SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume XII - Issue #96

December 07, 2010

TOP OF THE NEWS

The WikiLeaks Saga Heats Up
WikiLeaks Cable Release Prompts Last Minute Legislation
RIM to Give Indian Government "Lawful Access" to BlackBerry Messenger Communications
Do Not Track Recommendation Raises Questions and Concerns

THE REST OF THE WEEK'S NEWS

Mega-D Spam Suspect Pleads Not Guilty to CAN-SPAM Violation Charges
DNS Provider Disconnects WikiLeaks
Researchers Circumvent IE Protected Mode
Google Issues Stable Release of Chrome 8.0
Federal Prosecutor Drops Case Against Alleged Xbox Modifier
Google Declares Commitment to Discourage Piracy

---

*************************** Sponsored By IBM ***************************
Get direct access to leading security experts. The IBM Institute for Advanced Security provides access to security thought leaders at IBM and elsewhere who are building next generation technologies for today's security issues throughout government and industry worldwide. Register and join your peers in enabling innovation and collaboration on security issues facing our Smarter Planet. http://www.sans.org/info/67483 ************************************************************************* TRAINING UPDATE
New "Combating Malware in the Enterprise" course at SANS (SEC569). How do you fight off malware when you have thousands of hosts? Learn the answers in Washington DC in December or in Orlando in March:
http://www.sans.org/security-training/combating-malware-enterprise-1482-mid

- -- SANS Cyber Defense Initiative 2010, Washington DC, December 10-17, 2010 24 courses. Bonus evening presentations include Browser Based Defenses; Continuous Vulnerability Testing and Remediation: the 20 Critical Security Controls Perspective; and Cyberwar or Business as Usual? The State of US Federal CyberSecurity Efforts
http://www.sans.org/cyber-defense-initiative-2010/

- -- SANS Security East 2011, New Orleans, LA, January 20-27, 2011 12 courses. Bonus evening presentations and special events include Happy Little Clouds: Governing, Assessing and Auditing Cloud Environments; and Future Trends in Network Security
http://www.sans.org/security-east-2011/

- -- North American SCADA 2011, Lake Buena Vista, FL, February 23-March 2, 2011
http://www.sans.org/north-american-scada-2011/

- -- SANS 2011, Orlando, FL, March 27-April 4, 2011 39 courses. Bonus evening presentations and special events include Hiding in Plain Sight: Forensic Techniques to Counter the Advanced Persistent Threat; and Law and the Public's Perception of Data Security
http://www.sans.org/sans-2011/

- -- Looking for training in your own community?
http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current

Plus Atlanta, San Francisco, Bangalore and Phoenix all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ****************************************************************************

---

TOP OF THE NEWS

The WikiLeaks Saga Heats Up

The Julian Assange and Wikileaks story is heating up. A few hours ago he was arrested, and a UK court denied bail in an extradition hearing on Swedish sexual assault charge. He'll be incarcerated at least until Dec. 14. His attorney claims WikiLeaks has a 'thermo-nuclear device' of further secret information that will be released by supporters if he is arrested.
-http://www.businessweek.com/news/2010-12-07/wikileaks-assange-denied-bail-in-u-k
-extradition.html
-http://www.dailymail.co.uk/news/article-1335888/WikiLeaks-Julian-Assange-release
-damaging-secrets-killed-arrested.html

WikiLeaks Cable Release Prompts Last Minute Legislation (December 2, 2010)

Late last week, US lawmakers introduced legislation that would make publishing the name of a US intelligence source a federal crime. The bill is in direct response to the tens of thousands of US diplomatic cables that WikiLeaks recently released. The Securing Human Intelligence and Enforcing Lawful Dissemination (SHIELD) Act would amend the Espionage Act to include prohibiting the publishing of human intelligence. Because leaking the information is already a criminal offense, the proposed legislation is taking aim directly at publishers. The law could not be used to prosecute WikiLeaks or Julian Assange for the publishing of any information that has already occurred.
-http://www.wired.com/threatlevel/2010/12/shield/
Text of SHIELD Act:
-http://www.scribd.com/doc/44561925/Shield-Act

RIM to Give Indian Government "Lawful Access" to BlackBerry Messenger Communications (December 6, 2010)

A Research in Motion (RIM) spokesperson in India has said that the company will provide the Indian government with access to communications sent through BlackBerry Messenger on a case-by-case basis. The government will not have access to the communications at all times, but must adhere to legal processes to gain lawful access. RIM has repeatedly told the Indian government that it cannot provide access to communications sent through BlackBerry Enterprise Server (BES) because individual companies are the only entities with the encryption keys for those systems. The government is in talks with the companies to reach agreements about accessing communications.
-http://www.computerworld.com/s/article/9199778/RIM_to_give_Indian_government_acc
ess_to_BlackBerry_Messenger?taxonomyId=83
-http://news.cnet.com/8301-30686_3-20024694-266.html?tag=mncol;title

Do Not Track Recommendation Raises Questions and Concerns (December 2, 2010)

The Federal Trade Commission's report recommending the implementation of a Do Not Track system for Internet users has prompted questions from legislators about how the system would actually work. Others are worried that the mechanism could stifle the development of free content, which draws its revenue from advertisers. In the current fragile economic climate, such a move could hinder growth.
-http://www.nytimes.com/2010/12/03/technology/03privacy.html?_r=1&partner=rss
&emc=rss

---

************************* SPONSORED LINKS ***************************

1) Learn about the new PCI-compliant reference architecture designed by HyTrust, Cisco, VMware, Savvis & Coalfire. http://www.sans.org/info/67488

2) InstantSecurityPolicy.com - Quick, Custom IT Security Policy Templates, Delivered Online - Comprehensive, Complete and 100% Guaranteed http://www.sans.org/info/67493

3) Don't miss the LIVE Simulcast Core Security Lunch & Learn, direct from SANS Cyber Defense Initiative. http://www.sans.org/info/67498 **********************************************************************

---

THE REST OF THE WEEK'S NEWS

Mega-D Spam Suspect Pleads Not Guilty to CAN-SPAM Violation Charges (December 6, 2010)

Alleged spam king Oleg Y. Nikolaenko pleaded not guilty to violating the CAN-SPAM Act in US federal court in Wisconsin last week. Nikolaenko is believed to have had a major role in spam schemes that sent out more than 10 billion messages a day through the Mega-D botnet. The judge denied bail for Nikolaenko after prosecutors successfully argued that he posed a flight risk.
-http://www.theregister.co.uk/2010/12/06/mega_d_botmaster_charges/

DNS Provider Disconnects WikiLeaks (December 3, 4 & 5, 2010)

Late last week, EveryDNS stopped domain name service to WikiLeaks after providing the whistle-blowing website with 24 hours notice. The domain name provider said it could not manage the distributed denial-of-service (DDoS) attacks that had been bombarding the site. The messages noted that WikiLeaks was in violation of its terms and conditions of agreement because the attacks were disrupting service for other EveryDNS customers. About 75 mirror sites contain links to the controversial documents.
-http://www.washingtonpost.com/wp-dyn/content/article/2010/12/03/AR2010120306804.
html
-http://www.theregister.co.uk/2010/12/03/wikileaks_loses_dns/
-http://www.guardian.co.uk/media/2010/dec/05/wikileaks-internet-backlash-us-press
ure
[Editor's Note (Northcutt): We live in an extraordinary season. Stuxnet is an entirely new generation of malware; WikiLeaks shows how devastating a single disk can be. I have been trying to think about the emerging trends of the next few years, but would be interested in your thoughts about what we might see five years from now? What will the 4th generation of malware be? How long before unmanned planes and tanks start attacking one another? What would the financial and human suffering cost be if someone came up with an exploit that completely destabilized the Internet for days or even weeks? Please send your thoughts to stephen@sans.edu.
-http://www.sans.edu/resources/securitylab/security_predict2011.php
-http://www.sans.edu/resources/securitylab/2011_2012_predict.php]

Researchers Circumvent IE Protected Mode (December 3, 2010)

Researchers claim to have developed a way to bypass Internet Explorer's (IE's) Protected Mode. The attack involves exploiting a zero-day vulnerability and works on machines that have the Local Intranet Zone enabled. The researchers say they have devised a drive-by attack technique, meaning that it requires no user interaction. Protected Mode was introduced in IE 7 to prevent malicious code from gaining access to certain parts of the Windows operating system.
-http://www.theregister.co.uk/2010/12/03/protected_mode_bypass/
-http://www.h-online.com/security/news/item/Internet-Explorer-s-Protected-Mode-ca
n-be-bypassed-1147562.html

Google Issues Stable Release of Chrome 8.0 (December 3, 2010)

Google has issued a stable release of the Chrome 8.0 web browser. Previously available in beta, Chrome 8 includes a built-in PDF viewer with sandboxing technology to help prevent the spread of malware. The update also addresses 13 vulnerabilities in previous versions of the browser.
-http://www.h-online.com/security/news/item/Google-releases-Chrome-8-0-stable-114
7222.html
-http://www.computerworld.com/s/article/9199418/Google_quashes_13_Chrome_bugs_add
s_PDF_viewer?taxonomyId=17
[Editor's Note (Schultz): Google has been improving the securing of its Chrome browser to the point that it has now become a serious player among organizations and users who deem browser security important. ]

Federal Prosecutor Drops Case Against Alleged Xbox Modifier (December 2, 2010)

Federal prosecutors dropped their case against alleged Xbox modifier Matthew Crippen mid-trial. Shortly before the scheduled start of the third day of the trial, prosecutor Allen Chiu told US District Judge Philip Gutierrez that "the government has decided to dismiss the indictment." If the case had proceeded, it would have been the first to test the Digital Millennium Copyright Act's anti-circumvention provisions as they apply to gaming consoles.
-http://www.wired.com/threatlevel/2010/12/crippen-dismissed/

Google Declares Commitment to Discourage Piracy (December 2 & 3, 2010)

Google says it will revamp its anti-piracy policies and procedures over the next few months. Google will prevent words associated with piracy from appearing in auto-complete search suggestions. The company will also take steps to prevent Google advertisements from appearing on pages that host illegal content and make previews of legal content appear at the top of search results. Google has also committed to taking down sites with illegal content using Google services within 24 hours of requests from copyright holders.
-http://www.computerworld.com/s/article/9199498/Google_pledges_to_strengthen_its_
anti_piracy_policies?taxonomyId=144
-http://www.bbc.co.uk/news/technology-11900347
[Editor's Note (Northcutt): If I were a cynical person, I might note that Google also announced they are opening an ebook store.
-http://www.afterdawn.com/news/article.cfm/2010/12/06/google_finally_launches_e-b
ook_store]

---

**********************************************************************

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Adv isory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Mark Weatherford, CISSP, CISM, is Chief Information Security Officer at the North American Energy Reliability Commission (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/