Info Sec News, Feb 5, 2009

Seminars
ECCInternational will be giving a Certified BCMS (ISO 25999:2007) course from Feb 9-11. They will also be giving an ITIL Practitioner Program – Configuration Management on Feb 10-11, you can check out their Training Schedule here. ISO 9001:2008 IRCA Certified Lead Auditor Seminar will also be given either on Feb 9-13 or Feb 16-20. For details and specific dates, please contact Rose, Faith or Ness at 7505671 to 73 or email training@ccinternational.com.

---

Webcasts
CSO Online has published a podcast interview of Jim Routh who is the CISO of the Depository Trust and Clearing Corporation (DTCC). He is a veteran technology and security executive, having held positions at American Express and American Express Financial Advisors before joining DTCC.

(Simply Continuous) How To Keep Your Business Running in the Event of a Disaster

---

Whitepapers
There’s a recent (Winter 2009) presentation published by the Standford Applied Crypto group by John Mitchell on Phishing and Malicious JavaScript. Aside from Phishing, the presentation talks about how JavaScript is used to obtain information from your browser. John Mitchell teaches CS 142, Web Programming and Security, at Stanford University.

(SonicWall) Bottom-line benefits of telecommuting & secure remote access
(Quest Software) Finding Complete Identity Lifecycle Management that Fits

---

Insider Threat
I either gotta love this… or get paranoid about this: Within 90 minutes of getting fired, a former contract worker for Fannie Mae allegedly added a malicious script hidden within a legitimate script that ran each morning on the network, which was designed to disable monitoring alerts and all log-ins, delete the root passwords to the 4,000 Fannie Mae servers, erase all data and backup data, power off all the servers and then disable the ability to remotely switch on the machines. This was fortunately found by another employee within days of the firing.

(Computerworld) Ex-Fannie Mae engineer pleads innocent to server bomb charge
(CSO Online) Alleged Fannie Mae data bomb author working for Bank of America now?

Another recent example of an Insider Threat is of a former employee that still has access to the system, as this article reports, “Mysterious Text-Message Alert at U. of Florida Scares and Angers Students.”

---

Psychology/Social Engineering
There’s good insight as to the psychology involved when it comes to Information Security in this article from (CSO Online) Are You Addicted to Information Insecurity?

And speaking of psychology, CSO Online’s Anatomy of a Hack is an in-depth article on how Social Engineering can be used. Also in connection to social engineering, the FBI also warns of Money Mule Scams.

A novel way of luring people to a website with malware was found in North Dakota. How? Stick a parking violation ticket on the windshield, with the supposed details of the infraction on a website.

Readers of this blog might also want to check out What the Web knows about you. Its a 6 page article on what attackers may be able to find out about you online. If you’re in the US and is considering searching your SS number, check out this article first on Search Engine Privacy Tips from the World Privacy Forum website.

---

Browser Security
CSO Online also did a an unscientific poll of security experts on browser security, and it turns out that IE isn’t viewed as being as insecure as it was just a few years back. In relation to browser security, Firefox just fixed a couple of vulnerabilities in their release of version 3.06 of their browser.

Also related, Browser secrets of secure connections talks about how browsers play a key part in determining the strength of cipher used between the client and the web server. The article references the Infoworld Test Center Guide to browser security.

---

New DNS Attack
(CSO Online) Porn Site Feud Spawns New DNS Attack – Botnet operators are adding code to launch a new type of distributed denial of service attack, security experts warn
(NetworkWorld.com) Porn Site Feud Spawns New DNS Attack – A scrap between two pornographic Web sites turned nasty when one figured out how to take down the other by exploiting a previously unknown quirk in the Internet’s DNS.
(NetworkWorld.com Slideshow) How DNS cache poisoning works – this also has tips at the end on how to defend this kind of attack.

---

Other Info Sec News
(CSO Online) SMB Security: Five Bright Ideas – Small businesses have to be crafty to handle security with fewer resources. Here are bright ideas for SMBs.

(Computerworld Blog) Security businesses move ahead in this economy

(Computerworld) Removing admin rights stymies 92% of Microsoft’s bugs

(Computerworld) Microsoft denies Windows 7 security feature contains bug

(Computerworld) Banks, customers feel the fallout of the Heartland breach

(Computerworld) Study: Data breaches continue to get more costly for businesses

(Computerworld) Obama health care plan said to boost security, privacy controls – Privacy advocates say $20B e-health proposal overcomes some HIPAA concerns

Advertisement

Launching of DefCon Philippines

Soft Launching of Defcon Philippines (DC3662) will be on Dec 20, 2008 with a half day event (1-6PM) at Handuraw, 460 Gorordo Avenue, Cebu City.

For more info, check out www.defconph.org.
There’s also great info in their blog section. They will be sponsored by opononline and Empress of Drac.

A couple of Blogs about this event:

Beyond the norms

cebubloggers

Third Wave

---

Since I posted something about Social Networks and the Philippines probably around a week back, you might want to check out the Pinoy Post Blog by Melvin Calimag over at ZDNetAsia who recently wrote an informative article about the same topic.

Since the author seems to be one of the few writers on IT in the Philippines, I googled him and came upon this interesting article written around the start of this year.

---

Other Info Sec News

Security update for xt:commerce Shop system

Obama’s cell phone records breached

Verizon staff break into Obama’s cell phone account

US Military’s ban of USB thumb drives highlights security risks

Buffer overflow in Vista’s TCP/IP stack

Microsoft to offer free security solution, discontinue OneCare. This is also related to,
Microsoft hopes free security means less malware

Key Logger Spyware ordered off the market

Brief study shows difficulty in detecting malware

Apple plugs a dozen iPhone security holes

Computer virus brings London hospital networks to a standstill

---

New Links:

MASE Consulting – Policies and Procedures
Software Assurance Forum for Excellence in Code

Obama and McCain Campaign Computers Hacked

Newsweek reports that both the Obama and McCain camps had computers that were hacked. This is apparently also around the time Gov. Palin’s Yahoo account got hacked (details of how the hacker got into Palin’s account are here). SecurityFocus reports on the hack here.

---

On a related topic, SCMagazineUS reports that hackers began spreading malware soon after Obama got elected. In the typical bait-and-switch method of social engineering, spam e-mails that were supposed to contain a link to Obama’s “amazing speech” were actually links to trojans.

---

New critical vulnerabilities were found for the popular VLC media player. However the Window’s version has not been updated to close the said vulnerabilities. Workarounds can be found in a Heise Security report.

---

Heise Security also reports that the BotHunter tool has been updated with the new features listed here. The tool helps network administrators find out if their network has zombie computers.

---

There are now more worms that exploit the MS08-67 Critical vulnerability that was reported last month. So if your Windows system uses the “Server” service, you’ll hopefully have it patched soon. For home users that do not need this dis-service, they can easily disable it, by going to services.msc while using their Admin account.