SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume IX - Issue #63

August 10, 2007

TOP OF THE NEWS

Bush Signs Law Expanding Wiretapping Authority
Chertoff Won't Back Down on Real ID
Plaintiff in "Frivolous" CAN-SPAM Suit Must Pay Legal Fees

THE REST OF THE WEEK'S NEWS

LEGAL MATTERS
Two More Sentenced in Piracy Case
Six Arrested in International Internet Scam
HOMELAND SECURITY & GOVERNMENT SYSTEMS SECURITY
DHS Will Shorten Length of Time it Retains Traveler Data
SPYWARE, SPAM & PHISHING
Phishers Go After Tennessee Valley Federal Credit Union Members
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Cisco Patches Vulnerabilities in IOS
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
Computers Stolen from Yale Dean's Office
Missing Flash Drive Holds State Hospital Nurses' Data
Merrill Lynch Computer Stolen/
First Response Financial Data Theft
LOCAL CHAPTERS FOR GIAC AND SANS?
LIST OF UPCOMING FREE SANS WEBCASTS

---

********************SPONSORES BY SANS@HOME ******************************

SANS @Home, our most innovative and effective new educational program, announces Security 601: Reverse Engineering Malware starting on September 12, http://www.sans.org/info/12436.
You can take complete SANS courses, live with SANS Instructor Lenny Zeltser, and network with fellow students on-line, without leaving your home or office.

*************************************************************************

SECURITY TRAINING UPDATE

SANS Network Security 2007 (September 22-30, in Las Vegas) is the largest fall conference on cybersecurity with more than 40 courses and wonderful evening sessions and a big vendor exposition. Most importantly, it brings together the top rated teachers in cybersecurity in the world. How good are they? Here's what past attendees said:

"This course has valuable information that can be implemented immediately in the work place." (Christopher O'Brien, Booz Allen Hamilton)

"The quality of teachers, speakers, and even attendees is far superior to any other training event I've attended." (Corinne Cook, Jeppesen)

"SANS provides by far the most in-depth security training with the true experts in the field as instructors." (Mark Smith, Costco Wholesale)

Registration information: http://www.sans.org/ns2007/
*************************************************************************

---

TOP OF THE NEWS

Bush Signs Law Expanding Wiretapping Authority (August 6, 2007)

President George W. Bush has signed legislation that expands the breadth of the US government's wiretapping authority. The law covers international telephone calls and email messages; the new wiretaps will not require warrants. The legislation in essence "legalizes the NSA program" in which the covert agency was conducting warrantless surveillance outside the parameters of the Foreign Intelligence Surveillance Act. The wiretapping may occur provided the person the NSA is seeking information about is in a foreign country. The US Attorney General and the Director of National Intelligence now both can approve wiretaps. They can also compel telecommunications companies to cooperate with their requests.
-http://news.com.com/2102-1029_3-6200914.html?tag=st.util.print
[Editor's Note (Schultz): This is a controversial law; many individuals, myself included, are worried about yet another increase in the US government's ability to snoop and invade privacy. Additionally, after numerous abuses of authority by US law enforcement and the NSA in past privacy-related incidents, it is extremely unwise to now give even more ability to wiretap. (Paller): We are also receiving really strongly worded protests from people in other countries about the intrusivenss of this law. ]

Chertoff Won't Back Down on Real ID (August 8, 2007)

Department of Homeland Security (DHS) Secretary Michael Chertoff says that while he understands the challenges posed by the requirements of implementing the Real ID Act, the program is too valuable to national security to let it go. Several states have already made clear that they do not intend to implement Real ID. DHS estimates that implementation will cost states a total of approximately US $23 billion.
-http://www.govexec.com/story_page.cfm?articleid=37703&dcn=todaysnews

Plaintiff in "Frivolous" CAN-SPAM Suit Must Pay Legal Fees (August 8, 2007)

A man who unsuccessfully sued alleged spammers has been ordered to pay the defendant's legal fees, which amount to US $111,440. The court called James Gordon's lawsuit "frivolous." Gordon, who owns Omni Innovations LLC, sued Virtumundo Inc. under the CAN-SPAM Act and several Washington state laws. But in May of this year, a US District Court in Seattle "ruled against Gordon, saying that he and other recipients of spam have no standing under the federal CAN-SPAM Act because they have not been 'adversely affected' within the meaning of the law." To meet the adversely affected part of the law, for instance, an ISP would have to demonstrate that it experienced bandwidth and network slowdowns, increased demands on employees, and possibly the need for new equipment.
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9029679&intsrc=hm_list

---

*********************** Sponsored Links: ******************************

1) Find out what Seagate knows about secure storage. It could improve your company's security.
http://www.sans.org/info/13576
2) Join Fortify's Hospitality Suite, Washington DC, Aug 15, 5-8pm Find out what Fortify knows about JavaScript Hijacking and how developers can make their code secure:
http://www.sans.org/info/13581
*************************************************************************

---

THE REST OF THE WEEK'S NEWS

LEGAL MATTERS

Two More Sentenced in Piracy Case (August 9, 2007)

Two men have been sentenced to 37 months in federal prison for their involvement in what the government has called "the largest CD and DVD pirating scheme to be prosecuted in the United States." Ye Teng Wen and Hao He were also sentenced to three years of supervised release following their prison terms and fined US $125,000. In June, a third man involved in the scheme received the same prison sentence but was also ordered to pay US $6.9 million in restitution. The scheme involved pirated music, movies, and software; the men admitted to using phony labels with the FBI Anti-Piracy Seal on the products to lend them authenticity.
-http://www.scmagazine.com/us/news/article/730406/california-software-pirates-fin
ed-sentenced/

Six Arrested in International Internet Scam (August 9, 2007)

Six men have been arrested in connection with an Internet scam that reportedly cost one Australian man Au$1.76 million (US$1.5 million). The man received an email promising a business contract worth Au $105.42 million (US $90 million) and had been advancing the thieves money for approximately one year before he began to be suspicious. The men were arrested in Amsterdam, where the target had flown to meet them for an appointment.
-http://www.news.com.au/story/0,23599,22214192-23109,00.html

HOMELAND SECURITY & GOVERNMENT SYSTEMS SECURITY

DHS Will Shorten Length of Time it Retains Traveler Data (August 7, 2007)

The US Department of Homeland Security (DHS) will now retain incoming traveler data for 15 years instead of 40. The revision comes in response to hundreds of public comments. The data are kept under DHS's Automated Targeting System (ATS) program, which is operated by Customs and Border Patrol. DHS has also asked for an exemption for certain information and says it will not retain data about race, religion, and sexual orientation. If such data are provided by an airline, the system will filter them out.
-http://www.fcw.com/article103446-08-07-07-Web&printLayout

SPYWARE, SPAM & PHISHING

Phishers Go After Tennessee Valley Federal Credit Union Members (August 8, 2007)

About 30 members of the Tennessee Valley Federal Credit Union (TVFCU) fell prey to a phishing scheme, divulging their account information and losing thousands of dollars to thieves. TVFCU members were targeted with telephone calls and emails telling them their accounts were about to expire and that they needed to call an 800 number and provide personal information to have their accounts restored. The thieves made phony debit cards with the stolen account information and used them to withdraw funds from TVFCU accounts through ATMs.
-http://www.newschannel9.com/articles/internet_14598___article.html/computers_peo
ple.html
[Editor's Note (Pescatore): We've seen targeted phishing attacks going after lots of smaller targets. While the percentage of phishing targets who fall for the attack is going down, the average damage per incident is going up.]

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES

Cisco Patches Vulnerabilities in IOS (August 8 & 9, 2007)

Cisco has patched a handful of serious vulnerabilities in products that run its Internetwork Operating System (IOS). Most severely affected by the flaws are voice-enabled devices and Cisco Unified Communications Manager. No workarounds are presently available for these flaws, which could be exploited to allow remote code execution. Other vulnerabilities could be exploited to allow remote code execution, data leaks, and denial-of-service conditions. Internet Storm Center:
-http://isc.sans.org/diary.html?storyid=3250
-http://www.theregister.co.uk/2007/08/08/cisco_issues_four_updates/print.html
-http://www.informationweek.com/shared/printableArticle.jhtml?articleID=201311100

ATTACKS, INTRUSIONS, DATA THEFT & LOSS

Computers Stolen from Yale Dean's Office (August 8, 2007)

Two computers stolen from the Yale College Dean's Office at Yale University last month contain Social Security numbers (SSNs) of more than 10,000 current and former students, faculty, and staff. Yale has sent notification letters to the affected individuals. The university determined the content of the computers by examining back-up tapes. The data "had not been maintained for any purpose." The University is attempting to reduce the amount of personal data it stores and is taking steps to encrypt or purge any other files containing SSNs.
-http://www.yaledailynews.com/articles/view/21093

Missing Flash Drive Holds State Hospital Nurses' Data (August 8, 2007)

A flash drive missing from Patton State Hospital in San Bernardino, California contains the names and SSNs of approximately 300 registry nurses. The Department of mental health has begun notifying affected employees by telephone and mail. Having the data on the drive is a violation of hospital policy. The employee responsible for placing the information on the drive faces disciplinary action; the information was put on the drive to help the nurses process their time sheets.
-http://www.sbsun.com/news/ci_6569478

Merrill Lynch Computer Stolen (August 7, 2007)

A computer was stolen from Merrill Lynch's corporate offices in New Jersey. The computer reportedly holds personally identifiable information of approximately 33,000 company employees, but no client data. The theft reportedly occurred two weeks ago; law enforcement agencies have been notified.
-http://www.cnbc.com/id/20162588
-http://www.reuters.com/article/fundsFundsNews/idUSN0723295420070807

First Response Financial Data Theft (August 7, 2007)

UK customers of First Response Financial are being advised to keep an eye on their accounts following the theft of server storage disks from the company's Manchester-area office. The stolen data include bank and credit card information for current and former customers. The thieves apparently targeted the servers containing these data. First Response has informed customers' banks directly about the incident and has sent notification letters to affected individuals. Police are investigating.
-http://www.theregister.co.uk/2007/08/07/first_response/print.html
-http://www.vnunet.com/vnunet/news/2196201/thieves-steal-uk-finance-house

LOCAL CHAPTERS FOR GIAC AND SANS?

At the most recent meeting of the GIAC Advisory board, the suggestion of local chapter meetings was raised. We would love to better understand your thoughts on this idea. If you have time to answer 10 quick questions, please follow the link below, there is also a section in the survey for you to provide comments if you would like to do so:
-http://www.surveymonkey.com/s.aspx?sm=QuKaSS5Kx2E6u7ItPO3QUA_3d_3d
You can also reach Stephen Northcutt directly with your thoughts and ideas: stephen@sans.edu

LIST OF UPCOMING FREE SANS WEBCASTS

Wednesday, 8/15/07 - Internet Storm Center: Threat Update
-http://www.sans.org/info/13521
Thursday, 8/23/07 - Full Disk Encryption - The Reasons, Options and Deployment Issues
-http://www.sans.org/info/13526
Sponsored By: Seagate

Be sure to check out the following FREE SANS archived webcasts:

August 9, 2007 - The Service/Help/Support Desk Implications of Migrating to 802.1x Standards
-http://www.sans.org/info/13531
Sponsored By: AirWave

August 1, 2007 - Host Based Intrusion Prevention (HIPS), what does it do for me?
-http://www.sans.org/info/13536
Sponsored By: CA

July 31, 2007 - WhatWorks in Intrusion Prevention and Detection: PCI, Global Compliance and Log Management at a Large Financial Firm
-http://www.sans.org/info/13541
Sponsored By: Sourcefire

| July 25, 2007 - Meeting PCI Data Security Standards: It's more than log collection
-http://www.sans.org/info/13546
Sponsored By: Q1 Labs

---

=========================================================================

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.

Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.

Ed Skoudis is co-founder of Intelguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Tom Liston is a Senior Security Consultant and Malware Analyst for Intelguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Bruce Schneier has authored eight books -- including BEYOND FEAR and SECRETS AND LIES -- and dozens of articles and academic papers. Schneier has regularly appeared on television and radio, has testified before Congress, and is a frequent writer and lecturer on issues surrounding security and privacy.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Mark Weatherford, CISSP, CISM, is the Chief Information Security Officer for the State of Colorado.

Alan Paller is director of research at the SANS Institute

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Rohit Dhamankar is the Lead Security Architect at TippingPoint, a division of 3Com, and authors the critical vulnerabilities section of the weekly SANS Institute's @RISK newsletter and is the project manager for the SANS Top20 2005 and the Top 20 Quarterly updates.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

Koon Yaw Tan is Assistant Director at Monetary Authority of Singapore (MAS) and a handler for the SANS Institute's Internet Storm Center.

Chuck Boeckman is a Principal Information Security Engineer at a non-profit federally funded research and development corporation that provides support to the federal government.

Gal Shpantzer is a trusted advisor to several successful IT outsourcing companies and was involved in multiple SANS projects, such as the E-Warfare course and the Business Continuity Step-by-Step Guide.

Brian Honan is an independent security consultant based in Dublin, Ireland.

Roland Grefer is an independent consultant based in Clearwater, Florida.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/