Just 13 days until the early registration deadline for SANSFIRE 2011
(Washington, DC) saving you $400. 27 full-week immersion courses and a
dozen new short courses. Plus the free SANS @NIGHT presentations at
SANSFIRE are better than regular presentations at most other conferences
because they tell "what have we just learned" updates from the handlers
at the Internet Storm Center.
Info at: http://www.sans.org/sansfire-2011 Alan
************************************************************************* SANS NewsBites May 20, 2011 Volume: XIII, Issue: 40 *************************************************************************
- -- SANS Rocky Mountain 2011, Denver, CO, June 25-30, 2011 7 courses. Bonus evening presentations include SANS Hacklab and Why End Users are Your Weakest Link http://www.sans.org/rocky-mountain-2011/
- -- SANSFIRE 2011, Washington, DC, July 15-24, 2011 40 courses. Bonus evening presentations include Ninja developers: Penetration testing and Your SDLC; and Are Your Tools Ready for IPv6? http://www.sans.org/sansfire-2011/
- -- SANS Boston 2011, Boston, MA, August 8-15, 2011 12 courses. Bonus evening presentations include Cost Effectively Implementing PCI through the Critical Controls; and More Practical Insights on the 20 Critical Controls http://www.sans.org/boston-2011/
- -- SANS Virginia Beach 2011, August 22- September 2, 2011 11 courses. Bonus evening presentations include SANS Hacklab; Offensive Countermeasures; and Evolving VoIP Threats http://www.sans.org/virginia-beach-2011/
- -- SANS Ottawa 2011, Ottawa, Ontario, August 28- September 2, 2011 5 courses. Bonus evening presentations include DNS Sinkhole: Peer Into Your Network While You Sleep; and I See What You Did There: Forensic Time Line Analysis http://www.sans.org/ottawa-2011/
- -- SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011 43 courses. Bonus evening presentations include Securing the Kids; Who is Watching the Watchers?; and Emerging Trends in the Law of information Security and Investigations http://www.sans.org/network-security-2011/
Plus Barcelona, London, Austin, and Canberra all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ************************* SPONSORED BY Symantec ***************************
Modern malware rarely strikes the same way twice. Today's malicious code rapidly mutates, bypassing traditional defenses. Traditional antivirus approaches no longer work. Download the Symantec Endpoint Protection 12 beta to see how Symantec can help mitigate threats today and tomorrow for both small businesses and the largest enterprises. http://www.sans.org/info/77844
Senators Want Laws to Address Smartphone Data Privacy (May 19, 2011)
US legislators are calling for laws that protect smartphone users from having their location tracked. Senators Jay Rockefeller (D-WVa.) and John Kerry (D-Mass.) told the Senate Commerce, Science and Transportation Committee Subcommittee on Consumer Protection that there needs to be legislation that gives consumers control of their location information on smartphones and personal data on the Internet. They also said that the smartphone app market needs to be regulated; because this particular sector of the market is expanding so rapidly, "many consumers do not understand the privacy implications of their actions." -http://www.bloomberg.com/news/2011-05-19/google-s-davidson-defends-company-s-use -of-mobile-location-data.html -http://www.computerworld.com/s/article/9216864/Senators_New_smartphone_tracking_ law_needed?taxonomyId=17 [Editor's Note (Pescatore): I really don't think new laws are needed, the FTC is doing a good job chasing this kind of stuff down. Increase the FTC funding to enforce existing regulations would be much better than more laws at the same time enforcement budgets are being cut. ]
Reitinger Confident His Team Will Successfully Implement Cybersecurity Plans at DHS (May 19, 2011)
Top DHS cyber security official Philip Reitinger will step down from his position as Deputy Undersecretary of the National Protection and Programs Directorate and Director of the National Cyber Security Center on June 3, 2011. In his time at DHS, Reitinger has been instrumental in nearly tripling agency cyber security staff. He is also responsible for helping create cyber security legislation that would give DHS increased authority, including oversight of cyber security at civilian federal agencies. Reitinger will testify at three hearings regarding the proposed legislation before his departure. He is confident that his team will implement plans. One name that has been cited as a potential successor to Reitinger is former Air Force CIO John Gilligan. -http://thehill.com/blogs/hillicon-valley/technology/162279-top-dhs-cyber-securit y-official-explains-departure -http://www.nextgov.com/nextgov/ng_20110519_5961.php?oref=topnews -http://www.theatlantic.com/technology/archive/2011/05/homeland-securitys-top-cyb ersecurity-official-resigns/239136/ [Editor's Note (Paller): Gilligan is a brilliant choice for leadership in cyber at DHS. No one else in government has shown that security can be radically improved while lowering costs - an absolute necessity in the coming era of tight budgets. If the White House and DHS choose a proven operational leader like Gilligan, they will be demonstrating that they believe cybersecurity is important enough to take action to make the government's internal cybersecurity a model of effectiveness for the critical infrastrucuture. ]
THE REST OF THE WEEK'S NEWS
Sony Treading Carefully After PSN Relaunch (May 18, 2011)
Suspended Sentence for Stealing Log-in Credentials (May 18, 2011)
UK university student Paul McLouglin received an eight-month suspended sentence for using a Trojan horse program to gain access to people's computers. McLouglin tricked users into downloading the malware by disguising it as a code-generation key for online gaming and making it available on a filesharing network. The Trojan, Istealer, harvests online account login credentials and uploads them to a remote server. Authorities say that McLouglin accessed at least 20 accounts through information he obtained with the malware. -http://www.theregister.co.uk/2011/05/18/gaming_trojan_conviction/
SpyEye Targets Verizon Customers (May 18, 2011)
Users whose computers were infected with the SpyEye Trojan horse program may have exposed their personal information to attackers. The malware waits until users log into certain sites, in this case Verizon, then serves up a form asking for sensitive information such as Social security numbers (SSNs) and credit card data. Because users have already logged in to the site on their own, they are more likely to trust that the requests for information are legitimate. The attacks targeting Verizon customers occurred between May 7 and 13. -http://redtape.msnbc.msn.com/_news/2011/05/19/6672216-verizon-wireless-customers -targeted-in-nearly-invisible-trojan-horse-scam
South Korean Financial Authority Will Penalize Hyundai Capital Over Breach (May 18, 2011)
INVITATION: Get Involved with SCORE Want to get more involved with SANS? Want to share your IT Security knowledge? Join the SANS Security Consensus Operational Readiness Evaluation (SCORE) Project! Help SCORE make the online world a safer place. SCORE guides recently added/updated include: -Installing RedHat/CentOS -Malicious File Investigation Procedures -Rootkits Investigation Procedures We are currently looking for contributors and authors in the following technical areas (If your area is not in this list and you'd like to contribute, don't be afraid to contact us with your idea.): -Microsoft Windows 7 Security -OS X (iPad/iPhone) Security -OS X Security -Microsoft Windows 2008 Server Security -Virtual Machines -How/Where Trojans hide -Ubuntu Linux -Redhat Linux -General Linux -Cloud Security -Rootkits -Malware Analysis Static -Malware Analysis Dynamic -Using Olly Debug for malware analysis -Using IDA Pro for malware analysis -MySQL Security -Webserver Security and Testing -Juniper JunOS -PostgreSQL If you are a subject matter expert or aspiring to be one, are interested in becoming more involved in the security community (specifically SANS) and/or would like to have the opportunity to benefit from contributing to projects of this type, please email the following information to the SCORE project lead - Darren Bennett (firstname.lastname@example.org).
- ------------------------------------------------------------------------ Name: Area(s) of expertise: Contact information (Email): Availability: - ------------------------------------------------------------------------
While I haven't been asked this question; I'd personally be asking "What's in it for me?" The following is a list of benefits for contributing to SCORE:
*Helping to increase security awareness. *Having your name credited as an author (or contributor) on one of the projects. *Networking. This is a great way to meet other security experts and share information. *CPE's for CISSP credits. *Recognition within the security community. *Becoming more involved with a great organization SANS!
To see some examples of popular SCORE checklists, checkout the following:
I look forward to hearing from you! Please email me the information requested above and I will put you in contact with other team members, the team leader or the SANS contact you will be working with. Do not hesitate to email me with questions or suggestions.
"Opportunity is missed by most people because it is dressed in overalls and looks like work." - Thomas A. Edison V/r, Darren Bennett
Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/
This course, on the first day, made clear several topics that I had questions on for years. The explanations provided were unlike other information contained on websites and in books -M. Cook, Arrowhead International