Internet Security Alliance Updates 6-23-09

June 23, 2009 by ADMIN

Share |

In Today’s News…

Introducing the ISAlliance Information Security Resources News Feed

In our continued effort to provide membership with access to the latest developments and relevant issues being addressed by compliance, IT and security professionals today, the ISAlliance would like to introduce the addition of the Information Security Resources News Feed to our website selections.

Information Security Resources strives to bring together security thought leaders by providing a forum for security issues across all sectors and industries. ISR’s concern is centered around the failure of organizations to adequately protect regulated systems and data, with a focus is on the exposure of private info and sensitive systems during the financial meltdown, including identity theft, privacy breach, info stolen, credit card fraud, and other enormous liabilities.

In addition to the obvious threat to market stability, the financial debacle has the added element of national and global security concerns. ISR’s editors and contributors strongly believe that system integrity is the next major national security, shareholder derivative, D&O liability, regulatory, consumer product safety, and class-action issue our nation will face.

ISR is led by Kevin M. Nixon, MSA, CISSP®, CISM®, CGEIT®, who is a former ISalliance Board member, and managed by Anthony M. Freed. The link for the news feed in located at the top of the “Business Services” column on any ISAlliance website page. Enjoy!

June 19, Baltimore Examiner – (International) Google’s online security helps fight malware. Google’s online security recently started to identify web pages that infect computers via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running malware automatically. During that time they have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware. Third-party content is one avenue for malicious activity. Today, a lot of third-party content is due to advertising. In Google’s analysis, they found that on average 2 percent of malicious web sites were delivering malware via advertising. The underlying problem is that advertising space is often syndicated to other parties who are not known to the web site owner. In addition, Google’s security team also investigated the structural properties of malware distribution sites. Some malware distribution sites had as many as 21,000 regular web sites pointing to them. It was also found that the majority of malware was hosted on web servers located in China. Interestingly, Chinese malware distribution sites are mostly pointed to by Chinese web servers. Google says they are constantly scanning their index for potentially dangerous sites. Their automated search systems found more than 4,000 different sites that appeared to be set up for distributing malware by massively compromising popular web sites.
Source: http://www.examiner.com/x-11905-SF-Cybercrime-Examiner~y2009m6d19-Googles-online-security-helps-fight-malware

June 19, Spamfighter – (International) Apple accepts Mac’s vulnerability to malware. Security company ‘SecureMac’ reports that Apple has eventually admitted that viruses and spyware pose a threat to Mac OS X and to its most recent operating system ‘Snow Leopard.’ According to Apple, Snow Leopard is being designed to add new mechanism that would facilitate in protecting against attacks like phishing and sandboxing in Safari. However, this technology is not a complete anti-malware solution. Apple claimed on its official website that Mac had built-in technologies, which helped to protect from malicious software as well as other security threats. Since computer systems were not cent percent immune from attacks, antivirus software might be deployed for additional protection, Apple suggested. Responding to Apple’s statement, SecureMac said that they appreciated Apple for acknowledging the fact that Mac was not immune to malware attacks. This statement contradicted Apple’s TV advertisements that criticized their counterparts by claiming that Macs were totally safe. Nevertheless, it was vital that one should realize that the new mechanisms built into the operating software would not safeguard from all attacks, SecureMac added.
Source: http://www.spamfighter.com/News-12582-Apple-Accepts-Macs-Vulnerability-to-Malware.htm

June 18, CNET News – (International) Microsoft’s free antimalware beta on the way. Microsoft will launch a public beta of its anti-malware service, Microsoft Security Essentials, on June 23 as it phases out its Live OneCare suite in favor of a simpler free consumer security offering. Microsoft Security Essentials, which will run on Windows XP, Vista, and Windows 7, will be available in the U.S., Brazil, and Israel in English and Brazilian Portuguese. A public beta version for Simplified Chinese will be available later in the year. The service works like traditional antivirus products in which client software monitors programs on a PC. When something changes on the computer, such as files being downloaded or copied or software trying to modify files, the system checks against a set of malware signatures in the client program to see if the code matches the signature for known malware. If so, it blocks it from getting downloaded. If no signature match is found, the system will ping the server-based Dynamic Signature Service to see if any new signatures are available and, if so, it removes the malware. If it appears to be new malware, the Dynamic Signature Service may request a sample of the code in order to create a new signature. The service updates its anti-malware database constantly and publishes new antivirus signatures to Microsoft Update three times a day, the general manager of Microsoft’s Anti-Malware team said in an interview on June 18.
Source: http://news.cnet.com/8301-1009_3-10268040-83.html

June 17, SC Magazine – (International) “Nine-Ball” mass injection attack compromised 40,000 sites. A new threat dubbed “Nine-Ball” has compromised up to 40,000 legitimate Web sites, which are, in turn, infecting users with an information-stealing trojan, according to security vendor Websense. The attack is called “Nine-Ball” because of the name of the final, malicious landing page, which is loaded with drive-by exploits, that unsuspecting users automatically are redirected to if they visit one of the compromised sites. Ninetoraq.in, the exploit site, contains malicious code that looks for already patched vulnerabilities in Acrobat Reader, QuickTime, Microsoft Data Access Components (MDAC) and AOL SuperBuddy, which it then attempts to exploit, the manager of security research at Websense, told SCMagazineUS.com on June 17. The flaws have all been patched; some date back to 2006, the manager said. But, the Reader and QuickTime vulnerabilities are newer, making it less likely that users are patched for them. If the malicious code finds an unpatched vulnerability to exploit, it either drops a malicious PDF file or a trojan designed to steal user information, the manager said. All of the exploits currently have low detection rates, he added. The 40,000 legit but compromised Web sites were “sleeping” up until June 15, the manager said. Before then, if a user visited one of them, they were redirected to Ask.com. On June 15, though, the attack updated and users started being redirected to the ninetoraq malicious site.
Source: http://www.scmagazineus.com/Nine-Ball-mass-injection-attack-compromised-40000-sites/article/138664/

This Week at the ISAlliance…

Tuesday, June 23: ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project Applicability Workgroup meeting at 1. This workgroup is focusing on documenting the SCAP Goals for a VoIP solution, identifying SCAP gaps and determine how SCAP may, or may not be applied to a non-desktop environment. The group will also review the SCAP components and standards and determine gaps and short falls of the SCAP components for applicability to a VoIP solution. This work will result in a whitepaper that captures the analysis, its results and makes recommendations regarding SCAP applicability to a VoIP Solution. The goal of this project is to provide a secure playing field for corporations as they deploy VoIP and related technologies.

Tuesday, June 23: Department of Homeland Security Control Systems Security Program 2009 Industrial Control Systems Cyber Security Advanced Training. This event will provide intensive hands-on training on protecting and securing control systems from cyber attacks, including a Red Team / Blue Team exercise that will be conducted within an actual control systems environment. It will also provide an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. This event includes four full days of intensive control systems security training, presentations and a Red Team / Blue Team exercise

Tuesday, June 23: Fundamentals of Incident Handling training course by CyLab/Software Engineering Institute This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. Course attendees will learn how to gather the information required to handle an incident; realize the importance of having and follo wing pre-defined CSIRT policies and procedures; understand the technical issues relating to commonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid while taking part in CSIRT work. The course incorporates interactive instruction, practical exercises, and role playing. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis. This course is part of the curriculum for the CERT-Certified Incident Handler program. After completing this course, participants are encouraged to attend the companion course, Advanced Incident Handling. Note: There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. The Fundamentals of Incident Handling course covers mo re technical topics such as email and malware attacks, PGP, and rec o gnizing signs of attack. The Fundamentals of Incident Handling course is designed to introduce new incident handlers to the basic skills and processes they will need to perform incident handling work. The Managing CSIRTs course focuses on incident handling issues from an operational management perspective.

Wednesday, June 24: IT Sector Coordinating Council Communications and Outreach Committee working group meeting at 10. The Communications and Outreach Committee creates and maintains all communications documents. These documents include the ITSCC 101 presentation, the IT Sector Scorecard, the PCIS Handbook, and the website. This working group reaches out across both sectors and states, spreading awareness of IT SCC efforts and accomplishments. Some of these tasks are supported by the Executive Secretariat.

Wednesday, June 24: Department of Homeland Security Control Systems Security Program 2009 Industrial Control Systems Cyber Security Advanced Training. This event will provide intensive hands-on training on protecting and securing control systems from cyber attacks, including a Red Team / Blue Team exercise that will be conducted within an actual control systems environment. It will also provide an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. This event includes four full days of intensive control systems security training, presentations and a Red Team / Blue Team exercise.

Wednesday, June 24: Fundamentals of Incident Handling training course by CyLab/Software Engineering Institute This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. Course attendees will learn how to gather the information required to handle an incident; realize the importance of having and following pre-defined CSIRT policies and procedures; understand the technical issues relating t o commonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid while taking part in CSIRT work. The course incorporates interactive instruction, practical exercises, and role playing. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis. This course is part of the curriculum for the CERT-Certified Incident Handler program. After completing this course, participants are encouraged to attend the companion course, Advanced Incident Handling. Note: There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. The Fundamentals of Incident Handling course covers more technical topics such as email and malware attacks, PGP, and recognizing signs of at tac k. The Fundamentals of Incident Handling course is designed to in t r oduce new incident handlers to the basic skills and processes they will need to perform incident handling work. The Managing CSIRTs course focuses on incident handling issues from an operational management perspective.

Thursday, June 25: ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project Baseline Standards Workgroup meeting at 1. This workgroup is focusing on documenting the SCAP Goals for a VoIP solution, identifying SCAP gaps and determine how SCAP may, or may not be applied to a non-desktop environment. The group will also review the SCAP components and standards and determine gaps and short falls of the SCAP components for applicability to a VoIP solution. This work will result in a whitepaper that captures the analysis, its results and makes recommendations regarding SCAP applicability to a VoIP Solution. The goal of this project is to provide a secure playing field for corporations as they deploy VoIP and related technologies.

Thursday, June 25: Department of Homeland Security Control Systems Security Program 2009 Industrial Control Systems Cyber Security Advanced Training. This event will provide intensive hands-on training on protecting and securing control systems from cyber attacks, including a Red Team / Blue Team exercise that will be conducted within an actual control systems environment. It will also provide an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. This event includes four full days of intensive control systems security training, presentations and a Red Team / Blue Team exercise.

Thursday, June 25: Fundamentals of Incident Handling training course by CyLab/Software Engineering Institute This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. Course attendees will learn how to gather the information required to handle an incident; realize the importance of having and following pre-defined CSIRT policies and procedures; understand the technical issues relatin g to commonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid while taking part in CSIRT work. The course incorporates interactive instruction, practical exercises, and role playing. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis. This course is part of the curriculum for the CERT-Certified Incident Handler program. After completing this course, participants are encouraged to attend the companion course, Advanced Incident Handling. Note: There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. The Fundamentals of Incident Handling course covers more technical topics such as email and malware attacks, PGP, and recognizing signs of att ack . The Fundamentals of Incident Handling course is designed to int r o duce new incident handlers to the basic skills and processes they will need to perform incident handling work. The Managing CSIRTs course focuses on incident handling issues from an operational management perspective.

Friday, June 26: Department of Homeland Security Control Systems Security Program 2009 Industrial Control Systems Cyber Security Advanced Training. This event will provide intensive hands-on training on protecting and securing control systems from cyber attacks, including a Red Team / Blue Team exercise that will be conducted within an actual control systems environment. It will also provide an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. This event includes four full days of intensive control systems security training, presentations and a Red Team / Blue Team exercise.

Friday, June 26: Fundamentals of Incident Handling training course by CyLab/Software Engineering Institute This five-day course is for computer security incident response team (CSIRT) technical staff who have little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work. It is recommended to those new to incident handling work. The course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. Course attendees will learn how to gather the information required to handle an incident; realize the importance of having and following pre-defined CSIRT policies and procedures; understand the technical issues relating to co mmonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid while taking part in CSIRT work. The course incorporates interactive instruction, practical exercises, and role playing. Attendees have the opportunity to participate in sample incidents that they might face on a day-to-day basis. This course is part of the curriculum for the CERT-Certified Incident Handler program. After completing this course, participants are encouraged to attend the companion course, Advanced Incident Handling. Note: There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. The Fundamentals of Incident Handling course covers more technical topics such as email and malware attacks, PGP, and recognizing signs of attac k. T he Fundamentals of Incident Handling course is designed to intro d uc e new incident handlers to the basic skills and processes they will need to perform incident handling work. The Managing CSIRTs course focuses on incident handling issues from an operational management perspective.

Adapting the SAFETY Act to Cyber Security - ISAlliance Member Assistance Program: Following the 911 catastrophe Congress passed a new law, the SAFETY Act, which provided market incentives for technologies to fight terrorism, most of which dealt with physical attacks. The SAFETY Act office approached ISA for assistance in getting cyber technologies designated or certified as SAFETY Act compliant. Designation brings with it various market advantages including liability protection and marketing benefits. ISA is arranging for individual members to receive attention for their technol ogies with the SAFETY Act office . Please contact bfoer@isalliance.org to discuss ISAlliance assistance and review which of your technologies are eligible under this program.

ISAlliance/NIST/DHS VOIP SECURITY PROGRAM - CALL TO PARTICIPATE

As you may be aware, ISAlliance is leading a project to develop an industry led, cost effective SCAP solution for VoIP and Unified Communications with the goal of providing a secure playing field for corporations as they deploy VoIP and related technologies. We are currently seeking workgroup participants with expertise in VoIP systems, VoIP Security Standards, Cybersecurity or SCAP

ISAlliance Members Invited to Particpate in Nortel Voice Security Technology Blog. The voice security technology blog is meant to allow readers to keep informed about news and events around the world of voice and multimedia security from a technical perspective. It is a forum where the industry’ s best and brightest minds can cooperatively discus s and debate the hottest issues and topics facing secure voice, multimedia and unified communications. This b log will be of interest to those who are actively involved in providing security solutions, services or products, specifically those related to voice and multimedia communications.

ISAlliance members are invited to monitor this blog - http://community.nortel.com/go/blogs/voicesecurity

ISAlliance Web Portal Information

ISAlliance US-CERT Portal: https://portal.us-cert.gov/member/index.cfm

ISAlliance/CyLab Portal: www.cylab.cmu.edu/

Download a complete copy of The Cyber Secuirty Social Contract: Policy Recommendations for the Obama Administration and 111th Congress.

The Internet Security Alliance (ISAlliance) was created to provide a forum for information sharing and thought leadership on information security issues. The ISAlliance represents corporate security interests before legislators and regulators, in so doing the alliance aims to identify and standardize best practices in Internet security and network survivability, while creating a collaborative environment to develop and implement information security solutions.

* * *

Stay Informed With ISR News Feeds and Email Alerts Here:

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.