************************ Sponsored By Zscaler **************************
ONLINE WEBCAST with GARTNER: WHY ADVANCED THREAT PROTECTION IS BETTER DONE IN THE CLOUD Are you doing enough to manage your security risks in today's Web 2.0 World? Join Peter Firstbrook of GARTNER who will detail why cloud security is better for advanced threat protection. Sept 8 at 10am PST / 1pm EST http://www.sans.org/info/86259
- -- SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011 45 courses. Bonus evening presentations include Securing the Kids; Who is Watching the Watchers?; and Emerging Trends in the Law of Information Security and Investigations http://www.sans.org/network-security-2011/
- -- NCIC: The National Cybersecurity Innovations Conference, DC, Oct. 11-12, 2011 3 tracks - Cloud computing, Continuous Monitoring and Enterprise Mobile Security training http://www.sans.org/ncic-2011/
- --SANS Chicago 2011, Chicago, IL, October 23-28, 2011 6 courses. Bonus evening presentations include Computer Forensics in the Virtual Realm and Electrical Grid Security http://www.sans.org/chicago-2011/
- --SANS Seattle 2011, Seattle, WA, November 2-7, 2011 5 courses. Bonus evening presentations include Future Trends in Network Security; and Ninja Developers: Penetration Testing and Your SDLC http://www.sans.org/seattle-2011/
- --SANS San Francisco 2011, San Francisco, CA, November 14-19, 2011 6 courses. Bonus evening presentations include The Worst Mistakes in Cloud Computing Security; Offensive Countermeasures; and Watching the Wire at Home http://www.sans.org/san-francisco-2011/
- --SANS San Antonio 2011, San Antonia, TX, November 28-December 5, 2011 7 courses. Bonus evening presentations include Effective Methods for Implementing the 20 Critical Security Controls; and Assessing Deception: Are They Lying to You? http://www.sans.org/san-antonio-2011/
DNS Attack Affects Prominent Websites (September 4 & 5, 2011)
An attack on Domain Name System (DNS) service providers NetNames and Ascio has affected as many as 200 prominent websites, including those of the Daily Telegraph, UPS and Vodafone. Users attempting to visit those sites were redirected to a site set up by the attackers. The perpetrators are believed to be the same group that launched similar attacks against Korean websites in August. They launched their attacks by targeting DNS service providers. Many of the websites restored service as soon as they learned of the problem, but because web traffic relies on the DNS system, returning to normal could take up to three days. Internet Storm Center: -http://isc.sans.edu/diary/Several+Sites+Defaced/11503
UK Police May Get Authority to Shut Down Domains Without Court Order (September 2, 2011)
Law enforcement authorities in the UK may gain the power to suspend Internet domain names without a court order if they suspect the domains are being used for illegal purposes. A proposed rule would allow police the expanded authority when "the urgent suspension of the domain name is necessary to prevent serious and immediate consumer harm." Prior to the takedown, police would have to file a declaration with Nominet, which manages the .uk registry, that the action is "proportionate, necessary and urgent," but would not need to get court approval. -http://www.theregister.co.uk/2011/09/02/cops_to_get_dot_uk_takedown_powers/
Former Employee Erased Payroll Files (September 5, 2011)
David Palmer, a former IT administrator at McLane Advanced Technologies in Texas, has pleaded guilty to charges of computer intrusion. After his firing, Palmer accessed his former employer's computer system and erased payroll files belonging to one of its customers, a military contractor called Lone Star Plastics. Court records indicate that Palmer told investigators that his intent was "to create general havoc and disorder for McLane." Palmer was able to gain access to the system after he was fired through a backdoor he had set up prior to leaving the company. He accessed the system though a Wi-Fi network at an area restaurant. -http://news.techworld.com/security/3301315/ex-employee-hacks-us-military-contrac tors-computer-systems/ [Editor's Note (Schultz): This sad story should once again remind information security professionals of the recent statistic that the majority of insider attacks are initiated remotely by former employees. Shutting off all access avenues of people who are being terminated or leaving an organization is *that* important. ]
Police Accompanied Apple Investigators in Search for Missing iPhone Prototype (September 2 & 3, 2011)
WikiLeaks Suing Newspaper Over Cable Leak (September 1, 2011)
WikiLeaks says it plans to sue The Guardian newspaper over the leak of thousands of unredacted US State Department diplomatic cables. According to a statement from WikiLeaks, "a Guardian journalist has negligently disclosed top secret WikiLeaks' decryption passwords to" an archive containing the cables. -http://www.informationweek.com/news/security/attacks/231600630
Microsoft Facing Lawsuit Over Windows Phone 7 Location Data Collection (September 1, 2011)
A complaint filed in district court in Seattle alleges that Microsoft's Windows Phone 7 tracks users' locations without permission. The complaint alleges that Microsoft is attempting to map the locations of cell towers, wireless routers, mobile phones and computers to support its location-based advertising service, and that the company is using the Windows Phone camera application to gather the information. The first time users open the camera application, they are asked for permission to log their location. Users' responses are ignored when the application is opened subsequently. -http://www.informationweek.com/news/security/privacy/231600657
Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/
This course, on the first day, made clear several topics that I had questions on for years. The explanations provided were unlike other information contained on websites and in books -M. Cook, Arrowhead International