Internet Security Alliance Updates 7-20-09

July 20, 2009 by ADMIN

Share |

In Today’s News…

July 16, BBC News – (International) Twitter calls lawyer over hacking. The microblogging service Twitter is taking legal advice after hundreds of documents were hacked into and published by a number of blogs. TechCrunch has made public some of the 310 bits of material it was sent. It posted information about Twitter’s financial projections and products. “We are in touch with our legal counsel about what this theft means for Twitter, the hacker and anyone who accepts…or publishes these stolen documents,” said a co-founder of Twitter. In a blog posting he wrote that “About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. “From the personal account, we believe the hacker was able to gain information which allowed access to this employee’s Google Apps account which contained Docs, Calendars and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company.” The co-founder went on to stress that “the attack had nothing to do with any vulnerability in Google Apps.” He said this was more to do with “Twitter being in enough of a spotlight that folks who work here can be a target.” It is believed a French hacker who goes by the moniker “Hacker Croll” illegally accessed the files online by guessing staff members’ passwords.
Source: http://news.bbc.co.uk/2/hi/technology/8153122.stm

July 16, CNET News – (International) Microsoft sues alleged IM spammers, phishers. Microsoft is bringing out the big guns to combat instant message spam and phishing attacks done to users of its Live Messenger network. The Redmond, Washington-based software giant filed a civil lawsuit on July 16 in King County Superior Court in Seattle against Funmobile, Mobilefunster, and several individuals, who Microsoft says is responsible for the intentional misuse of the service to gain the personal information of its users. In the suit, Microsoft cites a multitude of attacks including IMs that appear to be coming from users they know, as well as phishing attacks that mimic the look and feel of an outside service, or an official Microsoft support page. Microsoft says that the successful use of these tactics has let third parties obtain these users’ personal account information, then exploit it by sending mass spam and phishing messages to the contacts of users whose accounts have been breached. In a post on Microsoft’s security blog Microsoft on the Issues, Microsoft’s associate general counsel of Internet safety enforcement said the company hopes the suit will accomplish three things. One is to stop companies and individuals from continuing the attacks through injunction. Microsoft also intends to “recover monetary damages,” as well as send a message to other parties who would try similar tactics. Microsoft counts the number of its Windows Live Messenger users at more than 320 million, although the suit makes no mention of how many of those users have been affected by the privacy attacks. However, it does say that the attacks have put a strain on the servers that run the service, as well as its security teams, which have to monitor and combat incoming attacks. In the meantime, the company is urging users of its Live Messenger service and other Live services not to give other people their log-in information.
Source: http://news.cnet.com/8301-27076_3-10289104-248.html

July 16, NetworkWorld – (International) Will new top-level domains promote cybersquatting? The Internet Corporation for Assigned Names and Numbers (ICANN) is hosting two meetings the week of July 13 — one in New York City and the other in London — to discuss the trademark and cybersecurity issues surrounding its plan to introduce hundreds of new top-level domains into the Internet. Similar meetings will be held in Hong Kong the week of July 20 and Abu-Dhabi in early August. At these public meetings, ICANN is discussing the protections that it will give corporations so they do not have to spend huge sums of money purchasing their company and brand names in all of the new top-level domains. ICANN plans to introduce hundreds of top-level domains — such as .nyc, .sport and .food — next year. Wary about this plan, U.S. corporations with large portfolios of domain names have asked ICANN for special protections for trademark owners to prevent cybersquatting and other deceptive practices such as phishing. The president of ICANN’s Intellectual Property Constituency and a partner with law firm Mitchell Silberberg & Knupp said the ICANN meeting in New York City focused on preventative measures that ICANN can put in place to prevent cybersquatters from registering trademark-protected names. “The meeting also included the malicious conduct issue,” the president said. “We believe the new TLDs will provide a lot of new opportunities for phishing, pharming and malware, and we are trying to minimize the risk.”
Source: http://www.networkworld.com/news/2009/071609-icann-meetings-on-new-tlds.html

July 16, KPTV 12 Portland – (Oregon) Turkish hacker hits Portland Web sites. A handful of Portland Web sites became the unsuspecting targets of Turkish hackers over the weekend of July 11. The home page of the Central Northeast Neighbors was replaced by a message claiming the site had been cracked by a Turkish hacker. Five other sites were also hit. The owner of the company that hosts and services the sites said the hacker simply erased the homepage and replaced it with his own. The owner keeps all the files and data on private servers. He hosts more than 30 sites, but only a handful were hacked. He said there is no way of knowing who is really responsible. “I suspect he’s in Turkey, (but) I don’t know where he is,” the owner said. “I think these people do this just to show he can do it.” A Google search on July 15 showed numerous sites claiming to be hacked. All sites were running as normal by July 15.
Source: http://www.kptv.com/technology/20075160/detail.html

July 16, DarkReading – (International) Ireland’s largest ISP may be under attack. Ireland’s largest Internet service provider has been experiencing performance problems for more than a month, and some researchers believe it has become the victim of multiple DNS poisoning attacks. Users first began complaining of slow response times at the end of May, according to online bulletin boards. Some users also complained that their Web queries were being redirected to other sites. Many of those queries ended up at the same advertising site, which suggests a DNS compromise, according to a blog by a security researcher at Trend Micro. Complaints from Eircom users reportedly intensified at the beginning of July, and the week of July 6 the ISP issued a statement that confirmed the problem: “Customers may have recently experienced delays in web browsing and may have been unable to access the Internet,” the statement said. “In some cases, customers may have been redirected to incorrect Websites. This issue has been caused by an unusual and irregular volume of internet traffic being directed onto our network, and this impacted the systems and servers that provide access to the Internet for our customers. Eircom is working continuously to minimize the impact for customers and has taken a number of steps, including software updates and hardware interventions, to fully restore Internet service.” But the week of July 13, users again are reporting problems using the ISP’s services. In a second statement issued July 14, the ISP conceded that the problem may be a second attack. “While it is too early to confirm, Eircom believes that [this week’s performance issues are] related to an unprecedented volume of traffic deliberately directed at our network which has caused difficulties for customers over recent days,” the company says.
Source: http://www.darkreading.com/securityservices/security/attacks/showArticle.jhtml?articleID=218501038&subSection=Attacks/breaches

Introducing the ISAlliance / Information Security Resources News Feed
In our continued effort to provide membership with access to the latest developments and relevant issues being addressed by compliance, IT and security professionals today, the ISAlliance would like to introduce the addition of the Information Security Resources News Feed to our website selections.

Information Security Resources strives to bring together security thought leaders by providing a forum for security issues across all sectors and industries. ISR’s concern is centered around the failure of organizations to adequately protect regulated systems and data, with a focus is on the exposure of private info and sensitive systems during the financial meltdown, including identity theft, privacy breach, info stolen, credit card fraud, and other enormous liabilities. In addition to the obvious threat to market stability, the financial debacle has the added element of national and global security concerns. ISR’s editors and contributors strongly believe that system integrity is the next major national security, shareholder derivative, D&O liability, regulatory, consumer product safety, and class-action issue our nation will face. ISR is led by Kevin M. Nixon, MSA, CISSP®, CISM®, CGEIT®, who is a former ISalliance Board member, and managed by publisher Anthony M. Freed.

The link for the news feed in located at the top of the “Business Services” column on any ISAlliance website page. Enjoy!

This Week at the ISAlliance…

Monday, July 20: IT Sector Coordinating Council Executive Committee Conference Call at 5. The Information Technology Sector Coordinating Council was established on January 27, 2006 for the purposes of bringing together companies, associations, and other key IT sector participants on a regular basis to coordinate strategic activities and communicate broad sector member views associated with infrastructure protection, response and recovery that are broadly relevant to the IT Sector. The IT sector envisions a secure, resilient, and protected global information infrastructure that can rapidly restore services if affected by an emergency or crisis, ensuring the continued and efficient function of information technologies, infrastructures and services for people, governments, and businesses worldwide. The Executive Committee manages the affairs of the IT-SCC in the same way that a board of directors would manage the affairs of a “for profit” company.

Tuesday, July 21: ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project Applicability Workgroup meeting at 1. This workgroup is focusing on documenting the SCAP Goals for a VoIP solution, identifying SCAP gaps and determine how SCAP may, or may not be applied to a non-desktop environment. The group will also review the SCAP components and standards and determine gaps and short falls of the SCAP components for applicability to a VoIP solution. This work will result in a whitepaper that captures the analysis, its results and makes recommendations regarding SCAP applicability to a VoIP Solution. The goal of this project is to provide a secure playing field for corporations as they deploy VoIP and related technologies.

Tuesday, July 21: CMU Training - Creating a Computer Security Incident Response Team. This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can be used as a starting point in planning and implementing their CSIRT.

The course is composed of lectures and class exercises. Participants will learn the requirements for establishing an effective CSIRT, the various organizational models for a CSIRT, the variety and level of services that can be provided by a CSIRT, and the types of resources and infrastructure needed to support a team. Additionally, attendees will identify policies and procedures that should be established and implemented when creating a CSIRT. Attendees may also want to register for the three-day companion course, Managing Computer Security Incident Response Teams, which is scheduled immediately following the Creating a CSIRT course.

Tuesday, July 21: IT Sector Coordinating Council Quarterly Meeting. Responding to a need for better preparedness and coordination of critical infrastructure protection initiatives, leading information technology companies, professional service firms, and information technology trade associations formed the Information Technology Sector Coordinating Council (IT-SCC). The primary mission of the IT-SCC is to bring together companies, associations, and other key IT sector participants to discuss sector security issues and engage with the public and private sectors in all areas of critical infrastructure protection.

Wednesday, July 22: CMU Training - Managing Computer Security Incident Response Teams. This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with an overview of the incident handling process and the types of tools and infrastructure needed to be effective. Technical issues are discussed from a management perspective. Topics include hiring CSIRT staff, identifying critical information, publishing information, establishing effective working relationships, working with law enforcement, evaluating CSIRT operations, building CSIRT service capacity, and the importance of pre-established policies and procedures. The course incorporates interactive instruction, exercises, and role playing. During a simulated incident, attendees will gain experience with the type of decisions they might face on a regular basis.

Wednesday, July 22: IT Sector Coordinating Council Communications and Outreach Committee working group meeting at 10. The Communications and Outreach Committee creates and maintains all communications documents. These documents include the ITSCC 101 presentation, the IT Sector Scorecard, the PCIS Handbook, and the website. This working group reaches out across both sectors and states, spreading awareness of IT SCC efforts and accomplishments. Some of these tasks are supported by the Executive Secretariat.

Thursday, July 23: ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project Baseline Standards Workgroup meeting at 1. This workgroup is focusing on documenting the SCAP Goals for a VoIP solution, identifying SCAP gaps and determine how SCAP may, or may not be applied to a non-desktop environment. The group will also review the SCAP components and standards and determine gaps and short falls of the SCAP components for applicability to a VoIP solution. This work will result in a whitepaper that captures the analysis, its results and makes recommendations regarding SCAP applicability to a VoIP Solution. The goal of this project is to provide a secure playing field for corporations as they deploy VoIP and related technologies.

Thursday, July 23: CMU Training - Managing Computer Security Incident Response Teams. This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with an overview of the incident handling process and the types of tools and infrastructure needed to be effective.

Technical issues are discussed from a management perspective. Topics include hiring CSIRT staff, identifying critical information, publishing information, establishing effective working relationships, working with law enforcement, evaluating CSIRT operations, building CSIRT service capacity, and the importance of pre-established policies and procedures. The course incorporates interactive instruction, exercises, and role playing. During a simulated incident, attendees will gain experience with the type of decisions they might face on a regular basis.

Friday, July 24: CMU Training - Managing Computer Security Incident Response Teams. This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with an overview of the incident handling process and the types of tools and infrastructure needed to be effective. Technical issues are discussed from a management perspective. Topics include hiring CSIRT staff, identifying critical information, publishing information, establishing effective working relationships, working with law enforcement, evaluating CSIRT operations, building CSIRT service capacity, and the importance of pre-established policies and procedures. The course incorporates interactive instruction, exercises, and role playing. During a simulated incident, attendees will gain experience with the type of decisions they might face on a regular basis.

Speaking Opportunity for ISAlliance members: The Illinois Institute of Technology’s Center for Professional Development will be hosting the 5th Annual VoIP Conference and Expo Wednesday and Thursday October 28 and 29, 2009. This two-day conference, where industry and academia meet, will bring together technical professionals and executives from the data and telecommunications industry, standards bodies, government agencies, as well as the business community. ISAlliance members interested in participating as a panelist discussing the practical side of VoIP Security, how IT security is being practiced today to protect VoIP and what important new steps need to be taken in the near future should contact

Download a complete copy of The Cyber Secuirty Social Contract: Policy Recommendations for the Obama Administration and 111th Congress.

Learn More About the ISAlliance

The Internet Security Alliance (ISAlliance) was created to provide a forum for information sharing and thought leadership on information security issues. The ISAlliance represents corporate security interests before legislators and regulators, in so doing the alliance aims to identify and standardize best practices in Internet security and network survivability, while creating a collaborative environment to develop and implement information security solutions.

* * *

Stay Informed With ISR News Feeds and Email Alerts Here:

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.