SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume XIII - Issue #39

May 17, 2011

Changes coming in Cybersecurity leadership at US Department of Homeland
Security.
After more than two years at the helm, and some impressive successes,
the top leaders in cybersecurity at DHS will soon announce they are
leaving. Chief among their successes is the substantial increase in
hiring of cybersecurity professionals as government employees. But much
still needs to be done. The coming change in leadership offers an
important opportunity for the Obama Administration to transform the US
government's cybersecurity programs so that the government leads by
example in implementing continuous monitoring and more effective
cybersecurity defenses across all federal agencies. If successful, that
will provide a model for the critical infrastructure to use to rapidly
and cost-effectively improve their security. But the necessary
transformation won't happen unless DHS and the White House tap someone
who has served as CIO in a major federal agency, who has cybersecurity
leadership skills proven through measurable risk reduction on a large
scale, and who has the trust of senior policy leaders across government.

---

TOP OF THE NEWS

White House Issues International Cyberspace Strategy
LimeWire Will Pay US $105 Million to Settle RIAA Suit
FBI Reluctant to Identify ISPs Participating in Surveillance Programs

THE REST OF THE WEEK'S NEWS

Sony Restoring PlayStation Network
In-Depth Article on Drake Whistleblowing Case
Scareware Warns of (Nonexistent) Hard Drive Problems
Mozilla Wants Users to Make Firefox 3.5 Obsolete
Two Teens Sentenced for Cyber Attacks
Complaint Filed With FTC Says Dropbox Misrepresented Security
Attack on Eidos Compromises eMail Addresses and Resumes

---

***************************************************************** TRAINING UPDATE

-- SANS Cyber Guardian 2011, Baltimore, MD, May 15-22, 2011 8 courses. Bonus evening presentations include Windows Exploratory Surgery with Process Hacker and State of the Hack: Stuxnet.
http://www.sans.org/cyber-guardian-2011/

-- SANS Rocky Mountain 2011, Denver, CO, June 25-30, 2011 7 courses. Bonus evening presentations include SANS Hacklab and Why End Users are Your Weakest Link
http://www.sans.org/rocky-mountain-2011/

-- SANSFIRE 2011, Washington, DC, July 15-24, 2011 40 courses. Bonus evening presentations include Ninja developers: Penetration testing and Your SDLC; and Are Your Tools Ready for IPv6?
http://www.sans.org/sansfire-2011/

-- SANS Boston 2011, Boston, MA, August 8-15, 2011 12 courses. Bonus evening presentations include Cost Effectively Implementing PCI through the Critical Controls; and More Practical Insights on the 20 Critical Controls
http://www.sans.org/boston-2011/

-- SANS Virginia Beach 2011, August 22- September 2, 2011 11 courses. Bonus evening presentations include SANS Hacklab; Offensive Countermeasures; and Evolving VoIP Threats
http://www.sans.org/virginia-beach-2011/

-- SANS Ottawa 2011, Ottawa, Ontario, August 28- September 2, 2011 5 courses. Bonus evening presentations include DNS Sinkhole: Peer Into Your Network While You Sleep; and I See What You Did There: Forensic Time Line Analysis
http://www.sans.org/ottawa-2011/

-- Looking for training in your own community?
http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current

Plus Barcelona, London, Austin, and Canberra all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

******************* SPONSORED BY ArcSight, an HP Company *******************

Log Less Time. Log More Events. Download ArcSight Logger for FREE today and get instant value out of your logs within minutes. Now you can realize true, enterprise-class log management functionality...absolutely FREE. http://www.sans.org/info/77674

****************************************************************************

---

TOP OF THE NEWS

White House Issues International Cyberspace Strategy (May 16, 2011)

The White House has released the text of its International Strategy for Cyberspace. Last week, the administration sent Congress a proposal for a reworking of securing domestic networks. The International Strategy says "The United States will pursue an international cyberspace policy that empowers the innovation that drives our economy and improves lives here and abroad. In all this work, we are grounded in principles essential not just to American foreign policy, but to the future of the Internet itself."
-http://www.nextgov.com/nextgov/ng_20110516_6382.php?oref=topstory
-http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_
for_cyberspace.pdf

LimeWire Will Pay US $105 Million to Settle RIAA Suit (May 13, 2011)

LimeWire and its founder, Mark Gorton, will pay US $105 million to settle a lawsuit brought by the Recording Industry Association of America (RIAA). The lawsuit, filed in August 2006, alleged that LimeWire was "devoted essentially" to enabling music piracy over the Internet. In October 2010, a judge ordered LimeWire to stop distributing peer-to-peer (P2P) filesharing software.
-http://www.computerworld.com/s/article/9216679/LimeWire_agrees_to_pay_105M_to_re
cord_labels?taxonomyId=144
-http://news.cnet.com/8301-31001_3-20062418-261.html
-http://www.bbc.co.uk/news/technology-13388839

FBI Reluctant to Identify ISPs Participating in Surveillance Programs (May 12, 2011)

The FBI says it does not want to divulge the names of telecommunications and internet service providers that help US law enforcement agencies by supplying user information without warrants because customers would become angry with the companies and cancel their service or even file lawsuits. A top FBI official made the statement in a court declaration arguing against having to provide the information under a Freedom of Information Act (FOIA) request from the American Civil Liberties Union (ACLU). The official also noted that the companies might also be upset if they were identified.
-http://www.theregister.co.uk/2011/05/12/fbi_protects_isps/
-http://www.aclu.org/blog/national-security/fbi-if-we-told-you-you-might-sue-1
-http://www.aclu.org/blog/national-security/fbi-if-we-told-you-part-ii
-http://www.aclu.org/files/assets/2011.04.25_VAUGHNS_-_FBI_Declaration.pdf

---

************************** SPONSORED LINKS *******************************

1) Hear industry experts discuss techniques to fight crimes at the Forensics and Incident Response Summit in Austin, Texas - June 7-8th. Make sure to also attend any of the 4 post-Summit courses June 9-14th. http://www.sans.org/info/77699

2) Learn how to secure your network during the IPv6 transition at the Security Impact of IPv6 Summit July 15th in Washington DC and take advantage of the post-Summit IPv6 Essentials course July 16th. http://www.sans.org/info/77704

****************************************************************************

---

THE REST OF THE WEEK'S NEWS

Sony Restoring PlayStation Network (May 16, 2011)

Sony's PlayStation Network (PSN) is once again available for most users. PSN and Qriocity services resumed over the weekend in most of the world, but as of Monday morning, Asia still was not connected. Sony took the services offline in mid-April after discovering a massive security breach. PlayStation users had to download a firmware update and change their passwords before connecting to the network. Sony expects to have service fully restored by the end of the month.
-http://www.computerworld.com/s/article/9216749/PlayStation_Network_Qriocity_back
_for_most_users_?taxonomyId=17
-http://www.informationweek.com/news/security/client/229500663
[Editor's Note (Pescatore): Bloomberg has reported that Amazon's EC2 services were used by the attackers to launch the attack against Sony. This may have been cheaper for the attackers than just using the "old fashioned" botnet approach. Hosting providers (whether cloud or traditional, and domain name registrars and SSL certificate authorities while we are at it) really need to raise the bar in authenticating/validating users of their services.
(Schultz): Cheap throwaway accounts freely given by cloud service providers are turning out to be one of the most serious security problems in connection with cloud computing. ]

In-Depth Article on Drake Whistleblowing Case (May 16, 2011)

An in-depth article in The New Yorker magazine about National Security Agency (NSA) whistleblower Thomas Drake sheds new light on the agency's warrantless wiretapping program. Drake is scheduled to stand trial next month for allegedly violating the Espionage Act by retaining classified information. Drake allegedly leaked information about the warrantless surveillance program at the NSA, but he is not facing charges over that.
-http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer
-http://www.wired.com/threatlevel/2011/05/new-yorker-on-thomas-drake/#more-26340

Scareware Warns of (Nonexistent) Hard Drive Problems (May 16, 2011)

A new twist on scareware purports to detect disk errors and tries to manipulate users into paying US $80 for phony software that repairs problems that did not exist in the first place. The malware, which infects users machines when they surf to certain, tainted websites, moves files to temporary locations and makes desktop icons disappear, lending credence to the notion that something bad is going on with the machines' hard drives.
-http://www.computerworld.com/s/article/9216765/Windows_scareware_fakes_impending
_drive_disaster?taxonomyId=17

Mozilla Wants Users to Make Firefox 3.5 Obsolete (May 16, 2011)

Mozilla is launching a campaign to get the 12 million users running older versions of its Firefox browser to upgrade to a newer, more secure version. Mozilla will start warning users running Firefox 3.5 that they are using an outdated version of the browser that is no longer supported. Ideally, Mozilla would like to have users upgrade to Firefox 4 or the forthcoming Firefox 5, which is expected in June, but would be satisfied with a shift to Firefox 3.6. The upgrade will be offered as an auto-update.
-http://www.theregister.co.uk/2011/05/16/mozilla_firefox_3_5_forced_upgrade/
-http://www.h-online.com/security/news/item/Mozilla-moves-to-aggressively-end-Fir
efox-3-5-s-life-1243869.html

Two Teens Sentenced for Cyber Attacks (May 16, 2011)

A pair of UK teenagers has received sentences for their roles in a series of attacks that stole credit card information and took down a webhost for a period of time. Zachary Woodham received an 18-month suspended sentence, and Louis Tobenhouse was ordered to perform 200 hours of community service. Four other people associated with Ghostmarket, an online forum for selling stolen information received prison sentences of varying lengths earlier this year.
-http://news.techworld.com/security/3279975/teens-sentenced-for-vicious-attack-on
-uk-hosting-firm/
-http://www.theregister.co.uk/2011/05/16/hacker_duo_sentenced/

Complaint Filed With FTC Says Dropbox Misrepresented Security (May 13 & 16, 2011)

A complaint filed with the US Federal Trade Commission (FTC) alleges that online storage provider Dropbox misled users about the security it provides. According to the complaint, Dropbox claimed that customers' files were completely encrypted and that no one, not even Dropbox employees, could view their contents. However, researcher Christopher Soghoian published data showing the Dropbox could actually view the contents of the files.
-http://www.wired.com/threatlevel/2011/05/dropbox-ftc/
-http://www.theregister.co.uk/2011/05/16/dropbox_ftc_not_good_enough/

Attack on Eidos Compromises eMail Addresses and Resumes (May 13, 2011)

An attack on the website of Eidos Interactive compromised 25,000 email addresses of Deus Ex: Human revolution users and 350 resumes submitted to Eidos by job applicants. Parent company Square Enix plans to notify all individuals affected by the breach. Those claiming responsibility for the attack say they plan to share the stolen information to file sharing networks. The attackers claim to have stolen more information than Eidos has indicated. The attackers appear to be a splinter cell of the Anonymous hacking collective.
-http://krebsonsecurity.com/2011/05/anonymous-splinter-group-implicated-in-game-c
ompany-hack/
-http://www.wired.com/gamelife/2011/05/eidos-hacked/

---

************************************************************************

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/