- -- SANS Security West 2011, San Diego, CA, May 3-12, 2011 23 courses. Bonus evening presentations include The Emerging Security Threat Panel Discussion; and Emerging Trends in Data Law and Investigation http://www.sans.org/security-west-2011/
- -- SANS Cyber Guardian 2011, Baltimore, MD, May 15-22, 2011 8 courses. Bonus evening presentations include Windows Exploratory Surgery with Process Hacker and State of the Hack: Stuxnet. 8 courses. http://www.sans.org/cyber-guardian-2011/
- -- SANS Rocky Mountain 2011, Denver, CO, June 25-30, 2011 7 courses. Bonus evening presentations include SANS Hacklab and Why End Users are Your Weakest Link http://www.sans.org/rocky-mountain-2011/
- -- SANSFIRE 2011, Washington, DC, July 15-24, 2011 40 courses. Bonus evening presentations include Ninja developers: Penetration testing and Your SDLC; and Are Your Tools Ready for IPv6? http://www.sans.org/sansfire-2011/
- -- SANS Boston 2011, Boston, MA, August 8-15, 2011 12 courses. Bonus evening presentations include Cost Effectively Implementing PCI through the Critical Controls; and More Practical Insights on the 20 Critical Controls http://www.sans.org/boston-2011/
Some Customer Data Permanently Destroyed in Amazon Cloud Crash (April 28, 2011)
The crash of Amazon's cloud services not only inconvenienced its customers because of web site inaccessibility, but in some cases, data were permanently destroyed. A thorough explanation of the crash has not yet been offered. Two businesses that use Amazon's cloud services managed to continue running undisrupted during the crash because they had taken measures themselves to protect themselves from such an incident. -http://technolog.msnbc.msn.com/_news/2011/04/28/6549775-amazons-cloud-crash-dest royed-many-customers-data -http://www.informationweek.com/news/cloud-computing/infrastructure/229402385 [Editor's Note (Ranum): You can put your data in the cloud - it's getting it back that's the hard part. (Schultz): Amazon has an excellent reputation as a cloud service provider; I am baffled by what happened. At the same time, there is a huge lesson to be learned here--never, never completely rely on a cloud provider for anything--always have a plan B, as the two businesses mentioned in this story so nicely illustrate. ]
[Editor's Note (Paller): This IG report is particularly defective. The NCIJTF is one of the most valuable and effective organizations the nation has ever had in cyber security -- measured in actual impact. It is a huge success story. The IG's findings are equivalent to saying that the NCIJTF cured cancer but their work is inadequate because they haven't also cured the common cold. Further, the finding that field offices have inadequate forensic and analytical capabilities completely misses the fact that analytical and forensics people with the high skills needed for those jobs are not available anywhere. Every three-letter agency and military organization and major defense contractor has a critical shortage (numbering in the thousands cumulatively) of the forensics hunters and tool builders needed to do cyber analysis at world-class levels. ]
US Federal Authorities Will Remotely Purge Coreflood from PCs with Written Permission (April 27 & 28, 2011)
Researcher Finds Holes in Chinese Government Networks (April 26, 2011)
Although China is often cast as the perpetrator in cyber attacks, one researcher has found that numerous Chinese government networks are vulnerable to attacks. Attackers have gained access to a database holding personal information, including names, passport numbers and results of psychological tests, of 11,000 people, some of whom are American citizens. Many of the Americans were not aware that their personal data were being held in the database, which is maintained by an agency in China that recruits foreign specialists for work. Other vulnerabilities in government systems could be exploited to eavesdrop on offices. The flaws were discovered by a US researcher. -http://www.washingtontimes.com/news/2011/apr/26/chinese-databases-exposed-to-hac kers/
A Buffalo, New York man found himself the object of a home raid by federal agents who accused him of downloading child pornography over his wireless network. Only after taking a desktop computer, iPads and iPhones from the home and examining them over a few days did federal agents clear the man of suspicion and pin the crime on a neighbor who had accessed the unprotected Wi-Fi network. The story is not unique; a similar incident occurred in Florida. The stories drive home the importance of home users securing their wireless routers. -http://www.msnbc.msn.com/id/42740201/ns/technology_and_science-wireless/ -http://www.theregister.co.uk/2011/04/26/open_wifi_networks/
Government Drops Investigation of Warrantless Wiretapping Whistleblower (April 26, 2011)
The US government is no longer pursuing its investigation of a former Justice Department attorney who leaked information about the existence of the George W. Bush administration's warrantless wiretapping program at the National Security Agency (NSA). Thomas Tamm told the New York Times about the program's existence in 2004; the paper broke the story in December 2005. -http://www.wired.com/threatlevel/2011/04/tamm/
Evolution of Cyber Security Competitions (April 2011)
The dearth of skilled cyber security professionals affects all sectors of the economy that depend on computers to function smoothly. Cyber security competitions help raise the visibility of the career path and identify raw talent that can be honed into a force of cyber security professionals with the necessary skills to protect and defend systems into the future. Cyber security competitions have evolved from events at hacker conferences to games of virtual capture the flag to Collegiate Cyber Defense Competitions and Cyber Boot Camps. Industry can help by sponsoring competitions, in-kind support and team participation. -http://www.pymnts.com/educating-the-next-generation-of-security-professionals/ [Editor's Note (Honan): Each year at the Irish CERT's conference we run a cyber challenge competition, HackEire www.hackeire.com, which is based on the SANS 504 training course. It always generates a lot of interest in those wishing to practise and hone their skills but also interestingly in the business people who attend the conference to observe and learn how systems are attacked.]
Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/