Aug 21

Sourcefire Announces BOSS 2009 - Best of Open Source Security Conference

Security Conference No Comments »
February 2009 Conference Gathers Innovators and Users, Showcasing the Latest Breakthroughs, Leading Projects and Real World Technical PresentationsCOLUMBIA, Md., Jun 11, 2008 (BUSINESS WIRE) — Open source innovator and SNORT(R) creator, Sourcefire, Inc. (Nasdaq:FIRE), a leader in Enterprise Threat Management, today announced the launch of the Best of Open Source Security (BOSS) Conference. Scheduled to run concurrently with Sourcefire’s annual customer summit, the BOSS Conference will be held February 8-10, 2009 in Las Vegas. As the first IT security conference dedicated to promoting open source security technologies and the commercial products that embrace them, the BOSS Conference brings together passionate open source security advocates and innovative users, integrators and experts under the same roof to share ideas and experiences.”While open source projects regularly deliver some of the security industry’s most innovative solutions, many also lack the marketing budgets and resources to reach the mass market, and many early adopters do not have the time to seek out the latest projects,” said Martin Roesch, Creator of Snort and Founder and CTO of Sourcefire. “Based on the resounding successes of Snort and ClamAV, we at Sourcefire welcome the opportunity to give back to the community, providing innovative open source projects with the opportunity to interact with enterprise security practitioners, while also providing practitioners the chance to learn about today’s innovative new open source projects. The BOSS Conference is the first industry event catering to the needs of the open source security community, which makes it really exciting to me.”

Today, there are more than 4,000 open source security projects, and the BOSS Conference provides users with a unique forum for identifying and evaluating innovative new technologies to address their specific requirements. The conference, consisting of exhibits, keynotes and technical presentations, provides open source security users with the first-ever opportunity to identify and learn about many of today’s leading solutions and emerging innovations in a single location. The conference includes a variety of educational tracks that will provide attendees with unique insights and tips for gaining the most out of their open source security investments.

For more information about attending, exhibiting or sponsoring the BOSS Conference, please visit the conference website at http://www.bossconference.com.

Call for Speakers:

The BOSS Conference & Sourcefire Users Summit will feature two independent tracks–an Open Source Security Track and a Sourcefire Solutions Track. Open source advocates, community members, experts and users are encouraged to submit abstracts for thought provoking presentations on topics including the latest innovations, tips for gaining increased value from open source security solutions and user success stories. Following is a description of each track:

The Open Source Security Track will feature presentations that embrace the use of open source security products. Presentations in this track should be technical in nature and should be intended to educate IT security professionals on how to select, implement and use open source security products.

The Sourcefire Solutions Track will feature presentations by Sourcefire and members of the Sourcefire community (e.g., partners, customers, analysts) that provide insight into Sourcefire commercial products. These presentations will include both technical and business topics, and are designed to educate Sourcefire customers and prospects on best practices for selecting, implementing and supporting Sourcefire solutions.

Deadline to submit the speaker application is July 15, 2008. Potential speakers are encouraged to visit: www.bossconference.com for more information.

About Sourcefire

Sourcefire, Inc. (Nasdaq:FIRE), Snort creator and open source innovator, is a world leader in Enterprise Threat Management (ETM) solutions. Sourcefire is transforming the way Global 2000 organizations and government agencies manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks. This ETM approach equips customers with an efficient and effective layered security defense - protecting network assets before, during and after an attack. Through the years, Sourcefire has been consistently recognized for its innovation and industry leadership by customers, media and industry analysts alike - with more than 40 awards and accolades. Today, the names Sourcefire and founder Martin Roesch have grown synonymous with innovation and network security intelligence. For more information about Sourcefire, please visit http://www.sourcefire.com.

SOURCEFIRE(R), SNORT(R), the Sourcefire logo, the Snort and Pig logo, SECURITY FOR THE REAL WORLD(TM), SOURCEFIRE DEFENSE CENTER(TM), SOURCEFIRE 3D(TM), RNA(TM), DAEMONLOGGER(TM), CLAMAV(TM), SOURCEFIRE SOLUTIONS NETWORK(TM), and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. Other company, product and service names may be trademarks or service marks of others.

Keyword Tags:

clamav, computing network security, enterprise threat management, network security, open source, open source security, open source security conference, open source software, security, snort, sourcefire

SOURCE: Sourcefire, Inc.

Media:
Welz & Weisel Communications
Tony Welz, 703-218-3555 x226
Principal
tony@w2comm.com
or
Investor:
Sourcefire, Inc.
Tania Almond, 410-423-1919
Investor Relations Officer
tania.almond@sourcefire.com
Aug 18

Russian and Georgian Cyber Attack

Cyber Attack, General, Information Warfare, Internet security No Comments »

Cyberattacks have been occurring when ever one country has an issue with another country. I have discussed it on pervious block postings.

CNN.com has a really good article on this matter as it relates to the Russian and Georgian conflict…

The next large-scale military or terrorist attack on the United States, if and when it happens, may not involve airplanes or bombs or even intruders breaching American borders.
Cyberattackers shut down one Georgian government site and defaced another with images of Adolf Hitler.

Cyberattackers shut down one Georgian government site and defaced another with images of Adolf Hitler.

Instead, such an assault may be carried out in cyberspace by shadowy hackers half a world a way.

http://www.cnn.com/2008/TECH/08/18/cyber.warfare/index.html#cnnSTCText

Interesting video to follow up on the write up

Aug 13

FedTech News Coverage

China Cyber Attack, Chinese Attacks, Cyber Attack, Information Warfare No Comments »

FedTech News Coverage

The Tech Talk Show - FedTech Segment

Every Sat at 4 to 5 PM on WOL 1450 AM (Washington, DC)

www.thetechtalkshow.com

Listen to the footage on:

www.securityorb.com/Podcast/

White House BlackBerries a no-no in China

CBS reports that the Bush administration has ordered staffers traveling to China to leave their BlackBerries at home.

Administration officials are concerned about the threat of electronic eavesdropping, even though sensitive presidential communications are always encrypted, according to CBS.

http://www.cbsnews.com/stories/2008/08/04/world/main4318339.shtml

Bill to boost authority of security chiefs

Nextgov reports that a forthcoming bill would give federal chief information security officers more authority to strengthen network security and related policies.

The bill, to be introduced in September by Sen. Tom Carper (D-Del.), would give chief information security officers more authority to define policies and test network defenses without working through their agencies’ chief information officers, according to Nextgov.

http://www.nextgov.com/nextgov/ng_20080801_2626.php

Clearance reform gets a boost

new Bush administration directive could mitigate one of the sticking points that plague the federal government’s process for granting security clearances: reciprocity.

Agencies are often unwilling to accept clearances granted by other agencies, forcing career-changers — and their would-be managers — to wait out a process before they fully can move into a new job.

Executive Order 13467 mandates that other agencies accept background investigations and adjudications conducted by one agency. Once the process is in place, this order is expected to help reduce the backlog, freeing resources to focus on new clearances.

Although this is only one of numerous problems with the clearance process, the Bush administration has laid a foundation on which to begin the reforms, observers say.

Shaping reforms
The order creates two executive agents to resolve security investigation issues and set standards to apply governmentwide. It also establishes a council charged with ensuring the reforms move ahead.

“The new order finally clarifies the roles and responsibilities of the agencies involved in both the suitability and security clearance processes,” said Sen. Daniel Akaka (D-Hawaii), chairman of the Homeland Security and Governmental Affairs Committee’s Oversight of Government Management, the Federal Workforce and the District of Columbia Subcommittee.

Some members of Congress say it’s a good next step toward reforms that senators, such as Akaka and George Voinovich (R-Ohio), the subcommittee’s ranking member, have pushed for several years.

“It is my hope that the new council, headed by the Office of Management and Budget, can work closely with clearance stakeholders to put new systems into place that will cut down on the redundancies  and inefficiency that plague the current process,” Akaka said.

http://www.fcw.com/print/22_22/policy/153162-1.html?topic=security

Aug 06

Footage From The Tech Talk Show

General No Comments »

An Information Security Website that covers all aspects of information security. This weeks program covers footage from The Tech Talk Show”.

View Original Article

Blogged with the Flock Browser
Jul 30

Computer Malware and Preventive Recommendations

Botnet, Bots, Malware, Storm Bot, Trojan No Comments »

It’s often what we don’t know can hurt us the most…

That is the case when it comes to the effects of malware such as computer viruses, worms and Trojans.

Botnets are one of the fastest growing and the most dangerous threat on the Internet today. “Bot” stands for robot, which is a piece of software with some intelligence to perform a task and the “net” stands for network which is the collection of these bots.

Not all bots are bad, for example, intelligent software agents used in Microsoft Word or the ones used by search engine sites like Google are here to help the end user, whereas bots such as the Storm and Kragen botnet collection are here to disrupt end user activities.

The bots are small executable files that are very easy to spread. They can be spread through spam, music files located on file sharing systems, various Microsoft vulnerabilities that are not patched and host on a web site that pushes it to visitors in a technique call “drive-by download” (Very nasty and stealthy).

The thing that makes these bots so dangerous is their exponential growth factor. As more systems are infected, they also begin to scan to look for vulnerable system. Since additional computer systems use their recourses to recruit other systems, the growth can be enormous in a short period of time.

My recommendations are:
* Use a Mac OS X based system or even a Linux-based system if possible, if not

1. Make sure you have security controls in place (eg. Firewall, Anti-Virus, Anti-Spyware and IDS)
2. Make user they are licensed and updated regularly
3. Make sure you run them frequently or have them run at a time your computer will be on
4. Do not download free miscellaneous software from the Internet (eg. Screensavers and games)
5. Do not open attachments if you do not know from whom it is from or what the attachment is.
6. Be smart

For more information on botnets, their effects and detailed recommendation to prevent and remove malware, check out http://www.securityorb.com/malware/

Jul 15

States require a license to conduct data forensics

Digital Forensics, License No Comments »

Laws in place to protect the chain of custody during any type of forensic investigation

Technology Executive Alert By Linda Musthaler and Brian Musthaler , Network World , 07/14/2008

In 2007, the state of Texas updated a law called the “Private Security Act” to insert a new clause that specifies that anyone who conducts computer data forensics that could potentially be used in a legal proceeding in the state must be a licensed PI.

The basic tenet of the new stipulation in the law is the protection of the chain of custody during any type of forensic investigation. If digital forensic data is to be used for a legal proceeding, it needs to be done by a professional who is trained and licensed in the practice of securing evidence and chain of custody. Traditionally, these people are law enforcement officials, lawyers and paralegals, and licensed private investigators.

An opinion written by the State of Texas Private Security Bureau is that “Computer repair or support services should be aware that if they offer to perform investigative services, such as assisting a customer with solving a computer-related crime, they must be licensed as investigators. The review of computer data for the purpose of investigating potential criminal or civil matters is a regulated activity under Chapter 1702 of the Texas Occupations Code, as is offering to perform such services.”

This law has broad ramifications for many people in IT professions, including hardware and software technicians and auditors. These people routinely analyze log data and other information on computers that may eventually be used in reports that could, someday, be called into question in court.

Related Content

For example, suppose the owner of a small business suspects one of his employees is creating bogus accounts and sending payments to those accounts. The business owner might ask a computer technician to study the computer logs to see what this employee is up to. The technician finds a clear digital trail of misconduct that points to the suspect employee and provides the “evidence” to the businessman in the form of a report. The business owner uses the information to dismiss the employee, who then sues his former employer for wrongful termination.

Unless the computer technician is a licensed PI, none of the information he dug up is admissible in court. Worse, both he and the business owner who used his services face misdemeanor charges for violating the Texas Private Security Act.

Several computer technicians from Houston and Austin have filed a lawsuit against the state, alleging that the law may inadvertently harm their businesses. An attorney handling the lawsuit says the law is so vaguely worded that it could be enforced broadly by the Private Security Board, the Texas agency that oversees licensing for the private security industry. The board interprets the law to cover any data retrieval for a “potential” civil or criminal matter. For all practical purposes in our litigious society, that is virtually everything.

Computer technicians aren’t the only ones concerned about the impact of this law. Auditing firms and law firms may also be ensnared by the law that requires licensing for anyone doing data retrieval and analysis for outside companies. (Companies can use their own employees to conduct internal investigations, but they cannot hire an unlicensed outsider to perform the same work.)

Texas isn’t alone in its efforts to have licensed investigators handle digital forensics. Georgia, New York, Nevada, North Carolina, South Carolina, Virginia and Washington also are pursuing digital forensic experts operating in their states without a PI license. Given the number of states with digital forensics laws and the vast extent of interstate commerce, these laws can have broad impact on IT professionals all across the country.

We don’t mean to downplay the importance of in-depth knowledge of the chain of custody of evidence. Of course it is important that evidence be properly collected and preserved if it is intended to be used in civil or criminal matters. But laws like the one in Texas could be creating a large and sharp dual edge sword for the digital forensic community  time and legitimacy.

Related Content

In Texas, a person must earn a criminology degree or undertake a three year apprenticeship with a licensed PI to attain a PI license. To specialize in an area of computer data forensics, the person also must master the intricacies of a combined Unix / Windows environment with its plethora of tools to monitor and control traffic / data, combined with all the tools required to extract digital evidence. He also must learn to analyze and interpret the data and ultimately opine on it. It can take years to understand enough about computers to be an expert.

With the Texas law, any licensed private investigator can take a class to learn how to use EnCase, a popular computer examination tool, and then declare himself to be a forensic expert. There are no further requirements for a technology-related degree or IT certification, experience or training.

To maintain legitimacy and comply with the law, large firms involved in digital forensics (e.g., law, audit, accounting and forensic firms) will hire a licensed PI that (in theory) oversees all of the digital forensic activities, and technically these firms will be following the letter of the law. Small service providers can’t afford to take this route, however, and this is the crux of the Texas lawsuit.

There are no easy answers, and we’ll just have to see how this one plays out. Meanwhile, be aware of the laws that may cover your business so you don’t run afoul of the law.

Article can be accessed at: http://www.networkworld.com/newsletters/techexec/2008/071408techexec1.html

All contents copyright 1995-2008 Network World, Inc. http://www.networkworld.com

Jul 14

Storm worm exploits U.S., Iran tensions

Botnet, Bots, Malware, Storm Bot No Comments »

McAfee warns users to be wary of e-mails with the headers ‘The beginning of World War III’ and ‘USA declares war on Iran’

By Oliver Garnham, IDG News Service


July 10, 2008

The authors of Nuwar — also known as the Storm worm — are exploiting the escalating political tensions between the U.S. and Iran to encourage users to download the malware, according to McAfee Avert Labs.

The security firm has warned people to be wary of e-mails with the headers “The beginning of World War III” and “USA declares war on Iran.” The e-mails promise to link to a video showing the beginning of World War III, but clicking on the link actually triggers an automatic download of the file iran_occupation.exe, McAfee said.

The Storm worm was first detected in January 2007, but has reappeared in various guises several times over the past 18 months.

The malware has been used in a confirmation spam scam and has been employed in blogs and Web message forums. It also hit the headlines in April when malware makers gave it an April Fool’s Day theme.

 

Jul 11

Licensing Changes Coming for the Nessus Vulnerability Scanner

Nessus, Security Software No Comments »

Tenable, vendor of Nessus, has changed its licensing structure for the vulnerability scanner. Starting August 1, 2008, the ‘RegisteredFeed’, used to obtain signatures, will no longer be available. Users of the product have the option of obtaining either the ‘HomeFeed’ or the ‘ProfessionalFeed’. HomeFeed remains free and is licensed only for use on personal home networks. It has the same vulnerability updates contained in the ProfessionalFeed. The new licensing policy does not allow commercial and government users to scan with the latest updates without an upgrade to ProfessionalFeed. The cost of the ProfessionalFeed will be $1200 a year, and includes compliance checks (PCI, etc.). The ProfessionalFeed also provides subscribers with the latest vulnerability and patch audits, configuration and content audits, and commercial support for their Nessus 3 installation.

For Additional Information Refer to:

http://www.nessus.org/news/data/nessus_feed_letter.pdf
http://www.nessus.org/documentation/index.php?doc=feed-faq
http://www.mckeay.net/2008/05/14/changes-to-the-nessus-license/

Jul 11

Identity Theft: A Continuing Threat

Identity Theft, Malware, Social Engineering No Comments »


Identity Theft is a continuing threat that has brought great inconveniences and expenses to many victims. Dept of Justice stated Identify Theft is the fastest growing white collared crime in recent the past five years.

The accessibility of the internet has given identity thieves access to a wealth of personal information. Online brokers gather data such as social security numbers, driving records and employment information from publicly available records, customer provided forms and credit card applications.

Identity thieves purchase reports with stolen credit cards and use the information to obtain phony documents and credit cards.

Furthermore, social engineering, malware infections and dumpster diving has all led to the growing issues of identity theft.

Jul 08

FISMA is taking on new life only this time, in the form of “FISMA II” or “FISM

FISMA, IT Compliance No Comments »

FISMA is taking on new life  only this time, in the form of “FISMA II” or “FISMA Phase II.”

 

07/07/08

By Shawn P. McCarthy

 

 

“They mean the same thing, although, unfortunately, the name itself is a bit confusing. The original (and still current) Federal Information Systems Management Act of 2002 was a major piece of legislation that continues to have an impact on the way agencies handle their security audits and reporting. Among other things, FISMA sets mandatory processes to be followed by all government IT systems, whether they are operated by the government or by a federal contractor.

 

FISMA II, on the other hand, is not an act of Congress, nor is it an official update of FISMA. Instead, it’s an informal term for a federal credentialing program coordinated by the National Institute of Standards and Technologies’ Computer Security Division. Think of it as an effort to build a set of qualifications that can be used to establish the credentials for the people who provide security assessments.

 

Adding to the confusion: There have been bills proposed in Congress that include updates to security rules. Some of those have unofficially been referred to as FISMA II while under discussion. However, no legislation has been passed, nor can any bill be considered a serious contender, as a replacement for the famed FISMA.

 

But regardless of the confusion, it’s not fair to call FISMA Phase II a misnomer. It’s a genuine effort to extend the effectiveness of FISMA by helping federal agencies choose the right people to conduct their security audits and improve the overall security of their systems.

 

FISMA Phase II is an increasingly formalized accreditation process for FISMA compliance assessment teams. Requiring such teams to show that they have a full understanding of and competence in NIST’s Risk Management Framework should assure better long-term compliance with FISMA.

 

In the past few years, many agencies have moved toward a risk-management approach to security, making sure they address their most risky and vulnerable issues first. Agencies typically hire contractors to help them certify and accredit their systems to meet FISMA requirements. It is important that they be confident that the contractors they hire can assure the NIST framework is being met.

 

According to Ron Ross, senior computer scientist, “FISMA is really a three-legged stool.” He said it consists of the legislation, the associated standards and guidelines developed by NIST with help from agencies, and the monitoring and reporting process that leads toward assessment and improvement.

 

To make sure assessment teams are monitoring the right things, NIST is developing training programs, testing programs and establishing ways for such teams (whether they are government employees or commercial service

providers) a way to demonstrate competence. They also want to be sure monitoring teams conduct on-site inspections, are capable of doing product-level evaluations, and that they understand things such as the Security Content Automation Protocol, the Federal Desktop Core Configuration initiative and more.

 

The idea for such credentialing has been around since at least 2006, and last fall NIST launched a formal project to develop security credentials based on its FISMA security and risk management guidance.

 

One criticism of FISMA is that it encourages and certifies compliance, but that doesn’t necessarily mean improved security.

 

“We hear that a lot,” said Ross. But he stressed that certification and compliance are a major step toward more secure systems. “It’s our hope that we get to the point where compliance equals security.” Essentially that would mean measuring the right set of things at the right time to assure very tight security under the NIST risk management framework for IT systems.

 

Next on the organization’s agenda: a joint project with the Director of National Intelligence and Defense Department to transition to a single set of standards and guidelines for security certification and accreditation.”

 

 

From http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn_daily&story.id=46609

Previous Entries
SecurityOrb
Entries RSS Comments RSS Log in