From: The SANS Institute (NewsBitessans.org)
Date: Fri Mar 14 2008 - 13:04:01 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A powerful trend story this week can be fund in the "WORMS, ACTIVE
EXPLOITS, VULNERABILITIES & PATCHES" section where you'll note *all* of
the stories are about application vulnerabilities, not system or network
vulnerabilities. The problem is not just that attackers are exploiting
commercial applications you buy. It's even more critical to fix
applications, especially web applications, you write or have written for
you. With the 10,000 additional infected web sites reported here, the
2008 number of exploited web sites passes the 100,000 mark. If you run
one of those sites, your visitors, who trusted you, are being infected;
and the damage is *much* worse, on average, than disclosing their
personal information. Many of the organizations that have moved to
improve application security are getting together in Las Vegas at the
end of May to share the lessons they learned and to learn about some new
data demonstrating which application security tools work best.
More information at: http://www.sans.org/info/25753

Correction: In the last issue I implied that the only way to ensure your
penetration testing skills and tools are up to date is to attend the
SANS Penetration Testing Course. That, as several readers pointed out,
is obviously false; we could not have developed the course if people
like Ed Skoudis hadn't already found the best new tools and techniques,
and learned how to use them effectively.
                                       Alan

*************************************************************************
SANS NewsBites March 14, 2008 Vol. 10, Num. 21
*************************************************************************
TOP OF THE NEWS
  Senate Subcommittee Confirms FISMA's Shortcomings
  NATO Equates Cyber Attacks to Missile Attacks
  Publishers Starting to Drop DRM from eBooks
THE REST OF THE WEEK'S NEWS
COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
  BBC Fixes iPlayer Streaming Hole
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
  10,000+ Web Pages Infected with Malicious JavaScript
  Proof-of-Concept Code Posted for Unpatched RealPlayer Flaw
  US-CERT Warns of Critical Flaws in Adobe Form Designer and Form Client
  Microsoft Patch Tuesday Focuses on Office Suite
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
  Harvard Grad School Applicants' Data Compromised
  Lost and Found Memory Stick Holds Police Data
  40,000 NY Insurance Subscribers' Data on Lost Computer
STATISTICS, STUDIES & SURVEYS
  IT Managers Say Security Most Important Skill, but Wireless is Climbing
       the List
MISCELLANEOUS
  Paper: Wireless Internal Medical Devices Can be Hacked
LIST OF UPCOMING FREE SANS WEBCASTS

*********************** Sponsored By SANS ****************************

The Application Security Summit June 2-3 is a user-to-user,
non-commercial conference on What Works in Application Security. It is
the only place where you can learn about the strengths and weaknesses
of competing technologies and where users share the lessons they learned
about how to make applications secure.
http://www.sans.org/info/25753

***********************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
 - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad
    bonus sessions and a huge exhibition of security products:
       http://www.sans.org/sans2008
 - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08
 - San Diego (5/9-5/16) http://www.sans.org/securitywest08
 - Toronto (5/10-5/16) http://www.sans.org/toronto08
 - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

TOP OF THE NEWS
 --Senate Subcommittee Confirms FISMA's Shortcomings
(March 13, 2008)
At a Senate subcommittee hearing on Wednesday, March 12, witnesses
testified that the Federal Information Security Management Act (FISMA)
is not necessarily an accurate measure of IT security. Even though
government agencies have reported improved compliance with FISMA
requirements, agencies are still experiencing system infiltrations and
data losses. According to Cyber Security Industry Alliance president
Tim Bennett, "A high FISMA grade doesn't mean the agency is secure, and
vice versa. That is because FISMA grades reflect compliance with
mandated processes: they do not, in my view, measure how much these
processes have actually increased security." OMB and GAO officials
confirmed the failure of FISMA compliance to improve security, with
E-Gov chief Karen Evans saying that agencies that do the work just to
meet OMB requirements are just pushing paper.
http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn_daily&story.id=45957
[Editor's note (Schultz): The most fundamental problem with FISMA
compliance is that, for FISMA, producing paperwork is more important
than having a genuine understanding of the risk an organization's
information and information processing resources face and then
implementing suitable security controls. The fact that there is little
relationship between outcomes of FISMA audits and the number of security
breaches experienced should thus not be any kind of surprise.]

 --NATO Equates Cyber Attacks to Missile Attacks
(March 7, 2008)
Suleyman Anil, Nato's cyber defence chief, said a determined cyber
attack on a country's online infrastructure would be practically
impossible to stop. Nations need to focus on improving their ability to
quickly recover and get systems back online, an area in which nearly all
countries were currently weak. NATO will develop an action plan for
dealing with infrastructure attacks on its members at a state summit in
Bucharest next month.
http://software.silicon.com/security/0,39024655,39170263,00.htm

 --Publishers Starting to Drop DRM from eBooks
(March 3, 2008)
In an effort to increase interest in electronic books, some publishers
are beginning to remove DRM protection from their audio book downloads.
The elimination of the copyright protection technology will allow users
to transfer the ebooks between various devices and even share them with
other people. Random House was the first to announce its intention to
cease the use of DRM software. Penguin appears ready to do the same,
and Simon & Schuster Audio plans to release 150 titles free of DRM
technology some time this spring.
http://www.nytimes.com/2008/03/03/business/media/03audiobook.html?_r=1&oref=slogin&pagewanted=print

************************** Sponsored Links: ***************************
1) PacketMotion delivers unprecedented visibility and real-time control
of insider threats. Learn more and first 100 respondents receive a
complementary Elsevier book "Insider Threat" - $35 value.
http://www.sans.org/info/25758

2) Free Biometric Security White Paper. Implement strong, compliant
security policies and make user's lives easier.
http://www.sans.org/info/25763

3) More than 50% of latest online scams are hosted on compromised web
sites. New report has the details.
http://www.sans.org/info/25768
*************************************************************************

THE REST OF THE WEEK'S NEWS
COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
 --BBC Fixes iPlayer Streaming Hole
(March 13, 2008)
The BBC has fixed a hole in its iPlayer streaming site that allowed
users to get television program downloads free of digital rights
management (DRM) technology. The content was intended to be only for
iPhones and iPods, but users had discovered a way to save the programs
to hard drives and share them.
http://www.theregister.co.uk/2008/03/13/iplayer_iphone_drm_loophole_closed/print.html
http://news.bbc.co.uk/2/hi/technology/7293988.stm

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
 --10,000+ Web Pages Infected with Malicious JavaScript
(March 13 & 14, 2008)
More than 10,000 web pages have been infected with JavaScript code that
redirects site visitors and attempts to steal passwords to online games.
A similar attack targeted visitors to the Miami Dolphins football team
and stadium websites in the days before the 2007 Super Bowl. For the
most part, exploits target known vulnerabilities, so if users have been
vigilant about patching their systems, they are largely protected
against the attack. However, some of the exploits target ActiveX
controls in online games and other more obscure programs.
Internet Storm Center: https://isc.sans.org/diary.html?storyid=4067
http://www.computerworld.com.au/index.php/id;257178610
http://www.theregister.co.uk/2008/03/13/mass_compromise/print.html

 --Proof-of-Concept Code Posted for Unpatched RealPlayer Flaw
(March 11 & 12, 2008)
Users are being urged not to use RealPlayer on Internet Explorer (IE)
until a patch is released for a code execution flaw. The heap overflow
vulnerability affects all versions of RealPlayer that run on IE. The
problem lies in the RealPlayer ActiveX control rmoc3260.dll; users can
run RealPlayer in browsers that do not support ActiveX. The person who
found the flaw has posted proof-of-concept code to the Internet.
Internet Storm Center article: http://isc.sans.org/diary.html?storyid=4120
http://www.theregister.co.uk/2008/03/12/realplayer_bug/print.html
http://www.zdnetasia.com/news/security/0,39044215,62038863,00.htm
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=operating_systems&articleId=9067859&taxonomyId=89&intsrc=kc_top

 --US-CERT Warns of Critical Flaws in Adobe Form Designer and Form Client
(March 11 & 12, 2008)
The US Computer Emergency Readiness Team, (US-CERT) has issued a warning
about critical buffer overflow flaws in Adobe Form Designer and Advanced
Form Client ActiveX controls. The flaws affect version 5.0 of both
products. Users are urged to apply Adobe's update. Users could also
disable ActiveX or the Adobe Form ActiveX controls in Internet Explorer.
The vulnerabilities can be exploited by manipulating users of vulnerable
systems into loading maliciously crafted HTML files in their web
browsers.
http://www.eweek.com/c/a/Security/Critical-ActiveX-Flaws-Haunt-Adobe-Designer/
http://www.kb.cert.org/vuls/id/362849
http://www.adobe.com/support/security/bulletins/apsb08-09.html

 --Microsoft Patch Tuesday Focuses on Office Suite
(March 11 & 12, 2008)
On Tuesday, Microsoft released four security bulletins to address a
dozen vulnerabilities. All four of the bulletins are related to
Microsoft Office products. The most serious, MS08-014, addresses
vulnerabilities in Excel that are already being actively exploited.
MS08-015 also addresses a critical remote code execution flaw in
Outlook.
http://www.theregister.co.uk/2008/03/12/march_patch_tuesday/print.html
http://www.gcn.com/online/vol1_no1/45949-1.html?topic=security&CMP=OTC-RSS
http://www.eweek.com/c/a/Security/Patch-Tuesday-Plugs-Excel-Security-Holes/
https://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx
http://isc.sans.org/diary.html?storyid=4124

ATTACKS, INTRUSIONS, DATA THEFT & LOSS
 --Harvard Grad School Applicants' Data Compromised
(March 13, 2008)
An attacker stole a file containing personally identifiable information
of approximately 10,000 applicants to Harvard's Graduate School of Arts
and Sciences. The file has reportedly been posted to a BitTorrent site.
The compromised data include names, addresses, test scores, school
records, and in roughly 6,600 cases, Social Security numbers (SSNs).
The breach affects individuals who applied to the school for admission
in the fall of 2007 as well as graduate student housing applicants for
the academic years 2006-07 and 2007-08. A note was added to the file
by someone claiming the data exposure is meant to demonstrate that the
Harvard server's admin did not take adequate security precautions.
Affected students and applicants have been notified of the breach.
http://www.news.com/8301-10789_3-9893174-57.html?part=rss&subj=news&tag=2547-1_3-0-20
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9068221&intsrc=hm_list

 --Lost and Found Memory Stick Holds Police Data
(March 13, 2008)
A passerby in Hertfordshire, England found a memory stick in the gutter
that contained confidential police information. The unencrypted data
included the names and addresses of offenders as well as the types of
vehicles they drive and details about their offenses. A police
spokesperson acknowledged that a device was lost on March 5 and turned
in several hours later.
http://www.thecomet.net/content/comet/news/story.aspx?brand=CMTOnline&category=News&tBrand=herts24&tCategory=newscomnew&itemid=WEED13%20Mar%202008%2010%3A22%3A10%3A867

 --40,000 NY Insurance Subscribers' Data on Lost Computer
(March 11, 2008)
Forty thousand members of HealthNow New York have been notified that
their personal information was on a laptop that has been missing for
several months. The data include names, dates of birth, SSNs, employer
group names and health insurance identifier numbers, but not health or
medical claim information. HealthNow does not plan to issue new
identification numbers to all affected members, but will comply with
individuals' requests to do so. The laptop was not encrypted, and the
organization has severed the computer's access to the corporate network.
http://www.buffalonews.com/145/story/296415.html

STATISTICS, STUDIES & SURVEYS
 --IT Managers Say Security Most Important Skill, but Wireless
is Climbing the List
(March 13, 2008)
A survey of more than 3,500 IT managers found that 73 percent say that
security, firewalls, and data privacy are the most important skills for
IT professionals to have. However, just 57 percent say their employees
possess adequate competence in these skills. Fifty-five percent of
those surveyed said that mobile, wireless, and RFID skills will top the
list within the next five years.
http://software.silicon.com/security/0,39024888,39170362,00.htm

MISCELLANEOUS
 --Paper: Wireless Internal Medical Devices Can be Hacked
(March 12 & 13, 2008)
Researchers have demonstrated that it is possible to hack into internal
medical devices. Specifically, they published a paper describing how a
wireless combination pacemaker and defibrillator can be attacked. The
exploit could expose personal medical information to the attacker as
well as allow them to control the device, potentially inducing
ventricular fibrillation. The researchers say they are not trying to
scare people away from using the devices. There have been no reported
instances of any such attacks, and the likelihood of an attack is small.
Programming the wireless implanted devices requires the patient to be
in close proximity - no more than a few feet away.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206903321
http://www.heise.de/english/newsticker/news/104983
http://www.theregister.co.uk/2008/03/12/heart_monitor_hacking/print.html

LIST OF UPCOMING FREE SANS WEBCASTS

WhatWorks Webcast: PaulDotCom's Penetration Testing Dojo: Core IMPACT Style
WHEN: Tuesday, March 18, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURED SPEAKERS: Alan Paller and Paul Asadoorian
http://www.sans.org/info/24628
Sponsored By: Core Security Technologies

When beginning a security process at a consortium of non-profits, senior
network security engineer, Paul Asadoorian of Pauldotcom began looking
for a penetration testing tool that did network, web application and
social engineering tests. The tool he purchased is low on manpower use,
mostly self-maintaining and reliably proves the existence of network
vulnerabilities. Please attend this webcast to find out why Paul
selected CORE IMPACT and learn how it can help you safely perform
network, web application and end-user penetration testing.

***
SANS Special Webcast: Monthly Series: Security Insights with Dr. Eric Cole
This Month's Topic: Encryption
WHEN: Wednesday, March 19, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Dr. Eric Cole
http://www.sans.org/info/24633

Based on first-hand experience, this talk will look at areas where
encryption should be used and how to avoid common mistakes. Dr. Cole
will also identify areas where encryption should not be deployed.
Overall, this talk will provide expert knowledge of the landscape of
encryption, proper uses and common pitfalls. Register now for this free
webcast!

***
Ask the Expert: Malcode Analysis and Response: Proficiency vs. Complexity
WHEN: Thursday, March 20, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURED SPEAKERS: Matt Allen and Russ McRee
https://www.sans.org/webcasts/show.php?webcastid=91808
Sponsored By: Norman Data Defense Systems

The threat landscape changes constantly, driven in part by the "bot
economy" and changing malcode techniques. In response, incident handler
techniques must keep pace. This presentation will cover the use of
RAPIER, a security tool built to facilitate first response procedures
for incident handling. It is designed to acquire commonly requested
information and samples during an information security event, incident,
or investigation. RAPIER automates the entire process of data collection
and delivers the results directly to the hands of a skilled security
analyst. From detection and discovery, capture and containment, count
on a useful discussion meant to further your incident response
practices.

***
Tool Talk Webcast: Are You Naked? Why virtualization and service
processors are leaving traditional log management customers naked.
WHEN: Tuesday, March 25, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURED SPEAKER: Bill Johnson
https://www.sans.org/webcasts/show.php?webcastid=91798
Sponsored By: Tdi

Virtualization and on board service processors are making log management
systems obsolete and opening their customers to huge compliance issues.
All existing log management systems are based on an 'inside out' agent
based, SYSLOG and SNMP architecture. This model is obsolete in today's
datacenter. Traditional log management systems do not log all events or
watch the data center all the time, opening the door to Sarbanes Oxley,
HIPAA and other compliance risks.

***
Tool Talk Webcast: Analyzing Pen Testing Tools: Shootout at the Blackbox Corral
WHEN: Wednesday, March 26, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Larry Suto
http://www.sans.org/info/24653
Sponsored By: Fortify Software

All black box testing tools are not created equal. In the Fall of 2007,
security consultant Larry Suto published a report that evaluates the
coverage and balance between false positives and false negatives of
three popular penetration testing tools. His findings, which some found
surprising, prompted official responses from a number of tool vendors
that called into question areas of the experiment that could have led
to shaky results.

***
SANS Special Webcast: Stephen Northcutt Presents: Managing Vulnerability
Situational Awareness
WHEN: Wednesday, April 2, 2008 at 2:00 PM EDT (1800 UTC/GMT)
FEATURING: Stephen Northcutt
http://www.sans.org/info/24668
Sponsored By: Core Security Technologies

Stephen Northcutt challenges leaders to move past "Security Theater",
practices like confiscating nail files in airport security or running
vulnerability scans and taking no action or pretending a SIEM "partial
implementation" actually helps create effective security. If we want to
get better and actually implement security well one of the atomic keys
is to configure the system correctly and maintain that configuration.
Stephen will discuss the three views, the inside view, outside view and
user view that give us the information we need to assess the
configuration of our system. We can use tools like the Center for
Internet Security toolsets to create the inside view, vulnerability
scanners and exploitation tools like CORE for the outside view and to
get the user view we need to run a number of tests to determine the
level of awareness and practice. The data from all three views gives us
the ability to accurately assess our exposure to threat.

***
SANS Special Webcast: Data Leakage Landscape
WHEN: Thursday, April 3, 2008 at 1:00 PM EDT (1800 UTC/GMT)
FEATURED SPEAKERS: Barb Filkins, Robert Hemeryck and Malte Pollmann
http://www.sans.org/info/24673
Sponsored By: TrendMicro and Utimaco Software

Data leakage occurs everywhere computing is conducted - whether it be
hand-helds, USB tokens or even protected internal computers where cut,
copy and paste functions are difficult to control. Organizations need a
map of these leakage points so they can plug them and protect themselves
against regulatory violations. This Webcast discusses where and how data
leaks, what types of privacy violations these leakage points present,
and what to do about them.

Tool Talk Webcast: A Blueprint for Successful NAC Deployments
WHEN: Wednesday, April 16, 2008 at 1:00 PM EDT (1800 UTC/GMT)
FEATURING: John Curry
http://www.sans.org/info/24618
Sponsored By: StillSecure

This webinar will discuss the challenges associated with NAC deployments
and provide organizations with a blueprint on how to cost-effectively
take advantage of this critical technology. Learn first hand how your
organization can benefit from this ground-breaking technology.

SANS Special Webcast: Log Management Part II: Real-Time Event Management
WHEN: Thursday, April 17, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURED SPEAKERS: Dave Shackleford and Sunil Bhargava
https://www.sans.org/webcasts/show.php?webcastid=91753
Sponsored By: Intellitactics, Inc.

This Webcast discusses how logs and event correlation should be managed
for compliance purposes and how auditors, working closely with security
and operations teams, can help develop processes that leverage logging
and event data to measure the effectiveness of their controls.

SANS Special Webcast: Security Insights with Dr. Eric Cole
This Month's Topic: DLP
WHEN: Tuesday, April 22, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Dr. Eric Cole
https://www.sans.org/webcasts/show.php?webcastid=91793

Cyber security is all about reducing risk to critical assets. Protecting
and controlling data flow is a critical part of an organizations
security arsenal. Therefore data loss prevention would seem like a
perfect solution for reducing risk. However, just because a product is
called a data loss prevention solution, does not necessarily mean that
it properly reduces risk. Before purchasing or deploying a solution it
is critical to understand the key risks you are trying to reduce and
make sure the solution is the most cost effective way to reduce risk.
This talk will provide insight into what product features are most
valuable and which solutions should be avoided. To accomplish this it
will provide a detail understanding of the landscape and the best way
to protect data at an organization. Register now for this free webcast!

Analyst Webcast: Security and Performance on Converged Networks
WHEN: Thursday, April 24, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Dave Shackleford
https://www.sans.org/webcasts/show.php?webcastid=91764
Sponsored By: NIKSUN

Events from security and monitoring devices fire off an unmanageable
number of alarms with no way of telling how they're related, or how they
impact performance. As networks converge their video, voice and data
traffic over IP networks, these alarms will only increase, while
providing less visibility into what set them off. This Webcast discusses
what will be needed of security monitoring tools as these data, voice,
video convergence becomes ubiquitous.

SANS Special Webcast: The Little Hybrid Web Worm That Could
*** Previously scheduled for 3/6/08***
WHEN: Wednesday, April 30, 2008 at 1:00 PM EDT (1700 UTC/GMT)
http://www.sans.org/info/24614
Sponsored By: HP

This Webcast examines the possibility of hybrid web worms which use
several methods to overcome the limitations of current web worms.
Specifically the authors examine how a hybrid web worm: mutates itself
to evade defenses; updates itself with new attack vectors while in the
wild; and finds and exploits targets regardless of whether they are
client web browsers or web servers.

*******************************************************************

Be sure to check out the following FREE SANS archived webcasts:

Tool Talk Webcast: The ABC's of Dealing with Unique Network Security
Risks in a World of Open Campus Networks
WHEN: Wednesday, March 5, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURING: Brian Mehlman
http://www.sans.org/info/22979
Sponsored By: Q1 Labs

SANS Special Webcast: A Response to the "Cold Boot Attack" Announcement
WHEN: Thursday, March 6, 2008 at 3:00 PM EST (1900 UTC/GMT)
FEATURING: John Strand
https://www.sans.org/webcasts/show.php?webcastid=91884
********************************************************************

The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.

Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center.

Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair
of the President's Critical Infrastructure Protection Board.

Ed Skoudis is co-founder of Intelguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.

Tom Liston is a Senior Security Consultant and Malware Analyst for
Intelguardians, a handler for the SANS Institute's Internet Storm
Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.

Bruce Schneier has authored eight books -- including BEYOND FEAR and
SECRETS AND LIES -- and dozens of articles and academic papers. Schneier
has regularly appeared on television and radio, has testified before
Congress, and is a frequent writer and lecturer on issues surrounding
security and privacy.

Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.

Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.

Mark Weatherford, CISSP, CISM, is the Chief Information Security Officer
for the State of Colorado.

Alan Paller is director of research at the SANS Institute

Clint Kreitner is the founding President and CEO of The Center for
Internet Security.

Rohit Dhamankar is the Lead Security Architect at TippingPoint, a
division of 3Com, and authors the critical vulnerabilities section of
the weekly SANS Institute's RISK newsletter and is the project manager
for the SANS Top20 2005 and the Top 20 Quarterly updates.

Koon Yaw Tan is Assistant Director at Monetary Authority of Singapore
(MAS) and a handler for the SANS Institute's Internet Storm Center.

Gal Shpantzer is a trusted advisor to several successful IT outsourcing
companies and was involved in multiple SANS projects, such as the
E-Warfare course and the Business Continuity Step-by-Step Guide.

Brian Honan is an independent security consultant based in Dublin,
Ireland.

Roland Grefer is an independent consultant based in Clearwater, Florida.

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkfarxgACgkQ+LUG5KFpTkZo8ACfa7Njod6Gfup121qqDX6STZB5
0PsAoJr2f+Gq/QvMoGPf8UEXFpQ2Ng9I
=s9zw
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]