SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume X - Issue #65

August 19, 2008

The early registration deadline discount for SANS Network Security 2008 (the largest security conference and expo in the fall) is tomorrow evening. http://www.sans.org/info/29439

---

TOP OF THE NEWS

Woman Wrongly Sued by RIAA Awarded More Than US $100,000 in Legal Fees
More Than One-Third of Vista Purchasers Downgrade to XP
Captcha Technology Doing Double Duty

THE REST OF THE WEEK'S NEWS

LEGAL ISSUES
Man Pleads Guilty in LimeWire Data Theft Case
Ruling a Boon to Creative Commons License
SPYWARE, SPAM AND PHISHING
New Zealand University eMail Server Used to Send Spam
ATTACKS AND BREACHES
Attack Hijacks Firefox Clipboard
Irish Police Searching for Cyber Thieves
 Credit Card Data Stolen from Louisiana and Mississippi Restaurants
Florida's Wuesthoff Health System Pre-Registration Website Breached
MISCELLANEOUS
Internet Giants Respond to call for Voluntary Code of Conduct

---

*********************** Sponsored By ArcSight, Inc. *********************

Complimentary Webinar with ArcSight: 5 Steps to Better Security with SIEM - Security Information and Event Management (SIEM) projects are driven by compliance requirements and real-time security threats. To be effective, you need to address threats by correlating vast amounts of data. Learn what advanced correlation provides, Glean high-value security intelligence through correlation, Address the top 5 security scenarios and gain enhanced visibility

http://www.sans.org/info/31868

*************************************************************************

TRAINING UPDATE
- - NETWORK SECURITY 2008: Las Vegas (9/28-10/6) 50 courses; big tools  expo; lots of evening sessions: http://www.sans.org/ns2008)
- - Boston (8/9-8/16) http://www.sans.org/boston08/
- - Virginia Beach (8/21-8/29): http://www.sans.org/vabeach08/
- - Chicago (9/3-9/10) http://www.sans.org/chicago08 AUDIT & COMPLIANCE
- - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

---

TOP OF THE NEWS

Woman Wrongly Sued by RIAA Awarded More Than US $100,000 in Legal Fees (August 15 & 18, 2008)

A US Federal Court has awarded Tanya Andersen more than US $100,000 in legal fees and interest following her successful fight against a lawsuit brought by the Recording Industry Association of America (RIAA).  The RIAA accused Andersen and her eight-year-old daughter of illegally downloading music onto their PC.  Andersen denied the allegations and offered her computer for the RIAA to inspect.  The RIAA declined the offer and served papers on Andersen.  During the court case, her PC was inspected by the RIAA, which found no evidence of wrongdoing.  The case was eventually dropped.  Andersen has filed a separate lawsuit against the RIAA for malicious prosecution.
-http://www.vnunet.com/vnunet/news/2224122/single-mum-wins-107-951-riaa
-http://yro.slashdot.org/article.pl?sid=08/08/15/1145236
-http://www.theinquirer.net/gb/inquirer/news/2008/08/15/music-weasels-pay-tanya
[Editor's Note (Shpantzer): In a related note, see this link for new research on possible abuse of  DMCA takedown notices:
-http://dmca.cs.washington.edu/]

More Than One-Third of Vista Purchasers Downgrade to XP (August 18, 2008)

Statistics gathered by Devil Mountain Software indicate that nearly 35 percent of new PCs have been downgraded from Vista to Windows XP. Microsoft's end-user licensing agreement allows users who have purchased Vista Business and Vista Ultimate to downgrade to Windows XP Professional; those who purchased Vista Enterprise are permitted to downgrade to XP.  Devil Mountain Software operates the exo.performance.network.
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9112885&intsrc=hm_list
-http://www.infoworld.com/article/08/08/18/news-vista-downgrade-stat_1.html
[Editor's Note (Pscatore): I know it is popular to bash Vista, but from a security perspective, this is pretty silly. Delaying upgrading to Vista is one thing, buying a new PC with the capacity to run Vista and going backwards to XP makes no sense. At this point the applications that don't work with Vista are all badly written applications that should be shunned anyway. ]

CAPTCHA Technology Doing Double Duty (August 14, 2008)

A new version of CAPTCHA technology, which is used to verify that certain online tasks are being performed by humans and not automated systems, is now being used to help decipher old books and newspapers. Instead of random combinations of characters, people are presented with a word that has stumped computerized transcription systems.  When three users type in the same word, the system decides that it must be the correct answer.  Most digitization projects rely on optical character recognition (OCR), which for books published prior to 1900 has an accuracy rate of 80 percent; the new tool improves the systems' accuracy rates to more than 99 percent.  CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.
-http://technology.timesonline.co.uk/tol/news/tech_and_web/article4531184.ece

---

************************** SPONSORED LINKS: *****************************
1) Protecting Your Highly-Distributed Retail Network:  Why PCI Compliance May Be No Bargain
http://www.sans.org/info/31873

2) Visit the SANS Buyers Guide for updated listings and useful information when selecting the latest in IT security technologies.
http://www.sans.org/info/31878

3) Join your peers at the Penetration Testing and Ethical Hacking Summit
- - London September 17.
http://www.sans.org/info/31883
*************************************************************************

---

THE REST OF THE WEEK'S NEWS

LEGAL ISSUES

Man Pleads Guilty in LimeWire Data Theft Case (August 18, 2008)

Nineteen-year-old Jason M. Milmont has pleaded guilty to felony unauthorized access to a computer to further a fraud.  Milmont allegedly infected other people's computers with bot software through the LimeWire filesharing program.  He allegedly used the compromised computers to steal financial information.  He has agreed to pay more than US $73,000 in restitution; he could face up to five years in prison and a US $250,000 fine when he is sentenced in October.
-http://www.sci-tech-today.com/news/Teen-Hacker-Pleads-Guilty-to-Fraud/story.xhtm
l?story_id=10200BE0O53O
-http://www.casperstartribune.net/articles/2008/08/16/news/casper/2c6fb0ecfe2ddf6
c872574a700057d26.txt

Ruling a Boon to Creative Commons License (August 14 & 15, 2008)

In a victory for open source software, the US Court of Appeals for the Federal Circuit has overturned a lower court decision that said open source software owners could not take legal action for copyright violation against others who used the software.  The higher court disagreed, finding that even free licenses place conditions on how people may use copyrighted work and that if those conditions are violated, the people can be sued for copyright infringement.  The case that initiated the proceedings involved the question of whether or not a software developer, Matthew Katzer, did not abide by the terms of the open-source Artistic License when he took Robert Jacobsen's code and used it to create commercial software to control model trains.
-http://www.vnunet.com/computing/news/2224071/open-source-gets-legal
-http://www.theregister.co.uk/2008/08/14/open_source_creative_commons_license_vic
tory/print.html
-http://www.heise.de/english/newsticker/news/114308
-http://news.bbc.co.uk/2/hi/technology/7561943.stm
-http://www.cafc.uscourts.gov/opinions/08-1001.pdf
[Editor's Note (Northcutt): On a scale of one to huge, this is a huge decision.  Where would we be without open source software? We will be far less well off, doomed to buggy expensive software. ]

SPYWARE, SPAM AND PHISHING

New Zealand University eMail Server Used to Send Spam (August 15, 2008)

Four staff members at the University of Otago (New Zealand) fell prey to a spear phishing attack that tricked them into providing their login credentials.  The attackers used the information to gain access to the University's computer email server and used it to send about 1.55 million spam emails.  The phishing emails appeared to come from the University's IT department; the recipients were asked to provide user names and passwords or else their access to email would be revoked. University of Otago staff members have been warned that requests for login information are "most likely fraudulent."
-http://www.odt.co.nz/print/17905
[Editor's Note (Honan): The article states that staff members had previously been warned not to respond to suspicious email requests.  The fact that four people fell for this phishing email demonstrates that your security awareness program needs to be a continuous process and not simply a series of once off exercises. ]

ATTACKS AND BREACHES

Attack Hijacks Firefox Clipboard (August 15 & 18, 2008)

A recently discovered attack targets the clipboard in the Firefox browser running on both Mac and Windows computers.  Users' machines become infected when they visit seemingly innocuous websites only to find that a malicious link has been copied to the clipboard.  The link persists even after the user copies new text; the only way to get rid of it is to reboot.  The link takes those who click on it to a site where they are told that their computers are infected with malware and must be cleaned immediately by what they say is an anti-malware program. The malicious link has been detected in flash-based advertisements on a number of websites.
-http://www.siliconrepublic.com/news/article/11223/cio/firefox-and-safari-users-u
nder-cyber-attack
-http://www.theregister.co.uk/2008/08/15/webbased_clipboard_hijacking/print.html
-http://news.bbc.co.uk/2/hi/technology/7567889.stm
[Editor's Note (Grefer): (Grefer): To eliminate the majority of flash-based and other advertising from their Firefox browser, users might want to take a closer look at the free Adblock Plus add-on:
-https://addons.mozilla.org/en-US/firefox/addon/1865
-http://adblockplus.org/
In addition, the free NoScript add-on will allow you to restrict which sites are allowed to perform any scripted actions:
-https://addons.mozilla.org/en-US/firefox/addon/722
-http://noscript.net/]

Irish Police Searching for Cyber Thieves

(August 18, 2008)

Credit Card Data Stolen from Louisiana and Mississippi Restaurants (August 18, 2008)

US Federal law enforcement authorities are searching for the culprits behind a rash of credit card data thefts from restaurants in Louisiana and Mississippi.  The thieves apparently sought out businesses using unsecured wireless networks to steal the information that has been used to commit fraud totaling more than US $1 million.  The group tried to sell the information on the Internet.  US Attorney David Dugas said the case is likely to involve individuals overseas, as have other cases recently in the news.   US Secret Service agents and representatives from Visa were scheduled to conduct a meeting for area restaurant owners to explain how they can protect customer data.
-http://www.forbes.com/feeds/ap/2008/08/18/ap5334017.html
[Editor's Note (Honan): The fact that these credit card numbers were stolen via unsecured wireless networks highlights not only the failure of technology to secure the data in this case, but also the failure of management to realise their ethical responsibilities and their obligations with regards to the PCI DSS standard.  Unfortunately this failure is a symptom I regularly see amongst many small to medium businesses.]

Florida's Wuesthoff Health System Pre-Registration Website Breached (August 15, 2008)

Wuesthoff Health System in Florida is notifying approximately 500 patients that their personal information may have been compromised when unknown individuals gained access to its pre-registration website.  The site, which has been taken down, allowed patients to provide registration information ahead of time for surgery, lab work and other procedures.  Wuesthoff intends to track the intruders, but subpoenas necessary to gain the information will not be immediately available. Encryption is normally used to protect patient data on Wuesthoff systems, but the company recently installed Google Analytics, which may have opened a path for the intruders.
-http://www.floridatoday.com/apps/pbcs.dll/article?AID=/20080815/BUSINESS/8081503
26/1006/NEWS01

MISCELLANEOUS

Internet Giants Respond to call for Voluntary Code of Conduct (August 4 & 18, 2008)

Google, Microsoft and Yahoo have responded to a request from US Senator Richard Durbin (D-Ill.) for suggestions for a voluntary code of conduct for corporations.  Specifically, the three companies submitted reports describing how human rights apply to the Internet and how Internet companies can ensure that human rights laws are observed.  Yahoo is especially aware of the issue, having been heavily criticized for providing Chinese authorities with information that led to the arrest of dissidents who had expressed their opinions on the Internet.
-http://www.vnunet.com/vnunet/news/2224128/tech-giants-pitch-human-rights
-http://durbin.senate.gov/showRelease.cfm?releaseId=301020
-http://latimesblogs.latimes.com/technology/2008/08/major-internet.html

---

*************************************************************************
The Editorial Board of SANS NewsBites



Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).



John Pescastore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.



Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.



Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.



Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.



Ed Skoudis is co-founder of Intelguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.



Tom Liston is a Senior Security Consultant and Malware Analyst for Intelguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.



Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.



Bruce Schneier has authored eight books -- including BEYOND FEAR and SECRETS AND LIES -- and dozens of articles and academic papers. Schneier has regularly appeared on television and radio, has testified before Congress, and is a frequent writer and lecturer on issues surrounding security and privacy.



Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa).  He is leading SANS' global initiative to improve application security.



Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.



Mark Weatherford, CISSP, CISM, is Executive Officer of the California Office of Information Security and Privacy Protection.



Alan Paller is director of research at the SANS Institute



Clint Kreitner is the founding President and CEO of The Center for Internet Security.



Rohit Dhamankar is the Lead Security Architect at TippingPoint, a division of 3Com, and authors the critical vulnerabilities section of the weekly SANS Institute's @RISK newsletter and is the project manager for the SANS Top20 2005 and the Top 20 Quarterly updates.



Koon Yaw Tan is Assistant Director at Monetary Authority of Singapore (MAS) and a handler for the SANS Institute's Internet Storm Center.



Gal Shpantzer is a trusted advisor to several successful IT outsourcing companies and was involved in multiple SANS projects, such as the E-Warfare course and the Business Continuity Step-by-Step Guide.



Brian Honan is an independent security consultant based in Dublin, Ireland.



Dr. Christophe Veltsos, CISSP, CISA, GCFA teaches Information Security courses at Minnesota State University, Mankato. He is the President of Prudent Security LLC and also serves as the President of the Mankato Chapter ISSA.



Roland Grefer is an independent consultant based in Clearwater, Florida.



Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/