SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume XII - Issue #54

July 09, 2010

Look for the widely-anticipated report on computer security manpower
challenges and solutions, from the CSIS Commission on Cybersecurity for
the 44th President, to be unveiled Tuesday, July 13. Broad dissemination
of its findings and rapid implementation of its recommendations could
make a huge difference in the effectiveness of cyber security in the
United States.
Alan

---

TOP OF THE NEWS

UK ISPs Challenge Digital Economy Act
European Parliament Votes to Allow US Access to European Banking Data
Facebook Facing Allegations of Data Privacy Law Violations in Germany
NSA Developing Network Attack Monitoring Program

THE REST OF THE WEEK'S NEWS

Microsoft's July Patch Tuesday to Comprise Four Security Bulletins
GAO Says White House Office Needs to Step Up Cybersecurity R&D Leadership
Apple Bans Developer and His Apps from Store Following Allegations of Fraud
SQL Injection Attacks Expose The Pirate Bay's User Database
UK Ministry of Justice Seeks Input on Effectiveness of Data Protection Measures
University of Hawaii Manoa Parking Office Computer Breached
Charges Filed Against Military Analyst in Wikileaks Case
Man Draws One-Year Sentence for Damaging Former Employer's Computer System

---

********************** Sponsored By PacketMotion ***********************
Thinking about segmenting your internal network with firewalls?
Think again! Firewalls, designed to protect the perimeter, are difficult to integrate and expensive to maintain.
PacketMotion's virtual approach to internal network segmentation separates sensitive HR and Accounting systems, PCI DSS regulated systems to ensure compliance, development from production, restricts 3rd party internal "leapfrogging", and more. http://www.sans.org/info/61648
*************************************************************************
TRAINING UPDATE

-- SANS Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic Techniques to Counter the Advanced Persistent Threat
http://www.sans.org/rocky-mountain-2010/

-- SANS Boston 2010, August 2-8, 2010 11 courses. Special Events include Rapid Response Security Strategy Competition
http://www.sans.org/boston-2010/

-- SANS Virginia Beach 2010, August 29-September 3, 2010 9 courses. Bonus evening presentations include Future Trends in Network Security
http://www.sans.org/virginia-beach-2010/

-- SANS Network Security 2010, Las Vegas, September 19-27, 2010 40 courses. Bonus evening presentations include The Return of Command Line Kung Fu and Cyberwar or Business as Usual? The State of US Federal CyberSecurity Initiatives
http://www.sans.org/network-security-2010/

-- SOS: SANS October Singapore, October 4-11, 2010 7 courses
http://www.sans.org/singapore-sos-2010/

-- Looking for training in your own community?
http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current

Plus Washington DC, Canberra, Portland and Dubai all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

---

TOP OF THE NEWS

UK ISPs Challenge Digital Economy Act (July 8, 2010)

Two UK Internet service providers (ISPs) are challenging the country's Digital Economy Act. The companies want the High Court to determine the legislation's legality before it takes effect. The ISPs maintain that the bill was rushed through Parliament just prior to the general election and therefore received "insufficient scrutiny;" there was not adequate time to hash out the bill's content or the implications of its provisions. The bill requires that ISPs disconnect persistent illegal filesharers from the Internet and allows copyright holders to block access to sites that host illegal content. The bill does have a measure that would require additional legislation and consultation before the disconnect provision could be implemented. Europe's e-commerce directive established that ISPs are merely conduits and are not to be held liable for the traffic's content.
-http://news.bbc.co.uk/2/hi/technology/10542400.stm

European Parliament Votes to Allow US Access to European Banking Data (July 8, 2010)

Members of European Parliament have voted to allow the US access to European citizens' financial information. The Swift agreement is aimed at combating terrorism through the terrorist Finance Tracking Program (TFTP). Though the European Parliament rejected the plan earlier this year due to civil liberties concerns, it was swayed to alter its position after both the European Commission and the European Council approved the plan. The new version of the plan allows EU officials to monitor the US investigators' actions.
-http://news.bbc.co.uk/2/hi/world/europe/10552630.stm
-http://www.computerworld.com/s/article/9178979/Europe_votes_to_send_secret_bank_
data_to_U.S._authorities?taxonomyId=17

Facebook Facing Allegations of Data Privacy Law Violations in Germany (July 8, 2010)

Facebook could be hit with tens of thousands of euros in fines for storing personal data of people who are not Facebook members. German officials have initiated legal proceedings against the social networking site for violating the country's data privacy laws. Facebook routinely asks people who are already members to upload contact lists from their mobile phones and email accounts so Facebook can invite those people to join. Facebook retains the contact information, whether or not the people choose to join, even though the people have not given Facebook permission to store that information. Hamburg Data Protection Authority head Johannes Caspar has received several complaints from individuals whose information has been shared with third parties.
-http://news.bbc.co.uk/2/hi/technology/8798906.stm
-http://www.computerworld.com/s/article/9178984/Germany_may_fine_Facebook_over_pr
ivacy_issues_?taxonomyId=17

NSA Developing Network Attack Monitoring Program (July 8, 2010)

According to a report in the Wall Street Journal, the US National Security Agency (NSA) is developing a program, dubbed "Perfect Citizen," to monitor computer networks for attacks against government agencies and private organizations that support the country's critical infrastructure. While the program has generated support among some, others have expressed concern about its intrusion into domestic affairs. The program would establish sensors across the networks that would trigger alarms when evidence of a cyber attack is detected. The program would focus on older networks that were not developed with Internet access or security in mind. The government cannot compel private companies to deploy the sensors, but the organization would reportedly offer incentives for the companies to participate in the program.
-http://news.cnet.com/8301-1009_3-20009952-83.html
-http://www.pcworld.com/businesscenter/article/200706/nsa_perfect_citizen_raises_
big_brother_concerns_in_private_sector.html?tk=hp_blg
An update today sheds more light on the topic, characterizing the project as research:
-http://www.eweek.com/c/a/Security/NSA-Cyber-Security-Program-Details-Revealed-27
5248/

---

THE REST OF THE WEEK'S NEWS

Microsoft's July Patch Tuesday to Comprise Four Security Bulletins (July 8, 2010)

On Tuesday, July 13, 2010, Microsoft will issue four security bulletins to address a total of five vulnerabilities. Three of the bulletins have been rated critical; the fourth has been rated important. All bulletins address remote code execution vulnerabilities. Two of the critical bulletins fix vulnerabilities in Microsoft Windows; the other two bulletins address flaws in Microsoft Office. Among the flaws that will be addressed in this security update is a recently disclosed vulnerability in the Windows XP Help and Support Center.
-http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx
-http://www.computerworld.com/s/article/9178992/Microsoft_to_patch_Google_enginee
r_s_zero_day_next_week
-http://www.scmagazineuk.com/microsoft-to-issue-four-bulletins-on-its-next-patch-
tuesday-to-cover-the-vulnerability-in-its-windows-help-and-support-center/articl
e/174180/

GAO Says White House Office Needs to Step Up Cybersecurity R&D Leadership (July 7, 2010)

According to a report from the US Government Accountability Office (GAO), the White House Office of Science and Technology Policy has fallen short of its responsibility to develop a national cyber security R&D agenda. The risks that accompany lack of a Cybersecurity R&R agenda include falling behind other countries and being unable to protect the country's cyberspace assets. Although the Office of Science and Technology Policy's Subcommittee on Networking and Information Technology R&D (NITRD) was given the task of coordinating cybersecurity R&D efforts, most cybersecurity R&D is conducted by five federal agencies and some private sector companies. The GAO says there needs to be more oversight. The report is a response to congressional request for review of nation's cybersecurity R&D efforts.
-http://www.informationweek.com/news/government/security/showArticle.jhtml?articl
eID=225702580
-http://www.computerworld.com/s/article/9178959/GAO_slams_White_House_for_failing
_to_lead_on_cybersecurity?taxonomyId=17
-http://www.govinfosecurity.com/articles.php?art_id=2722
-http://fcw.com/articles/2010/07/06/web-cyber-r-and-d-gao.aspx?admgarea=TC_SECCYB
ERSEC
-http://www.nextgov.com/nextgov/ng_20100707_4256.php?oref=topnews
-http://www.gao.gov/new.items/d10466.pdf

Apple Bans Developer and His Apps from Store Following Allegations of Fraud (June 7, 2010)

Apple has banned Vietnamese developer Thuat Nguyen from its App Store after learning that he allegedly broke into 400 iTunes accounts and used them to make fraudulent purchases of his applications and boost their popularity. Nguyen was banned and his apps removed "for violating the developer Program License Agreement, including fraudulent purchase patterns." The applications were for iPhone, iPad and iPod Touch.
-http://news.bbc.co.uk/2/hi/technology/10535703.stm
-http://www.h-online.com/security/news/item/Apple-ejects-vendor-following-App-Sto
re-security-problems-1034034.html
-http://www.scmagazineuk.com/apple-has-banned-an-application-developer-from-itune
s-following-reports-of-fraudulent-applications-rising-after-accounts-were-compro
mised/article/174052/
-http://www.theregister.co.uk/2010/07/07/apple_itunes_scam/

SQL Injection Attacks Expose The Pirate Bay's User Database (July 7 & 8, 2010)

SQL injection vulnerabilities allowed attackers access to personally identifiable information of more than 4 million Pirate Bay users. The attackers gained access to the site's database and had the ability to create, modify, delete and view all user data. The attacker reporting the vulnerabilities said he and his associates did not change or delete any information. The data could prove valuable to the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), both of which have attempted to bring down the filesharing website. There are reports that The Pirate Bay site is currently down.
-http://krebsonsecurity.com/2010/07/pirate-bay-hack-exposes-user-booty/
-http://www.theregister.co.uk/2010/07/08/pirate_bay_hacked/

UK Ministry of Justice Seeks Input on Effectiveness of Data Protection Measures (July 6 & 8, 2010)

The UK's Ministry of Justice (MoJ) has issued a Call for Evidence about the European Data Protection Directive 95/46/EC and the Data Protection Act 1998. The MoJ is seeking input about how the data protection rules are working, what impact they have had on individuals and organizations, and whether the rules need to be strengthened. MoJ will accept evidence through October 6, 2010.
-http://www.theregister.co.uk/2010/07/06/moj_dpa/
-http://www.scmagazineuk.com/ministry-of-justice-to-survey-uk-citizens-on-whether
-the-data-protection-act-is-still-revelant/article/174139/
-http://www.justice.gov.uk/call-for-evidence-060710.htm

University of Hawaii Manoa Parking Office Computer Breached (July 6 & 8, 2010)

The University of Hawaii (UH) has sent notification letters to 53,000 people to let them know their personal information may have been compromised in a security breach this spring. The incident is believed to have taken place on May 30, but was not detected until June 15. The breach occurred on a server used by the UH Manoa campus parking office. The compromised data include names, Social Security numbers (SSNs), driver's license numbers and credit card information. Those affected include faculty and staff members employed in 1998, and anyone else who conducted business with the UH Manoa campus parking office between January 1, 1998 and June 30, 2010.
-http://www.bizjournals.com/pacific/stories/2010/07/05/daily3.html
-http://darkreading.com/database_security/security/attacks/showArticle.jhtml?arti
cleID=225702686&subSection=Attacks/breaches

Charges Filed Against Military Analyst in Wikileaks Case (July 6, 2010)

US Army intelligence analyst Pfc. Bradley Manning has been charged with unauthorized computer access, transmitting classified information to an unauthorized third party and other offenses for allegedly leaking classified military information. Manning allegedly provided Wikileaks documents and videos, including a video of a 2007 US helicopter airstrike in Baghdad on a group the soldiers believed were insurgents; that attack also killed two Reuters employees and injured two children. Manning allegedly passed at least 50 diplomatic cables to someone unauthorized to view the information. He also allegedly downloaded more than 150,000 unclassified documents in violation of his access permissions to the SIPR network. If convicted of all the charges against him, Manning could be sentenced to up to 52 years in prison.
-http://www.wired.com/threatlevel/2010/07/manning-charges/
-http://www.informationweek.com/news/government/info-management/showArticle.jhtml
?articleID=225702436

Man Draws One-Year Sentence for Damaging Former Employer's Computer System (July 6 & 8, 2010)

Steven Jinwoo Kim has been sentenced to one year in prison and fined US $100,000 for breaking into his former employer's computer network. Kim pleaded guilty to one count of reckless damage to a protected computer in November 2009. Kim was once employed as a senior database administrator at Houston, Texas-based Gexa Energy. He was fired in February 2008. In April 2008, Kim accessed Gexa's computer network from his home computer; Gexa maintains that Kim damaged both the network and a customer database. Kim also copied a database file that held customer information.
-http://www.informationweek.com/news/storage/security/showArticle.jhtml?articleID
=225702701
-http://www.computerworld.com/s/article/9178901/Database_admin_sentenced_for_hack
ing_employer_s_network?taxonomyId=17
[Editor's Note (Northcutt): Whenever you terminate someone who has had system access, it is imperative that you make it impossible for that person to come back into your systems. Stories like this offer a strong argument for two factor authentication and I do not mean "What is your pet's name".
[(Schultz): According to a recent study, 59 percent of so-called "insider attacks" are originated by ex-employees whose access to their ex-employers' systems and networks has not been completely revoked. This news item once again shows how important severing all access routes available to ex-employees is. ]

---

**********************************************************************

The Editorial Board of SANS NewsBites Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, http://www.sans.edu.

Prof. Howard A. Schmidt is the Cyber Coordinator for the President of the United States

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/