[ale] [OT] SANS NewsBites Vol. 12 Num. 31 : Scholarships available for kids talented in cyber security
Greg Freemyer
greg.freemyer at norcrossgroup.com
Tue Apr 20 17:57:32 EDT 2010
Free summer camp for talented college age cyber security gurus
see below
---------- Forwarded message ----------
From: The SANS Institute <NewsBites at sans.org>
Date: Tue, Apr 20, 2010 at 3:56 PM
Subject: SANS NewsBites Vol. 12 Num. 31 : Scholarships available for
kids talented in cyber security
To: Greg.Freemyer at norcrossgroup.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Do you know any college kids who are good at cyber security and go to
school in New York, Delaware, or California? If yes they can get an all
expenses paid scholarship to cyber camps this summer that could give
them an inside track to the coolest jobs in the coolest places in cyber
security. Send them to www.uscc.org. That's also where you will find
data on how cyber-security-talented high school kids all over the
country can qualify for full four year college scholarships (with summer
internships).
Alan
*************************************************************************
SANS NewsBites April 20, 2010 Vol. 12, Num. 31
*************************************************************************
TOP OF THE NEWS
New and Proposed Data Breach Legislation Around the US
FBI Warrant Sought Google Apps Content in Spam Case
Network Solutions Customers' Websites Infecting Visitors' Computers
with Malware
THE REST OF THE WEEK'S NEWS
Amazon Files Lawsuit to Fend Off NC Tax Collector's Data Demands
Windows Kernel Patch Checks for Rootkit First
Gonzalez Accomplice Gets Five-Year Sentence
Pennsylvania School District Laptop Surveillance Case Prompts
New Legislation
Third Grader Stole Teacher's Blackboard Login
European Data Protection Supervisor Calls For Built-in Data Wiping
Technology
Former NSA Official Indicted for Information Leaks
Russia and US Move Toward Cooperation at Internet Conference
************************** Sponsored By Splunk **************************
DOWNLOAD SPLUNK 4.1 FOR FREE
Real-time Business Needs Real-time IT
* See incidents and attacks as they occur
* Monitor application SLAs in real time
* Correlate and analyze events on streaming data
* Track live transactions and online activity
Do this and more with real-time search in Splunk 4.1.
http://www.sans.org/info/58118
*************************************************************************
TRAINING UPDATE
-- SANS Security West 2010, San Diego, May 7-15, 2010
23 courses. Bonus evening presentations include Killer Bee:
Exploiting ZigBee and the Kinetic World
http://www.sans.org/security-west-2010/
-- SANSFIRE 2010, Baltimore, June 6-14, 2010
38 courses. Bonus evening presentations include Software Security
Street Fighting Style and The Verizon Data Breach Investigations
Report
http://www.sans.org/sansfire-2010/
-- SANS Secure Europe Amsterdam 2010, June 21-July 3, 2010
8 courses.
http://www.sans.org/secure-amsterdam-2010/
-- SANS Rocky Mountain 2010, Denver, July 12-17, 2010
8 courses. Bonus evening presentations include Hiding in Plain Sight:
Forensic techniques to Counter the Advanced Persistent Threat
http://www.sans.org/rocky-mountain-2010/
-- SANS Boston 2010, August 2-8, 2010
11 courses
http://www.sans.org/boston-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Toronto, Singapore, Brisbane, and Kuala Lumpur all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************
TOP OF THE NEWS
--New and Proposed Data Breach Legislation Around the US
(April 13 & 16, 2010)
Mississippi has passed a data breach notification law requiring that
businesses and government agencies notify people immediately when their
personally identifiable information has been compromised. The law goes
into effect on July 1, 2010, and applies to all entities doing business
within the state of Mississippi. In California, the state Senate has
approved legislation that would update the state's current breach
notification law so that notification letters would include specific
information about a breach and require that entities suffering breaches
that affect 500 or more individuals submit the alert letter to the state
attorney general's office. Governor Schwarzenegger vetoed the proposed
bill last year, but he is expected to sign it this year. In Washington
State, Governor Christine Gregoire signed a law that defines the
liabilities of government and business entities for costs incurred by
financial institutions arising from payment card breaches.
http://www.esecurityplanet.com/features/article.php/3876906/Mississippi-Passes-Data-Breach-Notification-Law.htm
http://www.scmagazineus.com/california-senate-again-oks-breach-notification-law-update/article/168168/
http://privacylaw.proskauer.com/2010/04/articles/financial-privacy/bellwether-or-bust-washington-governor-signs-payment-card-data-breach-liability-provisions-into-law/
--FBI Warrant Sought Google Apps Content in Spam Case
(April 16, 2010)
Last August, the FBI served a warrant demanding the email and Google
Apps content associated with two men suspected of running a spam
campaign. The case is believed to be the first in which a warrant has
"benefit[ted] from a suspect's reliance on cloud computing." Among the
information obtained from Google Docs was a spreadsheet showing that the
men had spammed more than 3 million email addresses in a five-hour
period, and a list of 8,000 Yahoo mail accounts allegedly obtained to
send the spam. It is easier for law enforcement agencies to access data
stored in the cloud than that stored on individuals' own computers. The
Stored Communications Act (1986) requires only "reasonable grounds" that
the information would be relevant in a criminal investigation to allow
to access to stored information; a search warrant requires "probable
cause."
http://www.wired.com/threatlevel/2010/04/cloud-warrant/
--Network Solutions Customers' Websites Infecting Visitors' Computers
with Malware
(April 18 & 19, 2010)
A malware attack is targeting Network Solutions' customers; the issue
affects websites running WordPress, Joomla, and regular HTML. The
infected sites have been infected with javascript that tries to install
malware on site visitors' computers. Less than a week ago, another
attack targeted Network Solutions websites running just WordPress.
Network Solutions administrators are attempting to remove the malicious
code from customers' sites. The company is not releasing technical
information about the attack because it could help the perpetrators.
Users are urged to change their passwords.
http://www.theregister.co.uk/2010/04/19/network_solutions_mass_hack/
http://www.computerworld.com/s/article/9175783/Network_Solutions_sites_hacked_again
http://blog.networksolutions.com/2010/we-feel-your-pain-and-are-working-hard-to-fix-this/
[Editor's Note (Pescatore): At the heart of the debate about enterprise
use of cloud computing services (which is just a form of external
hosting) is the need for external service providers to demonstrate that
they can keep the shared infrastructure *more* secure than any
individual company can do.
(Northcutt): I have been thinking about this all day. As we move to
blades and virtualization, the small business that might be able to
manage a couple servers of their own is going to have to consider
webhosting. An attacker who is able to break in can do tons of damage.
And as more small business moves to web hosting the problem gets worse.
And, when the virtual servers are compromised, they are used to spread
malware so doing business with these smaller companies becomes risky.
http://krebsonsecurity.com/2010/01/hundreds-of-network-solutions-sites-hacked/
http://krebsonsecurity.com/2010/04/network-solutions-again-under-siege/
http://stopmalvertising.com/malvertisements/corpadsinccom-redirecting-network-solutions-customers-again
]
*************************************************************************
THE REST OF THE WEEK'S NEWS
--Amazon Files Lawsuit to Fend Off NC Tax Collector's Data Demands
(April 19, 2010)
Amazon.com is fighting the North Carolina Department of Revenue's
demands that the company supply the names and addresses of its North
Carolina customers and what those individuals purchased through the
site. Amazon maintains that the demand for information violates
customers' privacy and First Amendment rights and has filed a lawsuit
asking that a judge find the demand to be illegal. Amazon is not
required to collect sales tax within North Carolina because the company
does not have offices or warehouses in the state. State tax collectors
say that residents are required to pay a "use tax" on anything purchased
or received through the mail.
http://news.cnet.com/8301-13578_3-20002870-38.html
[Editor's Note (Northcutt): This is an important case and a well written
article, I encourage you to read it. First, different states have
different approach to sales tax. For instance in Virginia I was supposed
to track my purchases from out of state and report that on my state tax
form. However, in this case I expect this suit will fail. As the article
explains, books have special First Amendment protections. And after
Supreme Court nominee Robert Bork's video rental records were published
in a newspaper they passed the Video Privacy Protection Act of 1988 so
I cannot see how North Carolina's suit can succeed.
http://www.tax.virginia.gov/site.cfm?alias=salesusetax
http://www.cobar.org/opinions/opinion.cfm?OpinionID=560
http://epic.org/privacy/vppa/ /
--Windows Kernel Patch Checks for Rootkit First
(April 16, 2010)
A patch for the Windows kernel released last week will not install on
machines that are infected with a rootkit. In February, Microsoft
released a kernel patch that caused blue screen errors when it was
installed on machines infected with the tdss rootkit. Hoping to avoid
the same problem this month, Microsoft customers will get error messages
when the update is installed if their machines are infected.
http://www.theregister.co.uk/2010/04/16/ms_kernel_patch_bypasses_pwned_pcs/
http://news.bbc.co.uk/2/hi/technology/8624560.stm
[Editor's Note (Pescatore): Good move but even better would be operating
systems that make it much, much harder for rootkits to succeed.]
--Gonzalez Accomplice Gets Five-Year Sentence
(April 15 & 19, 2010)
The sixth and final of Albert Gonzalez's co-conspirators has been
sentenced to prison for his role in the massive credit card theft
scheme. Damon Patrick Toey has been sentenced to five years in prison
and fined US $100,000. Toey helped Gonzalez use SQL injection attacks
to break into retailers' networks, where the group stole payment card
information. Toey also helped sell the stolen card information.
Although he faced a maximum sentence of 22 years in prison, Toey's
cooperation with authorities prompted prosecutors to seek a shorter
sentence.
http://www.wired.com/threatlevel/2010/04/toey_sentence
http://www.securecomputing.net.au/News/172469,hacker-accomplice-gets-five-years-prison.aspx
--Pennsylvania School District Laptop Surveillance Case Prompts
New Legislation
(April 16, 18 & 19, 2010)
According to documents filed in a lawsuit against the Lower Merion
School District in Pennsylvania, surveillance technology on school-owned
laptops was used to capture thousands of images of students in their
homes. The technology, called LANRev, was designed to be used to locate
missing or stolen computers, but the school district is facing a lawsuit
from a student's family that alleges the LANRev software was activated
on the computer their son was using at home even though it had not been
declared missing or stolen. The captured images include a student
asleep in his bed. LANRev was also used to capture screenshots of IM
conversations the student had with his friends. A motion filed last
week seeks access to the home of the school district's information
systems coordinator to image the hard drives of her personal computers.
The case has prompted US Senator Arlen Specter (D-Pennsylvania) to
introduce legislation that would ban video surveillance.
http://www.computerworld.com/s/article/9175739/Pa._school_district_snapped_thousands_of_student_images_claims_lawyer?taxonomyId=17
http://www.theregister.co.uk/2010/04/16/secret_student_pics/
http://www.securecomputing.net.au/News/172400,school-laptop-spying-case-inspires-new-law.aspx
http://news.cnet.com/8301-1009_3-20002697-83.html?tag=nl.e757
--Third Grader Stole Teacher's Blackboard Login
(April 16 & 19, 2010)
A Fairfax County (Virginia) Public Schools third grader has been
identified as the source of suspicious changes being made on the school
district's Blackboard system, which allows teachers, students and
parents to communicate and check on homework assignments and
announcements. The nine-year-old did not hack into the system, as was
first believed, but found the password in a teacher's desk and accessed
the system through that account, which had administrative rights. The
student changed other teachers' passwords. The students never had
access to grades or other sensitive school data.
http://www.computerworld.com/s/article/9175699/Police_called_after_9_year_old_steals_password?taxonomyId=17
http://www.theregister.co.uk/2010/04/19/9yr_old_school_hacker/
[Editor's Note (Pescatore): Reusable passwords continue are oh so
reusable, unfortunately. How about schools using simple forms of
stronger authentication? Of course, the real world isn't actually
setting a very high bar here, either.
(Schultz): This story reminds me of a previous one that must now be at
least five years old. A six year old girl gained unauthorized access to
the UK House of Commons and installed a sniffer on the computer of one
of the members of Parliament. Age can no longer be presumed to be any
presumed to be a presumption of innocence when security is concerned.]
--European Data Protection Supervisor Calls For Built-in Data
Wiping Technology
(April 16 & 19, 2010)
European data protection supervisor Peter Hustinx has called for
data-wiping technology to be built in to electric and electronic
equipment. Hustinx made the suggestion while reviewing the European
Commission's proposed revision of the Waste Electrical and Electronic
Equipment (WEEE) directive. The data deletion process should be simple
and free of charge, said Hustinx. He also wants WEEE to ban the sale
of used electronic devices that have not been wiped clean of data. The
UK's Data Protection Act requires that organizations delete data from
devices before they are disposed of.
http://www.zdnet.co.uk/news/security-management/2010/04/16/e-waste-law-should-include-data-wiping-says-watchdog-40088661/
http://www.scmagazineuk.com/equipment-that-contains-data-should-have-a-facility-to-completely-delete-it-with-built-in-privacy-and-security-safeguards/article/168282/
http://www.computerweekly.com/Articles/2010/04/19/240954/eu-privacy-watchdog-calls-for-built-in-data-deletion.htm
Hustinx's Opinion:
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-04-14_Opinion_WEEE_EN.pdf
[Editor's Note (Pescatore): Hmmm, should pens only be sold with
disappearing ink? Should there be a law requiring all books be cleaned
of margin comments and pieces of paper stuck between the pages before
being resold?]
--Former NSA Official Indicted for Information Leaks
(April 15 & 16, 2010)
Former National Security Agency (NSA) official Thomas A. Drake has been
indicted on charges of leaking secrets to the media. He faces 10 felony
counts of mishandling classified NSA information and attempting to
obstruct authorities' investigations of his alleged actions. Drake
allegedly provided journalist Siobhan Gorman with documents and
information that led to news stories about mismanaged programs and
system failures at NSA. Drake allegedly used cut and paste tools to
remove indications that the documents he was allegedly sharing with
Gorman were classified; he also allegedly used an encrypted email
service. He is also accused of shredding documents and wiping hard
drives when he became suspicious that he was being investigated.
http://www.washingtonpost.com/wp-dyn/content/article/2010/04/15/AR2010041503118_pf.html
http://www.theatlantic.com/politics/archive/2010/04/nsa-employee-indicted-for-trailblazer-leaks/39006/
http://www.wired.com/threatlevel/2010/04/nsa-executive-charged
--Russia and US Move Toward Cooperation at Internet Conference
(April 14 & 15, 2010)
At a Russian-sponsored conference on Internet security in
Garmisch-Partenkirchen, Germany last week, it was clear that Russia and
the US have different goals. Russia will not sign the European
cybercrime treaty because it would violate Russian sovereignty by
allowing foreign law enforcement access to Russian Internet. The US is
a strong supporter of the treaty. Russia wants US to sign a treaty
saying they won't develop offensive cyberwarfare or attack networks. US
will not sign that treaty arguing that law enforcement cooperation
should be sufficient. Russia has pointed to its arrests of suspects in
the US $10 million Royal Bank of Scotland cyber heist. And both
countries agree that "anonymity is the fundamental problem we face in
cyber space."
http://www.nytimes.com/2010/04/16/science/16cyber.html?pagewanted=print
http://www.technologyreview.com/computing/25074/?a=f
**********************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Prof. Howard A. Schmidt is the Cyber Coordinator for the President of
the United States
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center and Dean of the Faculty of the graduate school at the SANS
Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Rob Lee is the curriculum lead instructor for the SANS Institute's
computer forensic courses (computer-forensics.sans.org) and a Director
at the incident response company Mandiant.
Rohit Dhamankar is the Director of Security Research at TippingPoint,
where he leads the Digital Vaccine and ThreatLinQ groups. His group
develops protection filters to address vulnerabilities, viruses, worms,
Trojans, P2P, spyware, and other applications for use in TippingPoint's
Intrusion Prevention Systems.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Inguardians, a handler for the SANS Institute's Internet Storm Center,
and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC)
at the FBI and is the incoming President of the InfraGard National
Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
David Hoelzer is the director of research & principal examiner for
Enclave Forensics and a senior fellow with the SANS Technology
Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of
the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
David Turley is SANS infrastructure manager and serves as production
manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkvN5SIACgkQ+LUG5KFpTkY1LACgh4HEV6j7X+3GZDWsUlWxMPGQ
fokAoJQ6ngGeiXaPrkuKyGuUtynNeKoe
=xgZS
-----END PGP SIGNATURE-----
--
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -
http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
More information about the Ale
mailing list