-- SANSFIRE 2011, Washington, DC, July 15-24, 2011 41 courses. Bonus evening presentations include Ninja Developers: Penetration Testing and Your SDLC; and Are Your Tools Ready for IPv6? http://www.sans.org/sansfire-2011/
-- SANS Boston 2011, Boston, MA, August 8-15, 2011 12 courses. Bonus evening presentations include Cost Effectively Implementing PCI through the Critical Controls; and More Practical Insights on the 20 Critical Controls http://www.sans.org/boston-2011/
-- SANS Virginia Beach 2011, August 22- September 2, 2011 11 courses. Bonus evening presentations include SANS Hacklab; Offensive Countermeasures; and Evolving VoIP Threats http://www.sans.org/virginia-beach-2011/
-- SANS Ottawa 2011, Ottawa, Ontario, August 28- September 2, 2011 5 courses. Bonus evening presentations include DNS Sinkhole: Peer Into Your Network While You Sleep; and I See What You Did There: Forensic Time Line Analysis http://www.sans.org/ottawa-2011/
-- SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011 43 courses. Bonus evening presentations include Securing the Kids; Who is Watching the Watchers?; and Emerging Trends in the Law of information Security and Investigations http://www.sans.org/network-security-2011/
Plus London, Austin, Canberra and Ottawa all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php
******************* SPONSORED BY ArcSight, an HP Company ******************
Logs of the World - UNITE! Power to IT Ops! ArcSight Logger is now available for FREE. Download it today and experience true, enterprise-class log management functionality. ArcSight Logger is the first Universal Log Management solution that unifies searching, reporting, alerting and analysis across any type of enterprise log data. Download yours for FREE today. http://www.sans.org/info/79089
Pentagon to Release Cyber Warfare Strategy (May 31, 2011)
The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force. One idea gaining momentum at the Pentagon is the notion of "equivalence." If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a "use of force" consideration, which could merit retaliation. The Pentagon will release a plan that can serve as a warning and deterrent to would-be attackers. -http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html
PBS Web Site Hacked As Retribution for Story (May 31, 2011)
2) Learn how to secure your network during the IPv6 transition at the Security Impact of IPv6 Summit July 15th in Washington DC and take advantage of the post-Summit IPv6 Essentials course July 16th. http://www.sans.org/info/79099
3) Hear industry experts discuss techniques to fight crimes at the Forensics and Incident Response Summit in Austin, Texas - June 7-8th. Make sure to also attend any of the 4 post-Summit courses June 9-14th. http://www.sans.org/info/79104
Sony Will Testify at House Committee Privacy Hearing (May 27, 2011)
Sony has agreed to testify at a privacy hearing of the House Energy and Commerce Committee's Subcommittee on Commerce, Manufacturing and Trade on June 2. The company, which recently suffered a massive data security breach of its PlayStation Network (PSN), also sent a letter to legislators providing additional information about the attacks. Sony Computer Entertainment chairman Kazuo Hirai explained that the company did not testify earlier because the company "was under attack and it was critically important that ... key personnel remained available" to the company. Representatives from Epsilon, which also suffered a serious breach earlier this spring, will testify at the hearing as well. -http://www.pcmag.com/article2/0,2817,2386051,00.asp -http://energycommerce.house.gov/Media/file/Letters/112th/052611sonyresponse.pdf -http://energycommerce.house.gov/hearings/hearingdetail.aspx?NewsID=8653 [Editor's Note (Honan): Mr. Hirai provides good counsel with regards to managing an incident. To ensure core team members focus on handling the incident you should appoint someone to keep senior management and other stakeholders updated on the situation. This allows those stakeholders to make appropriate decisions on how to manage the crisis from a business point of view while the company is under attack "key personnel remained available." ]
Google Pulls Apps from Chrome Web Store Over Privacy Issues (May 26 & 29, 2011)
Russian online payment processor ChronoPay has been linked to scareware targeting Mac users. For the last month, warnings have been circulating about malware that attempts to get Mac users to purchase useless security software by falsely claiming that their computers are infected. The attacks spread through Google Image search results that had been altered. Journalist Brian Krebs examined the registration records for the domains used to pay for the scareware and found that they are linked to ChronoPay. The company has denied any involvement with the rogue anti-virus software. -http://krebsonsecurity.com/2011/05/chronopay-fueling-mac-scareware-scams/
Microsoft Safety Scanner Finds Evidence of Attack or Infection on Five Percent of PCs (May 27, 2011)
According to information compiled from Microsoft's Safety Scanner, nearly five percent of PCs running Windows are infected with malware. The free malware scanning and scrubbing tool was launched on May 12; since then, it has been downloaded 420,000 times and removed malware or evidence of previous attacks from more than 20,000 machines. Seven of the top ten threats found by the tool were Java-based exploits. -http://www.computerworld.com/s/article/9217113/New_malware_scanner_finds_5_of_Wi ndows_PCs_infected?taxonomyId=85 [Editor's note (Schultz): I believe Microsoft's reported infection rate is too low. Users who do not have a clue concerning how to secure their systems almost certainly have high infection rates. These users are not aware of Microsoft's Safety Scanner, let alone of how to download and run this tool, but more sophisticated and security-aware users are. Microsoft's statistics thus in all likelihood apply almost entirely to the latter group. ]
Two Convicted in Scheme to Sell Counterfeit Cisco Equipment (May 27, 2011)
Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/