SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume XI - Issue #48

June 19, 2009

TOP OF THE NEWS

Cyber Security Review Team to Prepare National Incident Response Plan
Jammie Thomas-Rasset Ordered to Pay US $1.92 Million in Music Downloading Case
Experts Suggest Google Cloud Have Security Enabled By Default
Stolen Bord Gais Laptop Contains Sensitive Customer Information

THE REST OF THE WEEK'S NEWS

COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
Company Alleges Chinese Green Dam Filtering Software Contains Stolen Code
Court to Rule in Spanish P2P case
UPDATES AND PATCHES
Apple Issues iPhone 3.0
Apple Patches Java Flaws in Mac OS X
ATTACKS & ACTIVE EXPLOITS
Botnet Clearinghouse Site Discovered
MISCELLANEOUS
India to Require Mobile Phones Have IMEI Numbers
Chinese Government Says Use of Green Dam is Not Mandatory
Researchers to Present Browser-Based Darknet Concept

---

*************************************************************************

TRAINING UPDATE

- - Rocky Mountain SANS, July 7-13 (6 full-length hands-on courses) http://www.sans.org/rockymnt2009/event.php
- - SANS Boston, Aug 2-9 (6 full-length hands-on courses) https://www.sans.org/boston09/index.php
- - The Forensics Summit starts in three weeks on July 9, and has four courses http://www.sans.org/forensics09_summit/event.php:
- - The Virtualization and Cloud Security Summit on August 17-18 in Washington; courses in the following days http://www.sans.org/info/43118
Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php Plus Amsterdam, London, Dubai, Riyahd, Cairo, Melbourne, Canberra, and Singapore all in the next 90 days. For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

---

TOP OF THE NEWS

Cyber Security Review Team to Prepare National Incident Response Plan (June 16 & 17, 2009)

The team that conducted the 60-day review of national cyber security is planning to develop "a comprehensive national incident response plan ... that will guide response to the cyber equivalent of a natural disaster." The team also plans to help align the myriad laws and regulations that hinder cooperation and threat response. The effort will involve working with both the private sector and legislators. The team is led by acting Senior Director for Cyberspace for the National and Economic Security Councils Melissa Hathaway, who is one of the candidates under consideration for White House Cyber Security Coordinator.
-http://gcn.com/Articles/2009/06/16/Hathaway-developing-cybersecurity-response-pl
an.aspx
-http://www.nextgov.com/nextgov/ng_20090617_3622.php

Jammie Thomas-Rasset Ordered to Pay US $1.92 Million in Music Downloading Case (June 18 & 19, 2009)

On Thursday, a federal jury ruled that Minnesota mother Jammie Thomas-Rasset downloaded music files in "willful violation" of copyright law. The jury awarded the Recording Industry association of America (RIAA) US $80,000 for each song Thomas downloaded, or US $1.92 million. This is the second trial for Thomas-Rasset; the judge presiding at the first trial declared a mistrial because he said the instructions given to the jury had been incorrect. That trial had ended with a fine of US $9,250 for each of the 24 songs, a total of US $220,000.
-http://www.crn.com/software/218100291;jsessionid=IWBPIKJBSN5BSQSNDLPSKH0CJUNN2JV
N
-http://www.pcmag.com/article2/0,2817,2349029,00.asp
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9134571

Experts Suggest Google Cloud Have Security Enabled By Default (June 17, 2009)

Cyber security and privacy experts have written to Google CEO Eric Schmidt, asking that the company "protect users' communications from theft and snooping by enabling industry standard transport encryption technology (HTTPS) for Google Mail, Docs, and Calendar." Those services do not have encryption enabled by default, meaning that users' documents and email messages composed from public connections, such as cafes, libraries, and schools, are vulnerable to snooping. Users do have the option of enabling stronger security measures, but many may not be aware that the option exists.
-http://www.vnunet.com/computing/news/2244306/privacy-experts-concerned
-http://files.cloudprivacy.net/google-letter-final.pdf

Stolen Bord Gais Laptop Contains Sensitive Customer Information (June 17 & 18, 2009)

One of four laptop computers stolen from the offices of Irish gas and electricity company Bord Gais contains unencrypted, personally identifiable information of 75,000 Bord Gais customers. The compromised information includes bank data and affects customers who participated in the Bord Gais "Big Switch" electricity campaign. The computers were stolen on June 5, 2009; police and the Irish Data Protection Commissioner were notified immediately. Customers affected by the data security breach will be contacted in the next few weeks. All company machines are now encrypted.
-http://www.siliconrepublic.com/news/article/13218/cio/75-000-customers-bank-deta
ils-on-stolen-bord-gais-laptop
-http://news.bbc.co.uk/2/hi/europe/8106231.stm
-http://www.irishtimes.com/newspaper/breaking/2009/0618/breaking29.htm
[Editor's Note (Honan): Until tougher legislation is introduced into Ireland which penalizes companies for not protecting the data it is entrusted with this story will repeat itself again and again. As a matter of record my own personal details appear to have been on this laptop - Care to guess which company will no longer be supplying me with electricity? ]

---

THE REST OF THE WEEK'S NEWS

COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT

Company Alleges Chinese Green Dam Filtering Software Contains Stolen Code (June 15, 2009)

A California company is seeking an injunction to bar US companies from shipping PCs loaded with filtering software recently adopted by the Chinese government, alleging that the software contains stolen code. The program in question, Green Dam, was found to contain code from Solid Oak Software's CyberSitter Internet filtering product.
-http://news.zdnet.co.uk/security/0,1000000189,39664183,00.htm
-http://online.wsj.com/article/SB124486910756712249.html

Court to Rule in Spanish P2P case (June 15, 2009)

On the heels of the Pirate Bay convictions on charges related to copyright violation, the music industry is anticipating a court ruling later this month in the case of Spanish software designer Pablo Soto. Soto was sued for 13 million Euro (US $18.1 million) by Promusicae, the Spanish record label association that counts among its members Sony, Universal, Warner and EMI. Promusicae alleges that through three software products he developed, Manolito, Blubster and Piolet, Soto has been facilitating illegal downloads of copyrighted content. Soto maintains that his products are legitimate peer-to-peer (P2P) tools and that he is not responsible for what people do with those tools.
-http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article6507024
.ece

UPDATES AND PATCHES

Apple Issues iPhone 3.0 (June 18, 2009)

iPhone 3.0, the updated operating system for the popular mobile device, includes fixes for at least 46 security vulnerabilities in various components, including Safari and Mail. The flaws could be exploited to make calls without user interaction, execute malicious code or cause the device to crash. iPhone 3.0 contains almost four times as many fixes at the last iPhone update.
-http://voices.washingtonpost.com/securityfix/
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9134548
-http://www.h-online.com/security/iPhone-OS-3-0-fixes-46-vulnerabilities--/news/1
13563

Apple Patches Java Flaws in Mac OS X (June 16, 2009)

Apple has issued updates for Mac OS X and Mac OS X Server to address flaws in its Java virtual machine. The company has been chided for taking so long to make fixes available for the vulnerabilities that could be exploited to execute arbitrary code on unprotected computers. Fixes fox Windows, HP-UX, Red Hat and Suse Linux were released last month.
-http://www.theregister.co.uk/2009/06/16/apple_java_patches/

ATTACKS & ACTIVE EXPLOITS

Botnet Clearinghouse Site Discovered (June 17, 2009)

Researchers say they have uncovered what appears to be a clearinghouse for botnets and malware. The network, dubbed "Golden Cash," allows those with unsavory motives to buy and sell control of the networks of zombie computers, control and collect the data they steal, and share malware development tools. The platform is believed to be run by the Russian Business Network.
-http://www.scmagazineus.com/Criminal-network-to-trade-botnets-and-malware-uncove
red/article/138675/
-http://news.cnet.com/8301-1009_3-10266977-83.html
-http://www.vnunet.com/vnunet/news/2244247/botnet-market-uncovered

MISCELLANEOUS

India to Require Mobile Phones Have IMEI Numbers (June 18, 2009)

The Indian government is now requiring that all imported mobile phones have accompanying International Mobile Equipment Identity (IMEI) numbers; mobile service operators have been ordered to block calls from phones that do not have IMEIs. The numbers are most often programmed into the devices by manufacturers, and serve to identify them on Global System for Mobile Communication (GSM) networks. Phones with IMEI numbers composed entirely of zeros are also banned. Phones without IMEI numbers have been used by terrorists to evade attempts at identification.
-http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxo
nomyName=security&articleId=9134532&taxonomyId=17&intsrc=kc_top

Chinese Government Says Use of Green Dam is Not Mandatory (June 16 & 18, 2009)

A Chinese government official now says that people are not required to use the content filtering software it has mandated be preinstalled on PCs sold in that country as of July 1. The Green Dam Youth Escort software was developed with the intent to protect minors from viewing inappropriate Internet content. The government now says that people who choose not to use the software or who remove it from their PCs will not face legal repercussions. Green Dam has come under widespread criticism for lacking sophistication - it blocks some legitimate sites while failing to block others that should be blocked. Others noted that the software posed security risks for the computers on which it is installed.
-http://news.bbc.co.uk/2/hi/technology/8106526.stm
-http://www.msnbc.msn.com/id/31385738/ns/technology_and_science-tech_and_gadgets/

Researchers to Present Browser-Based Darknet Concept at Black Hat (June 15 & 18, 2009)

Researchers plan to present a proof-of-concept, "zero-footprint" darknet called Veiled at next month's Black Hat Security Conference. HP's Billy Hoffman and Matt Wood say their idea "take(s) the idea of a darknet and move(s) it into the browser platform." While the idea of a darknet is not new, the concept as presented by the pair "uses the latest in rich Internet technologies" to make it a simpler affair than it has been in the past. Normally, a darknet requires third-party technology, but Veiled requires no new software. By taking advantage of newer developments like HTML 5, the researchers have created a system similar to a P2P network. Hoffman and Wood say that while their idea may not have the strength of the Tor network, it "is a lot easier to use."
-http://www.forbes.com/2009/06/15/darknet-hewlett-packard-technology-security-dar
knet_print.html
-http://www.darkreading.com/security/encryption/showArticle.jhtml?articleID=21780
1293
-http://searchsecurity.techtarget.com/news/interview/0,289202,sid14_gci1359669,00
.html

---

**********************************************************************
The Editorial Board of SANS NewsBites


Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC)


John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.


Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.


Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.


Johannes Ullrich is Chief Technology Officer of the Internet Storm Center.


Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.


Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.


Prof. Howard A. Schmidt is the President of the Information Security Forum (ISF) and author who has served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.


Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.


Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.


Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.


David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.


Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.


Alan Paller is director of research at the SANS Institute


Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.


Clint Kreitner is the founding President and CEO of The Center for Internet Security.


Brian Honan is an independent security consultant based in Dublin, Ireland.


Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/