SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume XII - Issue #66

August 20, 2010

TOP OF THE NEWS

GAO Report Finds Public-Private Cyber Threat Information Sharing Falls
Short of Expectations
Google to Face Judge in Spain Over Privacy Complaint
Germany Considering New Rules in Wake of Street View Issue

THE REST OF THE WEEK'S NEWS

China Takes Issue With Pentagon Report on Cyber Threat
Unpatched Flaw Affects Hundreds of Windows Applications
No Criminal Charges in Pennsylvania High School Web Cam Case
Adobe Releases Out-of-Cycle Updates for Reader and Acrobat
Man Who Recorded Conversation on iPhone Did Not Violate Wiretap Act
Free Android Game Gathers GPS Data

---

********************* Sponsored by SANS **************************

Almost unheard of ten years ago, electronic discovery is today chewing up IT resources - equipment, services and staff time. Recognizing that many electronic records such as e-mail, spreadsheets and text messages might some day be demanded in a lawsuit or freedom-of-information request, what policy should your enterprise adopt for retaining and destroying electronic records? Find out at the: SANS WhatWorks: Legal Issues and PCI Compliance in Information Security Summit 2010 http://www.sans.org/info/63968 ********************************************************************

TRAINING UPDATE -- SANS Virginia Beach 2010, August 27-September 3, 2010 9 courses. Bonus evening presentations include Future Trends in Network Security; Hack Back! The Advanced Persistent Threat; and Securing the Human.
http://www.sans.org/virginia-beach-2010/

-- SANS Network Security 2010, Las Vegas, September 19-27, 2010 40 courses. Bonus evening presentations include The Return of Command Line Kung Fu and Cyberwar or Business as Usual? The State of US Federal CyberSecurity Initiatives
http://www.sans.org/network-security-2010/

-- SOS: SANS October Singapore, October 4-11, 2010 7 courses
http://www.sans.org/singapore-sos-2010/

-- SANS Chicago 2010, Skokie, Illinois, October 25-30, 2010 7 courses. Bonus evening presentations include Weaponizing LISP: Advancing the Art of Network Security
http://www.sans.org/chicago-2010/night.php

-- SANS San Francisco 2010, November 5-12, 2010 7 courses
http://www.sans.org/san-francisco-2010/

-- SANS London 2010, November 27-December 6, 2010 14 courses. Bonus evening presentations include Latest Advances in Computer Forensics and Continuous Vulnerability Testing and Remediation: The 20 Critical Security Controls Perspective
http://www.sans.org/london-2010/

-- Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current

Plus Portland, London, Dubai, Bangalore, San Antonio and Sydney all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

********************************************************

---

TOP OF THE NEWS

GAO Report Finds Public-Private Cyber Threat Information Sharing Falls Short of Expectations (August 17 & 18, 2010)

According to a report from the Government Accountability Office (GAO), expectations for information sharing between the government and industry have fallen short of expectations. Private entities said the government is not providing them with "usable, timely and actionable cyber threat information and alerts," and that when they do get information, it is often too vague to be useful. Part of the problem can be attributed to restrictions on what information the government is permitted to share with the private sector. The public/private information sharing is necessary because the majority of the country's critical infrastructure is privately held. The information sharing audit was conducted between June 2009 and July 2010.
-http://fcw.com/articles/2010/08/17/web-cybersecurity-information-sharing.aspx?ad
mgarea=TC_SECCYBERSEC
-http://www.nextgov.com/nextgov/ng_20100818_4830.php?oref=topnews
-http://www.gao.gov/new.items/d10628.pdf

Google to Face Judge in Spain Over Privacy Complaint (August 17, 18 & 19, 2010)

A judge in Spain has ordered a Google representative to appear before her in October to respond to a formal complaint about the company's Street View data collection practices. The complaint was filed by Spanish privacy watchdog group Apedanica and alleges that Google's actions violated Spanish law prohibiting unauthorized interception and collection of communications data. The judge wants to know more about what data were collected, how they were collected and how many people were affected by the data collection.
-http://www.securecomputing.net.au/News/229231,spain-hits-google-with-street-view
-lawsuit.aspx
-http://www.nytimes.com/2010/08/18/technology/18google.html?src=busln

Germany Considering New Rules in Wake of Street View Issue (August 17, 18 & 19, 2010)

The German government may adopt new rules in response to Google's Street View data collection practices. The government plans to meet with Google representatives and representatives of other companies. Google has released an online tool in Germany that allows citizens to request that images of their homes be removed from Street View. Bowing to public pressure, Google has extended the tool's availability through October 15, 2010.
-http://www.msnbc.msn.com/id/38756064/ns/technology_and_science-security/
-http://www.zdnet.com/blog/google/germany-gets-new-privacy-tool-from-google/2382
-http://www.google.com/hostednews/ap/article/ALeqM5jEzBqjxVsTYM7m6Q2LXRSWN9_YDQD9
HMLJM00

---

THE REST OF THE WEEK'S NEWS

China Takes Issue With Pentagon Report on Cyber Threat (August 18 & 19, 2010)

A report from the US military says that China's People's Liberation Army (PLA) has "information warfare units" that are developing malware to attack foreign computer systems. The report says that "numerous computer systems around the world, including those owned by the US Government, continued to be the target of intrusions that appear to have originated within the attacks on systems and networks around the world over the last year appear to originate from within the PRC (People's Republic of China)." The units include civilian organizations, which makes it more difficult to establish that the government is responsible for the attacks. Complicating matters even further is the fact that there are likely civilian groups in China targeting US networks and it is difficult to say which groups are acting on their own, and which are acting on behalf or with the support of the PLA. China says the US report "ignores the objective truth."
-http://www.washingtonpost.com/wp-dyn/content/article/2010/08/19/AR2010081904629.
html
-http://www.csmonitor.com/World/Asia-Pacific/2010/0818/Pentagon-s-China-military-
report-ignores-objective-truth-says-China
-http://www.defense.gov/pubs/pdfs/2010_CMPR_Final.pdf
[Editors' Note (Ranum): We have - until very recently, and only after a great deal of complaining - resisted international calls to demilitarize cyberspace. We have spent large amounts of money, in fact, preparing offensive cyberwar, ourselves. It's hypocrisy - we're against proliferation because we're the biggest proliferators. ]

Unpatched Flaw Affects Hundreds of Windows Applications (August 19, 2010)

A vulnerability in iTunes for Windows that Apple has patched remains unfixed in hundreds of other Windows applications. The remote code execution flaw was initially reported to affect about 40 applications, but that figure was later estimated to be significantly higher. The researcher says the attacks are trivial to launch. The problem lies in the way Windows downloads libraries for third-party applications. Each application will need to be fixed separately. Microsoft is looking into the issue.
-http://www.computerworld.com/s/article/9180901/Update_40_Windows_apps_contain_cr
itical_bug_says_researcher?taxonomyId=17
-http://www.computerworld.com/s/article/9180978/Zero_day_Windows_bug_problem_wors
e_than_first_thought_says_expert?taxonomyId=17
-http://www.h-online.com/security/news/item/New-Windows-vulnerability-Application
s-download-malicious-code-from-the-net-1062153.html
-http://www.theregister.co.uk/2010/08/18/windows_code_execution_vuln/

No Criminal Charges in Pennsylvania High School Web Cam Case (August 17 & 18, 2010)

There will be no criminal charges in the case involving the Lower Merion (Pennsylvania) School District's use of remotely activated webcams on laptops issued to high school students. Instead, the issue will be resolved in civil court. The issue was brought to light earlier this year when the family of a student filed a lawsuit alleging the technology had been used to take pictures of the student in his home. A second lawsuit with similar allegations was filed last month. The technology was supposed to be used to locate missing computers, but was activated and remained on, taking pictures and screenshots for weeks, or in some cases, months. A new policy adopted by the school board prohibits school employees from accessing the laptops remotely without written permission from the family.
-http://www.philly.com/dailynews/local/20100818_No_criminal_charges_in_Lower_Meri
on_webcam_scandal.html
-http://www.msnbc.msn.com/id/38745166/ns/technology_and_science-security/
-http://www.wired.com/threatlevel/2010/08/webcamscandal/
[Editor's Note (Schultz): his set of developments once again highlights the importance of proactively deliberating, creating and communicating appropriate policy provisions. ]

Adobe Releases Out-of-Cycle Updates for Reader and Acrobat (August 17 & 18, 2010)

Adobe has issued out of-cycle updates for Reader and Acrobat to address vulnerabilities disclosed last month at the Black Hat Conference in Las Vegas. Users should upgrade to Adobe Reader 9.3.34 for Windows, Mac and Unix; Adobe Acrobat 9.3.4 for Windows and Mac; Adobe Reader and Acrobat 8.2.4 (cross-platform). Although Adobe was not scheduled to release security updates until October 12, 2010, the company decided these vulnerabilities were too critical to wait that long.
-http://www.theregister.co.uk/2010/08/18/adobe_out_of_band_security_update/
-http://www.computerworld.com/s/article/9180959/Adobe_rushes_update_to_patch_crit
ical_Reader_bugs?taxonomyId=82
-http://www.adobe.com/support/security/bulletins/apsb10-17.html

Man Who Recorded Conversation on iPhone Did Not Violate Wiretap Act (August 17 & 18, 2010)

A federal appeals court in New York has ruled that David Weintraub did not violate the federal Wiretap Act when he used an application on his iPhone to record a family discussion about his dying mother's wishes regarding her estate. The conversation involved Weintraub, his mother, Elizabeth Caro, his stepfather, Marshall Caro, and other family members. Elizabeth Caro died. The stepfather sued for violation of the Wiretap Act, but the judge in that case dismissed the stepfather's claim and agreed that Weintraub was party to the conversation and that the conversation was not private. For Weintraub to be guilty of violating the Wiretap Act, he must have had criminal intent when he began recording the conversation; the court ruled he did not. The stepfather appealed, but the lower court's ruling was upheld.
-http://www.courthousenews.com/2010/08/17/29669.htm
-http://www.wired.com/threatlevel/2010/08/covert-iphone-audio-recording/

Free Android Game Gathers GPS Data (August 16 & 17, 20100)

A free game application available in Google's Android Market reportedly includes a Trojan horse program. The game, called Tapsnake, is a version of the well-known game Snake. While in play, a satellite icon appearing in the menu bar indicates that the application is harvesting GPS data. The information is uploaded to a remote server, so the location of the user playing the game can be tracked. To receive the GPS information, users aiming to track others need another application called "GPS Spy, which is available for US $4.99." To use the application's tracking feature maliciously, people would need access to both Android devices to enter specific information; however, the application is being considered malicious because it does not disclose the tracking activity. The application also continues to run in the background even after users attempt to kill the app.
-http://www.scmagazineuk.com/symantec-warns-of-a-suspicious-android-application-t
hat-appears-as-snake-but-transmits-gps-data/article/176998/
-http://www.theregister.co.uk/2010/08/16/andoid_stalking_app/

Japanese Online Supermarket Database Hacked (August 15, 2010)

Attackers reportedly used SQL injection attacks to steal customer information from the databases of eight Japanese online supermarkets. The attacks took place in late July 2010. Some credit card companies have reported fraudulent activity on accounts compromised in the attacks.
-http://www.japantoday.com/category/crime/view/hackers-steal-customer-data-by-acc
essing-supermarket-database

---

**********************************************************************

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Prof. Howard A. Schmidt is the Cyber Coordinator for the President of the United States

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Mark Weatherford, CISSP, CISM, is Chief Information Security Officer at the North American Energy Reliability Commission (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit
http://portal.sans.org/