MGT414: SANS® +S™ Training Program for the CISSP® Certification Exam
MGT414: SANS® +S™ Training Program for the CISSP® Certification Exam will prepare you to pass the CISSP® Certification Exam. This course is an accelerated review course that focuses solely on the ten domains of knowledge as determined by ISC2. Test-taking tips and strategies are also discussed.
Each domain of knowledge is dissected into its critical components. Every component is discussed, explaining its relationship to other components and other areas of network security. After completing the course you will have a solid understanding of the ten domains of knowledge.
Eric Conrad, author of CISSP Study Guide (Syngress), will be teaching this course LIVE in a vLive! virtual classroom. The class will begin on November 1st and will meet on Monday, Tuesday and Wednesday evenings for five weeks. Don’t worry if you have to miss a night — classes will be recorded and you will be able to review the archives for SIX MONTHS.
We are excited to announce that any student who registers for MGT414 and enters promo code Connect_SecOrb10 will receive an autographed copy of Eric’s book, “CISSP(R) Study Guide”, published by Syngress. It is a great supplement to your SANS course materials! Plus you are already receiving 10% off the course by using discount code: Connect_SecOrb10.
To register please click here: https://www.sans.org/info/65313
FCC Approves the use of “White Space”, What is the Security Concern?
On September 23rd of 2010 the FCC approved the usage of “White Space” for wireless networking access. White Space is the frequency that are between television broadcast channels and many of them became free when TV broadcasters switched from analog signals to digital signals.
Supporters of “White Space” plan to use it as a Mega Wi-Fi network that can range in miles as compared to current Wi-Fi system that ranges in feet. In addition, the “White Space” Wi-Fi network would have the capability of transmitting data through walls and would be as fast as today’s broadband and DSL connections.
There is a security concern that should be examined. Currently, many homes and businesses are not implementing the proper controls to protect current wireless networks. Even today, with the limited range of the current wireless networking systems, individuals are finding open and unsecure access points on the regular. Imagine if that were to span to miles, the number of open and unsecure wireless access point expand exponential in some locations.
Now usage of “White Space” has been approved, we will start seeing some early implementation in first quarter 2011. Security professionals and security organizations need to speak with vendors so security measures are built in and are set at the time of purchase. In addition, public service announcements to businesses and consumers will help with the awareness of the matter.
“White Space” and a Possible Security Concern
The FCC will be ruling on the usage of “White Space” for wireless networking access today (9/23/2010). White Space is the frequencies that are between television broadcast channels and many of them became free when TV broadcasters switched from analog signals to digital signals.
Supporters of “White Space” plan to use it as a Mega Wi-Fi network that can range in miles as compared to current Wi-Fi system that ranges in feet. In addition, the “White Space” Wi-Fi network would have the capability of transmitting data through walls and would be as fast as today’s broadband and DSL connections.
There is a security concern that should be examined. Currently, many homes and businesses are not implementing the proper controls to protect current wireless networks. Even today, with the limited range of the current wireless networking systems, individuals are finding open and unsecure access points on the regular. Imagine if that were to span to miles, the number of open and unsecure wireless access point expand exponential in some locations.
If the ruling is approved today, we will start seeing some early implementation in first quarter 2011. Security professionals and security organizations need to speak with vendors so security measures are built in and are set at the time of purchase. In addition, public service announcements to businesses and consumers will help with the awareness of the matter.
Stuxnet was a directed attack with insider knowledge expert says
An interesting article by Steve Ragan at thetechherald.com about the Stuxnet worm. Enclosed is part of the article:
The Christian Science Monitor, citing expert analysis, ran a story on Tuesday reporting that the Stuxnet Worm was a directed attack at a nuclear power plant in Iran.
Stuxnet appeared on the scene earlier this summer, though it was written more than a year ago. The code, its mechanics, the way it moved from system to system using Zero-Day vulnerabilities in Windows, everything about it was both frightening and shady. The hype given to it was justified, if only because it was a targeted payload, aimed at critical infrastructure.
“With the forensics we now have it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge,” wrote Ralph Langner, the CEO of Langner Communications, on the company website.
Langner’s research, as well as information from other experts who have seen it, was the basis for the Monitor story. You can see the entire story on a single printer page here.
“The attack combines an awful lot of skills – just think about the multiple 0day vulnerabilities, the stolen certificates etc. This was assembled by a highly qualified team of experts, involving some with specific control system expertise.”
Based on painstaking research, Langner determined that Stuxnet was programmed to target a single system by fingerprinting it. If the system in question is the one targeted, Stuxnet launches the attack. Otherwise it will remain dormant.
When Stuxnet attacks, it intercepts code from Simatic Manager that is loaded to the Programmable Logic Controller or PLC.
You can read more over here.
Twitter Mouse-Over Flaw Send Users to Dangerous Links
On Tuesday morning September 21, 2010, Twitter.com was hacked in a very crafty way. Twitter users needed to only move their mouse cursor over links on their twitter page to be redirected without the user intervention or permission. When redirected, they would be sent to malicious and offensive destinations, such as porn sites and malware sites.
As of 9:45 a.m. EDT, Twitter had identified the exploit and are currently taking steps to recertify the matter. Twitter administrators posted:
“please message @safety if you have info regarding such an exploit. We expect the patch to be fully rolled out shortly and will update again when it is.”
Inserting a line of JavaScript into the tweet, containing the command “onmouseover”, activates the flaw. The exploit is also being used to fill and submit status updates when rolled over, leading to further issues for users.
For now, it is recommended Twitter users access the site from a third-party client, such as TweetDeck, Seesmic or their mobile devices, since they are not vulnerable to the “onmouseover” exploit.
Check out an example of the exploit below:
FCC to make ruling on “White Space” usage.
We covered this topic with Alton Drew of The Alton Drew Group on The Tech Talk Show. The discussion pertain to how “White Space” will aid in bridging the digital divide. Of course there are security implications SecurityOrb.com will cover on this topic.
Adam Carpenter of the Fort Worth Gadgets Examiner for examiner.com wrote an interesting article.
On September 23rd the FCC will vote on a new set of rules that will finally allow their planned “super WiFi” to become reality.
In 2009 the FCC voted to open up the vast amounts of “white space” frequencies that lie between television broadcast channels. The move was the first time since 1985 that the FCC has opened up a new set of unliscenced frequencies. The frequencies that were opened in 1985 are the very same ones that are currently used for current WiFi internet, many remote controls, baby monitors, cordless phones, etc. A vast amount of innovation began when the frequencies were opened then, and as FCC Chairman Julius Genachowski said “We’re hoping history will repeat itself.”
You can find the rest of the article here.
