6 days to save $250 for SANS Crystal City 2014 - ends August 6

SANS NewsBites - Volume: XIV, Issue: 72


The international consortium on the 20 Critical Controls, led by Tony
Sager, will have its first meeting as part of the National Cybersecurity
Innovation Conference (to be keynoted by NSA's IAD Director, Deborah
Plunkett) October 3-4-5 at the Baltimore Convention Center. Attendees will
also see the top rated session from RSA - Ed Skoudis on the Five Most
Dangerous New Attack Techniques. You'll get the only U.S. briefing (plus
a Q&A workshop) by the Australians on their breakthrough that stops
targeted attacks (APT) and two very cool NSA innovations. Plus you'll
learn how NASA and HHS were able to automate security risk mitigation
quickly and cost effectively. Senior federal officials will provide policy
discussion on where the government is taking cyber security defense and
automation and you will also be able to attend (at no additional cost) the
collocated DHS/NSA/NIST program on continuous monitoring. Register at
http://www.sans.org/ncic-2012

*************************************************************************
SANS NewsBites                     September 07, 2012                    Volume: XIV, Issue: 72
*************************************************************************
TOP OF THE NEWS

  UK's GCHQ Chooses Top 20 Security Controls to Enable Businesses To Protect Their Systems from Cyber Attacks
  FTC Issues Mobile Security and Privacy Guidelines for Mobile App Developers
  Government Lawyers Say Cell Phone Location Data Can be Obtained Without Probable-Cause Warrant

THE REST OF THE WEEK'S NEWS

  Court: Employee Had Valid Access Rights When He Downloaded Proprietary Data
  Pushdo Variant Hides Communication With Command-and-Control Server
  Flash Not Patched in Windows 8 With IE10
  Light Patch Tuesday Allows Time to Prepare for New Certificate Requirements
  Sony Acknowledges Customer Data Compromised
  ICS-CERT Warns of Vulnerability in GarrettCom Network Switches
  Huawei Maintains it is Not Engaged in Cyber Espionage
  FBI Says Laptop Not Breached; Apple Says it Did Not Provide UDID List to FBI
  Two Men Charged with Attempting to Buy Trade Secrets


*************************** Sponsored By SANS*****************************
Special Webcast: Harvesting the Rotten Fruit II: Injecting until the Application leaks! Monday, September 10, 2012 at 1:00 PM EDT - Featuring Kevin Johnson. In this the second part of this trilogy, we will explore how SQL injection affects our applications. We will also discuss some basic methods for finding these issues and tools to make it easier for organizations.
http://www.sans.org/info/112852
****************************************************************************
TRAINING UPDATE

**Featured Conference 1: National Cybersecurity Innovation Conference, Oct 3-5, Baltimore - featuring briefings by and exhibits all the vendors that have tools for automating the 20 critical controls and for continuous monitoring.
http://www.sans.org/ncic-2012

**Featured Conference 2: The IT Security Automation Conference (ITSAC) Oct 3-5, Baltimore - featuring DHS and other government leaders providing a clear picture of the changes coming in federal cybersecurity
- - - especially in cloud and continuous monitoring. Not to miss. We try never to promote conferences where SANS doesn't control the program, but is an exception because the DHS and NIST folks have done a great job!
https://itsac.g2planet.com/itsac2012/

- --SANS Capital Region Fall 2012 September 6-11 and October 15-20, 2012
http://www.sans.org/capital-region-fall-2012/

- --SANS Crystal City 2012 Arlington, VA September 6-11, 2012 4 courses. Bonus evening presentations include SIFT Workstation: The Art of Incident Response.
http://www.sans.org/crystal-city-2012/

- --SANS Baltimore 2012 October 15-20, 2012 6 courses. Bonus evening presentations include Infosec Rock Star: How to be a More Effective Security Professional.
http://www.sans.org/baltimore-2012/

- --SANS Network Security 2012, Las Vegas, NV September 16-24, 2012 43 courses. Bonus evening presentations include Evolving Threats; New Legal Methods for Collecting and Authenticating Cyber Investigation Evidence; and Intrusion Detection is Dead.
http://www.sans.org/network-security-2012/

- --SANS Forensics Prague 2012 Prague, Czech Republic October 7-13, 2012 6 courses. Bonus evening presentations include Big Brother Forensics: Location-based Artifacts.
http://www.sans.org/forensics-prague-2012/

- --SANS Singapore 2012 Singapore, Singapore October 8-20, 2012 5 courses, including the new Virtualization and Private Cloud Security course, and Advanced Forensics and Incident Response. Don't miss this opportunity to upgrade your IT skills, work toward your GIAC security certification, and network with other top information security professionals.
http://www.sans.org/singapore-sos-2012/

- --SANS Seattle 2012 Seattle, WA October 14-19, 2012 5 courses. Bonus evening presentations include What's New in Windows 8 and Server 2012?; Assessing Deception; and Linux Forensics for Non-Linux Folks.
http://www.sans.org/seattle-2012/

- --SANS Chicago 2012 Chicago, IL October 27-November 5, 2012 9 courses. Bonus evening presentations include Securing the Kids and Securing the Human.
http://www.sans.org/chicago-2012/

- --SANS London 2012 London, UK November 26-December 3, 2012 16 courses.
http://www.sans.org/london-2012/

- --Looking for training in your own community?
http://www.sans.org/community/

- --Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current

Plus Dubai, San Diego, Johannesburg, Seoul, and Tokyo all in the next 90 days. For a list of all upcoming events, on-line and live:
http://www.sans.org/index.php
***************************************************************************

TOP OF THE NEWS

UK's GCHQ Chooses Top 20 Security Controls to Enable Businesses To Protect Their Systems from Cyber Attacks (September 5 & 6, 2012)
The UK's GCHQ is introducing a new program to help British businesses protect their computer systems from attacks. The program is called Cyber Security for Business and was launched on Wednesday, September 5. This marks the first time that intelligence services in the UK will be working directly with private sector organizations to help better their cybersecurity stance. GCHQ has produced Cyber Security Guidance for Business, which is a series of three work products aimed at helping organizations reduce the risk of cyberthreats and preventing or deterring most attacks. GCHQ director Iain Lobban says the approach will "make the bad guys' job harder and won't cost a fortune."
-http://www.v3.co.uk/v3-uk/news/2203085/gchq-to-arm-uk-businesses-against-cyber-a
ttacks

-http://www.telegraph.co.uk/news/uknews/defence/9521715/PLS-PIC-AND-PUB-GCHQ-to-a
dvise-senior-business-leaders-on-how-to-fight-cyber-attacks.html

-http://www.independent.co.uk/news/uk/politics/spooks-to-show-businesses-how-to-f
ight-cyber-attacks-8105025.html

-http://www.theregister.co.uk/2012/09/05/cyber_security_gchq_launch/
-http://www.scmagazineuk.com/if-the-government-talks-about-cyber-security-will-an
yone-listen/article/257733/

[Editor's Note (Honan): The Top 20 security controls are available from
-http://www.bis.gov.uk/policies/business-sectors/cyber-security/downloads
The executive companion document is interesting in that it provides case studies to help senior management understand the impact of a breach and the steps to prevent it. ]


FTC Issues Mobile Security and Privacy Guidelines for Mobile App Developers (September 5, 2012)
The US Federal Trade Commission (FTC) hasissued guidelines for mobile application developers to help them avoid privacy and security pitfalls. Privacy recommendations include being transparent about data practices; giving users control over how their information is used; and retaining data only after obtaining explicit consent. The guidelines also remind developers to use clear language when describing their practices and of the steps they will have to take with their customers if they change their privacy practices at a later date. The FTC's security recommendations include making sure that apps collect only the information they really need and that they do not keep the information when it is no longer necessary. Developers are also reminded to make sure their practices live up to promises.
-http://www.scmagazine.com/ftc-offers-guidance-for-mobile-application-development
/article/257656/

-http://business.ftc.gov/documents/bus81-marketing-your-mobile-app
[Editor's Note (Pescatore): Ahh, another example of how the FTC just keeps on doing its job, doesn't seem to need new regulations, etc. There's also an interesting thing going on: the "consumerization of IT" has lead to lots of advertising-subsidized "free" IT being used by both consumers *and* businesses. The FTC has been playing a meaningful role in enforcing privacy rules but also tends to be the tip of the enforcement spear around deceptive advertising. The two areas have increasing overlap. ]


Government Lawyers Say Cell Phone Location Data Can be Obtained Without Probable-Cause Warrant (September 5, 2012)
Citing a 1976 US Supreme Court precedent, US government lawyers said that the public does not have a "reasonable expectation of privacy" regarding cellphone location data, and that therefore, the information may be obtained from wireless carriers without need for a probable-cause warrant. The lawyers maintain that the information is consistent with the definition of "third-party records," meaning that customers do not have the right to keep the information private. The case in question is one brought against Antoine Jones, whose conviction on drug dealing charges was overturned by the Supreme Court earlier this year because they ruled that the use of a GPS device on Jones's car was tantamount to an illegal search. After that ruling, the FBI halted the use of 3,000 GPS tracking devices.
-http://www.wired.com/threatlevel/2012/09/feds-say-mobile-phone-location-data-not
-constitutionally-protected/

-http://www.pcworld.com/article/261957/us_takes_second_crack_at_gps_tracking_targ
et.html



FTC Issues Mobile Security and Privacy Guidelines for Mobile App Developers (September 5, 2012)
The US Federal Trade Commission (FTC) hasissued guidelines for mobile application developers to help them avoid privacy and security pitfalls. Privacy recommendations include being transparent about data practices; giving users control over how their information is used; and retaining data only after obtaining explicit consent. The guidelines also remind developers to use clear language when describing their practices and of the steps they will have to take with their customers if they change their privacy practices at a later date. The FTC's security recommendations include making sure that apps collect only the information they really need and that they do not keep the information when it is no longer necessary. Developers are also reminded to make sure their practices live up to promises.
-http://www.scmagazine.com/ftc-offers-guidance-for-mobile-application-development
/article/257656/

-http://business.ftc.gov/documents/bus81-marketing-your-mobile-app
[Editor's Note (Pescatore): Ahh, another example of how the FTC just keeps on doing its job, doesn't seem to need new regulations, etc. There's also an interesting thing going on: the "consumerization of IT" has lead to lots of advertising-subsidized "free" IT being used by both consumers *and* businesses. The FTC has been playing a meaningful role in enforcing privacy rules but also tends to be the tip of the enforcement spear around deceptive advertising. The two areas have increasing overlap. ]


Government Lawyers Say Cell Phone Location Data Can be Obtained Without Probable-Cause Warrant (September 5, 2012)
Citing a 1976 US Supreme Court precedent, US government lawyers said that the public does not have a "reasonable expectation of privacy" regarding cellphone location data, and that therefore, the information may be obtained from wireless carriers without need for a probable-cause warrant. The lawyers maintain that the information is consistent with the definition of "third-party records," meaning that customers do not have the right to keep the information private. The case in question is one brought against Antoine Jones, whose conviction on drug dealing charges was overturned by the Supreme Court earlier this year because they ruled that the use of a GPS device on Jones's car was tantamount to an illegal search. After that ruling, the FBI halted the use of 3,000 GPS tracking devices.
-http://www.wired.com/threatlevel/2012/09/feds-say-mobile-phone-location-data-not
-constitutionally-protected/

-http://www.pcworld.com/article/261957/us_takes_second_crack_at_gps_tracking_targ
et.html



FTC Issues Mobile Security and Privacy Guidelines for Mobile App Developers (September 5, 2012)
The US Federal Trade Commission (FTC) hasissued guidelines for mobile application developers to help them avoid privacy and security pitfalls. Privacy recommendations include being transparent about data practices; giving users control over how their information is used; and retaining data only after obtaining explicit consent. The guidelines also remind developers to use clear language when describing their practices and of the steps they will have to take with their customers if they change their privacy practices at a later date. The FTC's security recommendations include making sure that apps collect only the information they really need and that they do not keep the information when it is no longer necessary. Developers are also reminded to make sure their practices live up to promises.
-http://www.scmagazine.com/ftc-offers-guidance-for-mobile-application-development
/article/257656/

-http://business.ftc.gov/documents/bus81-marketing-your-mobile-app
[Editor's Note (Pescatore): Ahh, another example of how the FTC just keeps on doing its job, doesn't seem to need new regulations, etc. There's also an interesting thing going on: the "consumerization of IT" has lead to lots of advertising-subsidized "free" IT being used by both consumers *and* businesses. The FTC has been playing a meaningful role in enforcing privacy rules but also tends to be the tip of the enforcement spear around deceptive advertising. The two areas have increasing overlap. ]


Government Lawyers Say Cell Phone Location Data Can be Obtained Without Probable-Cause Warrant (September 5, 2012)
Citing a 1976 US Supreme Court precedent, US government lawyers said that the public does not have a "reasonable expectation of privacy" regarding cellphone location data, and that therefore, the information may be obtained from wireless carriers without need for a probable-cause warrant. The lawyers maintain that the information is consistent with the definition of "third-party records," meaning that customers do not have the right to keep the information private. The case in question is one brought against Antoine Jones, whose conviction on drug dealing charges was overturned by the Supreme Court earlier this year because they ruled that the use of a GPS device on Jones's car was tantamount to an illegal search. After that ruling, the FBI halted the use of 3,000 GPS tracking devices.
-http://www.wired.com/threatlevel/2012/09/feds-say-mobile-phone-location-data-not
-constitutionally-protected/

-http://www.pcworld.com/article/261957/us_takes_second_crack_at_gps_tracking_targ
et.html



FTC Issues Mobile Security and Privacy Guidelines for Mobile App Developers (September 5, 2012)
The US Federal Trade Commission (FTC) hasissued guidelines for mobile application developers to help them avoid privacy and security pitfalls. Privacy recommendations include being transparent about data practices; giving users control over how their information is used; and retaining data only after obtaining explicit consent. The guidelines also remind developers to use clear language when describing their practices and of the steps they will have to take with their customers if they change their privacy practices at a later date. The FTC's security recommendations include making sure that apps collect only the information they really need and that they do not keep the information when it is no longer necessary. Developers are also reminded to make sure their practices live up to promises.
-http://www.scmagazine.com/ftc-offers-guidance-for-mobile-application-development
/article/257656/

-http://business.ftc.gov/documents/bus81-marketing-your-mobile-app
[Editor's Note (Pescatore): Ahh, another example of how the FTC just keeps on doing its job, doesn't seem to need new regulations, etc. There's also an interesting thing going on: the "consumerization of IT" has lead to lots of advertising-subsidized "free" IT being used by both consumers *and* businesses. The FTC has been playing a meaningful role in enforcing privacy rules but also tends to be the tip of the enforcement spear around deceptive advertising. The two areas have increasing overlap. ]


Government Lawyers Say Cell Phone Location Data Can be Obtained Without Probable-Cause Warrant (September 5, 2012)
Citing a 1976 US Supreme Court precedent, US government lawyers said that the public does not have a "reasonable expectation of privacy" regarding cellphone location data, and that therefore, the information may be obtained from wireless carriers without need for a probable-cause warrant. The lawyers maintain that the information is consistent with the definition of "third-party records," meaning that customers do not have the right to keep the information private. The case in question is one brought against Antoine Jones, whose conviction on drug dealing charges was overturned by the Supreme Court earlier this year because they ruled that the use of a GPS device on Jones's car was tantamount to an illegal search. After that ruling, the FBI halted the use of 3,000 GPS tracking devices.
-http://www.wired.com/threatlevel/2012/09/feds-say-mobile-phone-location-data-not
-constitutionally-protected/

-http://www.pcworld.com/article/261957/us_takes_second_crack_at_gps_tracking_targ
et.html




************************** Sponsored Links: ****************************
1) "New Analyst Paper in the SANS Reading Room! Secure Configuration Management Demystified, by senior SANS Analyst Dave Shackleford"
http://www.sans.org/info/112857

2) SANS Analyst Webcast! Monitoring is Nothing without the Ability to Respond: Using the Principles of Continuous Monitoring for Threat Modeling and Response. Thursday, October 11, 1 PM EST, featuring SANS executive leadership course instructor and federal expert, G. Mark Hardy and Tiffany Jones, senior manager of products at Symantec.
http://www.sans.org/info/112862

3) Simplifying Identity Management: SANS Product Review of Oracle Identity Governance Solutions by Senior SANS Analyst, Dave Shackleford Thursday, September 27, 2012, 9 am Pacific/12 Noon Eastern.
http://www.sans.org/info/112867
***************************************************************************

THE REST OF THE WEEK'S NEWS

Court: Employee Had Valid Access Rights When He Downloaded Proprietary Data (September 6, 2012)
A US Federal Appeals Court has ruled that an employee who downloaded proprietary data from his employer cannot be prosecuted under federal anti-hacking laws because he used valid access rights to obtain the information. Mike Miller and his assistant, Emily Kelley, allegedly downloaded proprietary information from WEC Carolina Energy Solutions shortly before resigning from the company in April 2010. Miller allegedly used the information to get business for his new employer, which is a rival of WEC. WEC sued Miller and Kelly under a number of state laws and the 1986 federal Computer Fraud and Abuse Act (CFAA). WEC maintained that when Miller and Kelley downloaded the proprietary information, they violated company use policies, thus forfeiting their authorized access, and were therefore able to be prosecuted under CFAA. On February 2011, the US District Court in South Carolina rejected those claims, saying that Miller still had authorized access when he downloaded the data. The US Court of Appeals for the Fourth Circuit upheld the lower court's decision.
-http://www.computerworld.com/s/article/9230998/Worker_had_proper_access_when_he_
snagged_corporate_data_court_rules?taxonomyId=82

-http://www.tradesecretsnoncompetelaw.com/uploads/file/WEC.pdf
[Editor's Note (Honan): This story shows why the insider threat is difficult to managed and why it is so important to regularly manage the access rights staff have to sensitive information. You also need to monitor those access rights for unusual behaviours to ensure they are not being abused.]


Pushdo Variant Hides Communication With Command-and-Control Server (September 6, 2012)
In the last several weeks, more than 100,000 computers have been infected with a new variant of the Pushdo Trojan horse program. This version of Pushdo sends HTTP requests to 300 legitimate websites in an attempt to disguise its communication with the actual command-and-control server, making it more difficult for researchers to gather information about the botnet's behavior. Earlier Pushdo versions used the same technique, but sent the misleading traffic to high-profile websites, which made it easier for researchers to weed out the nonsense traffic. The hidden HTTP traffic has been heavy enough at times to knock the legitimate sites offline. Pushdo generally spreads through drive-by download attacks.
-http://www.scmagazine.com/new-pushdo-variant-infects-more-than-100k-computers/ar
ticle/257666/



Flash Not Patched in Windows 8 With IE10 (September 6, 2012)
Users running Windows 8 with Internet Explorer 10 (IE10) are at risk from security flaws in Adobe Flash that could be exploited to crash and possible take control of vulnerable systems. Adobe has released fixes for the flaws, but the version of Flash that comes with IE10 is not updated to address the most recent security concerns. Users running Windows 7 who have enabled automated updates are protected, as are Mac users. However, the version of Flash that comes with IE10 is a built-in component instead of a plug-in, it can be updated only by Microsoft. Google does the same thing with Chrome, but addresses the issue by including Flash updates when it pushes out its automatic Chrome updates.
-http://www.zdnet.com/microsoft-puts-windows-8-users-at-risk-with-missing-flash-u
pdate-7000003834/



Light Patch Tuesday Allows Time to Prepare for New Certificate Requirements (September 6, 2012)
On Tuesday, September 11, Microsoft will issue two security bulletins to address a total of four vulnerabilities. Both have maximum severity ratings of important. The light load for September is to allow time to prepare for the October update which will invalidate all digital certificates that have keys smaller than 1,024 bits. Microsoft is implementing the requirement to help protect users from the likes of Flame malware, which used spoofed Microsoft certificates.
-http://www.scmagazine.com/light-patch-tuesday-will-include-new-encryptiorule/art
icle/257870/

-http://www.computerworld.com/s/article/9230995/Microsoft_gives_users_a_patch_bre
ak_and_time_to_prep_for_certificate_slaying?taxonomyId=85

-http://technet.microsoft.com/en-us/security/bulletin/ms12-sep


Sony Acknowledges Customer Data Compromised (September 5, 2012)
Sony has acknowledged that attackers stole the names and email addresses of 400 mobile customers in China and Taiwan. No financial account information was accessed. The data were taken from a server run by a third-party provider in China.
-http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/
240006800/sony-allegedly-hacked-by-nullcrew.html

-http://www.computerworld.com/s/article/9230977/Sony_says_400_customer_names_emai
ls_from_mobile_division_leaked_in_China?taxonomyId=82



ICS-CERT Warns of Vulnerability in GarrettCom Network Switches (September 4 & 5, 2012)
The US Industrial Control System Computer Emergency Response Team (ICS-CERT) has issued a security advisory warning of a vulnerability in certain GarrettCom network switches. The devices use hard-coded passwords on default accounts. To exploit the vulnerability, attackers would need to have access to a login account on the device. Once they have access, however, attackers could elevate privileges and make changes to electrical switches and other industrial controls attached to the devices. According to the ISC-CERT advisory, the vendor issued a patch for the flaw in May, but the release notes accompanying the patch did not describe the issue so some customers may not have yet applied it.
-http://www.theregister.co.uk/2012/09/05/more_insecure_scada/
-http://arstechnica.com/security/2012/09/secret-account-in-mission-critical-route
r-opens-power-plants-to-tampering/

-http://www.h-online.com/security/news/item/GarrettCom-industrial-switches-open-t
o-attack-1701193.html

-https://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf


Huawei Maintains it is Not Engaged in Cyber Espionage (September 4 & 5, 2012)
Huawei has issued a public statement asserting that it has never been involved in cyber espionage or other illegal acts. The statement follows close on the heels of news that Huawei and ZTE have been invited to testify before a US Congressional subcommittee regarding cyberthreats to the US critical infrastructure from its networking equipment.
-http://www.theregister.co.uk/2012/09/05/huawei_denies_spying/
-http://www.huawei.com/en/about-huawei/newsroom/press-release/hw-187387-securityw
hitepaper.htm

[Editor's Note (Pescatore): There is a "glass houses and stone throwing" kinda thing going on here. Could *any* IT hardware or software vendor in *any* country actually prove to any *other* country's government that it *never* agreed to its home country's government requests to support intelligence efforts?]


FBI Says Laptop Not Breached; Apple Says it Did Not Provide UDID List to FBI (September 4 & 5, 2012)
An FBI spokesperson said that it is "aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs (unique device identifiers) was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data." A subgroup of hackers claiming affiliation with Anonymous said that it had obtained the file from an FBI laptop. Apple says it never gave such a list to the FBI, and an Apple spokesperson said the company "will soon be banning the use of the UDID." The authenticity of the data have been verified, so the question remains: where did the data come from?
-http://arstechnica.com/apple/2012/09/apple-denies-giving-ios-device-identi
fier-list-to-fbi/
-http://www.computerworld.com/s/article/9230918/FBI_denies_it_was_source_of_leake
d_Apple_device_ID_data?taxonomyId=208

-http://news.cnet.com/8301-1009_3-57505925-83/fbi-finds-no-evidence-that-antisec-
hacked-its-laptop/

-http://www.wired.com/threatlevel/2012/09/fbi-says-laptop-wasnt-hacked-never-poss
essed-file-of-apple-device-ids/



Two Men Charged with Attempting to Buy Trade Secrets (September 4, 2012)
Two Chinese nationals have been charged with attempting to buy stolen trade secrets. The men were arrested on September 2, 2012, after paying a Pittsburgh Corning employee who was working with the FBI for documents that were said to contain the proprietary information about Corning's FOAMGLAS product. The men allegedly attempted to purchase the information because they planned to open a competing facility in China. The men were charged in US federal court in Kansas City, Missouri.
-http://www.bizjournals.com/kansascity/news/2012/09/04/chinese-nationals-in-kansa
s-city-face.html

-http://www.justice.gov/usao/mow/news2012/huang.com.html
[Editor's Comment (Northcutt): FOAMGLAS is cellular insulation. While it has building applications, it also has industrial applications when you need high performance and is restricted in certain companies.
-http://www.foamglas.com/]


************************************************************************

The Editorial Board of SANS NewsBites

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course..

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting. Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Alan Paller is director of research at the SANS Institute.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/