*********************** Sponsored By AccelOps **************************
AccelOps is offering a Competitive Upgrade Package exclusively for Cisco CS-MARS security appliance customers and resellers seeking greater SIEM functionality, interoperability and investment protection. Upgrade to AccelOps at your current MARS maintenance fee and receive a full year of maintenance & support. Learn about AccelOps SIEM 2.0 and obtain your Free "SOC/NOC Convergence" report by Spire Research.
1) Participation is needed! Be a part of this years 2010 SANS Log Management Report by completing the survey and have a chance to win a $250 AMEX Card. Click here to complete the survey an be automatically registered. https://www.sans.org/info/53009
Adobe Will Release Silent Update Beta (January 6, 2010)
Adobe plans to introduce silent updates to help ensure that more users are running current versions of Reader and Acrobat. The beta version of Adobe Reader with silent update is expected to be available later this month. If the beta works well, future releases will have the feature enabled by default. Users would be able to adjust the settings if they need to. If the January test goes well, Adobe could roll out the automatic updater as soon as April. -http://www.h-online.com/security/news/item/Adobe-to-introduce-silent-updates-for -Reader-896979.html -http://www.securityfocus.com/brief/1057 [Editor's Note (Ullrich): 2010 will be a big year for Adobe to gain back a lot of lost trust, lets hope that this new update scheme works out well. ]
Year-Change Confounds Some German Payment Cards (January 6 & 7, 2010)
(Ullrich): There appear to be two different reasons why we had so many issues with 2010. First of all the obvious one: Input validation code checked if the year started with '200'. The second one appears to be less obvious. Some systems (like mobile operating systems and it appears some ATM machines) jumped from 2009 straight to 2016. The reason may be that the last two digits are represented in hexadecimal in some places internally in the code. 0x10=16 decimal. ]
US Financial Services ISAC to Hold Cyber Incident Exercise (January 6, 2010)
Convicted Filesharer Seeks Lower Fine (January 4 & 5, 2010)
The Boston University student who was fined US $675,000 for illegally downloading music has asked a judge to reduce the penalty or give him a retrial. Joel Tenenbaum, who was fined US $22,500 for each of 30 songs he was found guilty of downloading in violation of copyright law, says the amount is "grossly excessive." -http://news.bbc.co.uk/2/hi/technology/8441306.stm -http://abcnews.go.com/Technology/wireStory?id=9476541 [Editor's Note (Schultz): A fine of nearly USD 700K for downloading 30 songs is simply not just, even if Tenenbaum is, as the music industry has alleged, a hardcore copyright violator. ]
Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC)
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, http://www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.
Prof. Howard A. Schmidt is the President of the Information Security Forum (ISF) and author who has served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.
Alan Paller is director of research at the SANS Institute
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/
This course, on the first day, made clear several topics that I had questions on for years. The explanations provided were unlike other information contained on websites and in books -M. Cook, Arrowhead International