Newsletters: NewsBites

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





SANS NewsBites
@Risk: Security Alert
OUCH! Security Awareness
Case Leads DFIR Digest
Industrial Control Systems
Industrials & Infrastructure


SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XIV - Issue #12

February 10, 2012

TOP OF THE NEWS

GSA Issues New FedRAMP Information
Demand for Cyber Forensics Specialists to Rise
Microsoft to Issue Patches for 21 Vulnerabilities on February 14

THE REST OF THE WEEK'S NEWS

Jury Says Interactive Website Patent is Invalid
Foxconn Data Purloined, Posted
Google Releases Chrome 17
European Governments Questioning ACTA Support
EPIC Seeks Restraining Order to Keep Google From Consolidating Privacy Policies
Right of First Sale Plays Role in Case of Used MP3 Online Store
European Parliamentary Committee Votes to Extend and Expand ENISA
Security Camera Maker Developing Firmware Fix for Video Stream Leak Flaw


*************************** SPONSORED BY Firemon *************************
Do Not Miss February 14th SANS Webcast: Ops Task or Risk Vector? - Managing Firewall Rules Featuring: Tim Woods, Vice President, Customer Technology Services at FireMon. To sign up go to: http://www.sans.org/info/98874
**************************************************************************
TRAINING UPDATE

--SANS Phoenix 2012, Phoenix, AZ February 13-18, 2012 6 courses. Bonus evening presentations include Desktop Betrayal: Exploiting Clients Through the Features They Demand; and Windows Exploratory Surgery with Process Hacker.
http://www.sans.org/phoenix-2012/

--SANS Secure Singapore 2012, Singapore, Singapore March 5-17, 2012 5 courses. Bonus evening presentations include Introduction to Windows Memory Analysis; and Why Our Defenses are Failing Us: One Click is All It Takes ...
http://www.sans.org/singapore-2012/

-- SANS Mobile Device Security Summit: The Growing and Constantly Changing Challenge, Nashville, TN Summit: March 12-13, 2012; Post-Summit Courses: March 14-15, 2012 Mobile device security experts and practitioners from organizations that have implemented successful programs will discuss the most promising approaches to this new and evolving challenge.
http://www.sans.org/mobile-device-security-summit-2012/

--SANS 2012, Orlando, FL March 23-29, 2012 40 courses. Bonus evening presentations include Exploiting Vulnerabilities: 60 Minutes from Discovery to Exploit; Evolving Threats; and Harbinger of Evil: The Forensic Art of Finding Malware.
http://www.sans.org/sans-2012/

--SANS Northern Virginia 2012, Reston, VA April 15-20, 2012 7 courses. Bonus evening presentations include Linux Forensics for Non-Linux Folks; and Who Do You Trust? SSL and TLS Under Attack
http://www.sans.org/northern-virginia-2012/

--SANS Cyber Guardian 2012, Baltimore, MD April 30-May 7, 2012 11 courses. Bonus evening presentations include Ninja Assessments: Stealth Security testing for Organizations; and Adjusting Our Defenses for 2012.
http://www.sans.org/cyber-guardian-2012/

--SANS AppSec 2012, Las Vegas, NV April 24-May 1, 2012 5 courses.
http://www.sans.org/appsec-2012/

--SANS Secure Europe 2012, Amsterdam, Netherlands May 7-19, 2012 11 courses.
http://www.sans.org/secure-amsterdam-2012/

--Looking for training in your own community?
http://www.sans.org/community/

Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current

Plus Bangalore, San Francisco, Stuttgart, Boston, and Abu Dhabi all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php
************************************************************************

TOP OF THE NEWS

GSA Issues New FedRAMP Information (February 8, 2012)

The US General Services Administration (GSA) has published new information about FedRAMP, the program aimed at hastening the adoption of cloud computing. FedRAMP provides a set of standards for evaluating the security of cloud computing services. After a service obtains FedRAMP authorization, it is then available for use at government agencies, replacing the practice of each agency having to authorize services.
-http://www.informationweek.com/news/government/cloud-saas/232600484
-http://www.gsa.gov/graphics/staffoffices/FedRAMP_CONOPS.pdf
[Editor's Note (Liston): I certainly applaud the "do once, use many times" concept behind FedRAMP because it could, if implemented properly, leverage the enormous purchasing power of the government to create fundamental changes in how cloud computing security is managed and measured. Disappointingly, the guidelines behind FedRAMP don't provide that change: they're simply a rehash of NIST SP 800-53 with some special reporting grafted on the side. Another example of an idea's potential being snuffed out by poor implementation. ]

Demand for Cyber Forensics Specialists to Rise (February 1, 2012)

The number of jobs in computer forensics is expected to grow more than 13 percent over the next few years, according to estimates from the US Bureau of Labor Statistics. Starting salaries are expected to be US $46,500. Government agencies plan to hire 4,000 people to work in this field. Cyber forensics "requires you to have great people skills, be able to write good reports, and be intuitive." Forensic specialists may also spend a significant amount of time in court, providing testimony.
-http://www.usatoday.com/money/jobcenter/workplace/bruzzese/story/2012-01-31/prof
ession-that-hunts-cybercriminals/52909566/1

[Editors' Note (Liston and Honan): And what, you may ask, is the main driving force behind this sudden need for forensic specialists? eDiscovery... ]

Microsoft to Issue Patches for 21 Vulnerabilities on February 14 (February 9, 2012)

Microsoft will issue nine security bulletins next Tuesday, February 14, to address a total of 21 vulnerabilities in Windows, Internet Explorer, Office, .Net, and Silverlight. Four of the bulletins have been given maximum severity rating of critical; the other five have been rated important.
-http://www.computerworld.com/s/article/9224136/Microsoft_to_issue_more_critical_
patches_next_week_for_Win7_than_XP?taxonomyId=17

-http://www.eweek.com/c/a/Security/Microsofts-February-Patch-Tuesday-Fixes-21-Bug
s-344310/

-http://technet.microsoft.com/en-us/security/bulletin/ms12-feb
-http://www.scmagazine.com/microsoft-issues-patch-plans-includes-internet-explore
r-fix/article/227171/

[Editor's Note (Liston): I can't help but picture this as Microsoft sending out a batch of conversation hearts to Windows Admins that say "GET BACK TO WORK." ]


************************** SPONSORED LINKS ***************************
1) nCircle PureCloud: cloud-based network security scanning designed for small to medium businesses http://www.sans.org/info/98879

2) SANS Analyst Webcast: Needle in a Haystack? Getting to Attribution in Control Systems, featuring control systems expert Matt Luallen http://www.sans.org/info/98884 - Wednesday, February 22
************************************************************************

THE REST OF THE WEEK'S NEWS

Jury Says Interactive Website Patent is Invalid (February 9, 2012)

A Jury in Texas has decided that a patent granted to Michael Doyle's Eolas Technologies for the concept of interactive websites is invalid. Sir Tim Berners-Lee, considered the father of the World Wide Web, testified in the case. The ruling cancels three trials scheduled to rule on infringement and damages for companies that Eolas claimed had infringed in the patent.
-http://arstechnica.com/tech-policy/news/2012/02/jury-rules-that-eolass-interacti
ve-web-patent-is-invalid.ars

-http://www.wired.com/threatlevel/2012/02/interactive-web-patent/
-http://www.theregister.co.uk/2012/02/09/eolas_loses_patent_case/
[Editor's Comment (Northcutt): This is a very important judgement, but these URLs don't really tell the story of Sir Tim Berners-Lee's role in the case. For a bit of human interest:
-http://www.wired.com/threatlevel/2012/02/tim-berners-lee-patent/]

[Editor's Note (Liston): Had this wide-ranging patent claim been allowed to go forward, the ramifications would have shaken the industry to its core. This case only underscores the fact that the USPTO is completely broken. ]

Foxconn Data Purloined, Posted (February 9, 2012)

Hackers have stolen and posted to the Internet sensitive data that belong to Foxconn, a company that outsources the manufacture of iPhones, in protest over working conditions. The attack coincided with scheduled protests at Apple stores. Recent news stories reported low pay, long working hours, and an explosion in which several Foxconn workers were killed.
-http://arstechnica.com/business/news/2012/02/hackers-target-iphone-manufacturer-
to-protest-harsh-working-conditions.ars

-http://money.cnn.com/2012/02/09/technology/apple_foxconn_petition/
-http://www.washingtonpost.com/blogs/the-buzz/post/activists-gather-at-georgetown
-apple-store-to-fight-alleged-worker-mistreatment-in-china/2012/02/09/gIQALdGc1Q
_blog.html

-http://www.cbsnews.com/8301-501465_162-57373938-501465/apple-supplier-foxconn-hi
t-by-hackers/

-http://www.theregister.co.uk/2012/02/09/foxconn_hack_swagg/
[Editor's Note (Honan): Other clients of Foxconn include HP, Cisco, and Acer and it would appear that the breach was for "laughs" rather than a protest against Foxconn.
-http://nakedsecurity.sophos.com/2012/02/10/apple-supplier-foxconn-hacked-not-for
-bad-factory-conditions-but-for-kicks/
]

Google Releases Chrome 17 (February 8 & 9, 2012)

Google has released Chrome 17, the newest stable version of its open source browser. Google has updated Chrome's Safe Browsing technology to analyze executable files. Chrome 17 also addresses 20 vulnerabilities, including a critical race condition following a utility process crash. Google has also said that it plans to do away with SSL revocation checks in future versions of the browser because they are not efficient.
-http://www.h-online.com/security/news/item/Chrome-17-brings-improved-speed-and-s
ecurity-1431172.html

-http://www.theregister.co.uk/2012/02/08/chrome_ssl_revocation_checking/
-http://www.computerworld.com/s/article/9224085/Google_ships_Chrome_17_touts_more
_malware_alerts_and_page_preloads?taxonomyId=208

-http://www.computerworld.com/s/article/9224078/Google_Chrome_will_no_longer_chec
k_for_revoked_SSL_certificates_online?taxonomyId=85

[Editor's Comment (Northcutt): I am going to upgrade right after I hit send. The Feb 9 entry of the Chromium blog, shows Google doing a lot more than just a list of URLs for phishing sites.
-http://blog.chromium.org/]

European Governments Questioning ACTA Support (February 8 & 9, 2012)

Czech Republic Prime Minister Petr Necas says that country will follow Poland in suspending its ratification of the Anti-Counterfeiting Trade Agreement (ACTA). The international treaty has generated both physical and online protests. Slovakia has also been expressing concerns about ACTA. The Slovakian Economic Minister said he would not support an agreement that "would curtail basic human rights in any shape or form, particularly the right to freedom and privacy and that will superimpose copyright protection over these rights."
-http://arstechnica.com/tech-policy/news/2012/02/czech-slovak-governments-backing
-away-from-acta-too.ars

-http://www.praguepost.com/news/12048-necas-shelves-acta-ratification.html
[Editor's Note (Honan): The EU has already signed the treaty on behalf of all its member states. It is unclear yet as to whether or not individual countries within the EU will be obliged to adopt ACTA as a result of the EU signing the treaty or whether they can reject it individually. If the latter then this will mean ACTA will fail as it requires all countries to ratify it. ]

EPIC Seeks Restraining Order to Keep Google From Consolidating Privacy Policies (February 8, 2012)

The Electronic Privacy Information Center (EPIC) has filed a suit with the US District Court for the District of Columbia seeking a preliminary injunction to stop Google from consolidating privacy policies across the range of its products. EPIC says that the amalgamation of information could make users easier targets for behavioral advertisers. The suit alleges that the change recently announced by Google violates a settlement it reached with federal regulators a year ago, which requires Google to obtain consent from users if it collects information in the purview of one privacy policy and then changes that policy.
-http://news.cnet.com/8301-1009_3-57373694-83/group-sues-ftc-over-googles-planned
-privacy-update/

-http://www.msnbc.msn.com/id/46317355/ns/technology_and_science-security/#.TzSHKc
iGh8F

-http://epic.org/privacy/ftc/google/EPIC-Complaint-Final.pdf

Right of First Sale Plays Role in Case of Used MP3 Online Store (February 7 & 9, 2012)

A judge has declined to shut down ReDigi, a website that resells used digital music files originally purchased through the iTunes store. ReDigi says it sells only files that were legally purchased; no copies are made of the files, and that once the file is sold, the seller cannot access it again through ReDigi or through iTunes. Capitol Records had requested the preliminary injunction to shut down the site. While the judge refused the request, the case is still going to trial, where the judge said Capitol is likely to prevail. Capitol is hoping to prove that the MP3 files are not protected by the doctrine of first sale, which allows people who legally purchase copyrighted material to sell that material.
-http://blogs.computerworld.com/19707/legally_resell_used_mp3s_yes_judge_hands_ro
und_1_to_redigi_not_capitol_records

-http://www.wired.com/threatlevel/2012/02/pre-owned-music-lawsuit-2/

European Parliamentary Committee Votes to Extend and Expand ENISA (February 7 & 8, 2012)

The European Parliament's Industry, Research, and Energy Committee has voted to extend the mandate that established ENISA (the European Network and Information Security Agency) through 2020. The new proposal also requires that ENISA establish a European Union Computer Emergency Response Team (EU-CERT).
-http://www.computerworld.com/s/article/9224076/EU_to_strengthen_its_cybersecurit
y_watchdog?taxonomyId=82

-http://www.zdnet.co.uk/blogs/mapping-babel-10017967/eu-cyber-defence-push-wins-c
rucial-mep-vote-10025372/

Security Camera Maker Developing Firmware Fix for Video Stream Leak Flaw (February 7, 2012)

A vulnerability in Trendnet home security cameras allows anyone with knowledge of the devices' net addresses to access their video streams; this is true even for password-protected cameras. There is apparently no way to disable the video stream. Trendnet acknowledges the problem, saying that it was introduced through code added to the devices in 2010. The company is currently updating firmware for the affected products; the revised firmware is expected to be available this week.
-http://www.wired.com/threatlevel/2012/02/home-cameras-exposed/


************************************************************************

The Editorial Board of SANS NewsBites

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of CounterHackChallenges, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course..

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/