Information Security Philippines

presents

The Past, Present, and Future of Risk Assessments (Webinar)

Live broadcast: June 24, 2008 @ 10 AM (PST); 1 PM (EST); 6 PM (BST)
Duration: 60 minutes

Moderator: John Sterlicchi, Infosecurity Magazine
Panelist: Michael Gregg, Villanova University
Panelist: Svetlana Hristozova, Marketing Manager, Villanova University Online

Description:
Join noted author and security expert Michael Gregg on June 24th to learn more about how risk assessments are changing to meet evolving security needs.

You’ll travel through time with Mr. Gregg to explore the progression of IS Security problems. For example, in the not too distant past, risk assessments were performed to counter attacks that were designed for glory and fame (Nimda, Code Red and SQL Slammer). These early attacks required massive amounts of time for cleanup and repair and relied on defensive technologies.

In today’s information age, attack vectors have changed. More recent incidents are financial in nature. Yesterday’s virus is today’s custom malware; while denial of service attacks have been
replaced with botnets.

Learn how this evolving threat has forced organizations to view risk assessments differently and develop new techniques. Get the essential solutions every IS and IT professional needs to counter current and future threats.

Who should attend:
Any IT or business professional interested in IS Security and assessing risk to an organization.

This Webinar will:

• Teach you more about how risk assessments are changing to meet evolving security needs. You’ll also discover the latest security solutions to safeguard your company’s ever-changing needs.
• Give you insight into the progression of IS Security issues. Plus, you’ll learn how this evolving threat has forced organizations to view risk assessments differently and develop new techniques.
• Provide you with the essential solutions every IS and IT professional needs to counter current and future threats.

This webinar is free to attend, but space is limited

Register Now

CISSPs and SSCPs can receive 1 CPE credit for attending this webinar. You can earn the credit by simply specifying your number on the registration form and correctly answering 3 multiple choice polling questions about the program at the end of the event.

presents

Malcode Analysis and Response: Proficiency vs. Complexity

by Matt Allen and Russ McRee

Thursday, March 20, 2008 at 1:00 PM EDT (1700 UTC/GMT)

The threat landscape changes constantly, driven in part by the “bot economy” and changing malcode techniques. In response, incident handler techniques must keep pace. This presentation will cover the use of RAPIER, a security tool built to facilitate first response procedures for incident handling. It is designed to acquire commonly requested information and samples during an information security event, incident, or investigation. RAPIER automates the entire process of data collection and delivers the results directly to the hands of a skilled security analyst. From detection and discovery, capture and containment, count on a useful discussion meant to further your incident response practices.

The second part of this webcast will discuss how malicious code authors are persistently introducing new hurdles to complicate reverse engineering. At Norman, we combine observations from our labs with feedback from SandBox customers to identify complexities responsible for wearing down efficient analysis of new threats. The impact of new SandBox capabilities for addressing these complexities will be introduced, followed by a short discussion of top priorities in the SandBox product roadmap.

Matt Allen: With backgrounds in computer and information sciences as well as business, Matt Allen has worked in a number of different roles at Norman over the past 5 years, varying from incident response to web and software development. Matt is currently working with the SandBox team on various projects ranging from development to marketing.

Russ McRee: Russ McRee, GCIH, GCFA, CISSP is a security analyst working in the Seattle area. He’s the author of ISSA Journal’s monthly column Toolsmith, and has written for Information Security, Linux Pro, SysAdmin and others, including an OWASP whitepaper. Prior speaking engagements include SecureWorld Expo, ISSA Northwest Regional, WSA SIG, RAID 2005, and Linuxfest Northwest. Russ has been a board member of ISSA Puget Sound, and is a member of PACCISO, InfraGard and CCSA. Russ maintains holisticinfosec.org.

Register for this free webseminar.

Anatomy of a Breach Webcast

June 13 , 2007- 12 p.m. EDT

You harbor vast amounts of confidential information ranging from credit cards to health information to corporate plans. That proprietary data is today’s “new money” and someone is willing to pay for it. Unfortunately, the miscreants who want it may know more about technology—and your IT environment—than your own staff. The stakes are enormous: for your customers, your company, and you.

In this webcast, we examine the fundamental shift of IT risk to the insider threat and the inability of legacy protection mechanisms to stop it. We itemize and quantify the impact from containment to notification. Most importantly, we discuss eradication of the breach risk. New, targeted, caustic threats require new responses that strictly secure your critical information assets, while proving it with 100 percent surety.

Who Should Watch:
Executives responsible for audits, compliance and mitigating data breach risks and security professionals responsible for protecting critical assets on their networks
About the speakers:
William Malik
Consultant, Identity and Information Security
Malik Consulting

Bill Malik has been well-known in information security since the early 1990s when he was a founding member of Gartner’s Information Security Strategies service. He began his IT career in Boston as an applications programmer with the John Hancock Insurance Company following undergraduate work at MIT. He joined IBM’s MVS team and worked in development, testing, business planning, and strategic planning for a dozen years. He moved to Gartner in 1990 and held a series of roles as an analyst and manager through 2002. As CTO of Waveset, a start-up in identity management, he helped the firm grow through its acquisition by Sun, where Bill became Director of Marketing for Security. In 2004 Bill established his independent consulting firm, where he helps clients develop their identity management and information security programs.

Robert Ciampa
Vice President, Marketing and Business Strategy
Trusted Network Technologies

Rob Ciampa has more than 20 years of experience in IT risk management, networking and security. Rob has worked with companies around the world designing and implementing secure infrastructures. An early OS engineer for HP and a former switch and router designer for 3Com, he co-founded one of world’s largest network and security integration firms. Rob then went on to Access360, where he was instrumental in its acquisition by IBM, where he subsequently ran IBM’s worldwide channel for security and identity management. In additional to television commentary on IT and computer security issues, Rob is frequently a featured speaker at major IT venues and events internationally. He has a B.S. in computer science and an M.S. in computer engineering from the University of Massachusetts, as well as an M.B.A. from Boston University. He holds two patents in information technology management. His blog is www.knowidentity.com.

Join the Anatomy of a Breach Webcast

Get a complimentary copy of the Data Integrity Strategy Kit for the Financial Industry from RSA, featuring a new Burton Group report with actionable information on preventing unauthorized or inappropriate changes to business information.

Data Integrity Strategy Kit for the Financial Industry At a Glance:

Burton Group Report
Security and Risk Management Strategies: Information Integrity, March 2007

Podcast
“Real-World Strategies for Protecting your Data” with Jon Oltsik of Enterprise Strategy Group

Data Sheet: File Security Manager
Centrally managed, transparent compromise prevention for critical files

Data Sheet: Database Security Manager
Transparent, policy-driven data protection optimized for heterogeneous database environments
Limited time offer. Download now! http://www.sans.org/info/8461

Hackers are developing increasingly stealthy techniques to evade detection.  The attacks place malicious code on web sites, then keep track of the IP addresses that have visited infected sites; if the same IP address attempts to view the malicious site again, benign content is offered in its stead.

The attacks are also capable of identifying “the IP addresses of web crawlers used by URL filtering, reputation services and search engines,” and serve legitimate content to avoid being identified as malicious.

Recent findings reveal that hackers have created a new class of highly evasive attacks which represent a quantum leap in terms of technological sophistication, going far beyond drive-by downloads and code obfuscation.

The combination of these evasive attacks with code obfuscation techniques significantly enhances the capability of sophisticated hackers to go undetected.

A follow-up study conducted by Finjan’s Malicious Code Research Centre warns of the growing presence of malicious code in online advertising.

More info at: VNUNet

This just in from Wordpress awhile ago…

We have a security update release now available for both the 2.1 and 2.0 branches of WordPress now available for immediate download. This update is highly recommend for all users of both branches.

These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems.

It isn’t April 1 anymore so this probably is the real thing. Make sure you guys update to this new version since it provides some important security fixes which if left unpatched will surely be easy to exploit.

Don’t forget to backup and test your backups first Good luck!

The National Security Agency (NSA) has published version 2 of its security guidelines for Mac OS X. The security documents are available in PDF format on their OS Guides page  for Mac OS X.

These documents for Mac OS X and Mac OS X Server represent best practices for securing the OS and are widely used by the industry as internal standards for configuring Mac OS X. The document is actually written by experts at Apple and endorsed by the NSA which says on its Website,” It is our belief that these guides establish the latest best practices for securing the products and recommend that traditional customers of our security recommendations use the Apple guides when securing Macintosh OS X 10.4.x and Macintosh OS X Server 10.4.x.”

Practices such as setting up admin accounts, generating passwords, the proper way to remove Classic, which can be a serious security problem for Mac OS X, managing the root account, and the use of Access Control Lists (ACLs) is covered.

Out of the box, Mac OS X is fairly secure, especially with respect to closed ports. However, for those in the enterprise who want to take advantage of every feature of Mac OS X to lock down and secure the OS against not only network but local intrusions, this is a must read.

http://www.nsa.gov/snac/downloads_macOSX10_4Server.cfm?MenuID=scg10.3.1.1

The SANS Internet Storm Center has monitored continued problems caused by the Daylight Savings Time change.

visit SANS Internet Storm Center for more updates and info.

Five Myths About Black Hats

Original article at:
http://www.darkreading.com/document.asp?doc_id=118169&print=true

From Matthew Broderick’s teenage phone phreak in the 1983 movie “WarGames” to today’s Russian mafia don, the image of the computer hacker has undergone some radical changes over the years.
Really, though — just who are these people, and why do they do what they do?

(more…)

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

MBSA is currently in v2.1 Beta. Version 2.0 is the stable version; Version 2.1 includes support for Windows Vista.

Download Microsoft Baseline Security Analyzer 2.1 Beta