Newsletters: NewsBites

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume X - Issue #98

December 16, 2008


Eight days left for early registration discount for SANS Security West 2009 (Jan 24-Feb 1) http://www.sans.org/securitywest09
And early registration is still open (save $350) on SANS biggest program SANS 2009 Orlando (March 1-9) http://www.sans.org/sans2009

TOP OF THE NEWS

DHS Addresses Privacy Concerns in Data Mining Projects
CSIS Commission Recommends Cybersecurity Stance Based on WMD Nonproliferation Model
Browser Password Security Test
Hackers May Have Played Role in Brazilian Deforestation

THE REST OF THE WEEK'S NEWS

ARRESTS, CHARGES & CONVICTIONS
Another Guilty Plea in Citibank 7-Eleven ATM Scam
Dubai Police Arrest Three in Credit Card Fraud Scheme
POLICY AND LEGISLATION
Mandatory Internet Filtering Meets With Resistance in Australia
VULNERABILITIES
Zero-Day IE Flaw Attacks on the Rise
DATA LOSS & EXPOSURE
NH Movie Theater Server Compromised; Card Data Stolen
STUDIES AND STATISTICS
Cisco's Annual Security Report
MISCELLANEOUS
Google Issues Browser Security Handbook
It's Official: Google Chrome No Longer a Beta


**************************** Sponsored By CA ****************************

Server Resource Protection: A Critical Element of IT Security
Protecting server resources from internal and external access abuse and attacks is critical to maintaining a strong security posture. Incessant threats and attacks on enterprise security continue to challenge IT. A recent $7 billion French banking fraud case clearly illustrates the problem at hand. This IDC whitepaper analyzes common vulnerabilities in protecting server resources. Learn more https://www.sans.org/info/36558/

*************************************************************************

TRAINING UPDATE

- - SANS 2009 in Orlando in early march - the largest security training conference and expo in the world. lots of evening sessions: http://www.sans.org/
- - SANS Security West Las Vegas (1/24-2/01) http://sans.org/securitywest09/
- - Looking for training in your own Community? http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

TOP OF THE NEWS

DHS Addresses Privacy Concerns in Data Mining Projects (December 15, 2008)

The US Department of Homeland Security (DHS) has released "Principles for Implementing Privacy Protections in Science & Technology Research Projects." The document is part of a DHS report to Congress on the department's data mining technology and policy. Privacy advocates have expressed concerns about the DHS's data mining programs. The principles require the DHS's Privacy Office and Scientific Directorate to produce purpose statements for projects and use personally identifiable data only for the purposes stated therein. The principles also call for researchers to use the least possible amount of data to conduct their studies. In addition, employees would need to be trained in privacy policy and a system to address the concerns of people who believe their information has been misused would need to be established.
-http://www.fcw.com/print/22_39/news/154665-1.html?topic=homeland_security
[Editor's Note (Schultz): The DHS's principles seem quite reasonable to me. A bigger question is whether these principles will govern the way individual data are actually handled. ]

CSIS Commission Recommends Cybersecurity Stance Based on WMD Nonproliferation Model (December 15, 2008)

The Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency promotes a model for addressing national cyber security based on the model the government used for dealing with nuclear weapons proliferation. The commission recommended establishing a cyber security directorate within the National Security Council, much as the government did to address nuclear weapons toward the end of the Cold War. The nonproliferation model is appropriate because "we need to recognize that we are facing a new kind of threat," according to James Lewis, CSIS Senior Fellow and Director of the Technology and Public Policy Program. Cyber threats cross the usual boundaries, requiring attention from civilian, military, economic, national and international security standpoints.
-http://www.fcw.com/print/22_39/news/154668-1.html?type=pf

Browser Password Security Test (December 14 & 15, 2008)

According to statistics compiled by Chapin Information Services (CIS), most major browsers present some concerns regarding password management security. CIS tested Opera 9.62, Firefox 3.0.4, IE 7.0, Safari 3.2 and Google Chrome 1.0. Opera and Firefox each passed seven of 21 tests, IE passed five tests, and Safari and Chrome each passed two tests. Although the tests examined Chrome's beta version, the issues detected in this study were not fixed when it became an official release last week.
-http://www.heise-online.co.uk/security/Google-Chrome-bottom-in-Password-Security
--/news/112248

-http://www.theregister.co.uk/2008/12/15/browser_password_security_tests/
-http://www.info-svc.com/news/2008/12-12/
[Editor's Note (Schultz): Although important, browser password security is only a small part of the total picture of browser security. ]

Hackers May Have Played Role in Brazilian Deforestation (December 12 & 15, 2008)

Logging and charcoal companies in Brazil reportedly employed hackers to alter computerized controls that determine how much timber can be logged in areas of the Brazilian Amazon rainforest. According to one estimate, the attacks allowed an additional 1.7 million cubic meters of timber to be exported before police became aware of the situation. Authorities in Brazil are suing the companies for 2 billion reals (US $842 million). More than 200 people are facing charges in connection with the case.
-http://www.theregister.co.uk/2008/12/12/brazil_hackers_deforestation/
-http://news.bbc.co.uk/2/hi/technology/7783257.stm
[Editor's Note (Dick): I found this piece very interesting as it highlights the impact of lax cyber security from not only a monetary standpoint but the potential impact on our environment. For the general public to get involved and demand the implementation of cyber security in all systems which impact our lives, it has to become personal. Protection of our environment has become a crusade to many around the world.]


**************************** SPONSORED LINKS **************************

1) Ensure that your VMware ESX hosts are secure and compliant using free Compliance Checker from Configuresoft. http://www.sans.org/info/36563
2) ALERT: Hackers Announce Open Season on Web 2.0 Users and Browsers- Purewire White Paper http://www.sans.org/info/36568
3) Listen to the December 10th Internet Storm Center Webcast http://www.sans.org/info/36569 to receive your free 2009 SNORT Calendar

*************************************************************************

THE REST OF THE WEEK'S NEWS

ARRESTS, CHARGES & CONVICTIONS

Another Guilty Plea in Citibank 7-Eleven ATM Scam (December 15, 2008)

A fifth person has pleaded guilty to charges stemming from a scam that took an estimated US $2 million from Citibank accounts with the help of stolen ATM personal identification numbers (PINs). Aleksandar Aleksiev has pleaded guilty to one count of device access fraud. The group of cyber criminals broke into a server that manages transactions for Citibank-branded ATMs at 7-Eleven convenience stores. Authorities caught Aleksiev withdrawing funds from machines with purloined access codes. They sold the stolen account information and PINs on the underground; the information was used to create phony cards for use in ATMs.
-http://www.theregister.co.uk/2008/12/15/atm_hack_scam/

Dubai Police Arrest Three in Credit Card Fraud Scheme (December 15, 2008)

Police in Dubai, United Arab Emirates have arrested three people in connection with a credit card scam. The gang allegedly used information stolen from others' online financial transactions to make fraudulent purchases over the Internet. Authorities in Dubai say the gang compromised the data of 16,975 credit cards and stole more than Dh227.73 million (US$62 million). A fourth member of the gang was located out of the country, but authorities are making extradition arrangements.
-http://www.gulfnews.com/nation/Police_and_The_Courts/10267633.html
-http://www.thenational.ae/article/20081216/NATIONAL/791381445/1133

POLICY AND LEGISLATION

Mandatory Internet Filtering Meets With Resistance in Australia (December 12, 13 & 16, 2008)

The Australian government's plan to launch trials of Internet filtering technology have run into some roadblocks, as Internet service providers (ISPs) have expressed reluctance to participate. The plan is to filter all Internet traffic and to block access to about 10,000 web sites with reputations for having illegal content. Telstra, the largest ISP in Australia, and Internode have both said they will not participate in the trials. Optus said it would participate only in a scaled back deployment of the filtering technology, and iiNet said it would participate only to demonstrate that the filtering plan will not work. The trials were set to take place this month. Protests against the filtering plan have been held in cities across the country, including Melbourne, Brisbane and Sydney.
-http://news.bbc.co.uk/2/hi/technology/7779547.stm
-http://www.news.com.au/technology/story/0,28348,24795948-5014239,00.html
-http://www.australianit.news.com.au/story/0,24897,24804682-15306,00.html
Further clarification from Microsoft at
-http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-wor
karounds-from-the-recent-IE-advisory.aspx

Also interesting to note that SC Magazine UK ran a story titled "Microsoft encourages users to switch to other browsers"
-http://www.scmagazineuk.com/Microsoft-encourages-users-to-switch-to-other-browse
rs/article/122909/.

VULNERABILITIES

Zero-Day IE Flaw Attacks on the Rise (December 12, 13, 14 & 15, 2008)

The volume of attacks exploiting the zero-day flaw in Internet Explorer (IE) that was disclosed last week has increased significantly over the last several days. The attacks appear to be originating from websites that have been infected with malware. Over the weekend, the number of affected sites was estimated to be 6,000 and climbing rapidly. The flaw affects more versions of IE than researchers initially believed. The flaw is now known to affect IE versions 5.01, 6, 7 and 8 Beta 2, but the attacks have so far only targeted IE 7. It is also more difficult to prevent attacks than was first believed. There are now nine offered workarounds to protect users' systems from the flaw; several require editing the Windows registry. Once again the Internet Storm Center was the leader in identifying, analyzing, and illuminating this problem (on 12/10):
-http://isc.sans.org/diary.html?storyid=5458
And how it is still being used (12/12):
-http://isc.sans.org/diary.html?storyid=5464
-http://www.theregister.co.uk/2008/12/12/ie_zero_day_misconceptions/
-http://www.theregister.co.uk/2008/12/15/ie7_exploits/
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9123398&source=rss_topic17

-http://www.microsoft.com/technet/security/advisory/961051.mspx

DATA LOSS & EXPOSURE

NH Movie Theater Server Compromised; Card Data Stolen (December 10, 2008)

Some moviegoers who used credit cards to make purchases at a Merrimack, New Hampshire theater last summer have been reporting fraudulent activity on their accounts. An investigation determined that an attacker gained access to the server at the Zyacorp Entertainment Cinemagic Stadium in Merrimack; the server has been replaced and new, stronger security measures have been implemented.
-http://www.wmur.com/news/18247613/detail.html#-

STUDIES AND STATISTICS

Cisco's Annual Security Report (December 15, 2008)

According to Cisco's Annual Security Report from 2007 to 2008, the total number of disclosed security flaws increased 11.5 percent. Attacks spread through malicious email attachments fell 50 percent over the same period. Attacks are more and more often blended, comprising multiple flaws through multiple vectors, and are also increasingly targeted at specific victims. Nearly 90 percent of email sent worldwide is spam, according to the report's findings. The report covers information gathered between January and October 2008.
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9123466&source=rss_topic17

-http://cisco.com/en/US/prod/vpndevc/annual_security_report.html
(This site requires registration)

MISCELLANEOUS

Google Issues Browser Security Handbook (December 11 & 12, 2008)

Google has released the "Browser Security Handbook," which provides information about the security features and security concerns present in IE 6 and 7, Mozilla Firefox 2 and 3, Apple Safari, Opera and its own browsers, Chrome and Android. The handbook covers "basic concepts behind web browsers, standard browser security features and experimental and legacy security mechanisms."
-http://www.securityfocus.com/brief/870
-http://www.heise-online.co.uk/security/Worth-Reading-Browser-Security-Handbook--
/features/112243

-http://code.google.com/p/browsersec/wiki/Main

It's Official: Google Chrome No Longer a Beta (December 11 & 12, 2008)

As of December 11, Google's Chrome web browser is no longer a beta. Notable among the browser's security measures is sandboxing. Specifically, each tab in Chrome is run in its own sandbox; Chrome isolates HTML rendering and JavaScript execution in their own process classes. Chrome also has the capability to hide user's surfing histories through a feature called Incognito mode. While it does not provide anonymous browsing, it does not retain cookies beyond the life of that particular browser window.
-http://www.eweek.com/c/a/Security/Google-Chrome-Puts-Security-in-a-Sandbox/
-http://www.internetnews.com/webcontent/article.php/3790636/Google+Chromes+Out+of
+Beta+Now+What.htm

-http://www.crn.com/security/212500156


*************************************************************************
The Editorial Board of SANS NewsBites


Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).


John Pescastore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.


Ron Dick headed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.


Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.


Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.


Prof. Howard A. Schmidt is the President of the Information Security Forum (ISF) and author who has served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.


Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.


Tom Liston is a Senior Security Consultant and Malware Analyst for Intelguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.


Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.


Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.


Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.


Mark Weatherford, CISSP, CISM, is Executive Officer of the California Office of Information Security and Privacy Protection.


Alan Paller is director of research at the SANS Institute


Clint Kreitner is the founding President and CEO of The Center for Internet Security.


Brian Honan is an independent security consultant based in Dublin, Ireland.


Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/