Your Ad Here

Thursday, July 30, 2009

Reasons For Computer Security Incidents

SecurityOrb.com's Kellep Charles takes a look into three main reasons when computer security issues occurs. They are Configuration Weaknesses, Technology Weaknesses and Policy Weaknesses.

Tuesday, July 28, 2009

SecurityOrb.com VULNERABILITY DETAILS

SecurityOrb.com VULNERABILITY DETAILS

Name
Sendmail MTA Timed Attack Buffer Overflow

Risk Level (1 -5)
3

Intrusive
No

Description
A vulnerability is present in Sendmail that may allow an attacker the ability to execute arbitrary code.

Observation
Sendmail contains a vulnerability that may allow for arbitrary code execution. Successful exploitation of the flaw would involve sending a specifically timed attack and taking control of the MTA process. This could allow the attacker to execute arbitrary code or compromise the MTA host.

Recommendation
It is recommended to install the latest version of Sendmail available at http://www.sendmail.org/

CVE
CVE-2006-0058

SANS/FBI top 20
No

IAVA
2006-A-0013

Enabling DVD playback in Ubuntu 9.04


I have just finished installing Ubuntu 9.04 on a Gateway laptop, everything worked well from video to wireless until I popped in a DVD to watch. Did the updates and still nothing, until I ran across this command on the Internet, tried it and everything is golden now.

sudo apt-get install ubuntu-restricted-extras totem-xine libxine1-ffmpeg libdvdread4

sudo /usr/share/doc/libdvdread4/install-css.sh


The explanation when the commands are needed are printed below:

The movie players provided in Ubuntu can play back unencrypted DVDs. However, many commercial DVDs are encrypted with a weak algorithm called Content Scrambling System (CSS). You can enable playback of encrypted DVDs with MPlayer, xine and Totem-xine by installing libdvdread4.

The CSS key sets are licensed to manufacturers who incorporate them into products such as DVD drives, DVD players and DVD movie releases. Most DVD players are equipped with a CSS Decryption module.

Thursday, July 16, 2009

W32.Koobface.C

W32.Koobface.C
Discovered: July 15, 2009
Updated: July 15, 2009 4:23:00 PM
Type: Worm
Infection Length: 24,576 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
W32.Koobface.C is a worm that spreads through Twitter.

Threat Assessment
Wild
• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy
Damage
• Damage Level: Medium
• Payload: Opens a back door on the compromised computer.
Distribution
• Distribution Level: Medium
• Target of Infection: Spreads through Twitter.
Discovered: July 15, 2009
Updated: July 15, 2009 4:23:00 PM
Type: Worm
Infection Length: 24,576 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
W32.Koobface.C arrives on a computer when it is downloaded from either a link in a compromised Twitter account or by W32.Koobface.A or W32.Koobface.B when an authentication cookie for twitter.com is found in Internet Explorer's cache.

When the worm is executed, it creates the following files:
• %Windir%\twitty[TWO DIGIT NUMBER].exe
• %Windir\%tw[FIVE DIGIT NUMBER].dat


Note: The number in the file name is a version number that increments periodically as minor updates to the worm are released. (For example: twitty01.exe, twitty02.exe, etc.)

The worm then creates the following registry entry, so that it starts when Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"systwtray" = "%Windir%\twitty[TWO DIGIT NUMBER].exe"

The worm then opens a back door and connects to one of the following URLs:
• [http://]www.trisem.com/achche[REMOVED]
• [http://]www.rd040609-cgpay.com/achche[REMOVED]
• [http://]www.upr0306.com/achche[REMOVED]
• [http://]www.rjulythree.com/achche[REMOVED]
• [http://]www.uthreejuly.com/achche[REMOVED]
• [http://]www.mymegadomain03072009.com/achche[REMOVED]


It then sends information about authentication cookies for the following social networking sites:
• hi5.com
• facebook.com
• netlog.com
• twitter.com
• tagged.com
• bebo.com
• myspace.com


The back door allows an attacker to perform any of the following actions:
• Download and execute a file
• Open an image
• Update itself
• Block an IP address
• Post a message to twitter
Recommendations
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":
• Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
• Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
• Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
• Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
• Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
• Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
• If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
• Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
• Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
• Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
• Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
• If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.
• For further information on the terms used in this document, please refer to the Security Response glossary.
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Delete any values added to the registry.

For specific details on each of these steps, read the following instructions.

1. To disable System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
• How to disable or enable Windows Me System Restore
• How to turn off or turn on Windows XP System Restore

Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents.

For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article: Antivirus Tools Cannot Clean Infected Files in the _Restore Folder (Article ID: Q263455).

2. To update the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
• Running LiveUpdate, which is the easiest way to obtain virus definitions.

If you use Norton AntiVirus 2006, Symantec AntiVirus Corporate Edition 10.0, or newer products, LiveUpdate definitions are updated daily. These products include newer technology.

If you use Norton AntiVirus 2005, Symantec AntiVirus Corporate Edition 9.0, or earlier products, LiveUpdate definitions are updated weekly. The exception is major outbreaks, when definitions are updated more often.

• Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them.

The latest Intelligent Updater virus definitions can be obtained here: Intelligent Updater virus definitions. For detailed instructions read the document: How to update virus definition files using the Intelligent Updater.

3. To run a full system scan
1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.

For Norton AntiVirus consumer products: Read the document: How to configure Norton AntiVirus to scan all files.

For Symantec AntiVirus Enterprise products: Read the document: How to verify that a Symantec Corporate antivirus product is set to scan all files.

2. Run a full system scan.
3. If any files are detected, follow the instructions displayed by your antivirus program.
Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.
After the files are deleted, restart the computer in Normal mode and proceed with the next section.

Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:

Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

4. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.
1. Click Start > Run.
2. Type regedit
3. Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
4. Navigate to and delete the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"systwtray" = "%Windir%\twitty[TWO DIGIT NUMBER].exe"
5. Exit the Registry Editor.

Note: If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it is possible that it created them for every user on the compromised computer. To ensure that all registry subkeys or entries are removed or restored, log on using each user account and check for any HKEY_CURRENT_USER items listed above.

Former Director of the US-CERT, Amit Yoran, to Keynote at Hacker Halted USA 2009

CEO of Netwitness as one of the keynote speakers for information security conference where more than 50 international experts converge and discuss global cybersecurity issues; and uncover new exploits and vulnerabilities.

Albuquerque, NM, July 15, 2009Hacker Halted USA 2009, a leading information security conference hosted by EC-Council, today announced that Amit Yoran will be one of the Keynote Speaker for the conference to be held at Miami, Florida.

Since 2006, Amit has served as the Chairman and CEO of Netwitness. He was formerly the Director of the US-CERT and National Cyber Security Division of the Department of Homeland Security, and has served as CEO and advisor to In-Q-Tel, the venture capital arm of the CIA. He is currently a member of the Commission on Cybersecurity for the 44th US President.

Amit Yoran joins an impressive presenters line up comprising world-renowned security experts who will be discussing the latest information security trends, present some of the best practices as well as uncover the latest vulnerabilities and exploits. Some of the presenters include:

Howard Schmidt

Ira Winkler

David Litchfield

Ari Takanen

Herbert H. Thompson

Jeff Bardin

Michael Malin

Greg Hoglund

Ron Gula

G. Mark Hardy

Mark Harris

Trey Ford

Edward Haletky

Gunter Ollman

James Aquilina

Erik Laykin

Chet Ratcliffe

Jayson E Street

Daniel V Hoffman

Ariel Silverstone

Jay Bavisi, Co-Founder and President of EC-Council, said “With such an impressive list of speakers making up a world class agenda, and being held at an exciting venue in Miami, Hacker Halted USA 2009 is poised to be the perfect platform for information security professionals globally to enhance knowledge and exchange views, as well as network with peers within the community.”

About Hacker Halted USA 2009

Hacker Halted USA 2009 is a complete and comprehensive information security conference hosted by EC-Council, a global leading certification body. The event will be held at the Hilton Miami Downtown, from Sep 20 - 25, 2009. Most registered participants of the conference will be entitled to attend one of three specially customized security training workshop, worth $599, at no additional cost on Sep 25. Refer to event website for more details.

In addition, EC-Council will be offering a heavily subsidized rate for all government and military personnel. Visit the website to find out more about this offer.

Some of the sponsors for this year’s event include Core Security Technologies, Sophos, Codenomicon, Cengage, Syngress, among others.

Since 2004, the global series of Hacker Halted has been successfully organized in many cities including Myrtle Beach, Dubai, Singapore, Kuala Lumpur, Taipei and Tokyo. Other cities slated to host the event in 2009 are Seoul, Hyderabad and Kuala Lumpur. The objective of the Hacker Halted conference series is to raise international awareness towards increased education and ethics in Information Security

Contact Information:

Mr. Leonard Chin

Conference Director

leonard@eccouncil.org

http://www.hackerhalted.com

3819 Osuna NE

Albuquerque, NM

87109 USA

Tuesday, July 14, 2009

SC World Congress - Enterprise Data Security, October 13-14 in New York City

Make plans now to attend the second annual SC World Congress - Enterprise Data Security, October 13-14 in New York City. The Congress features a comprehensive, two-day program presented in four tracks-including the unique Editors Choice sessions-and the industry's largest fall product expo showcasing IT security solutions from the leading vendors and hot start-ups. Emphasizing quality content, innovative formats and sessions, global perspectives and ROI, this is the one event you can't afford to miss. Register by August 31 for big savings. www.scworldcongress.com

Monday, July 13, 2009

W32.Ackantta.G@mm mass-mailing worm

W32.Ackantta.G@mm

Discovered:
July 10, 2009
Updated: July 10, 2009 10:24:09 PM
Type: Worm
Infection Length: 437,760 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
W32.Ackantta.G@mm is a mass-mailing worm that spreads through file-sharing programs.


Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Medium
  • Shared Drives: Spreads through file-sharing programs.

Discovered: July 10, 2009
Updated: July 10, 2009 10:24:09 PM
Type: Worm
Infection Length: 437,760 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
The worm may arrive as an email attachment as the following file:
attachment.htm.exe

Once executed, the worm copies itself as the following file:
%System%\jvshed.exe

It then creates the following files:

  • %System%\drivers\[RANDOM CHARACTERS].sys
  • %System%\javaload.exe
  • %System%\javavm.exe
  • %TEMP%\[RANDOM CHARACTERS].tmp

The worm creates the following registry entry, so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"SunJavaUpdateSched16" = "%System%\jvshed.exe"

It then creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\"%System%\drivers\[RANDOM CHARACTERS]" = "%System%\drivers\[RANDOM CHARACTERS].sys"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"die6java" = "10"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"die6sun" = "5"

The worm creates the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\JQS16

It then modifies the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%System%\jvshed.exe" = "%System%\jvshed.exe:*:Enabled:Explorer"

The worm attempts to spread by copying itself to the following folders on the compromised computer:

  • %ProgramFiles%\ICQ\Shared Folder
  • %ProgramFiles%\Grokster\My Grokster
  • %ProgramFiles%\EMule\Incoming
  • %ProgramFiles%\Morpheus\My Shared Folder
  • %ProgramFiles%\LimeWire\Shared
  • %ProgramFiles%\Tesla\Files
  • %ProgramFiles%\WinMX\Shared
  • %SystemDrive%\Downloads

It copies itself to the above locations as the following files:

  • Absolute Video Converter 6.2.exe
  • Ad-aware 2009.exe
  • Adobe Acrobat Reader keygen.exe
  • Adobe Photoshop CS4 crack.exe
  • Alcohol 120 v1.9.7.exe
  • AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • Avast 4.8 Professional.exe
  • AVS video converter6.exe
  • BitDefender AntiVirus 2009 Keygen.exe
  • CheckPoint ZoneAlarm And AntiSpy.exe
  • CleanMyPC Registry Cleaner v6.02.exe
  • Daemon Tools Pro 4.1
  • Divx Pro 6.8.0.19 + keymaker.exe
  • Download Accelerator Plus v8.7.5.exe
  • Download Boost 2.0.exe
  • DVD Tools Nero 9 2 6 0.exe
  • G-Force Platinum v3.7.5.exe
  • Google Earth Pro 4.2. with Maps and crack.exe
  • Grand Theft Auto IV (Offline Activation).exe
  • Internet Download Manager V5.exe
  • K-Lite codec pack 3.10 full.exe
  • K-Lite codec pack 4.0 gold.exe
  • Kaspersky Internet Security 2009 keygen.exe
  • LimeWire Pro v4.18.3.exe
  • Magic Video Converter 8 0 2 18.exe
  • Microsoft Office 2007 Home and Student keygen.exe
  • Microsoft Visual Studio 2008 KeyGen.exe
  • Microsoft.Windows 7 Beta1 Build 7000 x86.exe
  • Motorola, nokia, ericsson mobil phone tools.exe
  • Myspace theme collection.exe
  • Nero 9 9.2.6.0 keygen.exe
  • Norton Anti-Virus 2009 Enterprise Crack.exe
  • Opera 9.62 International.exe
  • PDF password remover (works with all acrobat reader).exe
  • Perfect keylogger family edition with crack.exe
  • Power ISO v4.2 + keygen axxo.exe
  • Smart Draw 2008 keygen.exe
  • Sony Vegas Pro 8 0b Build 219.exe
  • Sophos antivirus updater bypass.exe
  • Super Utilities Pro 2009 11.0.exe
  • Total Commander7 license+keygen.exe
  • Tuneup Ultilities 2008.exe
  • Ultimate ring tones package1 (Beethoven,Bach, Baris Manco,Lambada,Chopin, Greensleves).exe
  • Ultimate ring tones package2 (Lil Wayne - Way Of Life,Khia - My Neck My Back Like My Pussy And My Crack,Mario - Let Me Love You,R. Kelly - The Worlds Greatest).exe
  • Ultimate ring tones package3 (Crazy In Love, U Got It Bad, 50 Cent - P.I.M.P, Jennifer Lopez Feat. Ll Cool J - All I Have, 50 Cent - 21 Question).exe
  • VmWare keygen.exe
  • Winamp.Pro.v6.53.PowerPack.Portable+installer.exe
  • Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • Windows XP PRO Corp SP3 valid-key generator.exe
  • Windows2008 keygen and activator.exe
  • WinRAR v3.x keygen RaZoR.exe
  • Youtube Music Downloader 1.0.exe

The worm connects to the following URL to get the IP address of the compromised computer:
http://whatismyip.com/automation/n09230945.asp

Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

  • Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.
  • For further information on the terms used in this document, please refer to the Security Response glossary.

Friday, July 10, 2009

Twitter shutdown accounts


Twitter is suspending the accounts of some users whose computers have fallen victim to a well-known piece of malicious software that has targeted other sites such as Facebook and MySpace.

The malware, Koobface, is designed to spread itself by checking to see if person is logged into a social network. It will then post fraudulent messages on the person's Twitter account trying to entice friends to click the link, which then leads to a malicious Web site that tries to infect the PC.

Monday, July 6, 2009

Michael Jackson Malware Alert

Michael Jackson Malware Alert


SecurityOrb.com are asking users to beware of any emails regarding the investigation into Michael Jackson's death, for they may be spam messages that infect personal computers with malware able to steal personal information including account numbers and passwords from banks, email and other online accounts.

Expert at SecurityOrb.com have been tracking the celebrity-focused spam attacks since the day after his death was reported.

“We have noticed a trend in recent years… When ever a major event occurs that captures mass media attention, hackers use it to their advantage to help spread their malicious acts.” According to Kellep Charles, SecurityOrb.com’s Chief IT Security Consultant.

One of the more spreading spam reads, "Michael Jackson was killed ... but who killed Michael Jackson."

SecurityOrb.com are asking users to be vigilant when accessing email and opening embedded links or attachments. Also make sure you have the latest anti-virus software and spyware available on your personal computer.

For more information on other security related topics, we ask that you visit: http://www.securityorb.com/

Live Information Security Certification and Technical Training Classes at Conference Hosted by EC-Council



Information Security Conference in Miami will be offering a variety of live information security certifications and technical training classes

Albuquerque, NM, July 1, 2009 – Hacker Halted USA 2009, a comprehensive and complete information security conference hosted by EC-Council, will see the launch of the Hacker Halted Academy in Miami, Florida.

Understanding the growing demands for quality security training globally, Hacker Halted Academy will be offering a comprehensive suite of exam preparatory classes for industry recognized information security certifications such as the Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), NSA IAM/IEM, ISO 27001, CISSP, CISA and CISM among others.

In addition, there will be several technical training classes covering key information security components such as Web Application Security and Hacking, Secure Programming, Wireless Hacking, Virtualization Security, as well as IT Governance, Risk Management and Compliance.
Said Leonard Chin, Conference Director for Hacker Halted USA 2009, “We recognize the need for training of the highest quality, and we are extremely pleased to have some of the top training companies offering a comprehensive suite of information security training at Hacker Halted Academy with the best instructors. Attendees will definitely be spoilt for choice while selecting the most relevant training for themselves.”

Hacker Halted Academy, held from September 20 – 22, will offer some of the most sought after information security technical training & certification classes. NGS Software, Global Knowledge, Foundstone, Veridion, Security Horizon, Netcom Info, and Aspect Security are some of the best in the field that are offering training classes. Coupled with an impressive list of internationally recognized trainers that includes Larry Greenblatt, Clement Dupuis, Michael Gregg, Tom Bowers, Tim Pierson, Edward Haletkey and Sanjay Anand, Hacker Halted Academy will be the ideal platform for information security professionals globally to earn that desired and respected security certification, or to obtain cutting edge technical skills.

For more information about Hacker Halted Academy, please visit http://www.hackerhalted.com/academy



About Hacker Halted USA 2009

Hacker Halted USA 2009 is a complete and comprehensive information security conference hosted by EC-Council, a global leading certification body. The event will be held at the Hilton Miami Downtown, from Sep 20 - 25, 2009. With world renowned security experts including Howard Schmidt, Dave Litchfield, Ira Winkler, Ari Takanen, GM Hardy, Ron Gula and other influential security gurus, sharing and presenting intriguing case studies and findings, this conference is set to be the perfect platform for information security professionals to enhance knowledge and exchange views, as well as network with peers within the community. All participants of the conference will be entitled to attend one of three specially customized security training workshop, worth $599, at no additional cost on Sep 25. This will further enhance the value for all attendees. Refer to website for more details.

In addition, EC-Council will be offering a heavily subsidized rate for all government and military personnel who wishes to participate in the conference. Visit the website to find out more about this offer.

Since 2004, the global series of Hacker Halted has been successfully organized in many cities including Myrtle Beach, Dubai, Singapore, Kuala Lumpur, Taipei and Tokyo. Other cities slated to host the event in 2009 are Seoul, Hyderabad and Kuala Lumpur. Presented by EC-Council, a leading international certification authority, the objective of the Hacker Halted conference series is to raise international awareness towards increased education and ethics in Information Security. http://www.hackerhalted.com

Contact Information:

Mr. Leonard Chin
Conference Director
leonard@eccouncil.org
http://www.hackerhalted.com

3819 Osuna NE
Albuquerque, NM
87109 USA

Thursday, July 2, 2009

Security Job Posing - PKI - DC Metro Area

I have a client looking for candidates for the below positions. Let me know your interest. If you are not interested forward this position to anyone you think may be interested.

Clearance: TS or Secret (one TS for each category personnel would be preferable)
Place of Performance: Crystal City. BRAC will move them to Ft. Belvoir in 2010-2011

Below are two Job Descriptions

Salary Range (Policy Analyst): $61K-$95K (negotiable)
Job Description (Policy): Expertise in developing Army policy and conducting studies in support of Army CAC/PKI. Analysis and Studies regarding Army’s needs as it relates to HSPD-12, DoD Policy, Certificate Management, Wireless policy, CAC issuance, Smart Cards, PKE of Applications, SIPRNET/Classified PKI policies and issues. Expertise in Army CAC/PKI objectives related to legislation, policy, procedures and programs. Writing, staffing and coordinating program-specific issues including plans, policies, papers, studies and standards. Build a strategic agenda for the Army to meet its CAC/PKI requirements and objectives. Provide liaison support with Human Resources Command (HRC), DEERS/RAPIDS. Evaluate and advist the GTL in regard to emerging developments as they relate to Defense, National and International Electronic Data Interchange standards, concepts, technologies and applications. Subject Matter Expertise in the following standards: X.509, Certificate Practice Statements, Federal Information Processing Standard (FIPS201 and 140, National Institute of Standards and Technologies (NIST) Special Publications (SP) 800-73, 800-78-1, and 800-79-1, and National Security Telecommunications and Information Systems Security Policy (NISTISSP) No. 11.

Salary Range (RA): $50K-$85K (negotiable)
Job Description (RA/LRA): Expertise in Army PKI software-based certificate registration process. Training for RA/LRA through DISA RA Training. Verify the identity and information for each software certificate subscriber; issue software certificates; revoke software certificates; and add, modify or delete directory entries. Provide RA subject matter expertise for the RA Certificate Practice Statement (RACPS) and LRA CPS. Provide operational support to users in downloading and installing certificates. Manage the alternate smart card process for both SIPRNET and NIPRNET. Provide management and oversight for Army CAC PIN Reset (CPR) workstations.

Regards

Jere Keener
Keenerstaffing LLC

Jere.Keener@KeenerStaffing.com
703.732.6879

SecurityOrb.com Security News Update with Kellep Charles - July 1, 2009

This is a SecurityOrb.com News Update discussing how malware is being pushed from the Michael Jackson death and how security are you on your social networking websites. For more information go to: www.securityorb.com




Personal Security on Social Networking Sites

This articles originally is posted on: www.securityorb.com


Personal Security on Social Networking Sites
By
Kellep A. Charles, CISA, CISSP
kellep_charles@yahoo.com

Visits to social networking sites account for more than 10% of the total time people spend on the Internet, according Nielsen Online. A social network site focuses on building online communities of people who share common interests and activities, such as Linkedin.com and Facebook.com. Facebook is now the most visited social networking site on the Internet, with nearly 1.2 billion visits in January 2009 alone, while Twitter and Linkedin are steadily gaining ground.

Hackers have adopted the popularity of social networking sites into their malicious plans to compromise systems and steal personal identifiable information. Recent attacks such as the Koobface virus on Facebook and the clickjacking issues faced by Twitter are all prime examples of the recent challenges. Also, these very same hackers have the capability to remain anonymous on these social networking sites, which enforces the notion, you really do not know who is on the Internet with you.

Security on social networking sites are at a minimal standard right now, they rely on usernames and passwords for authentication and security, which means that anyone who finds out your username and password can gain access to your account. Until social networking site security evolves with time and improves, users need to be very careful and diligent.

Here are a few tips that should assist in making sure you are safe when using social networking sites:

1. Understand how the social networking site displays your information. Some sites will allow the user to control who can see your information, while others will allow anyone and everyone to view postings.

2. Don't click on shortened (or "condensed") URL's, like those created by TinyURL and Bit.ly. There's no telling where these links lead to, and that makes it easy to funnel you to malicious websites (Drive-by-Download).

3. Be mindful of your personal information such as, don't post your full name, address, age, hometown or information about your family. Even your screen name can pose a lot of identifiable information.

4. Post appropriate information that are comfortable with others seeing and knowing, such as your employer, co-workers and acquaints. Many people will see your page or postings, including the people who will be interviewing you for a current position or a future job.

5. Remember that once you post information online, it may be impossible to take it back. This includes photos that can be manipulated.

6. Be careful when it comes to online personal socializations such as flirting or disputes. Some people lie about whom they are. Be wary if a new online friend wants to meet you in person.

7. Trust your instincts if you have suspicions. If you feel threatened by someone or uncomfortable because of something online, report it to the police and to the operators of the social networking site. You could end up preventing someone else from becoming a victim.

Social networking sites are evolving into our personal and business lives. People from various stages and walks of life are participating in these events with very little knowledge into the dangers of these social networking sites. The site owners only provide the minimal required security measures, while hackers are using tactics that has shown great success in circumventing them. It is up to us, to do what is necessary to protect ourselves until better security measures are implemented or the hackers give up. Don’t hold your breath on the hacker’s giving up.

For more information on this article and other informative articles go to: www.securityorb.com