CUISPA Podcast #24 - Novel influenza
Panelists: John Brozycki, Alex Rams, Larry Porres
Recorded: 5/14/2009

Questions, comments, or something you’d like us to cover? Contact us at: podcast@cuispa.org

I. News stories

1) Novel influenza H1N1 virus. 46 US States, 33 countries, and counting.
It’s been pretty mild and, while the spread hasn’t been exponential, it has moved throughout the US and world quickly. There are lessons to be learned. Don’t count it out yet.

(http://www.csoonline.com/article/492002/Swine_Flu_Now_That_the_Hype_Is_Over_Keep_Planning)

Swine flu flareup: (http://www.msnbc.msn.com/id/30752930)

1a.) World Health Organization on assessing the severity. Some key points are quoted:

“The H1N1 virus strain causing the current outbreaks is a new virus that has

not been seen previously in either humans or animals. Although firm

conclusions cannot be reached at present, scientists anticipate that

pre-existing immunity to the virus will be low or non-existent, or largely

confined to older population groups.”

“During the previous century, the 1918 pandemic began mild and returned,

within six months, in a much more lethal form. The pandemic that began in

1957 started mild, and returned in a somewhat more severe form, though

significantly less devastating than seen in 1918. The 1968 pandemic began

relatively mild, with sporadic cases prior to the first wave, and remained

mild in its second wave in most, but not all, countries.”

”H1N1 appears to be more contagious than seasonal influenza. The secondary

attack rate of seasonal influenza ranges from 5% to 15%. Current estimates

of the secondary attack rate of H1N1 range from 22% to 33%.”

 

“Apart from the intrinsic mutability of influenza viruses, other factors

could alter the severity of current disease patterns, though in completely

unknowable ways, if the virus continues to spread. Scientists are concerned

about possible changes that could take place as the virus spreads to the

southern hemisphere and encounters currently circulating human viruses as

the normal influenza season in that hemisphere begins.”

( http://www.who.int/csr/disease/swineflu/assess/disease_swineflu_assess_20090

511/en/index.html)

1b) Some resources for staying up to date:

(http://www.cdc.gov)

(http://www.who.int/en)

(http://www.sans.edu/resources/leadershiplab/pandemic_watch2009.php)

 

1c) One thirds:

1/3 of H1N1 virus patients in Mexico don’t get a fever. This is one of the

primary initial detection methods, so this development is troubling.

( http://www.nytimes.com/2009/05/13/health/13fever.html?_r=1&em)

1/3 of polled US citizens wouldn’t take a vaccination for H1N1. (The same

people probably don’t wash their hands after using the restroom, either.)

( http://www.msnbc.msn.com/id/30731745/)

 

1d) If you’re sick, take a sick day. I think this is something important

whether it’s Novel influenza or just regular influenza. Stay home- don’t

infect others.

( http://www.nytimes.com/2009/05/12/health/12case.html)

 

 

1e) Yuck! A cough can produce thousands of tiny droplets (as many as 3,000) that

can carry thousands of viruses. Those droplet can remain airborne for some

time- long enough to potentially infect others who pass by.

( http://www.msnbc.msn.com/id/30701739/)

 

1f) Swine Flu May Be Human Error; WHO Investigates Claim

(http://www.bloomberg.com/apps/news?pid=20601087&sid=afrdATVXPEAk&refer=w

orldwide)

 

2) PCI: Brand or Security Standard?
Attrition.org has an interesting article on PCI and Visa’s statements of whether recently breached processors were or were not compliant.

(http://attrition.org/security/rants/pci/heartland01.html)

3) Windows 7 RC leaked copies have a trojan, while researchers demonstrate proof of concept rootkit.

Do we expect Microsoft’s upcoming OS to offer us better security or does it look like more of the same?

(http://www.csoonline.com/article/491724/Leaked_Copies_of_Windows_RC_Contain_Trojan)

(http://www.theregister.co.uk/2009/05/08/win7_rootkit_poc/)

4) 10 Days inside a botnet.
Many interesting things were learned, especially how difficult malware can be to get off. Mebroot infects the Master Boot Record!

(http://www.csoonline.com/article/491721/Botnet_Probe_Turns_Up_GB_of_Personal_Financial_Data)

(http://news.cnet.com/8301-1009_3-10223716-83.html?tag=newsEditorsPicksArea.0)

5) New Chip Brings Military Security to Commercial Processors
16 April 2009—Last week, a spot check of electric grid systems revealed that hackers had infiltrated the U.S. electric grid. The government inspections, motivated by a 2007 Idaho National Laboratory demonstration of the vulnerabilities of the U.S. grid, revealed more than the inspectors had bargained for: The invaders had left behind potentially disruptive malware. A former U.S. official told the Associated Press that the culprit was “almost without a doubt” state sponsored, and a follow-up listed Russia and China as suspects (although the Chinese government emphatically denied the charge this week)

Last month, Pleasanton, Calif.–based CPU Tech introduced into the commercial market a secure processor that had previously been available only for military systems. The Acalis CPU872 is the first microprocessor born of new methods the Pentagon learned from its hunt for secret kill switches in the commercial chips the agency buys. But beyond just defense contractors, CPU Tech is targeting commercial users of PowerPC processors at big firms and agencies including those responsible for securing public infrastructure, such as electric power generators and subway systems.
http://staging.spectrum.ieee.org/print/8649

6) Say It Ain’t So. Cyber Profits Falling...
The WashingtoPost.com has a story saying that because of all the credit card and bank data that has been stolen that prices have dropped. Are thieves making less money?
http://voices.washingtonpost.com/securityfix/2009/04/glut_of_stolen_banking_data_tr.html

7) ATM malware appears
Its not just computers but also ATM’s that are now being affected by malware. Sophos reported that they received three “samples of a Trojan that was customized to run on Diebold-manufactured cash machines in Russia… The malware was able to read card numbers and PINs – then when the attacker returned to the ATM, he inserted a specially crafted card that told the machine to issue him a receipt containing the stolen information.”
http://www.scmagazineus.com/ATM-malware-appears-Diebold-issues-security-update/article/129059

8) ID an ATM Skimmer
24-page PDF on ATM skimmers that’s making it rounds in Australia.
http://cache.gawker.com/assets/images/consumerist/2009/04/Skimmer_presentation_v1_230109_ppt_1__01.pdf

ATMs on Staten Island rigged for identity theft; bandits steal $500G

A band of brazen thieves ripped off hundreds of New Yorkers by rigging ATMs to steal account and password information from bank customers.

They used the pilfered info to swipe half a million dollars from their victims' bank accounts - the latest twist in increasingly aggressive identity-theft scams, police said.

9) Heartland Payment System Regains PCI DSS Compliance
Heartland was on probation from Visa which allowed them to process credit card transactions while in the process of recertification. Due to the breach and repercussions Heartland had paid 12.6 million and plans to roll out an end-to-end data encryption system later this year.
(http://www.theregister.co.uk/2009/05/07/heartland_breach_costs/ )

10) Epic Failure from McAfee
Never performed a full code review for a web vulnerability tool? “The ultimate and obvious irony, however, is that McAfee Secure is in the business of testing others' web applications. I'll be the first to say that they are not equipped to do so.”
(http://skeptikal.org/2009/05/epic-failure-from-mcafee.html )

11) FBI raids a data center, seizes more than is warranted
What could happen when you have your system hosted elsewhere, in the cloud? As part of coordinated raids in early April, FBI agents seized computers from a data center in Dallas, Texas, attempting to gather evidence in an ongoing investigation of two men and their various companies accused of defrauding AT&T and Verizon for more than US$6 million.

The data center allegedly held the computers and data used to serve voice-over-IP clients for the companies at the center of the case. Yet, it was also home to the digital presence of dozens of other businesses, according to press reports. To LiquidMotors, a company that provides inventory management to car dealers, the servers held its client data and hosted its managed inventory services. (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9131985)

(http://www.cio.com/article/490340/When_the_FBI_Raids_a_Data_Center_A_Rare_Danger)

 

12) Trade in secondhand BlackBerries booming in Nigeria

“Secondhand BlackBerries on Nigerian markets are priced according to the data held on them, not the age or the model of a phone.
(http://www.theregister.co.uk/2009/05/04/blackberry_data_trade_nigeria/)

 

II. Tech Segment

Sorry! None this week.

 

III. Cooltility (Cool + Utility = Cooltility)

Space Sniffer - Get a graphical representation of how your disk space is being used.

http://www.uderzo.it/main_products/space_sniffer/index.html

IV. Smarter U.

One investment you can never lose on is the investment of yourself.

1. Find a plethora of papers on a ton of topics at SANS Reading Room. Lots of timely papers to learn from, perhaps even something from one of your podcast hosts (wink wink, nudge nudge): http://www.sans.org/reading_room/

Got a suggestion for this space? Please send it to podcast@cuispa.org.