|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Tue Jan 08 2008 - 13:06:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
2008 brings real opportunities for security professionals whose
technical skills are up to date (and some embarrassment for those still
using techniques from 2005 and 2006). A great place to refresh skills
is Orlando in April at SANS 2008 where we'll have 40 different long and
short courses. More data: http://www.sans.org/sans2008
*************************************************************************
SANS NewsBites January 8, 2008 Vol. 10, Num. 2
*************************************************************************
TOP OF THE NEWS
SQL Injection Attack Infects Thousands of Websites
California Expands Breach Notification Law
FAA: Dreamliner 787 Computer Systems Pose Security Risk
Al-Qaeda Offers Video Downloads Formatted for Cell Phones
THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
Teen Arrested for Alleged Israeli Website Defacements
HOMELAND SECURITY & GOVERNMENT SYSTEMS SECURITY
PA State Gov Websites Taken Down Briefly After Attacks
Flash Drive Left in Swedish Library Holds Sensitive Military Data
POLICY & LEGISLATION
19 EU Member States Have Yet to Pass Data Retention Laws
California Has New ID Theft Prevention Office
SPYWARE, SPAM & PHISHING
Sears Assailed Over Spyware and Sued for Data Exposure
COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
Sony to Offer DRM-Free Music Downloads
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
iPhone Trojan Causes Problems When Uninstalled
MISCELLANEOUS
UK TV Host Learns a Lesson About Data Exposure
LIST OF UPCOMING FREE SANS WEBCASTS
*********************** Sponsored By SenSage, Inc. **********************
In his latest report, ESG security analyst Jon Oltsik comments that,
"This slapdash approach to security management is no longer adequate".
Find out why in this informative HP-sponsored webinar based on research
with hundreds of security professionals.
Discover the latest trends and where your organization ranks in terms
of best practices and compliance.
http://www.sans.org/info/21773
*************************************************************************
TRAINING UPDATE
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS'
other top-rated courses?
- - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php
- - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************
TOP OF THE NEWS
--SQL Injection Attack Infects Thousands of Websites
(January 7 & 8, 2008)
At least 70,000 websites have fallen prey to an automated SQL injection
attack that exploits several vulnerabilities, including the Microsoft
Data Access Components (MDAC) flaw that Microsoft patched in April 2006.
Users have been redirected to another domain [u c 8 0 1 0 . c o m], that
attempted to infect users' computers with keystroke loggers. Many of the
sites have since been scrubbed. The attack is similar to one launched
last year against the Miami Dolphins' Stadium website just prior to the
Super Bowl.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=16&articleId=9055858&intsrc=hm_topic
http://www2.csoonline.com/blog_view.html?CID=33430
http://www.theregister.co.uk/2008/01/08/malicious_website_redirectors/print.html
[Editor's Note (Paller): Research published in 2006 showed that more
than 70% of web sites had vulnerabilities (25% SQL injection) because
they were written by programmers who never had to demonstrate they could
write secure web applications. If anyone still needs proof of the scale
of the problem, this massively successful attack provides it. There is
now a standardized test of web application security skills. Engaging a
programmer who has not passed the test demonstrates the kind of
negligence that leads to financial liability in attacks like the one
reported here - attacks that will surge during 2008. The exam can be
found at www.sans.org/gssp .]
--California Expands Breach Notification Law
(January 3 & 7, 2008)
California's data breach notification law, SB 1386, has been expanded
to include incidents involving unencrypted electronic medical and health
insurance data. Previously, the law applied only to financial data.
The law requires that a name be associated with the data to necessitate
breach notification, but Social Security numbers (SSNs) do not have to
be present. The law affects all state agencies and companies that do
business in the state of California. The change to the law was prompted
in part by a report from the World privacy Forum that said a quarter of
a million people become victims of medical identity theft every year.
In addition, the law now requires that organizations holding personal
health information do not disclose that information without the
patient's consent.
http://www.scmagazineus.com/California-data-breach-disclosure-law-extended-to-cover-medical-records/PrintArticle/100459/
http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2008/01/04/BUR6U9000.DTL&type=printable
[Editor's Note (Schultz): California is once again leading the way
concerning legislation requiring notification after data security
breaches. Other states will undoubtedly once again follow California's
lead. A disturbing question, however, is why the US government has not
yet passed legislation with similar provisions.
(Honan): Bravo to California for once again leading the way in data
breach notification. I wish that the EU would take positive steps to
introduce similar legislation here.]
--FAA: Dreamliner 787 Computer Systems Pose Security Risk
(January 4 & 7, 2008)
A report from the US Federal Aviation Administration (FAA) says that a
vulnerability in the onboard computer networks of the Boeing 787
Dreamliner passenger jets could be exploited to gain access to the
aircraft's control systems. The network that allows passengers on the
plane to access the Internet is connected to aircraft control,
navigation and communication systems as well as airlines' business and
support network. Boeing says it is aware of the problem and plans to
test a fix soon. The 787 Dreamliner is slated to begin service in
November 2008; the FAA is requiring Boeing to demonstrate that it has
fixed the security problem before it will allow the planes to fly. A
Boeing spokesperson says the FAA report is misleading and that "there
are places where the networks are not touching and there are places
where they are."
http://www.wired.com/politics/security/news/2008/01/dreamliner_security
http://www.theregister.co.uk/2008/01/07/boeing_dreamliner_hacker_concerns/print.html
[Editor's Note (Ullrich): if there is a place for an air gap, it is
between the aircraft's control systems and a passenger network.
(Pescatore): This is another one of those areas (like voting machines)
where an open security review would go a long way towards determining
whether there are real issues or just over-hype. There have been many
other instances (think some ATM networks going down and some trains not
leaving the station when the Windows worms hit) where "controls were in
place" between network that are "touching in some places and not others"
were completely ineffective.
(Schultz): Actually, information security problems in aircraft are by
no means limited to the ones in the Boeing 787, but the ones about which
I have become aware in the past have not been exploitable without
physical access to the computing systems. It is truly frightening to
envision scenarios in which passengers could gain unauthorized remote
access to on-board computing systems.]
--Al-Qaeda Offers Video Downloads Formatted for Cell Phones
(January 6, 2008)
USA Today and others report that al-Qaeda's media wing, al-Sahab has
started posting videos on their web sites that are formatted for cell
phone download.
http://www.usatoday.com/tech/wireless/phones/2008-01-05-alqaeda_N.htm?csp=34
http://www.textually.org/textually/archives/2008/01/018562.htm
[Editor's Note (Northcutt): The only thing that surprises me is that it
took them so long to do this. I think you can expect al-Sahab's ability
to leverage technology to increase. In the mean time, in the west, arm
chair bound desk jockey's modify Al-Qaeda style training footage to try
to make them a joke: http://www.youtube.com/watch?v=ehGlqEQSiCI
http://www.youtube.com/watch?v=Yd9vLW1D5Uw&feature=related
I would almost rather have the YouTube generation exposed to the
beheading videos, at least that way they would understand how totally
serious these folks are. Final note, great security awareness tip, a day
after Bhutto was assassinated, word spread there was a video of it, so
people everywhere started clicking blindly and of course, got their
machines infected. Let's make a 2008 New Years' resolution as a
community, somehow, someway, we will teach people to think before they
click:
http://www.vnunet.com/vnunet/news/2206379/bhutto-assassination-becomes
http://www.avertlabs.com/research/blog/index.php/2007/12/28/benazir-bhutto-assassination-new-avenue-for-spreading-malware/ ]
************************* Sponsored Links: ***************************
1) Keep your data in house. Download free data erasure and leak
prevention demo from Blancco now.
http://www.sans.org/info/21778
2) Over 450 security professional participated in the 2007 Web Security
Leadership Survey. Get the results at
http://www.sans.org/info/21783
*************************************************************************
THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
--Teen Arrested for Alleged Israeli Website Defacements
(January 1, 2008)
Police in Israel have arrested a 17-year-old in connection with hundreds
of website defacements that appear politically motivated and against
Israeli interests. The arrest is the culmination of an 18-month
investigation, prompted by a June 2006 attack in which approximately 750
Israeli websites were defaced; the targeted sites included a bank, a
hospital, and the Kadima party. A similar attack occurred in August
2007 when the Likud party's website was defaced. In both instances, most
websites were back to normal within a day. One consultant observed that
the attacks were launched with simple tools, and the sites could be
exploited because they had not been kept up to date with the most
current patches. The arrested teen is believed to be part of a larger
group of attackers.
http://www.israelnationalnews.com/News/News.aspx/124768
HOMELAND SECURITY & GOVERNMENT SYSTEMS SECURITY
--PA State Gov Websites Taken Down Briefly After Attacks
(January 4 & 7, 2008)
The state of Pennsylvania briefly took down most of its government
websites last week after it became apparent that attackers had breached
their security. A spokesperson for Pennsylvania's Office of
Administration said there is no reason to believe that anyone's personal
information was compromised. An investigation indicated that the
attacks originated from a domain registered in China.
http://www.msnbc.msn.com/id/22509653/
http://www.scmagazineus.com/Pennsylvania-government-website-back-online-after-hacking-attack-traced-to-China/article/100492/
[Editor's Note (Ullrich): This "defacement" was part of a widespread
attack against hundreds if not thousands of websites. The attack is very
similar to the attack against the dolphinstadium.com site about a year
ago. The attackers use SQL injection to place malicious javascript on
these sites. The attacks appear to be automated and government sites are
not targeted in this case. Like in the dolphinstadium case, the final
goal appears to be the theft of online game credentials. (see "SQL
Injection Attack Infects Thousands of Websites" in Top of the News,
above.)]
--Flash Drive Left in Swedish Library Holds Sensitive Military Data
(January 4, 2008)
A flash drive found in a library computer center in Sweden contains
classified NATO information. The individual who found the device gave
it to a newspaper, which in turn gave it back to the Swedish military.
The portable storage device contains information about security threats
in Afghanistan as well as information about other countries. A Swedish
military employee had notified superiors that the device had been lost;
that person could face up to six months in prison.
http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi/europe/7172440.stm
http://www.theregister.co.uk/2008/01/04/another_stick_with_military_secrets_found/print.html
POLICY & LEGISLATION
--19 EU Member States Have Yet to Pass Data Retention Laws
(January 4, 2008)
Just eight of the 27 EU member states have passed data retention
legislation as required by a February 2006 EU directive. The EU
Commission sent those countries letters of notice late last year. The
directive allows for some flexibility in implementation; the minimum
length of time data may be retained is six months, and the maximum is
two years. In Germany, where a data retention law took effect on
January 1, privacy advocates have already filed an appeal challenging
the law's constitutionality. The UK has only partially fulfilled the
directive's requirements; ISPs in the UK are exempt from the one-year
data retention requirement.
http://www.heise.de/english/newsticker/news/101312
[Editor's Note (Honan): A recent audit by the Irish Data Protection
Commissioner showed that An Garda Siochana, the Irish police force,
registered over 10,000 queries in an 18 month period under the Irish
implementation of this directive. It appears that either the privacy
advocates have grounds for their concerns or we have a bigger serious
crime and terrorism problem than believed.]
--California Has New ID Theft Prevention Office
(January 3, 2008)
California Governor Arnold Schwarzenegger has opened a new office
focused on fighting high tech identity theft. The Office of Privacy
Protection in the Department of Consumer Affairs and the state
Information Security Office have been combined to create the California
Office of Information Security and Privacy Protection. The office will
provide guidance for law enforcement, businesses and others regarding
California's "landmark consumer privacy laws." A recently released
survey from the California Public Interest Research Group (Cal-PIRG)
says that many companies are not in compliance with the state's privacy
rules and wants legislators to do something about it.
http://www.siliconvalley.com/news/ci_7869776?nclick_check=1
SPYWARE, SPAM & PHISHING
--Sears Assailed Over Spyware and Sued for Data Exposure
(January 1, 3, 6 & 7, 2008)
Sears has been accused of placing spyware on the computers of customers
who opt-in to their market research program. The software placed on the
computers tracks virtually every move the user makes on that computer
and sends it back to ComScore. Sears maintains the customers were
informed of the situation and that the information gathered is not sold.
While it is true that customers who choose to participate are warned,
the meat of the warning is found on page 10 of a 54-page privacy
statement. Some have pointed out that the practice falls short of
Federal Trade Commission guidelines established in earlier spyware
cases. In a separate issue, Sears has closed down its ManageMyHome.com
website because customers found they could view other customers'
personal data by entering names, addresses and phone numbers. A class
action lawsuit has been filed, alleging that Sears violated its privacy
policy.
http://www.suntimes.com/business/729861,sears010708.article
http://www.theregister.co.uk/2008/01/03/sears_snoopware_disclosure/print.html
http://www2.csoonline.com/blog_view.html?CID=33414&source=nlt_csonewswatch
http://www.benedelman.org/news/010108-1.html
http://www.eweek.com/article2/0,1895,2245853,00.asp
http://blog.washingtonpost.com/securityfix/2008/01/class_action_suit_alleges_sear.html?nav=rss_blog
COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
--Sony to Offer DRM-Free Music Downloads
(January 7, 2008)
On January 15, Sony BMG will begin selling music gift cards that will
allow people to download digital music files free of digital rights
management (DRM) protection. Sony is the last of the four major music
labels to offer DRM-free music online.
http://www.eweek.com/article2/0,1895,2246032,00.asp
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--iPhone Trojan Causes Problems When Uninstalled
(January 7 & 8, 2008)
A Trojan horse program that targets iPhones has been spreading. The
malware claims to be the iPhone firmware 1.1.3 prep tool, an update
users must install before they upgrade to version 1.1.3 of the iPhone
firmware. Although the program does not appear to have a malicious
payload once it has been placed on the phones, problems arise when users
try to remove it. The phony update affects components of other
applications, so when it is removed, those applications are deleted as
well. The site hosting the Trojan has been taken offline.
http://www.theregister.co.uk/2008/01/07/iphone_trojan/print.html
http://www.itwire.com/content/view/15995/1103/
[Editor's Note (Northcutt): This is reminiscent of the excellent video
Rick Farrow did for Fast Company on the iPhone. If you have an iPhone
and you have not watched this, take a look:
http://www.fastcompany.com/multimedia/2007/11/hacking-the-iphone.html
Who knows, maybe UK television personality Jeremy Clarkson can purchase
an iPhone and bet GBP 500 that no one can break into his phone for a
year. Both of these attacks required the user to browse a malicious web
site, wonder what else is possible?]
MISCELLANEOUS
--UK TV Host Learns a Lesson About Data Exposure
(January 7 & 8, 2008)
UK television personality Jeremy Clarkson put his money where his mouth
is and lost GBP 500 (US $984). Clarkson published his bank account
information to demonstrate that the media frenzy over lost HMRC data
belonging to 25 million people was unwarranted. Clarkson was certain
that no money could be transferred out of his account. However, one
reader managed to set up a GBP 500 direct debit to a UK charity. Because
of the Data Protection Act, there is no way for the bank to discover who
established the direct debit, nor is there a way to ensure that it
doesn't happen again. Clarkson has admitted he was wrong about the
potential risks inherent in data exposure.
http://news.bbc.co.uk/2/hi/entertainment/7174760.stm
http://www.sunderlandecho.com/latest-entertainment-news/Clarkson-Uturn-%20-over-identity-theft.3645707.jp
LIST OF UPCOMING FREE SANS WEBCASTS
Internet Storm Center: Threat Update
WHEN: Wednesday, January 9, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKER: Johannes Ullrich
http://www.sans.org/info/20187
Sponsored By: Core Security
This monthly webcast discusses recent threats observed by the Internet
Storm Center, and discusses new software vulnerabilities or system
exposures that were disclosed over the past month. The general format
is about 30 minutes of presentation by senior ISC staff, followed by a
question and answer period.
SANS Tool Talk Webcast: NAC - After the Honeymoon
WHEN: Tuesday, January 15, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKERS: Alok Agrawal, Jimmy Ray Purser, and Robb Boyd
https://www.sans.org/webcasts/show.php?webcastid=91714
Sponsored By: Cisco Systems
Its fair to say that NAC, or Network Admission Control, has certainly
enjoyed its day in the sun. Despite being a very real technology solving
very real problems, NAC has now moved out of the spotlight of center
stage and is firmly entrenched as a set of technologies that every
enterprise has some kind of an opinion on. Whether you have deployed
some type of NAC solution today, have plans for it in the future or
perhaps are truly wondering what the heck we are talking about.this
conversation is for you. The problems can be pretty easy to understand
but the devil is in the details - we promise to sort through the details
in this interactive conversation. Please join Robb Boyd from Cisco's
TechWiseTV as he welcomes his panel of experts, Jimmy Ray Purser, Chief
Geek for Cisco's TechWiseTV and Alok Agrawal, Manager of Technical
Marketing from Cisco's NAC Business Unit.
SANS Ask the Expert Webcast: Going beyond log management to solve
security, risk and audit challenges
WHEN: Wednesday, January 23, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKERS: Dave Shackleford and Vijay Basani
http://www.sans.org/info/20202
Sponsored By: eIQnetworks
In this webcast, learn the benefits of going beyond log management to
perform end-to-end correlation and analysis, how compliance can tie into
the use of security technologies, and why the future of security
information management (SIM) systems is shaping up to integrate
security, risk and audit management onto one platform.
SANS Special Webcast: Things That Go Bump in the Network: Embedded Device Security
WHEN: Thursday, January 24, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKER: Paul Asadoorian
http://www.sans.org/info/20207
Sponsored By: Core Security
Embedded devices come into your network and appear in many different
forms, including printers, iPhones, wireless routers and network-based
cameras. What you might not realize is that these devices offer unique
opportunities for attackers to do damage and gain access to your network
- - and to the information it contains. This webcast will review known
embedded device vulnerabilities and cover how these vulnerabilities can
be used to gain control of devices, networks, and data - and, more
importantly, what can be done about it.
SANS Special Webcast: The SANS Database and Compliance Survey
WHEN: Tuesday, February 5, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKER: Barb Filkins
https://www.sans.org/webcasts/show.php?webcastid=91486
Sponsored By: Lumigent Technologies
On Feb. 5, SANS analyst Barbara Filkins uncovers the findings in the
SANS Database Auditing and Compliance Survey. Conducted over three
months, 348 respondents answered a variety of questions ranging from
their perceptions of compliance issues to security frameworks and roles
and responsibilities for data privacy protection inside their
organizations. We will also be announcing the $250 American Express card
winner from among nearly 200 respondents who signed up for our drawing.
********************************************************************
Be sure to check out the following FREE SANS archived webcasts:
Internet Storm Center: Threat Update
WHEN: Wednesday, December 12, 2007 at 1:00 PM EST (1800 UTC/GMT) FEATURED
SPEAKER: Johannes Ullrich and John Weinschenk
http://www.sans.org/info/20062
Sponsored By: Cezic http://www.cenzic.com/
This monthly webcast discusses recent threats observed by the Internet
Storm Center, and discusses new software vulnerabilities or system
exposures that were disclosed over the past month. The general format
is about 30 minutes of presentation by senior ISC staff, followed by a
question and answer period.
SANS Special Webcast: Pinpointing and Proving Web Application
Vulnerabilities with Eric Cole
WHEN: Monday, December 10, 2007 at 1:00 PM EST (1800 UTC/GMT) FEATURED
SPEAKER: Dr. Eric Cole
http://www.sans.org/info/20057
Sponsored By: Core Security
The September "Internet Security Threat Report" from Symantec reported
that 61% of all vulnerabilities disclosed in the first half of 2007 were
web application vulnerabilities. It's no wonder, since web apps are
often highly customized and can be rife with potential security holes.
Fortunately, recent advances in penetration testing products can help
you to pinpoint and prove web application security weaknesses - even in
customized apps.
SANS Special Webcast: Analyzing a Traffic Analyzer: NIKSUN
NetDetector/NetVCR 2005
WHEN: Wednesday, December 5, 2007 at 1:00 PM EST (1800 UTC/GMT) FEATURED
SPEAKER: Jerry Shenk
http://www.sans.org/info/20052
Sponsored By: NIKSUN
How deep can traffic inspection reach without hindering data flow and
how much data should it store for post-mortem analysis? Join this
Webcast to hear senior SANS Analyst Jerry Shenk go over his test results
on the NetDectector/NetVCR 2005 and features such as full packet
inspection and the ability to call up and review raw data in its native
format.
*************************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center.
Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair
of the President's Critical Infrastructure Protection Board.
Ed Skoudis is co-founder of Intelguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Intelguardians, a handler for the SANS Institute's Internet Storm
Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Bruce Schneier has authored eight books -- including BEYOND FEAR and
SECRETS AND LIES -- and dozens of articles and academic papers. Schneier
has regularly appeared on television and radio, has testified before
Congress, and is a frequent writer and lecturer on issues surrounding
security and privacy.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Mark Weatherford, CISSP, CISM, is the Chief Information Security Officer
for the State of Colorado.
Alan Paller is director of research at the SANS Institute
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Rohit Dhamankar is the Lead Security Architect at TippingPoint, a
division of 3Com, and authors the critical vulnerabilities section of
the weekly SANS Institute's RISK newsletter and is the project manager
for the SANS Top20 2005 and the Top 20 Quarterly updates.
Koon Yaw Tan is Assistant Director at Monetary Authority of Singapore
(MAS) and a handler for the SANS Institute's Internet Storm Center.
Gal Shpantzer is a trusted advisor to several successful IT outsourcing
companies and was involved in multiple SANS projects, such as the
E-Warfare course and the Business Continuity Step-by-Step Guide.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
Roland Grefer is an independent consultant based in Clearwater, Florida.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkeDwOoACgkQ+LUG5KFpTkYNkQCffqB/QxzNG2A/4zI8t6dRbg7q
tu0AoIpC7KYpIXdosVgZ8tGO/KXR/CtN
=vNiZ
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]