ISACA’s Certified Information Security Manager (CISM) Certification Early Exam Registration Deadline
The 11 December 2010 CISA, CISM and CGEIT early exam registration deadline has been extended to 27 August. Register for an exam by this deadline to save US $130. After this December administration, the next opportunity to sit for the CISA, CISM or CGEIT exam will be on 11 June 2011.
Certified Information Security Manager (CISM)
The management-focused CISM is a unique certification for individuals who design, build and manage enterprise information security programs. CISM is the leading credential for information security managers..
The CISM certification promotes international practices and individuals earning the CISM become part of an elite peer network, attaining a one-of-a-kind credential.
The CISM designation is awarded to individuals with an interest in security management who meet the following requirements:
- Successfully pass the CISM exam.
- Adhere to ISACA’s Code of Professional Ethics.
- Agree to comply with the Continuing Education Policy.
- Work experience in the field of information security.
- Submit an Application for CISM Certification.
To register for a December exam, please go to www.isaca.org/examreg.
For additional information on ISACA’s world-class certifications, including reasons why you should become certified and information on ISACA’s new certification Certified in Risk and Information Systems Control, please visit www.isaca.org/certification
If you have recently registered for an exam or are currently certified, thank you and please forward this notice to a colleague that may be interested in earning a CISA, CISM, CGEIT or CRISC certification.
Key Registration Dates:
December 2010 Exam
27 Aug
Early Registration Deadline
06 Oct
Final Registration Deadline
11 Dec
Exam
June 2011 Exam
09 Feb
Early Registration Deadline
06 Apr
Final Registration Deadline
11 Jun
NOTE: 2010 is the last year that the Certified Information Systems Auditor examination will include the current CISA job practice.
Linux Security, Then and Now
A very interesting article by Keith Vanc at eSecurity Planet
Linux is inherently not a secure operating system. The reason it’s not secure is because Linux was based on the architectural design of UNIX, and the creators of UNIX didn’t care about security – it was 1969 after all.
“The first fact to face is that UNIX was not developed with security, in any realistic sense, in mind; this fact alone guarantees a vast number of holes,” Dennis Ritchie wrote in his paper, “On the Security of UNIX” in 1979.
At LinuxCon in Boston on Tuesday, Red Hat’s James Morris, a Linux kernel developer who lives in Syndey, Australia, spoke about how Linux has evolved in the last ten years to overcome the inherent lack of a security model in Linux.
The problem, Morris said, is that when UNIX was designed in the late 1960s, everyone thought we’d have flying cars by now, but instead, we have Facebook. On one hand, we’re doing things today with computers that were maybe pipe dreams 40 years, yet we’re still relying on operating systems designed decades ago.
Read more here
Facebook “Dislike” Button a Scam
Facebook has made its way in the news these past few days pertaining to a number of security and privacy related issues. As reported on SecuriyOrb.com based in the Washington DC area, collection of 100 million Facebook profiles containing user data was obtained and place into a file and posted online security consultant last week. Then a bug in Facebook’s login process revealed the full name, email address and profile picture of all 500 million Facebook account holders regardless of their privacy setting. Now, Facebook users are being targeted again in a scam that offers them a chance to install a “dislike” button. This scam has been making its way around Facebook this past weekend and it is said thousands of users have been affected, effected and infected.
The scam asks users if they would like to install a “dislike” button on their Facebook page, once they select the link the user are tricked into allowing a rogue application to access their profile page, which then begin post spam messages. The rouge application also attempts to lure the user into completing an online survey, for which the responsible party of the scam are paid money.
Facebook already offers a “like” button that allows people to rate other Facebook user’s comments and posts, but many have been requesting a “dislike” option be implemented on Facebook as well.
For the moment Facebook has not added a “dislike” button to FB profiles so if you do see a status update which states that you can get the “dislike” button right now, SecurityOrb.com ask that you should ignore it.
For more information on Facebook privacy matters and other security related topics, please visit: www.securityorb.com
Facebook Fixes Privacy Issue – Full Disclosure of User Information
On August 11, 2010, a researcher post information about a bug in Facebook’s login process that revealed the full name, email address and profile picture of all 500 plus million Facebook account holders regardless of your privacy setting. The bug has recently been repaired by Facebook, but posed enormous privacy threat for Facebook users prior to the fix being implemented.
The issue stemmed from how Facebook assist the user when they attempt to login after an unsuccessful attempt. Facebook returns a special “Please re-enter your password” page, which includes the Facebook photo and full name of the person associated with their email address. This information can be used by hackers to obtain proper information about Facebook user and can be scripted to automate the process.
What made it more interesting this bug allowed anyone, even those without an account, to obtain this information about Facebook users.
Apple’s iDevices Gets Latest Patch against Latest Jailbreak Issue
As we discussed a few days ago in a previous article titled, “Jailbreaking Apple’s Mobile iProducts Get Easier “ the eagerly awaited patch for the remote jailbreaking of iDevices was released yesterday August 11th.
Apparently, everyone was waiting for the update, while small in size and a quick download for the iPad, the same could not be said for the iPhone. The patch for the iPhone took over an hour for the 300+ MB file to be downloaded. The latest versions are now 4.0.2 for the iPhone and 3.2.2 for the iPad.
The patch has been released with no support for first generation devices; I guess that is one way to get people to upgrade to new devices and a way for Apple to increase their profit margins.
For those who jail-broke their phones on their own, if you patch your phone the device will be restored back to Apple’s specifications and no longer jail-broken.
Security experts have urge everyone, jailbreakers included, to apply Apple’s update that fixes the vulnerabilities in iOS that can be used to hijack iPhones and iPads though
Cydia jailbreak repository has another fix that allows the user to keep their jailbroken phone intact, but beware of suspicious PDF files.
The Wireshark Certification Exam
The Wireshark Certified Network Analyst Exam is NOW AVAILABLE ! The Exam is available globally in a proctored format through Kryterion. Currently the Exam is only available in English. 
The Wireshark Certification Exam was designed to confirm individual competencies in using Wireshark to locate the cause of network problems (poor performance or security-related) and confirm your knowledge of TCP/IP network communications in general.
The Exam is based on the thirty-three areas of study defined in the Exam Focus
and Content section of this document. The four primary areas covered in this
Exam are:
- Wireshark Functionality
- TCP/IP Network Communications
- Network Troubleshooting
- Network Security
To earn the Wireshark Certified Network Analyst status, you must pass a single
exam—the WCNA-100x Exam (version 100.1 is the current version).
Register for the Exam
The Wireshark Certified Network Analyst Exam is available at hundreds of testing centers around the world. You can take your Exam at a KRYTERION High-stake Online Secure Testing (HOST) location near you. To locate a local testing center, visit www.kryteriononline.com/host_locations.
The Wireshark Certified Network Analyst Exam is a closed-book Exam consisting of 100 questions. The Exam time limit is 2 hours (120 minutes). Exam questions are in true/false or multiple choice format (there is only one correct answer for each multiple choice question). Many of the questions include a Wireshark screen image.
Exam Pricing
The Wireshark Certified Network Analyst Exam cost is USD 299. The Wireshark
Certified Network Analyst Exam Practice Exam (online) cost is USD 29.
Pass/Fail Grading
The Wireshark Certified Network Analyst Exam is graded on a pass/fail basis.
Passing scores are set by using statistical analysis. At the completion of the
Exam, Candidates receive a score report along with a score breakout by Exam
section.
How to Register for Your Exam
Register for the proctored Wireshark Certified Network Analyst Exam online at
www.webassessor.com/pai.
Step-by-step Exam Registration instructions and complete Exam Preparation
recommendations are available at www.wiresharktraining.com/certification.
The Official Exam Prep Guide will be on Amazon around August 23rd – learn more
at www.wiresharkbook.com/epg.
Thanks to all of you who have been so patient as we rewrote, redesigned and
redeveloped the Exam. We are excited to see Wireshark become more popular
each month and hope the Wireshark Certified Network Analyst designation
becomes a de facto certification for all IT professionals.
Laura Chappell
—————————————————————————————————————
More information and to download the Exam Information Pack, visit
www.wiresharktraining.com/certification.
