SANSFIRE 2011 in DC
Information taken from SANS website.
If you like what the SANS Internet Storm Center (ISC) provides to the cyber security community, then you will love SANSFIRE! SANSFIRE 2011 is the one annual training event powered by the ISC. This years event will be held in Washington DC, July 15-24, and includes more than 25 courses and dozens of up-to-the-minute field reports from ISC handlers.Each evening, the ISC handlers share riveting talks on their most interesting experiences and newest cyber hazards. These special presentations are free to everyone who attends a course at SANSFIRE 2011.
SANSFIRE 2011 hosts world-class instructors teaching top-quality SANS courses covering penetration testing and hacker exploits, security, management, wireless, forensics, secure coding, and much more. See our Event-at-a-Glance page for the whole list of courses and links to course descriptions. We also have 11 one-and two-day courses to round out your training, which if taken with a five- or six-day course, will be available at approximately 50 percent of the normal tuition fee.
All SANS courses directly address the kinds of incidents reported by the Internet Storm Center in their daily diaries. And, it’s a SANS promise that what you learn you’ll be able to apply immediately back at the office. Last year’s SANSFIRE attendees told us:
SANSFIRE has been the best learning experience in my career as a security professional.
– Mohamid Narin, Verizon Business
SANSFIRE was a great venue for learning, networking, and realizing potential future career opportunities.
– Curtis Kozielec, State of DE-DTI
I got lucky and hit the SANS lottery having Stephen Northcutt as the instructor. This is a week that I thought would drag. Maybe it was the nice hotel. Maybe it was the goodies. Most of the week was spent in class. Get the picture.
– Eric Peiffer, Defense Logistics Agency
Our conference location is the Hilton Washington & Towers. Discounted room rates of $215 S/D are available for SANS students through June21. Government per diem rooms are available with proper ID. You must call the hotel and specifically ask for this rate (1-800-HILTONS). These special SANS rates include high-speed internet in your room. See our Event Location page to learn for about this hotel and its surroundings.
SANS training is the best there is. Conferences are always smooth running and well planned. Events are good or great, amenities are complete.
– Jonathan Schulman, U.S. Army Data Center Fairfield
Plus, register for SANSFIRE 2011 by June 1, and you can receive a $400 tuition fee discount.
You won’t want to miss SANSFIRE 2011!
Marcus Sachs
Director, SANS Internet Storm Center
Johannes Ullrich,
Chief Research Officer, SANS
P.S. If you are not part of the active defensive community, we appreciate your continued support by submitting your logs and helping us make a difference.
Free SANS Webcasts Powered by vLive!
The SANS Institute <Webcast@sans.org wrote:
Please join us in the upcoming weeks for the following informative, free SANS webcasts powered by vLive!, the SANS Institute’s online learning platform:
WEBCAST 1
Internet Storm Center: Threat Update
WHEN: Wednesday, May 11, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Johannes Ullrich
https://www.sans.org/webcasts/isc-threat-update-20110511-94088
Sponsored By: Core Security Technologies http://www.coresecurity.com/
This monthly webcast covers recent threats observed by the Internet
Storm Center, and discusses new software vulnerabilities or system exposures that were disclosed over the past month. The general format is about 30 minutes of presentation by senior ISC staff, followed by a question and answer period.
WEBCAST 2
XSS and XSRF: Combining Flaws to Own the World
WHEN: Friday, May 13, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Kevin Johnson
https://www.sans.org/webcasts/xss-xsrf-combining-flaws-world-94528
In this presentation, Kevin Johnson of Secure Ideas will explore the combination of two exploits common within modern applications. This use of the two flaws together is useful within a web application penetration test to demonstrate the risk they expose to an organization.
WEBCAST 3
Debunking Continuous Monitoring Myths
WHEN: Tuesday, May 17, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Eugene E. Schultz and Steve Johnston
https://www.sans.org/webcasts/debunking-continuous-monitoring-myths-94408 Sponsored By: Tripwire http://www.tripwire.com/
There are many myths floating around about continuous monitoring of
government systems. In this webcast, senior SANS analyst, Eugene
Schultz, PhD, debunks the myths that are holding organizations back
from getting started on their continuous monitoring efforts. For
example, continuous monitoring doesn’t always mean continuous, and
real-time doesn’t mean always real-time.
WEBCAST 4
Application Whitelisting Stops Stuxnet, APTs, and the Common Cold! (Time for a Reality Check)
WHEN: Thursday, May 19, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: John Strand & Dan Teal
https://www.sans.org/webcasts/application-whitelisting-stops-stuxnet-apts-common-cold-time-reality-check-94488
Sponsored By: Coretrace http://www.coretrace.com/
Application whitelisting’s security and control benefits are well known, but how does the approach really help thwart today’s sophisticated threats better than traditional blacklisting–and what does the promising technology NOT address?
Please join John Strand and Dan Teal, CTO & founder of CoreTrace, for an honest, marketing-free and spirited debate about that very subject.
WEBCAST 5
Auditing Routers: Lurking Risks, Hidden Horrors
WHEN: Monday, May 23, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: David Hoelzer
https://www.sans.org/webcasts/auditing-routers-lurking-risks-hidden-horrors-94533
The routing infrastructure that supports our information infrastructure is critical to the normal operation of an enterprise. This section will cover the major concerns, most common issues, potential impacts and specific audit activities to help you to successfully review the security of routers in a network.
WEBCAST 6
Security of Applications: It Takes a Village
WHEN: Tuesday, May 24, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Dave Shackleford & Brad Arkin
https://www.sans.org/webcasts/security-applications-takes-village-featuring-dave-shackleford-brad-arkin-94483
Sponsored By: Adobe Systems, Inc. http://www.adobe.com/
In this webcast, learn first-hand what vendors like Adobe deal with when maintaining their applications in this age of advanced, zero-day
threats against their applications. The webcast will also compare how users of these applications can improve their reaction to newly-discovered vulnerabilities with version standardization, improved assessment, and better patching and response cycles.
Register for this webcast and receive advance copy of the associated whitepaper written by Dave Shackleford.
********************************************************************
Did you miss an important SANS webcast event?
Click below for a list of archived webcasts Available on demand today.
http://www.sans.org/webcasts/archive.php
********************************************************************
Click here to subscribe to the SANS webcast RSS feed
http://feeds.feedburner.com/SansInstituteWebcasts
********************************************************************
SANS webcasts are powered by vLive!, the SANS Institute’s online
learning platform. For a complete listing of SANS courses offered on
the vLive!
platform please visit https://www.sans.org/info/53763.
*******************************************************************
SANS is pleased to announce our new Training and Events Calendar – an
easy way to see what opportunities are available to you during the
coming month! The current calendars are now available for download
from http://www.sans.org/info/7926.
**************************
SANS Institute, 8120 Woodmont Ave., Suite 205, Bethesda, MD 20814-2743
May issue of BSD magazine- Embedded BSD: FreeBSD and Alix
Emailed to us from BSD Magazine:
The May issue of BSD magazine is out and full of new content. :)
We warm up with Michael Hernandez and his Introduction to Z Shell followed by the Developers Corner. There you will find Dru Lavigne’s article about PC-BSD 9.0 Multiple Desktop Support, more DragonflyBSD news from Justin C. Sherrill (including information about new DragonflyBSD 2.10) and an article about „Evolution of an OpenBSD port” by Ian Darwin.
What will you find in this week How To’s? Same as the last year in May, this month’s cover story is related to Embedded BSD. Bill Harris presents his work with using FreeBSD as the OS on Alix platform. Jared Barneck will show how to simplify application development on FreeBSD using Mono in the article of the same title.
Next you will find the sixth and unfortunately the last article from Rob Somerville’s Drupal series followed by another Bill Harris’ How To: „Backups – Made Easy”.In the end of this section we will read how to fight DDoS attacks using PF from an article written by Matthieu Bouthors.Then Darrel Levitch and James P. Howard II will show us some tricks and Sufyan bin Uzayr will „compare” BSD and GPL licences in the Let’s Talk section.Before we close the issue we will hear more about embedded software in Ryan Philips’ „Allocating Dynamic Memory with Confidence” article.
I hope you will find all these articles informative and entertaining. Big thanks to all of our Authors, proofreaders and betatesters – their work is what makes this magazine better.
Link to download 05/2011: http://bsdmag.org/
Introduction to the Z Shell
Michael Hernandez
In this modern age of computing, we are offered many choices with regard to how we might interact with our machines.
Supporting Multiple Desktops in PC-BSD 9.0
Dru Lavigne
Beginning with version 9.0, PC-BSD will allow the selection of multiple desktops during installation. This article describes what changes were needed to allow for multiple desktop support and how you can help the PC-BSD project in this endeavour.
Evolution of an OpenBSD Port
Ian Darwin
In this article I’ll talk about the evolution of the OpenBSD port of radicale (http://www.radicale.org/), a nice small, simple CALDAV-based calendar server written in Python by Guillaume Ayoub.
FreeBSD & Alix – A pint sized install of an Enterprise OS
Bill Harris
The embedded device or Single Board Computer (SBC) market has for the most part, been dominated by variety of Linux derivatives.
Mono (C# and the .NET Framework) on FreeBSD
Jared Barneck
The .NET Framework and the C# language have simplified the software development process in many ways.
Drupal on FreeBSD part 6
Rob Somerville
In this last article in the series on the Drupal Content Management System, the author looks back at what has been covered in previous 5 articles and shares his real world experience with Drupal.
Backups – Made Easy – A fast to solution to a real problem
Bill Harris
When have to do a major Operating System or Application upgrade, this script and server with big disks, will get the job done.
Fighting DDoS Attacks with PF
Matthieu Bouthors
For a long time, Denial of Service attacks were disregarded, as they were considered to be the work of script kiddies. Things have changed, these attacks are now massively distributed in order to be more efficient and have serious goals.
The MacOS X Command Line
James P. Howard II
My wife thinks I bought my Mac laptop to use as a status symbol. But every hacker knows I bought it because I wanted a decent Unix laptop.
Implementing OpenSMTPD
Darrel Levitch
OpenSMTPD is one of the mail servers included with OpenBSD. Configuring OpenSMTPD is more readily under-stood and comparatively less complex than configuring Sendmail.
License Wars!
Sufyan bin Uzayr
When I sat down to brainstorm on this month’s article, I decided to write about something out of the ordinary. Obviously, the topic had to be related to BSD, yet, I was determined to touch upon something that is a bit above than just being geeky. Why? Simply to make BSD fanatics proud, and at the same time show non-BSD fans how great the world of BSD is!
Allocating Dynamic Memory with Confidence
Ryan Phillip
Embedded software applications face many challenges that are not present on desktop computers. A device with a dedicated function is expected to perform that function consistently, no matter how complex the task is at the software level.
BSDmagazine is still looking for people with knowledge about building emedded systems
If you are familiar with this topic please write to us (editors@bsdmag.org) !
Best regards,
BSD Magazine Team
www.bsdmag.org
Zbigniew Puchciński
zbigniew.puchcinski@bsdmag.org
Cyberbullying Can Have Sad Results [Video]
Cyberbullying continues to be a growing issue with our youth. In the video below, parents talk about the sad results of cyberbullying that is become too common in recent years.
“Cyberbullying” is when a child, preteen or teen is tormented, threatened, harassed, humiliated, embarrassed or otherwise targeted by another child, preteen or teen using the Internet, interactive and digital technologies or mobile phones. It has to have a minor on both sides, or at least have been instigated by a minor against another minor (WiredKids, 2011).
Visit msnbc.com for breaking news, world news, and news about the economy
Reference
What is cyberbullying, exactly? Retrieved from: http://www.stopcyberbullying.org/what_is_cyberbullying_exactly.html
10 Reasons to Attend TakeDownCon Dallas 2011
For more information on TakeDownCon and special discounts click here.
#1: First in the world. Be among the first to be part of a brand new technical IT security conference series. TakeDownCon is set to be the preferred no-frills learning and sharing platform for infosec professionals.
#2: Focused and highly technical program. TakeDownCon Dallas features a well-designed program (30 sessions over 2 days!) covering a wide spectrum of IT security topics relevant to the current information security landscape. See Program HERE.
#3: Excellent speakers line-up. The event will feature some of the best IT security experts (34 speakers over 2 days!) who will present findings from in depth researches and showcase cutting edge technical demonstrations. See Speakers HERE.
#4: Earn your ECE/CPE credits. Continuing education is essential for all professionals to maintain standards. Participate in TakeDownCon to keep your certification status up to date. Earn up to 9 credits a day.
#5: Platform to acquire the skills and knowledge. Expand and empower your own information security knowledge by embarking on quality training. TakeDownCon offers a suite of certification and technical training that will suit your requirements. See Training HERE.
#6: Great networking and sharing venue. Opportunity to network with the best subject matter experts in person and exchange your experiences. One can only gain valuable insights from networking by sharing information with your peers and other professionals.
#7: Learn lockpicking skills. Debut of Nite Locks et All. A lockpicking village for attendees to try their hands on picking different type of locks.
#8: Speed Hack Competition. A brand new type of hacking competition testing not just your skills, but speed as well.
#9: Free Penetration Testing and Ethical Hacking Tools. All TakeDownCon attendees will get a 30-day Metasploit Pro with 3 user team collaboration license, generously sponsored by Rapid7; and also Live Hacking Distro, sponsored by LiveHacking.com.
#10: Win an iPad 2 and more. There will be one iPad 2 to be won each day, and lots of other attractive giveaways, during the daily end-of-day raffle draws.
So here are 10 good reasons for you to join us at TakeDownCon Dallas. Don’t hesitate, REGISTER NOW, and be part of history in the making.
We look forward to see you in Dallas.
Leonard Chin
leonard@eccouncil.org
Conference Director – TakeDownCon Dallas 2011
About TakeDownCon Dallas
TakeDownCon is a brand new information security conference series, created by EC-Council. This highly technical information security conference series differs from others. TakeDownCon Dallas will be held at the Intercontinental Dallas, from May 14 – 19, 2011. The theme of this first in the series is “Taking Down Security”, focusing on attack and defense vectors. World class experts will demonstrate and showcase how security systems can be taken down with ease. This 2 days conference, in a very casual and relaxed setting, is targeted towards information security researchers, engineers and technical professionals. http://www.takedowncon.com
Splunk Live! – Washington, DC Thursday, May 12, 2011
From a Splunk E-Mail:
“What makes us more secure is real-time security monitoring – continuous monitoring – and acting on data.”
–Vivek Kundra, Federal CIO
The IT systems and infrastructure that run your organization generate massive volumes of data every millisecond of every day. This machine data contains a definitive record of all user transactions, customer behavior, machine behavior, security threats, fraudulent activity and more.
Join us May 12 for SplunkLive! in Washington DC – CTO and Co-founder, Erik Swan will be there to talk about the Splunk roadmap then Splunk experts will highlight how more than 2,300 organizations around the world are using Splunk to achieve end-to-end IT visibility and the benefits Splunk helps deliver to their organizations. Splunk customers and partners from DOE, DOJ, NASA, Treasury Department, Deloitte, and Intelligent Decisions will discuss how they leverage Splunk for Operational Intelligence.
The Splunk opening session will be delivered by Tony Ayaz, VP, Splunk Federal, and keynote will be delivered by Lt. Gen. Harry D. Raduege, chairman of the Deliotte Center for Cyber Innovation. Lt. Gen. Raduege retired after serving 35 years in the U.S. military, having worked in various areas of technology, including telecommunications, space, information and network operations. In his last position as director of the Defense Information Systems Agency, he led Department of Defense net-centric operations and directed planning, engineering and implementation of interoperable communications and intelligence systems.
Register now to reserve your seat.
When:
Thursday, May 12 2011
- 9:00am to 10:00am – Breakfast and Splunk Overview
- 10:00am to 11:30am – Keynote Sessions
- 12:00pm to 1:00pm – Lunch and Customer Panel Discussion
- Track 1: Splunk for Operational Intelligence
- Session A: 1:30-2:30pm – Splunk for Virtualization
- Session B: 2:45-3:45pm – Splunk for Big Data & High Performance Computing
- Track 2: Splunk for Security and Compliance
- Session A: 1:30-2:30pm – Continuous Monitoring
- Session B: 2:45-3:45pm – Splunk and SIEM Technology
- Track 1: Splunk for Operational Intelligence
- 4:00pm to 5:00pm – Technical Workshops
- Getting Started User Training
- Advanced User Training
- 5:00pm to 6:00pm – Happy Hour and Partner Solution Showcase
- BigFix, Cisco, FireEye, SendMail, Solera, VMware, & FISMA for Continuous Monitoring App
Where:
Hyatt Regency Crystal City
Regency E and F
2799 Jefferson Davis Highway
Arlington, VA 22202
USA
T: 703.418.1234
Hotel Website
