--SANS Chicago 2011, Chicago, IL, October 23-28, 2011 6 courses. Bonus evening presentations include Computer Forensics in the Virtual Realm and Electrical Grid Security http://www.sans.org/chicago-2011/
--SANS Seattle 2011, Seattle, WA, November 2-7, 2011 5 courses. Bonus evening presentations include Future Trends in Network Security; and Ninja Developers: Penetration Testing and Your SDLC http://www.sans.org/seattle-2011/
--SANS San Francisco 2011, San Francisco, CA, November 14-19, 2011 6 courses. Bonus evening presentations include The Worst Mistakes in Cloud Computing Security; Offensive Countermeasures; and Watching the Wire at Home http://www.sans.org/san-francisco-2011/
--EURO SCADA & Process Control System Security Summit, Rome, Dec 1-2, 2011 Gain the most current information regarding SCADA and Control System threats and learn how to best prepare to defend against them. http://www.sans.org/eu-scada-2011/
--SANS San Antonio 2011, San Antonio, TX, November 28-December 5, 2011 7 courses. Bonus evening presentations include Effective Methods for Implementing the 20 Critical Security Controls; and Assessing Deception: Are They Lying to You? http://www.sans.org/san-antonio-2011/
--SANS London 2011, London, UK, December 3-12, 2011 16 courses. Bonus evening presentations include IPv6 Challenges for Intrusion Detection and Understanding How Attackers Bypass Network and Content Restrictions. http://www.sans.org/london-2011/
--SANS CDI 2011, Washington, DC, December 9-16, 2011 27 courses. Bonus evening presentations include Emerging Trends in Data Law and Investigations, and Critical Infrastructure Control Systems Cybersecurity. http://www.sans.org/cyber-defense-initiative-2011/
--SANS Security East 2012, New Orleans, LA January 17-26, 2012 11 courses. Bonus evening presentations include Advanced VoIP Pen Testing: Current Threats and Methods; and Helping Small Businesses with Security. http://www.sans.org/security-east-2012/
Blackberry Services Restored After Three-Day Failure (October 13, 2011)
Three days after a network disruption that affected messaging and email for Blackberry customers, the company says the services have been "fully restored." Blackberry founder Mike Lazaridis says the company is launching an investigation into the disruption, which is the most severe the company has yet experienced. Lazaridis said the problem started with a hardware error and a cascade of events led to the massive outage. -http://www.bbc.co.uk/news/technology-15287072 -http://money.cnn.com/2011/10/13/technology/blackberry_outage/index.htm [Editor's Note (Liston): I thought about saying something really humorous here, but Blackberry owners probably wouldn't get it (hehehe). (Honan): Given the growth in mobile email in the enterprise this outage should be a sharp reminder for organisations, not just RIM, to re-examine their business continuity plans with regards to email services.]
Air Force Downplays Severity of Malware Infection on Drone Computer System (October 13, 2011)
The US Air Force has called the malware that reportedly infected the computer system controlling drone aircraft nothing more than a "nuisance." Officials said reports indicating the malware had stolen data from military networks are false. They also said that the malware did not have keystroke logging capabilities. The malware infected a system which is separate from that used to control the drones remotely. The malware was not targeting the drone system, but was commonplace malware used to steal login credentials for online gaming. -http://www.informationweek.com/news/government/security/231900741 -http://www.msnbc.msn.com/id/44883383/ns/technology_and_science-security/#.Tpd9jH LZV8F -http://arstechnica.com/tech-policy/news/2011/10/get-hacked-dont-tell-drone-base- didnt-report-virus.ars [Editor's Note (Liston): I care less about the capabilities of the malware they were infected with and more about the fact that they were infected with malware. If your processes failed to the point that your systems got whacked, arguing about the capabilities of the creepy-crawly du jour is just a distraction. The real question here is: Have you figured out how this happened, and have you fixed it? (Northcutt): It is likely that only people with security clearances will ever know what that malware can and cannot do. However, I think we can all agree the unmanned aerial vehicle program, which costs about $4 billion a year, has now been shown to vulnerable to malware insertion. A lot of smart people are going to put a lot of effort into doing exactly that. I would think a first line of defense would be some sort of software white listing. Speaking of that, I just switched to Mac Lion, if anyone has endpoint security tools that you feel work well, please toss me a few suggestions (firstname.lastname@example.org). ]
Dutch ISP Files Complaint Against Spamhaus (October 13, 2011)
Dutch Internet service provider (ISP) A2B has filed a complaint with police after a request from Spamhaus to block traffic from a German ISP ended up affecting its traffic as well. Spamhaus had requested an order to block all traffic from Cyberbunker, a German ISP that has supported The Pirate Bay. Cyberbunker has several server racks with a partner of A2B. The upstream provider did not comply with the order to block all Cyberbunker traffic and instead blocked only one IP address that had been pinpointed by Spamhaus as a source of spam. As a result, Spamhaus blocked all A2B customers' traffic. When A2B finally did remove Cyberbunker from its border gateway protocol (BGP) list, its customers were able to resume business. But A2B's managing director is unhappy with Spamhaus's actions, saying that "Spamhaus cannot be its own judge." -http://www.theregister.co.uk/2011/10/13/dutch_isp_accuses_spamhaus/ -http://www.eweekeurope.co.uk/news/dutch-isp-hits-spamhaus-with-police-complaints -42302
Energy Industry Notes Shift From Physical to Cyber Security Threats (October 13, 2011)
Security concerns within the energy industry have shifted in the last few years from physical threats to cyber threats. Energy companies used to be focused on physical terrorist attacks and kidnappings; now companies are focused on protecting proprietary information from cyber theft. In 2008, computer networks at several oil companies were found to have been infiltrated by cyber criminals looking for data about gas lease bids. Companies within the energy industry are still reluctant to talk about cyber attacks. At the recent FBI-sponsored Energy Security Awareness Symposium, two speakers asked that they not be identified and reporters were asked to leave during a presentation about counter-terrorism. -http://fuelfix.com/blog/2011/10/13/cybercrime-becomes-bigger-threat-to-energy-in dustry-than-terrorists/ [Editor's Note (Pescatore): I hope this is *not* a shift, but an addition of cyber defense to physical defense. By far the most likely catastrophic event in the power system will be physical attacks and other physical events. (Liston): I would hope that "shift" isn't the case. I would hope that the proper term is "augment." ]
Apple Releases Updates for Mac OS X, Safari and iOS (October 13, 2011)
FBI Arrests Man Who Allegedly Breached Celebrities' eMail Accounts (October 12, 2011)
FBI agents have arrested a man in Florida in connection with a series of cyber attacks that targeted celebrities. Christopher Chaney allegedly broke into more than 50 email accounts and stole photographs, movie scripts, and financial data. Chaney allegedly altered the settings on the hacked accounts to forward copies of all incoming messages. He faces charges of accessing protected computers without authorization; identity theft; damaging protected computers without authorization; and wiretapping. -http://www.bbc.co.uk/news/entertainment-arts-15277900 -http://www.wired.com/threatlevel/2011/10/nude-celeb-hacker-arrested/
Newest ZeuS Has P2P Capabilities (October 12 & 13, 2011)
Probation for Men Who Sold Lost iPhone 4 Prototype (October 11, 2011)
The two men involved in the sale of the lost iPhone 4 prototype in 2010 have been sentenced to probation and community service; they were also ordered to pay US$250 in restitution to Apple. Brian Hogan found the device at a bar in Redwood City, California where it had been accidentally left behind by an Apple engineer. Hogan eventually sold the phone to an editor at the tech blog Gizmodo, an arrangement brokered by his friend and co-defendant, Sage Wallower. -http://www.wired.com/threatlevel/2011/10/brian-hogan-sentenced/
RSA Says Attack that Compromised SecurID Came From Groups Working for Nation State (October 11 & 12, 2011)
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://www.sans.org/account