SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume XIII - Issue #3

January 11, 2011

California, Rhode Island, Maryland and Delaware have all launched
statewide cyber security talent searches. These education and
competition programs for high-school students are called
Cyber-Foundations and are sponsored by the US Cyber Challenge and
participating companies. The kids get cool online tutorials and videos
on networking, operating systems and system administration, each with a
security flavor, and then compete in on-line quizzes. Schools must sign
up by Feb 18 to get the code to allow their students to participate. We
are hoping SANS alumni will encourage their children's schools and other
schools in their area to get engaged. Kids win gift certificates and
other prizes and winners will be recognized in programs hosted by
Congressmen and Governors and other statewide officials. They also
become eligible for generous college scholarships open only to
cyber-talented young people. We'll have more data in Friday's NewsBites
but if you want to get a head start, go to
http://www.sans.org/cyber-foundations .

Alan

---

TOP OF THE NEWS

Commerce Dept. to Establish National Program Office to Support Trusted Identity Efforts
Twitter Discloses National Security Letter Seeking Info on People Affiliated with WikiLeaks

THE REST OF THE WEEK'S NEWS

Vodafone Data Security Breach
Irish Political Party Website Attack Under Investigation
Teen Who Made Phony Phone Threats Over VoIP Sentenced to Time Served
Korean Authorities Prosecute People Involved in Cyber Crime Ring
Bypassing Flash Sandbox
Students Create SCADA Test Bed
Two Charged in Alleged Video Poker Scheme

---

************** Sponsored By SANS AJAX Security Webcast *****************
REGISTER NOW for the 1/13/11 webcast: A Primer to AJAX Security, Featuring, Johannes Ullrich. 1:00 PM EST (1800 UTC/GMT) http://www.sans.org/info/68738 *************************************************************************
TRAINING UPDATE
New "Combating Malware in the Enterprise" course at SANS (SEC569). How do you fight off malware when you have thousands of hosts? Learn the answers in Orlando in March:
http://www.sans.org/security-training/combating-malware-enterprise-1482-mid

-- SANS Security East 2011, New Orleans, LA, January 20-27, 2011 12 courses. Bonus evening presentations and special events include Happy Little Clouds: Governing, Assessing and Auditing Cloud Environments; and Future Trends in Network Security
http://www.sans.org/security-east-2011/

-- North American SCADA 2011, Lake Buena Vista, FL, February 23-March 2, 2011
http://www.sans.org/north-american-scada-2011/

-- SANS Phoenix 2011, Phoenix, AZ, February 25-March 2, 2011 6 courses. Bonus evening presentations and special events include Indicators of Compromise: ABCs of IOCs and Network Vulnerability Exploitation, Step By Step From Discovery through to Metasploit Module
http://www.sans.org/phoenix-2011/

-- SANS AppSec 2011: Summit & Training, San Francisco, CA, March 7-14, 2011 7 courses. Bonus evening presentations and special events includes The Road to Sustainable Security
http://www.sans.org/appsec-2011/

-- SANS 2011, Orlando, FL, March 27-April 4, 2011 39 courses. Bonus evening presentations and special events include Hiding in Plain Sight: Forensic Techniques to Counter the Advanced Persistent Threat; and Law and the Public's Perception of Data Security
http://www.sans.org/sans-2011/

-- 2011 Asia Pacific SCADA and Process Control Summit, Sydney, Australia, March 31-April 7, 2011
http://www.sans.org/sydney-scada-2011/

-- Looking for training in your own community?
http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current

Plus Atlanta, Bangalore, Singapore, Barcelona and Bali all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ****************************************************************************

---

TOP OF THE NEWS

Commerce Dept. to Establish National Program Office to Support Trusted Identity Efforts (January 7 & 10, 2011)

The US Department of Commerce will establish a National Program Office focused on creating and promoting trusted online identities for Internet users; the effort will support the current administration's National Strategy for Trusted Identities in Cyberspace (NSTIC) by encouraging the development of interoperable technologies and standards for online authentication. Users would be able to establish a single online identity that could be used across multiple sites with confidence, eliminating the need for remembering a lengthy list of passwords. NSTIC seeks to create an Identity Ecosystem that does not rely on a centralized database and will not be mandatory. The final version of the NSTIC will be released in the next few months.
-http://www.whitehouse.gov/blog/2011/01/07/national-program-office-enhancing-onli
ne-trust-and-privacy
-http://www.commerce.gov/news/press-releases/2011/01/07/us-commerce-secretary-gar
y-locke-white-house-cybersecurity-coordinato
-http://www.informationweek.com/news/government/security/showArticle.jhtml?articl
eID=229000404&subSection=Security
-http://news.cnet.com/8301-31921_3-20027800-281.html

Twitter Discloses National Security Letter Seeking Info on People Affiliated with WikiLeaks (January 8 & 9, 2011)

Twitter has revealed that the US government has served subpoenas seeking personal details of some users who are believed to have close ties to WikiLeaks. The US District Court in Virginia is seeking names, addresses, connection records, phone numbers and payment information. The court order was issued on December 14, 2010. At the time, WikiLeaks was ordered not to reveal that it had been served the subpoena or that the investigation was taking place at all, but the court last week removed the restrictions. Among those named are Julian Assange, US Army Pfc. Bradley Manning and Birgitta Jonsdottir, a member of Iceland's Parliament who has allegedly worked with Assange. Assange has called the court order harassment.
-http://www.bbc.co.uk/news/world-us-canada-12141530
-http://www.nytimes.com/2011/01/10/business/media/10link.html
-http://www.icelandreview.com/icelandreview/daily_news/?cat_id=40764&ew_0_a_i
d=372293
-http://www.guardian.co.uk/media/2011/jan/08/wikileaks-calls-google-facebook-us-s
ubpoenas
-http://www.wired.com/threatlevel/2011/01/birgitta-jonsdottir/
-http://www.wired.com/images_blogs/threatlevel/2011/01/Twitter_Unsealing_Order.pd
f
[Editor's Note (Honan): This move by the US Government is creating a lot of disquiet internationally with Members of the European Parliament for example debating the impact it has on data privacy
-http://euobserver.com/9/31614.
The Icelandic Foreign Minister, Oessur Skarphedinsson, has also summoned the US Ambassador to Iceland to give an explanation as to why "an Icelandic parliamentarian is being investigated in a criminal case in the United States for no reason at all." ]

---

************************ Sponsored Link: ****************************
Do you know the most current information on web hacking techniques and how you can guard against them? If not, register for SANS AppSec 2011 http://www.sans.org/info/68743 taking place March 7-14, 2011 in San Francisco. Register by 1/26 and save $400. ***********************************************************************

---

THE REST OF THE WEEK'S NEWS

Vodafone Data Security Breach (January 9 & 10, 2011)

The Australian Privacy Commissioner is investigating reports that Vodafone customers' personal information was compromised. Vodafone retail and dealer staff members were allegedly provided with login credentials that allowed them to access the company's customer database, which contains names, driver's license and credit card numbers and call records. A journalist has reported that criminals were paying for information contained in the database and that some people were using their access to snoop on spouses' communications. The breach reportedly affects as many as four million Vodafone customers.
-http://www.securecomputing.net.au/News/243761,privacy-commissioner-investigates-
alleged-vodafone-breach.aspx
-http://www.thetechherald.com/article.php/201102/6668/Vodafone-investigated-by-Au
stralian-Privacy-Commissioner
-http://www.smh.com.au/technology/security/vodafone-mobile-records-leaked-2011010
8-19jgm.html
-http://computerworld.co.nz/news.nsf/news/australian-privacy-commissioner-to-inve
stigate-vodafone-breach
-http://www.smh.com.au/technology/security/mobile-security-outrage-private-detail
s-accessible-on-net-20110108-19j9j.html
-http://www.smh.com.au/national/vodafone-probes-its-security-20110109-19jv5.html

Irish Political Party Website Attack Under Investigation (January 10, 2011)

Authorities are investigating the breach of the Fine Gael website by the loosely organized hacktivist group Anonymous, which has been involved in attacks on sites that have been deemed hostile to WikiLeaks. The Gardai are investigating the alleged data theft from the site, while the Office of the Data Commissioner is ensuring that the political party organization has established "appropriate safeguards" to protect the data it collects. The FBI has also been called in to assist with the investigation; the website is hosted by a company in the US. The attack is believed to have compromised personal data of approximately 2,000 people. Fine Gael has notified all affected subscribers of the breach by email.
-http://www.irishtimes.com/newspaper/breaking/2011/0110/breaking29.html
-http://www.bbc.co.uk/news/uk-northern-ireland-12151724
[Editor's Note (Honan): There are two angles to this story, firstly Fine Gael were criticised last week for hosting their site in the US as it may breach the Irish privacy laws
-http://www.irishtimes.com/newspaper/ireland/2011/0108/1224287043463.html
The other issue is that under the Irish Data Protection Act any personal information relating to political beliefs is deemed to be sensitive personal information, so why was a database containing sensitive personal information available from the Internet and why was it not encrypted? Lessons to learn from this is before going live with a web based system make sure it complies with local legal and regulatory issues and that the appropriate security measures are in place and have been verified as working. ]

Teen Who Made Phony Phone Threats Over VoIP Sentenced to Time Served (January 10, 2011)

The North Carolina teenager who was arrested in March 2009 for making hoax bomb threats to schools and FBI offices around the country is being released after serving 22 months in pre-trial custody. A judge has sentenced Ashton Lundeby to time served and ordered him to serve three years supervised release. He was also ordered to pay more than US $29,000 in restitution. Lundeby made some of the hoax threats at the request of students who wanted to miss school, in some cases accepting payment for his efforts. He pleaded guilty to conspiracy in October. He made the calls using VoIP software. He and others listened online as authorities responded to the threats.
-http://www.wired.com/threatlevel/2011/01/tyrone/
-http://www.jconline.com/article/20110110/NEWS09/110110018
-http://www.southbendtribune.com/article/20110110/News01/110119962/1130

Korean Authorities Prosecute People Involved in Cyber Crime Ring (January 9, 2011)

Prosecutors in South Korea allege that gangsters have been hiring attackers to launch attacks on competing gambling websites. The head of a server rental company has been arrested in connection with the case. An alleged attacker has been arrested as well; both are facing charges of launching distributed denial-of-service (DDoS) attacks against sites at the behest of gangsters running an illegal gaming website.
-http://www.koreatimes.co.kr/www/news/nation/2011/01/113_79384.html

Bypassing Flash Sandbox (January 7, 2011)

A researcher has defeated the sandbox feature recently added to Adobe Flash Player to help protect users' machines from attacks. The sandbox feature was added to Flash Player in version 8, which was released late last year. Adobe has said it will fix the problem in a future version of Flash Player.
-http://www.informationweek.com/news/storage/security/showArticle.jhtml?articleID
=229000322&cid=RSSfeed_IWK_All
-http://www.theregister.co.uk/2011/01/07/adobe_flash_bypass/
-http://www.eweek.com/c/a/Security/Adobe-Flash-Sandbox-Bypassed-by-Security-Resea
rcher-576573/

Students Create SCADA Test Bed (January 7, 2011)

Students at Iowa State University have created a Supervisory Control and Data Acquisition (SCADA) test bed to simulate cyber attacks against the systems that are prevalent in elements of the country's critical infrastructure and learn how to protect them. The research is funded in part by the National Science Foundation.
-http://iowastatedaily.com/news/article_89d0b690-187d-11e0-b624-001cc4c03286.html

Two Charged in Alleged Video Poker Scheme (January 6 & 7, 2011)

Two men have been charged with computer hacking and conspiracy for allegedly exploiting a vulnerability in certain video poker machines. John Kane and Andre Nestor allegedly learned of and used a flaw in the machines' software that allowed them to win hundreds of thousands of dollars in Las Vegas casinos in spring of 2009. Nestor is facing charges for similar offenses in Pennsylvania casinos. Nestor maintains he did nothing illegal and compared his actions to card counting, which is frowned upon but not illegal.
-http://www.theregister.co.uk/2011/01/07/video_poker_hack_charges/
-http://www.wired.com/threatlevel/2011/01/video-poker/

---

************************************************************************

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Mark Weatherford, CISSP, CISM, is Chief Information Security Officer at the North American Energy Reliability Commission (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/