Internet Security Alliance Updates 6-19-09
From The Internet Security Alliance
Learn About the ISAlliance
In Today’s News…
Introducing the ISAlliance Information Security Resources News Feed
In our continued effort to provide membership with access to the latest developments and relevant issues being addressed by compliance, IT and security professionals today, the ISAlliance would like to introduce the addition of the Information Security Resources News Feed to our website selections. Information Security Resources strives to bring together security thought leaders by providing a forum for security issues across all sectors and industries. ISR’s concern is centered around the failure of organizations to adequately protect regulated systems and data, with a focus is on the exposure of private info and sensitive systems during the financial meltdown, including identity theft, privacy breach, info stolen, credit card fraud, and other enormous liabilities. In addition to the obvious threat to market stability, the financial debacle has the added element of national and global security concerns. ISR’s editors and contributors strongly believe that system integrity is the next major national security, shareholder derivative, D&O liability, regulatory, consumer product safety, and class-action issue our nation will face. ISR is led by Kevin M. Nixon, MSA, CISSP®, CISM®, CGEIT®, who is a former ISalliance Board member, and managed by Anthony M. Freed.The link for the news feed in located at the top of the “Business Services” column on any ISAlliance website page. Enjoy!
June 18, Spamfighter.com – (International) BKIS – Deep Freeze application fails to detect new Chinese worm. Security researchers at Bach Khoa International Security (BKIS) have warned computer users about a new worm called W32.SafeSys.Worm that has an ability to bypass security applications such as Deep Freeze. The worm was first detected in early March 2009, and since then, around 174 new variants of this Chinese born virus have been discovered on the Internet. Faronics has developed Deep Freeze application to facilitate administrators to restore their systems after being used by unauthorized parties. Cybercafes, school computer labs and libraries are increasingly using this application to protect their systems from hackers’ attacks. Deep Freeze prime function is to monitor changes in sectors (like data storage area) within hard disk partitions and save changes in another area (like buffer). When a normal program retrieves anyone of these sectors, it collects data from the buffer sector instead of the original sectors. As the system initiates the rebooting process, temporary data saved in the buffer gets deleted and the system is restored to its previous state. Hence, online shops often believe that their systems are safe from virus attacks as they have installed Deep Freeze application. However, W32.SafeSys.Worm utilizes a new technique in which it directly writes on sectors of hard disk by requesting for direct link with the disk controller. Interestingly, the worm does not leave any scope for its identification by frozen system programs such as Deep Freeze while writing on hard disk. It has been found that online shops solely depends on the abovementioned software and do not have other protections installed fall to W32.SafeSys.Worm. As per the figures given by BKIS, nearly 45,000 computers across Vietnam have been discovered with this virus. Source: http://www.spamfighter.com/News-12578-BKIS-%E2%80%93-Deep-Freeze-Application-Fails-to-Detect-New-Chinese-Worm.htm
June 18, ComputerWeekly – (International) Hackers to release Apple iPhone OS 3.0 software jailbreak. The Dev Team’s MuscleNerd has released a video demonstration of Ultrasnow, an updated version of the hacker group’s Yellosnow iPhone software jailbreak released on January 1, 2009. Apple has since patched the iPhone’s vulnerability exploited by Yellosnow to allow iPhone users to connect to the mobile phone carrier of their choice. Ultrasnow capitalizes on another weakness in newer Apple iPhones discovered by an Israel-based hacker just six weeks after Apple gave a preview of iPhone OS 3.0. MuscleNerd claims Ultrasnow will work on any iPhone 3G running 3.0, but does not mention Apple’s new iPhone 3GS, also due for release on June 19. But in a blog posting, the Dev Team said they will not be releasing any updates on their progress with iPhone 3G S.
Source: http://www.computerweekly.com/Articles/2009/06/18/236493/video-hackers-to-release-apple-iphone-os-3.0-software.htm
June 17, CNET News – (International) ‘Golden Cash’ botnet-leasing network uncovered. Researchers at security firm Finjan said on June 17 that they have uncovered an underground botnet-leasing network where cyber criminals can pay $5 to $100 to install malware on 1,000 PCs for things like stealing data and sending spam. The Golden Cash network, dubbed “Your money-making machine” on its home page, sells access to botnets comprised of thousands of compromised PCs to cyber criminals for custom malware spreading jobs, according to issue 2 of the Cybercrime Intelligence Report for 2009. It works like this: a cyber criminal creates a botnet by hiding malicious code in a legitimate Web site that is used to turn Web surfing PCs into zombies. The code, typically an iFrame, points the PCs to a separate Web site where they are then infected with a Trojan backdoor that reports back to the Golden Cash command and control server. In order to increase the number of botnets, the Golden Cash server installs an FTP (file transfer protocol) grabber on new zombies to steal credentials used by the computers to run Web sites, giving the server control over additional legitimate Web sites. Approximately 100,000 domains, including corporate domains from around the world, were identified among the stolen FTP credentials under Golden Cash’s control, according to the report. Customers pay for the ability to install different types of malware on the Golden Cash bots, which are recycled for new jobs and new customers afterward. Prices are higher for compromised PCs in western countries, the report said. “This advanced trading platform marks a new milestone in the cybercrime evolution,” Finjan said in a statement.
Source: http://news.cnet.com/8301-1009_3-10266977-83.html
This Week at the ISAlliance…
Friday, June 19: ISAlliance/CyLab Webinar at noon. Ahead in the Cloud - The Power of Infrastructure as a Service by Dr. Werner Vogels, CTO of Amazon.com
Abstract: Building the right infrastructure that can scale up or down at a moment’s notice can be a complicated and expensive task, but it’s essential in today’s business landscape. This applies to an enterprise trying to cut-costs, a young business unexpectedly saturated with customer demand, or a start-up looking to launch. There are many challenges when building a reliable, flexible architecture that can manage unpredictable behaviors of today’s internet business. This presentation will review some of the lessons learned from building one of the world’s largest distributed systems; Amazon.com. The focus will be on state management which is one of the dominating factors in the scalability, reliability, performance and cost-effectiveness of the overall system.
Friday, June 19: Communications Sector Coordinating Council Executive Committee meeting at 2. The broad purpose of a Sector Coordinating Council is to foster and facilitate the coordination of sector-wide activities and initiatives designed to improve physical and cyber security of the critical infrastructures and related information flow within the sector, cross-sector and with DHS. Through the CSCC, private-sector owners, operators and suppliers can efficiently engage DHS and other federal agencies, collaborating to identify, prioritize, and coordinate policy issues related to the protection of critical infrastructure and key resources; facilitate sharing of information related to physical and cyber threats, vulnerabilities, incidents, potential protective measures, and best practices; facilitate policy issues related to response and recovery activities and communication following an incident or event. The Executive Committee manages the af f airs of the CSCC in the same way that a board of directors would manage the affairs of a “for profit” company.
Monday, June 22: Department of Homeland Security Control Systems Security Program 2009 Industrial Control Systems Cyber Security Advanced Training. This event will provide intensive hands-on training on protecting and securing control systems from cyber attacks, including a Red Team / Blue Team exercise that will be conducted within an actual control systems environment. It will also provide an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. This event includes four full days of intensive control systems security training, presentations and a Red Team / Blue Team exercise.
Monday, June 22: Fundamentals of Incident Handling training course by CyLab/Software Engineering Institute This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. Course attendees will learn how to gather the information required to handle an incident; realize the importance of having and following pre-defined CSIRT policies and procedures; understand the technical issues relating to commonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid while taking part in CSIRT work. The course incorporates interactive instruction, practical exercises, and role playing. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis. This course is part of the curriculum for the CERT-Certified Incident Handler program. After completing this course, participants are encouraged to attend the companion course, Advanced Incident Handling. Note: There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. The Fundamentals of Incident Handling course covers more technical topics such as email and malware attacks, PGP, and recognizing signs of attack . The Fundamentals of Incident Handling course is designed to introduce new incident handlers to the basic skills and processes they will need to perform incident handling work. The Managing CSIRTs course focuses on incident handling issues from an operational management perspective.
Monday, June 22: Communications Sector Coordinating Council (CSCC) Communications and Outreach Committee working group meeting at 3. The Communications and Outreach Committee creates and maintains all communications documents. This working group reaches out across both sectors and states, spreading awareness of CSCC efforts and accomplishments. Some of these tasks are supported by the Executive Secretariat.
Tuesday, June 23: ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project Applicability Workgroup meeting at 1. This workgroup is focusing on documenting the SCAP Goals for a VoIP solution, identifying SCAP gaps and determine how SCAP may, or may not be applied to a non-desktop environment. The group will also review the SCAP components and standards and determine gaps and short falls of the SCAP components for applicability to a VoIP solution. This work will result in a whitepaper that captures the analysis, its results and makes recommendations regarding SCAP applicability to a VoIP Solution. The goal of this project is to provide a secure playing field for corporations as they deploy VoIP and related technologies.
Tuesday, June 23: Department of Homeland Security Control Systems Security Program 2009 Industrial Control Systems Cyber Security Advanced Training. This event will provide intensive hands-on training on protecting and securing control systems from cyber attacks, including a Red Team / Blue Team exercise that will be conducted within an actual control systems environment. It will also provide an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. This event includes four full days of intensive control systems security training, presentations and a Red Team / Blue Team exercise.
Tuesday, June 23: Fundamentals of Incident Handling training course by CyLab/Software Engineering Institute This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. Course attendees will learn how to gather the information required to handle an incident; realize the importance of having and following pre-defined CSIRT policies and procedures; understand the technical issues relating to commonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid while taking part in CSIRT work. The course incorporates interactive instruction, practical exercises, and role playing. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis. This course is part of the curriculum for the CERT-Certified Incident Handler program. After completing this course, participants are encouraged to attend the companion course, Advanced Incident Handling. Note: There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. The Fundamentals of Incident Handling course covers mo re technical topics such as email and malware attacks, PGP, and recognizing signs of attack. The Fundamentals of Incident Handling course is designed to introduce new incident handlers to the basic skills and processes they will need to perform incident handling work. The Managing CSIRTs course focuses on incident handling issues from an operational management perspective.
Wednesday, June 24: IT Sector Coordinating Council Communications and Outreach Committee working group meeting at 10. The Communications and Outreach Committee creates and maintains all communications documents. These documents include the ITSCC 101 presentation, the IT Sector Scorecard, the PCIS Handbook, and the website. This working group reaches out across both sectors and states, spreading awareness of IT SCC efforts and accomplishments. Some of these tasks are supported by the Executive Secretariat.
Wednesday, June 24: Department of Homeland Security Control Systems Security Program 2009 Industrial Control Systems Cyber Security Advanced Training. This event will provide intensive hands-on training on protecting and securing control systems from cyber attacks, including a Red Team / Blue Team exercise that will be conducted within an actual control systems environment. It will also provide an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. This event includes four full days of intensive control systems security training, presentations and a Red Team / Blue Team exercise.
Wednesday, June 24: Fundamentals of Incident Handling training course by CyLab/Software Engineering Institute This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. Course attendees will learn how to gather the information required to handle an incident; realize the importance of having and following pre-defined CSIRT policies and procedures; understand the technical issues relating t o commonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid while taking part in CSIRT work. The course incorporates interactive instruction, practical exercises, and role playing. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis. This course is part of the curriculum for the CERT-Certified Incident Handler program. After completing this course, participants are encouraged to attend the companion course, Advanced Incident Handling. Note: There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. The Fundamentals of Incident Handling course covers more technical topics such as email and malware attacks, PGP, and recognizing signs of at tac k. The Fundamentals of Incident Handling course is designed to in tr oduce new incident handlers to the basic skills and processes they will need to perform incident handling work. The Managing CSIRTs course focuses on incident handling issues from an operational management perspective.
Thursday, June 25: ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project Baseline Standards Workgroup meeting at 1. This workgroup is focusing on documenting the SCAP Goals for a VoIP solution, identifying SCAP gaps and determine how SCAP may, or may not be applied to a non-desktop environment. The group will also review the SCAP components and standards and determine gaps and short falls of the SCAP components for applicability to a VoIP solution. This work will result in a whitepaper that captures the analysis, its results and makes recommendations regarding SCAP applicability to a VoIP Solution. The goal of this project is to provide a secure playing field for corporations as they deploy VoIP and related technologies.
Thursday, June 25: Department of Homeland Security Control Systems Security Program 2009 Industrial Control Systems Cyber Security Advanced Training. This event will provide intensive hands-on training on protecting and securing control systems from cyber attacks, including a Red Team / Blue Team exercise that will be conducted within an actual control systems environment. It will also provide an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. This event includes four full days of intensive control systems security training, presentations and a Red Team / Blue Team exercise.
Thursday, June 25: Fundamentals of Incident Handling training course by CyLab/Software Engineering Institute This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. Course attendees will learn how to gather the information required to handle an incident; realize the importance of having and following pre-defined CSIRT policies and procedures; understand the technical issues relatin g to commonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid while taking part in CSIRT work. The course incorporates interactive instruction, practical exercises, and role playing. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis. This course is part of the curriculum for the CERT-Certified Incident Handler program. After completing this course, participants are encouraged to attend the companion course, Advanced Incident Handling. Note: There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. The Fundamentals of Incident Handling course covers more technical topics such as email and malware attacks, PGP, and recognizing signs of att ack . The Fundamentals of Incident Handling course is designed to int ro duce new incident handlers to the basic skills and processes they will need to perform incident handling work. The Managing CSIRTs course focuses on incident handling issues from an operational management perspective.
Friday, June 26: Department of Homeland Security Control Systems Security Program 2009 Industrial Control Systems Cyber Security Advanced Training. This event will provide intensive hands-on training on protecting and securing control systems from cyber attacks, including a Red Team / Blue Team exercise that will be conducted within an actual control systems environment. It will also provide an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. This event includes four full days of intensive control systems security training, presentations and a Red Team / Blue Team exercise.
Friday, June 26: Fundamentals of Incident Handling training course by CyLab/Software Engineering Institute This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. Course attendees will learn how to gather the information required to handle an incident; realize the importance of having and following pre-defined CSIRT policies and procedures; understand the technical issues relating to co mmonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid while taking part in CSIRT work. The course incorporates interactive instruction, practical exercises, and role playing. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis. This course is part of the curriculum for the CERT-Certified Incident Handler program. After completing this course, participants are encouraged to attend the companion course, Advanced Incident Handling. Note: There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. The Fundamentals of Incident Handling course covers more technical topics such as email and malware attacks, PGP, and recognizing signs of attac k. T he Fundamentals of Incident Handling course is designed to intro duc e new incident handlers to the basic skills and processes they will need to perform incident handling work. The Managing CSIRTs course focuses on incident handling issues from an operational management perspective.
Adapting the SAFETY Act to Cyber Security - ISAlliance Member Assistance Program: Following the 911 catastrophe Congress passed a new law, the SAFETY Act, which provided market incentives for technologies to fight terrorism, most of which dealt with physical attacks. The SAFETY Act office approached ISA for assistance in getting cyber technologies designated or certified as SAFETY Act compliant. Designation brings with it various market advantages including liability protection and marketing benefits. ISA is arranging for individual members to receive attention for their technol ogies with the SAFETY Act office . Please contact bfoer@isalliance.org to discuss ISAlliance assistance and review which of your technologies are eligible under this program.
ISAlliance/NIST/DHS VOIP SECURITY PROGRAM - CALL TO PARTICIPATE
As you may be aware, ISAlliance is leading a project to develop an industry led, cost effective SCAP solution for VoIP and Unified Communications with the goal of providing a secure playing field for corporations as they deploy VoIP and related technologies. We are currently seeking workgroup participants with expertise in VoIP systems, VoIP Security Standards, Cybersecurity or SCAP
ISAlliance Members Invited to Particpate in Nortel Voice Security Technology Blog. The voice security technology blog is meant to allow readers to keep informed about news and events around the world of voice and multimedia security from a technical perspective. It is a forum where the industry’ s best and brightest minds can cooperatively discus s and debate the hottest issues and topics facing secure voice, multimedia and unified communications. This b log will be of interest to those who are actively involved in providing security solutions, services or products, specifically those related to voice and multimedia communications.
ISAlliance members are invited to monitor this blog - http://community.nortel.com/go/blogs/voicesecurity
ISAlliance Web Portal Information
ISAlliance US-CERT Portal: https://portal.us-cert.gov/member/index.cfm
ISAlliance/CyLab Portal: www.cylab.cmu.edu/
Download a complete copy of The Cyber Secuirty Social Contract: Policy Recommendations for the Obama Administration and 111th Congress.
The Internet Security Alliance (ISAlliance) was created to provide a forum for information sharing and thought leadership on information security issues. The ISAlliance represents corporate security interests before legislators and regulators, in so doing the alliance aims to identify and standardize best practices in Internet security and network survivability, while creating a collaborative environment to develop and implement information security solutions.
* * *
Stay Informed With ISR News Feeds and Email Alerts Here:
The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
Filed under: Breach, D&O Liability, FEATURE ARTICLE, Government, ISR News, Internet Security Alliance, Military, PCI, Sarbanes-Oxley, Uncategorized, hackers, identity-theft, malware, national security, privacy
Comments
One Comment on Internet Security Alliance Updates 6-19-09
-
Posts about Computer Security as of June 19, 2009 — nuke it dot org on
Fri, 19th Jun 2009 11:11 am
[...] while you surf the Web, please see, Don’t Know These Basic Computer Security Precautions Internet Security Alliance Updates 6-19-09 – information-security-resources.com 06/19/2009 Learn About the ISAlliance From The Internet [...]
Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!
