SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

• SANS NewsBites RSS
• Editorial Board

Volume XIII - Issue #70

September 02, 2011

Now that a consensus is forming among the more sophisticated defenders
that the 20 Critical Controls are the most important defenses to put in
place, many organizations are searching for guidance on best practices
for implementing each of them quickly and cost-effectively. Internet
Storm Center will, during October's National Security Awareness Month,
publish a series of daily diaries on each critical control and how to
automate it where possible. Also Johannes Ullrich, director of the
Internet Storm Center just told me about a newly published SANS gold
paper on how to implement the 20 critical controls if you don't have a
big budget. It is posted at
http://www.sans.org/reading_room/whitepapers/hsoffice/small-business-budget-impl
ementation-20-security-controls_33744

Alan

---

TOP OF THE NEWS

Exposed WikiLeaks File Contains More Than 250,000 US State Dept. Cables
New California Law Stipulates Additional Breach Notification Requirements
Footage of Cyber Security Documentary Disappears from Chinese State TV Site
More Forged Digital Certificates Detected
Judge Says Lawsuit Against Company That Tracks Lost Laptop May Proceed

THE REST OF THE WEEK'S NEWS

Two Arrested in Connection with Anonymous-Related Attack on Fine Gael Site
Six-Year Sentence for Cyber Extortion
Linux Kernel Servers Compromised
Many Skeptical of Rumors That iPhone 5 Prototype Was Lost at Restaurant
Former Akamai Employee Pleads Guilty to Espionage Charges

---

************************ Sponsored By Zscaler **************************

ONLINE WEBCAST with GARTNER: WHY ADVANCED THREAT PROTECTION IS BETTER DONE IN THE CLOUD

Are you doing enough to manage your security risks in today's Web 2.0 World? Join Peter Firstbrook of GARTNER who will detail why cloud security is better for advanced threat protection. Sept 8 at 10am PST / 1pm EST
http://www.sans.org/info/85919

**************************************************************************

TRAINING UPDATE

-- SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011 45 courses. Bonus evening presentations include Securing the Kids; Who is Watching the Watchers?; and Emerging Trends in the Law of Information Security and Investigations
http://www.sans.org/network-security-2011/

-- The National Security Architecture Workshop, DC, Sept. 29-30,2011 2-day workshop discussing techniques to ensure security is considered in every step of the development life cycle,
http://www.sans.org/baking-security-applications-networks-2011/

-- NCIC: The National Cybersecurity Innovations Conference, DC, Oct. 11-12, 2011 3 tracks - Cloud computing, Continuous Monitoring and Enterprise Mobile Security training
http://www.sans.org/ncic-2011/

--SANS Chicago 2011, Chicago, IL, October 23-28, 2011 6 courses. Bonus evening presentations include Computer Forensics in the Virtual Realm and Electrical Grid Security
http://www.sans.org/chicago-2011/

--SANS Seattle 2011, Seattle, WA, November 2-7, 2011 5 courses. Bonus evening presentations include Future Trends in Network Security; and Ninja Developers: Penetration Testing and Your SDLC
http://www.sans.org/seattle-2011/

--SANS San Francisco 2011, San Francisco, CA, November 14-19, 2011 6 courses. Bonus evening presentations include The Worst Mistakes in Cloud Computing Security; Offensive Countermeasures; and Watching the Wire at Home
http://www.sans.org/san-francisco-2011/

--SANS San Antonio 2011, San Antonia, TX, November 28-December 5, 2011 7 courses. Bonus evening presentations include Effective Methods for Implementing the 20 Critical Security Controls; and Assessing Deception: Are They Lying to You?
http://www.sans.org/san-antonio-2011/

--Looking for training in your own community?
http://www.sans.org/community/

Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current

Plus Melbourne, Delhi, London, Baltimore and Singapore all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

****************************************************************************

---

TOP OF THE NEWS

Exposed WikiLeaks File Contains More Than 250,000 US State Dept. Cables (September 1, 2011)

Allegations are flying about who is responsible for the apparent inadvertent leak of a WikiLeaks file containing more than a quarter of a million unredacted US diplomatic cables. The file and decryption passphrase appeared on Cryptome last week following rumors that they had been accessible on the Internet for several months. Some of the cables have been released before, but they had been edited to remove names of US informants who could be in danger if their identities became known in their home countries. WikiLeaks maintains that The Guardian is responsible for the release of the file because one of its reporters revealed the password in a book. The Guardian newspaper countered that the book was published months ago and that they were told that the password was temporary.
-http://www.washingtonpost.com/blogs/checkpoint-washington/post/wikileaks-suffers
-major-breach-prompting-accusations-and-a-theory-on-what-went-wrong/2011/09/01/g
IQABguMuJ_blog.html
-http://www.wired.com/threatlevel/2011/09/wikileaks-unredacted-cables/

New California Law Stipulates Additional Breach Notification Requirements (September 1, 2011)

California governor Jerry Brown has signed into law a bill that enhances existing data breach notification requirements. California law already requires that organizations notify residents if their personally identifiable information is compromised. California was the first state to enact such a law, and since its introduction in 2003, nearly all of the other US states have enacted similar laws. The enhancement to the California law requires that breach notification letters specify what data have been compromised, describe the incident, and offer advice for protection against identity fraud. In addition, breaches affecting 500 or more individuals must be reported to the state attorney general's office by letter. The enhancement bill has been vetoed twice before by former Governor Schwarzenegger.
-http://www.scmagazineus.com/california-blazes-trail-again-with-enhanced-breach-a
lert-law/article/211005/
[Editor's Note (Murray): Elections have consequences, some for our readers. It is reasonable to assume that legislation working its way through Congress will preempt state law in the interest of uniformity. Such legislation often sets the bar closer to that of the most lenient states rather than that of California. ]

Footage of Cyber Security Documentary Disappears from Chinese State TV Site (August 25, 2011)

Chinese state television reportedly aired footage of software that appeared to be designed for launching distributed denial-of-service (DDoS) attacks against websites. Analysts say the footage could be a mock-up and is likely a decade old. The clip was included in a cyber security documentary aired on the country's military channel last month. Some have called it "possibly the first direct piece of visual evidence from an official Chinese government source to undermine Beijing's official claims never to engage in overseas hacking of any kind for government purposes." The documentary has been removed from the state-run television station's website.
-http://www.guardian.co.uk/world/2011/aug/25/china-cyber-attack-tv-hacking
-http://www.washingtonpost.com/blogs/checkpoint-washington/post/chinese-vanish-cy
berwar-video-that-caused-stir/2011/08/25/gIQAAK8edJ_blog.html
-http://news.yahoo.com/chinese-state-media-shows-military-cyber-hacking-clip-0456
37266.html
[Editor's Note (Murray): Deniability may be "plausible" but rarely better than that. ]

More Forged Digital Certificates Detected (August 31, 2011)

The people responsible for a forged Google digital certificate may also have forged as many as 200 other certificates from high profile Internet entities including Mozilla and Yahoo. DigiNotar, a Dutch certificate authority, experienced a security breach in July 2011. Updated versions of the Firefox and Chrome browsers have been released to disable or delete entries for DigiNotar.
-http://www.wired.com/threatlevel/2011/08/diginotar-breach/
-http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudu
lent-Google-certificate-available-1333898.html
[Editor's Note (Honan): DigiNotar, the CA in question, is a fully owned subsidiary of Vasco which is a manufacturer of secure tokens and a competitor to RSA. Vasco has issued a press release stating the forged certificates were the result of a security breach detected by DigiNotar in July. Vasco also state the security breach did not compromise their secure token business.
-http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports
_security_incident.aspx
-http://www.scmagazineus.com/diginotar-said-attack-is-to-blame-for-certificate-co
mpromise/article/210891/
(Murray): There are now more than 600 issuers whose root certificates are recognized by major software vendors. The advantage is that they are better able to authenticate their applicants. The disadvantage is that we are dependent on so many that compromises are more likely.]

Judge Says Lawsuit Against Company That Tracks Lost Laptops May Proceed (August 30 & September 1, 2011)

A federal judge has determined that a lawsuit filed against Absolute Software, a company that provides tracking services to help find lost Devices, may proceed. One of the plaintiffs, Susan Clements-Jeffrey, purchased what she believed to be a used laptop from one of her students. The device was actually stolen from the school district. When the tracking software was activated, the person conducting the search captured sexually explicit exchanges between Clements-Jeffrey and the other plaintiff, Carlton Smith, printouts of which the police brought to the woman's home when they arrested her for receiving stolen property. Those charges were ultimately dropped. The plaintiffs allege that the defendants, which include an Absolute employee, the City of Springfield, Ohio and its police department, violated their privacy by illegally intercepting their communications. The defendants filed a motion for a summary judgment, maintaining that the plaintiffs had no expectation of privacy while using the stolen device. US District Judge Walter Herbert Rice disagreed, writing that "It is one thing to cause a stolen computer to report its IP address or geographical location in an effort to track it down. It is something entirely different to violate federal wiretapping laws by intercepting communications of the person using the stolen laptop."
-http://www.informationweek.com/news/security/privacy/231600626
-http://www.wired.com/threatlevel/2011/08/absolute-sued-for-spying/
-http://digitallife.today.com/_news/2011/09/01/7554439-tracking-no-excuse-to-reco
rd-teachers-naked-chat-pics

---

*************************** SPONSORED LINKS ******************************

1) Be entered in a drawing to WIN a $100 American Express gift card. Please take five minutes to help us improve the type and quality of Vendor Programs at SANS Conferences. http://www.sans.org/info/85924

****************************************************************************

---

THE REST OF THE WEEK'S NEWS

Two Arrested in Connection with Anonymous-Related Attack on Fine Gael Site (September 1, 2011)

Two Irish teenagers have been arrested in connection with a January 2011 cyber attack on the website of the Fine Gael political party. The attack compromised the personally identifiable information of 2,000 people who had provided information to register to make comments on the site. Authorities have seized equipment from the teens' homes. The arrests are reportedly part of a larger investigation into activities of the Anonymous hacking collective and involving authorities in other jurisdictions. Two men were arrested in the UK as well.
-http://www.rte.ie/news/2011/0901/hacking.html
-http://www.irishtimes.com/newspaper/breaking/2011/0901/breaking47.html
-http://www.thejournal.ie/teenagers-arrested-over-fine-gael-site-hacking-216136-S
ep2011/
-http://www.belfasttelegraph.co.uk/news/local-national/republic-of-ireland/counci
llors-son-held-over-hacking-16044120.html
-http://www.zdnet.co.uk/blogs/security-bullet-in-10000166/police-charge-two-more-
anonymous-suspects-10024247/

Six-Year Sentence for Cyber Hacking and Wiretapping (September 1, 2011)

A California man has been sentenced to six years in prison for infecting computers with malware in an attempt to steal financial data and personal information. Luis Mijangos also used the computers' integrated webcams and microphones to spy on his victims and used some of the information he stole to blackmail women into providing him with nude photographs of themselves.
-http://www.computerworld.com/s/article/9219701/Man_gets_six_years_for_hacking_gi
rls_to_extort_photographs?taxonomyId=17

Linux Kernel Servers Compromised (August 31, 2011)

The Linux Kernel Organization has said that several of their servers became infected with malware that obtained root access. The malware also modified files and harvested users' passwords and transactions. The malware infected the system on or before August 12 but was not detected until August 29. Administrators believe that Linux source code remained unaffected by the malware infection. Law enforcement authorities have been notified and all site users have been made to change their passwords and SSH keys.
-http://www.theregister.co.uk/2011/08/31/linux_kernel_security_breach/
-http://www.computerworld.com/s/article/9219671/Hackers_break_into_Linux_source_c
ode_site?taxonomyId=17

Many Skeptical of Rumors That iPhone 5 Prototype Was Lost at Restaurant (August 31, 2011)

CNET is reporting that a prototype of a new Apple iPhone was left in a restaurant/bar earlier this summer. In spring 2010, a man who found an iPhone 4 prototype left in a German beer garden in Redwood City, California, sold it to Gawker Media blog Gizmodo. The incident reported this week has the iPhone 5 prototype lost in a Mexican eating establishment in San Francisco and possibly sold on Craigslist for US $200. Bloggers have expressed doubt about the story, citing Apple's refusal to comment on the incident and the lack of a police report. While Apple has made no formal announcement, there are hints that the iPhone 5 is slated for an October release.
-http://news.cnet.com/8301-13579_3-20099899-37/apple-loses-another-unreleased-iph
one-exclusive/?tag=topStories
-http://blogs.computerworld.com/18895/iphone_5_lost_in_bar_or_just_a_stunt?ua

Former Akamai Employee Pleads Guilty to Espionage Charges (August 30 & 31, 2011)

Elliot Doxer has pleaded guilty to espionage charges for trying to sell confidential information belonging to his employer to a man he believed was an Israeli intelligence officer. Over an 18-month period starting in September 2007, Doxer gave the man, who was actually an FBI counterintelligence agent, confidential documents belonging to Akamai. The information included lists of clients and contracts, Akamai security practices and information about Akamai employees. Doxer was employed in the finance office at Akamai's Boston office.
-http://www.computerworld.com/s/article/9219628/Akamai_employee_tried_to_sell_sec
rets_to_Israel?taxonomyId=82
-http://www.csmonitor.com/USA/Justice/2011/0831/From-finance-department-clerk-to-
Israeli-007-or-so-he-thought

---

************************************************************************

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/