov/cgi-bin/txt-srch-sec?text=pump+and+dump§ion=Enforcement&sort=date ]
[Editor's Note (Grefer): Unless I am missing something here, this
decision sends the wrong message. With US $3.5 million of revenue from
the operation and owing US $700,000 to the IRS, this still leaves US
$2.8 million. Even if we were to allow for very generous operating costs
of $700,000 (far out of proportion), this would result in a profit of
US $100,000 for each month to be spent in jail on the tax payers'
expense.]
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--Kraken Cracked; Now What?
(May 1, 2008)
Now that researchers have reverse-engineered and potentially gained
control of the Kraken botnet, the question becomes what to do next.
Their ability to control the infected computers gives them the power to
redirect the computers and even send them updates through the Kraken
protocol to remove the zombie. Some are in favor of the idea, while
others question the ethics behind removing something, even malware, from
someone's computer without their consent.
http://www.theregister.co.uk/2008/04/29/kraken_botnet_infiltrated/
http://www.eweek.com/c/a/Security/Kraken-Botnet-Infiltration-Triggers-Ethics-Debate/
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081258&source=rss_topic17
MISCELLANEOUS
--HMRC Says 600 Have Been Disciplined for Unauthorized Record Access
(May 1, 2008)
Since 2005, more than 600 HM Revenue and Customs (HMRC) employees have
been disciplined, some even losing their jobs, for accessing tax data
without authorization. HMRC policy forbids staff from accessing records
unless there is "a legitimate business need" to do so. HMRC's data
security practices have come under scrutiny since they acknowledged that
disks containing sensitive personal information of millions of
individuals were lost.
http://www.financialdirector.co.uk/accountancyage/news/2215656/tax-staff-disciplined-snooping
http://www.itpro.co.uk/security/news/193587/hmrc-staff-fired-for-looking-at-sensitive-data.html
[Editor's Note (Ranum): Do you notice something wrong here? "HMRC policy
forbids staff from accessing records unless there is 'a legitimate
business need' to do so." How about building databases so that staff
can't access things they don't have a legitimate business need to
access?]
--Childnet Campaign Focuses on Dangers of Illegal Filesharing
(April 30, 3008)
Childnet International is launching a campaign to inform children about
the dangers inherent in illegal music downloading. A pamphlet
distributed to schools and colleges in 21 countries around the world
lets the children know that copying and sharing digital content without
permission or payment is illegal, and that people who share files in
this way are opening their computers to viruses and other malware. In
addition, the pamphlet explains that parents can be held liable for the
actions of their children. It also lets the children know that there
are legal websites where they can purchase music. The pamphlet effort
was funded in part by the International Federation of the Phonographic
Industries.
http://news.bbc.co.uk/2/hi/technology/7375621.stm
http://www.childnet-int.org/music/advice_p.html
--Jerome Kerviel Has New Job
(April 25 & 28, 2008)
Jerome Kerviel, the former Societe Generale trader whose alleged
surreptitious activity caused the bank losses of 4.9 billion Euros (US
$7.6 billion), has found a new job. Kerviel was hired last month as a
computer consultant by the French firm Lemaire Consultants & Associates.
He is permitted to have the job because the judge in his case changed
the terms of his provisional release from prison. He spent five weeks
in custody and was released on bail on March 18. Kerviel may not be near
any place where financial trading occurs. He is facing charges of
breach of trust, forgery, and unauthorized computer activity. He could
be sentenced to as many as three years in prison and fined 370,000 Euros
(US $572,260).
http://www.guardian.co.uk/business/2008/apr/25/kerviel.job?gusrc=rss&feed=networkfront
http://www.nytimes.com/2008/04/26/business/worldbusiness/26socgen.html?_r=1&scp=1&sq=kerviel&st=nyt&oref=slogin
UPCOMING SANS WEBCAST SCHEDULE
WhatWorks in Intrusion Detection and Prevention: Easing the Pains of PCI
Compliance at AirTran Airways:
WHEN: Tuesday, May 06, 2008 at 1:00 PM EDT (UTC/GMT)
FEATURING: Alan Paller and Michelle Stewart
http://www.sans.org/info/27099
Sponsored By: Lancope http://www.lancope.com/
Looking for a solution to ease the pains of PCI compliance, the data
security manager for AirTran Airways needed a product that provided
increased visibility into network behavior and accountability. It had
to be behavior based and capable of collecting information from a widely
dispersed network. She found a solution that was scalable,
cost-effective and helps to quickly identify and resolve network and
security issues.
****This Webcast was previously scheduled for 4/15/08****
NEW DATE/TIME: Wednesday, May 7, 2008 at 1:00pm EDT (1700 UTC/GMT)
FEATURING: Dr. Eric Cole and Michael Yaffe
http://www.sans.org/info/25519
Sponsored By: Core Security http://www.coresecurity.com/
The information security world is taxing. We spend a lot of time fixing
problems that often don't stay fixed. New vulnerabilities are discovered
daily, and applying one update or patch sometimes exposes weaknesses
elsewhere. We hope that our IPS and firewalls can cover while we try to
keep up, but how do we really know that things are working the way they
should be?
***
Ask the Expert Webcast: Enterprise Incident Management with Security
Monitoring
WHEN: Thursday, May 8, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Adrien de Beaupre
http://www.sans.org/info/27104
Sponsored By: Prism MicroSystems http://www.prismmicrosys.com/
Some of the issues revolving around log management include privacy,
storage requirements, and meeting regulatory or legislative
requirements. Finally, integration of LM into an organization's overall
security dashboard will be the focus of this presentation.
***
Internet Storm Center Webcast: Threat Update
WHEN: Wednesday, May 14, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Johannes Ullrich
http://www.sans.org/info/27109
Sponsored By: Core Security http://www.coresecurity.com/
The SANS Internet Storm Center (ISC) uses advanced data correlation and
visualization techniques to analyze data collected from thousands of
sensors in over sixty countries. Experienced analysts constantly monitor
the Storm Center data feeds searching for trends and anomalies in order
to identify potential threats. When a threat is identified, the team
immediately begins an intensive investigation to gauge the threat's
severity and impact. This monthly webcast discusses recent threats
observed by the Internet Storm Center, and discusses new software
vulnerabilities or system exposures that were disclosed over the past
month. The general format is about 30 minutes of presentation by senior
ISC staff, followed by a question and answer period.
***
Security Inside the Perimeter: Confronting the Gap Between Talking About the
Threat and Doing Something About it
WHEN: Thursday, May 15, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Paul Smith
http://www.sans.org/info/27114
Sponsored By: PacketMotion http://www.packetmotion.com/
Most security and IT professionals agree that the corporate network
"perimeter" is no longer viable due to laptops, tunneling applications,
VPNs and wireless, etc. But network security conventional wisdom is
still very perimeter oriented. Why the inconsistency? Perhaps people
really don't think the problem is that significant and the risk is not
that high. Or maybe they do think it's a real problem, but hesitate to
act because of cost, complexity, and risk to application availability.
This webinar will review the key aspects of this inconsistency and offer
solutions to better manage the "inside risk."
*******************************************************************
Be sure to check out the following FREE SANS archived webcasts:
Tool Talk Webcast: The ABC's of Dealing with Unique Network Security
Risks in a World of Open Campus Networks
WHEN: Wednesday, March 5, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURING: Brian Mehlman
http://www.sans.org/info/22979
Sponsored By: Q1 Labs
SANS Special Webcast: A Response to the "Cold Boot Attack" Announcement
WHEN: Thursday, March 6, 2008 at 3:00 PM EST (1900 UTC/GMT)
FEATURING: John Strand
https://www.sans.org/webcasts/show.php?webcastid=91884
********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.
Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair
of the President's Critical Infrastructure Protection Board.
Ed Skoudis is co-founder of Intelguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Intelguardians, a handler for the SANS Institute's Internet Storm
Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Bruce Schneier has authored eight books -- including BEYOND FEAR and
SECRETS AND LIES -- and dozens of articles and academic papers. Schneier
has regularly appeared on television and radio, has testified before
Congress, and is a frequent writer and lecturer on issues surrounding
security and privacy.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Mark Weatherford, CISSP, CISM, is the Chief Information Security Officer
for the State of Colorado.
Alan Paller is director of research at the SANS Institute
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Rohit Dhamankar is the Lead Security Architect at TippingPoint, a
division of 3Com, and authors the critical vulnerabilities section of
the weekly SANS Institute's RISK newsletter and is the project manager
for the SANS Top20 2005 and the Top 20 Quarterly updates.
Koon Yaw Tan is Assistant Director at Monetary Authority of Singapore
(MAS) and a handler for the SANS Institute's Internet Storm Center.
Gal Shpantzer is a trusted advisor to several successful IT outsourcing
companies and was involved in multiple SANS projects, such as the
E-Warfare course and the Business Continuity Step-by-Step Guide.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
Roland Grefer is an independent consultant based in Clearwater, Florida.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkgbVrEACgkQ+LUG5KFpTkb9HgCfRIKl+3b9YikuKRHuBWBPDMHa
3XoAnApSIvOz7YFzd0gdUatDwARFbKcd
=kBkT
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]