Enabling a CAC Card Reader on Ubuntu 10.04
I recently installed Ubuntu 10.04 on a PC and for those of you who utilize a Linux or a Mac-based system with a need to access a CAC card reader you are in luck. I have researched all over the Internet and found the best site with full instruction on how installed a CAC reader that will work with Ubuntu and Firefox 3.
Now, if it does not immediately work, you may need to update the firmware. You can do so by typing a few commands in a terminal window, it will update your system and the CAC card will be able to operate normally. The process should only take about 10 to implement from start to end. During the setting up process, the installation and activation of media codec and streaming plug-ins needed for government websites will occur, and thus allowing you to configure your Firefox to read your CAC card reader.
I also tested out the process with the new version of Ubuntu 11.4, when I launched Firefox and tried to login to a government website using the CAC card reader the system crashed. I’m not sure if the bugs were fixed but as of now I’m will be using Ubuntu 10.04.
For more information go to: https://militarycac.com/index.htm, and for Linux users go to http://militarycac.com/linux.htm
SANS Boston 2011
SANS Boston 2011 Features These Top-rated Courses:
- SEC401: SANS Security Essentials Bootcamp Style* with Eric Cole, Ph.D., SANS Faculty Fellow
- MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compressionª* Lead by Keith Palmgren with support from Stephen Northcutt, SANS Faculty Fellow
- Security 502: Perimeter Protection In-Depth with Tanya Baccam, SANS Senior Instructor
- SEC566: Implementing and Auditing the Twenty Critical Security Controls – In Depth with Dave Shackleford, SANS Certified Instructor
- Security 660: Advanced Penetration Testing, Exploits, and Ethical Hacking with Eric Conrad, SANS Certified Instructor
- SEC505: Securing Windows with Jason Fossen, SANS Faculty Fellow
- Forensics 508: Advanced Computer Forensic Analysis and Incident Response with Rob Lee, SANS Faculty Fellow
- Forensics 558: Network Forensics with George Bakos, SANS Certified Instructor
* Courses that align with the DoD 8570 Directive
In addition to the courses above, SANS Boston 2011 will offer four short, skills-based courses. Choose a short course to round out your education and save up to 50% on your extra training. Maximize your investment with the best training your money can buy!
- MGT421: SANS Leadership and Management Competencies with Stephen Northcutt, SANS Faculty Fellow
- Security 577: Virtualization Security Fundamentals
- Security 580: Metasploit Kung Fu for Enterprise Pen Testing with Eric Conrad, SANS Certified Instructor
- MGT514: Information Security Policy in Depth with Stephen Northcutt, SANS Certified Instructor
Our attendees from SANS Boston 2010 had this to say:
SANS courses are always at least 10 times more valuable than non-SANS courses, probably due to the excellent instructors who develop and deliver superior course materials.– Laura Lombardo, AT&T
SANS never fails to exceed my expectations.– J. Crissup, Kantar
SANS is hands down the best learning experience you can buy.– Dennis Antunes, Covidien
We will be holding SANS Boston 2011 at the Hyatt Regency Boston — just one block from the Boston Common and within walking distance of attractions, shopping, and theaters. With its contemporary-style rooms, delicious dining and more, join us at the Regency for a great SANS Conference experience! Enjoy the discounted SANS rate of $194 S/D with high-speed Internet access in your room until July 14, 2011. Government per diem rooms are available with proper ID. Simply call reservations and ask for the SANS government rate. For more information about our conference city, see our SANS Insider Guide to Boston. This page features links to all things Boston, from restaurants and city history to songs and Haiku!
To follow or tweet about this event, use the hashtag #sansboston2011. Follow SANS at @SANSInstitute.
This is one conference I got my money’s worth in terms of material and instructor. SANS really is the best available.– Gary Blum, UBS Financial Services
With a reputation for being the most trusted source for information security training and an eagerness to help you meet your training objectives, SANS is the best choice for IT security education. Don’t miss this special SANS information security training event in Boston, MA this August! We hope to see you there.
Kind regards,
Stephen Northcutt
President
SANS Technology Institute, a postgraduate computer security college
Black Hat // Webcast 28 – HTTP Parameter Pollution Vulnerabilities in Web Applications
HTTP Parameter Pollution Vulnerabilities in Web Applications
// Marco Balduzzi
http://links.covertchannel.blackhat.com/ctt?kn=4&m=36625440&r=ODMwMzU3MTg2MAS2&b=2&j=MTAxNjM3NzA1S0&mt=1&rt=0
———————————–
OVERVIEW:
While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. This talk analyzes HTTP Parameter Pollution and presents the first automated system for the detection of HPP flaws in real web applications. We used this system to conduct a large-scale experiment by testing more than 5,000 popular websites and discovering unknown HPP bugs in many important and well-known sites such as Microsoft, Google, VMWare and PayPal. In this presentation we will describe the details of the architecture and of the algorithms we implemented to efficiently detect HPP vulnerabilities. We will conclude by discussing the HPP phenomenon and giving suggestions on how to prevent this novel class of injection vulnerabilities in future web applications.
———————————–
SPEAKER:
Marco Balduzzi holds an MSc. in computer engineering and has been involved in IT-Security for more than 8 years with international experiences in both industrial and academic fields. He has worked as a security consultant and engineer for different companies in Milan, Munich and Sophia-Antipolis, in South France, before joining EURECOM and the International Secure Systems Lab as Ph.D. researcher. He has attended well-known and high-profile conferences all over (Blackhat, OWASP AppSec, NDSS) and currently speaks five different languages. Being a Free Software sympathizer, in the year 2K, he cofounded the Bergamo Linux User Group and the University Laboratory of Applied Computing. In former times, he was an active member of several open-source projects and Italian hacking groups
———————————–
SPONSOR GUEST:
Patrick Vandenberg, Manager, IBM Rational Security and Compliance. As the manager of IBM Rational Security & Compliance Marketing , is responsible for the strategic marketing and execution of the Rational AppScan portfolio, part of the Application pillar of IBM Security framework. Patrick came to IBM through the acquisition of Watchfire in 2007, was an integration lead on the Ounce Labs acquisition, and brings 17 years experience in product management, product marketing, software development and sales, and most notably 12 years in the security industry. Patrick holds a degree in Systems & Computer Engineering.
———————————–
SPONSOR:
We would like to thank this month’s webcast sponsor IBM. IBM Security Solutions include an extensive portfolio of hardware, software solutions, professional and managed services offerings covering the spectrum of IT and business security risks: people and identity, data and information, application and process, network, server and endpoint and physical infrastructure. Through world-class solutions that address risk across the enterprise, IBM helps organizations build a strong security posture that helps reduce costs, improve service, and manage risk. IBM X-Force(R) Research and Development is one of the most renowned commercial security research and development groups in the world. According to a recent IBM X-Force report, 55% of vulnerabilities are Web application vulnerabilities. For more information on how IBM Rational application security software helps IT and security professionals protect against the threat of attacks and data breaches on how to address today’s biggest risks please visit us at ibm.com/security.
———————————–
Register Now!
http://links.covertchannel.blackhat.com/ctt?kn=1&m=36625440&r=ODMwMzU3MTg2MAS2&b=2&j=MTAxNjM3NzA1S0&mt=1&rt=0
———————————–
Thank you,
Black Hat Team
=========================================
(C) UBM TechWeb 2011. All Rights Reserved.
Black Hat c/o UBM TechWeb, 303 Second St., Suite 900 South Tower, San Francisco, CA 94107. UBM TechWeb, Black Hat, and associated design marks and logos are trademarks owned or used under license by United Business Media LLC, and may be registered in the United States and other countries. Other names mentioned may be the trademark or service mark of their respective owners.
Black Hat respects your privacy. This message is sent to qualified recipients who recently attended, or requested or downloaded information about either Black Hat or a related United Business Media event or publication or requested information about our events, publications and products.
Please do not reply to this email as replies are not being read.
Unsubscribe from Black Hat Webcast.
http://links.covertchannel.blackhat.com/ctt?kn=3&m=36625440&r=ODMwMzU3MTg2MAS2&b=2&j=MTAxNjM3NzA1S0&mt=1&rt=0
Privacy Policy
http://links.covertchannel.blackhat.com/ctt?kn=2&m=36625440&r=ODMwMzU3MTg2MAS2&b=2&j=MTAxNjM3NzA1S0&mt=1&rt=0
Threat Outbreak Alert: Fake Bin Laden Pictures E-mail Messages on May 13, 2011
Source: Security Intelligence Operations
Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain pictures of Osama Bin Laden The text in the e-mail message instructs the recipient to open a .zip attachment to view the pictures. However, the .zip attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID3407 and RuleID3408) may contain any of the following files:
fotos_bin_ladem_178348.zip
Fotos_bin_ladem_JPG.scr
Fotos.exe
The Fotos_bin_ladem_JPG.scr file in the fotos_bin_ladem_178348.zip has a file size of 171,008 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x16938E7E1B7D1255D9424CD83A2026D0
The Fotos.exe file has a file size of 147,456 bytes. The MD5 checksum is the following string: 0x42CDC861A38BDE79A6E7AE87ABB2DD30
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Message Body:
Os Estados uninos divulgaram enfim as fotos do Bin Laden Morto.
impressionante…
ve ai
Cisco Security Intelligence Operations analysts examine real-world e-mail traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global e-mail security threats and trends. Cisco will continue to monitor this threat and automatically adapt IronPort systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.
Cisco IronPort Virus Outbreak Filters protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. E-mail that is managed by Cisco and end users who are protected by Cisco IronPort web security appliances will not be impacted by these attacks. Cisco IronPort appliances are automatically updated to prevent both spam e-mail and hostile web URLs from being passed to the end user.
Sourcefire® National Seminar Series
| Sourcefire® National Seminar Series
Future-proof Your Network Against Advancing Cyberthreats
|
||||||
| Cyberthreats are evolving. Networks are evolving. And so are your security requirements.
Against a backdrop of cyber opponents who are faster, smarter, more prevalent, more targeted, and more elusive than ever before, how can you protect the growing number and types of operating systems, applications, services and users on your network?
Featured Speakers Include:
Oliver Friedrichs As Senior VP, Cloud Technology Group at Sourcefire, Friedrichs has a long history of driving security technology innovation. Most recently he was founder and CEO of Immunet, a leader in cloud-based security solutions. Prior to that he was director of emerging technologies at Symantec and co-founder of SecurityFocus, where he built the industry’s first early warning technology for Internet attacks. Jason Lamar As Sourcefire’s Director of Product Management—Next-Generation Firewall, Lamar is charged with leading the company’s entry into this market. He brings 15 years of expertise in firewall and cloud security technologies to his role, most recently leading firewall product management at McAfee and Secure Computing and launching the first IP-reputation enabled firewall. Threats to your network continue to evolve. Thankfully, so has your ability to stop them. Be sure to register today. |
Event Details
Date:
Tuesday, June 7th, 2011
Time:
11:30am – 2:00pm EDT
Location:
Ruth’s Chris Steakhouse
2231 Crystal Drive, 11th Floor
Arlington, VA 22202
Phone: (703) 979-7275
Please register by Tuesday, May 31st.
If you have any questions contact:
Rae Bolich, Events Manager
Dana Cooper, Events Coordinator
Do you need CPE Credits?
Sourcefire can grant 2 CPE credits for attending this Sourcefire seminar. Contact us for more information.
White House to Unveil Cyber Security Proposal
By: Reuters
White House officials Thursday planned to unveil a major legislative proposal aimed at improving U.S. cybersecurity and protecting the economy, an administration official said.
The proposal is the result of 2-1/2 years of work. U.S. computers have long been subject to hacking attacks, many of them believed to have originated in China.
“By introducing the first major cybersecurity legislative proposal for any administration, we are demonstrating President Obama’s commitment to addressing complex and systemic national vulnerabilities that place the American people and economy at risk,” the official said.
The proposed legislation is focused on improving cybersecurity for the Americans, critical infrastructure, and the federal government’s own networks and computers.
“Our proposal strikes a critical balance between strengthening security, preserving privacy and civil liberties protections, and fostering continued economic growth,” the official said.
The Obama administration would like Congress to enact a cybersecurity bill this year.
Copyright 2011 Thomson Reuters. Click for restrictions.
