|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Tue Aug 05 2008 - 13:30:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Two weeks until the early registration deadline for Network Security
2008 in Las Vegas - but more importantly there are still a few seats
left in the new Penetration Testing (both network and application
testing) courses and in the Hacker Exploits courses. Early registration
will make sure you get a seat. http://www.sans.org/ns2008
Alan
*************************************************************************
SANS NewsBites August 5, 2008 Vol. 10, Num. 61
*************************************************************************
TOP OF THE NEWS
FCC Vote Effectively Ends Selective Traffic Blocking
Senate Approves Amended ID Theft Legislation
THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
Dutch Police Arrest Two Brothers in Botnet Case
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Some Firewall Software Undoes DNS Patch Port Randomizing
Apple DNS Patch Doesn't Fix Client Versions of OS X
HOMELAND SECURITY & GOVERNMENT SYSTEMS SECURITY
Customs and Border Patrol Electronic Device Search Policy Raises
Privacy Concerns
COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
Judge Likely to Declare Mistrial in Jammie Thomas Case
Woman Admits to Sharing Music Files, but Says Fines are Excessive
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
Two Arrested in Connection with Theft and Sale of Countrywide
Loan Applicant Data
Former Employee Arrested in Calif. Supermarket ATM Scam
MISCELLANEOUS
Insurance Companies Using Health Databases to Make Coverage Decisions
Lawmakers Want to Know More About ISPs Use of Deep Packet Inspection
COMMENTARY
Paller on Scott Charney and Public-Private Partnerships
Northcutt On The Jammie Thomas Case
******************** Sponsored By Sourcefire, Inc. **********************
Best of Open Source Security (BOSS) Conference
February 8-10, 2009 Flamingo_Las Vegas
Be sure to register the first IT security conference dedicated to
promoting open source security (OSS) technologies and the commercial
products that embrace them.
This long overdue conference will bring together passionate OSS
advocates and vendors under the same roof to share ideas and
experiences.
For more information, visit http://www.sans.org/info/31428
*************************************************************************
TRAINING UPDATE
- - Las Vegas (9/28-10/6) http://www.sans.org/ns2008 NETWORK SECURITY 2008)
- - Boston (8/9-8/16) http://www.sans.org/boston08/
- - Virginia Beach (8/21-8/29): http://www.sans.org/vabeach08/
- - Chicago (9/3-9/10) http://www.sans.org/chicago08 AUDIT & COMPLIANCE
- - and in 100 other cites and on line any time: www.sans.org
*************************************************************************
TOP OF THE NEWS
--FCC Vote Effectively Ends Selective Traffic Blocking
(August 2, 2008)
In a 3 to 2 vote, the US Federal Communications Commission (FCC) said
that Comcast violated federal policy by throttling Internet traffic for
subscribers using BitTorrent file sharing software. No fine was
assessed. Comcast maintains its actions were within the scope of
ordinary network management practices and that it slowed traffic only
to manage the network during high traffic periods. Comcast also says
that FCC's network neutrality is a policy statement and not an
enforceable rule. The policy statement issued in 2005 is designed to
provide "widely deployed, open, affordable and accessible [broadband
networks] to all consumers." The principles are "subject to reasonable
network management," which has remained a vague term. FCC chairman
Kevin J. Martin said that Comcast was not merely managing network
traffic when it targeted a specific application to block. The FCC went
on to say that Comcast had a motive for its action; users downloading
video files through the peer-to-peer application could be perceived to
be taking business away from Comcast's video-on-demand service. The
ruling requires Comcast to make changes in the way it manages network
traffic and to make clear to its customers the methods it uses.
http://www.washingtonpost.com/wp-dyn/content/article/2008/08/01/AR2008080101205_pf.html
http://www.nytimes.com/2008/08/02/technology/02fcc.html?_r=1&oref=slogin&partner=rssnyt&emc=rss&pagewanted=print
http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-284286A1.doc
[Editor's Note (Pescatore): Note that any ISP has the right to enforce
service level agreements where price plans prohibit running servers or
allow only a certain level of throughput. The issue here was Comcast
being selective about it, which is always a slippery slope. ]
--Senate Approves Amended ID Theft Legislation
(July 31, 2008)
The US Senate has unanimously approved an amended version of the
Identity Theft Enforcement and Restitution Act, sponsored by Senators
Patrick Leahy (D-Vt.) and Arlen Specter (R-Pa.). It now goes back to
the House of Representatives for consideration. The legislation
originally passed the Senate in November 2007, but stalled in the House.
The Senate tacked the legislation onto a House bill that guarantees
former Vice Presidents and their immediate families Secret Service
protection for six months after leaving office. If it becomes law, the
bill would allow identity theft victims to seek restitution for their
time and funds spent fixing their credit and other effects; allow
prosecution of thieves who impersonate a business; and give felony
status to the crime of using spyware or keystroke loggers to damage 10
or more computers. http://leahy.senate.gov/press/200807/073108a.html
http://www.scmagazineus.com/Senate-OKs-revamped-identity-theft-legislation/article/113232/
[Editor's Note (Schultz): Given how severe the consequences of identity
theft are, it is simply unbelievable that ID theft legislation has not
yet been passed in the US. I hope this time things will be different.]
*************************************************************************
THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
--Dutch Police Arrest Two Brothers in Botnet Case
(August 4, 2008)
Police in the Netherlands have arrested two brothers who allegedly
controlled an international botnet of 40,000 to 100,000 computers; just
1,100 of the compromised machines were in the Netherlands. The FBI was
involved in the investigation that led to the arrests of the brothers
and a third man who is from Brazil. The older of the Dutch brothers,
who is 19, appeared before a judge in Rotterdam last week; the younger
brother, who is 16, has been released until a later trial. The
Brazilian man is awaiting extradition to the US.
http://www.theregister.co.uk/2008/08/04/dutch_botnet_herders_arrested/print.html
[Editor's Note (Pescatore): It is not unusual to see enterprises that
look for bot clients on their PCs to find 3-7% of PCs compromised with
bot clients, even when using up to date AV and host based intrusion
prevention. This is not just a consumer problem; existing defenses and
vulnerability assessment processes need to be augmented to be effective
against such targeted threats.
(Northcutt): The two brothers will join James C. Brewer, Jason Michael
Downey, and Robert Alan Soloway as people run to ground by the Botnet
Task Force, at some point Botnet operators are going to feel that the
risk of prosecution, anywhere in the world, is great enough to give
pause.
http://www.fbi.gov/pressrel/pressrel07/botnet061307.htm
http://www.silicon.com/research/specialreports/ecrime/0,3800011283,39158294,00.htm ]
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--Some Firewall Software Undoes DNS Patch Port Randomizing
(August 4, 2008)
Firewall vendors are "scrambling" to update their products to address a
problem in the software that undoes the source port randomization
component of the recently released DNS patches. The problem lies with
some firewalls that do IP address translation. The DNS patches have
reportedly been causing some other minor problems - particularly slowing
down traffic on some servers.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9111500&intsrc=hm_ts_head
[Editor's Note (Skoudis): This one could get ugly, folks. Widely
available tools exploit this flaw to trick software update features into
installing malware, and surely the bad guys have many other equally
nasty tricks up their sleeves. And, tomorrow (August 6), Dan Kaminsky
will deliver his full presentation, which will likely provide insights
into optimizing the attack even further. Patch your DNS servers... and
push your firewall vendors on this too. If your firewall unrandomizes
the source port, someone can still poison the DNS server behind the
firewall. Ironically, such a firewall is actually weakening security
here, exposing your whole network to attack.
(Guest Editor and Internet Storm Center Handler Donald Smith): Actually
it is the PAT, Port Address Translation, function that is causing this
issue. That is often used in conjunction with NAT, Network Address
Translation, but then it should be called NAT/PAT. The functions are
separate logical functions even if used together in most NAT/PAT
implementations.
http://en.wikipedia.org/wiki/Network_address_translation
- From http://isc.sans.org/diary.html?storyid=4687
"The patch will impact your server performance. Test carefully before
patching a very busy server. Internet Storm Center (isc.org) mentions
10,000 queries/sec as a problem. "
- From http://isc.sans.org/diary.html?storyid=4777
"Home firewall NAT devices are also proving to be vulnerable as many
don't seem to randomize the source port."
- From http://isc.sans.org/diary.html?storyid=4780
Conclusion: So is this bad: yes, it is unless your DNS clients,
name-servers and the name-servers you forward to are up-to-date on
patches, and your NAT devices (routers, firewalls, etc) in between do
not randomize source ports.]
--Apple DNS Patch Doesn't Fix Client Versions of OS X
(August 1, 2008)
Apple released a patch for the recently disclosed and exploited DNS
vulnerability, but while it fixes Mac OS X systems used as DNS servers,
it does not protect Macs being used as client systems. Fully patched
versions of both Tiger (version 10.4.11) and Leopard (version 10.5.4)
do not adequately randomize DNS source ports. Apple released Security
Update 2008-005 on Thursday, July 31 to address 17 flaws in its OS X
operating system.
- From Internet Storm Center: http://isc.sans.org/diary.html?storyid=4810
A quick packet dump of my fully patched Leopard machine (OS X 10.5.4)
shows it is - as a DNS client - still using incrementing ports.
http://www.theregister.co.uk/2008/08/01/osx_still_vulnerable/print.html
http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=209901566
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9111363&source=rss_topic17
HOMELAND SECURITY & GOVERNMENT SYSTEMS SECURITY
--Customs and Border Patrol Electronic Device Search Policy Raises Privacy Concerns
(August 1 & 3, 2008)
According to recently released documents from the US Department of
Homeland Security (DHS), federal agents have the authority to "detain"
travelers' electronic devices, including laptop computers, for an
unspecified period of time even if the traveler is not suspected of any
wrongdoing. In addition, the devices' contents may be shared with other
entities, including those who provide translation or decryption
services. The policies emphasize the necessity of protecting
proprietary business and privileged attorney-client information, but
there is no mention made of special handling for medical or financial
data. Senator Russell Feingold (D-Wis.) plans to introduce legislation
that would require reasonable suspicion for border searches and prohibit
agents from profiling travelers by race, religion or national origin.
http://www.washingtonpost.com/wp-srv/content/article/2008/08/01/laptops.html?hpid=topnews
http://www.itworld.com/legal/54007/us-border-agency-says-it-can-seize-laptops
http://www.cbp.gov/linkhandler/cgov/travel/admissability/search_authority.ctt/search_authority.pdf
[Editor's Note (Northcutt): We discuss this in the class I teach, in a
sense you are between countries, leaving one, entering another, it is
very hard to say which laws do and do not apply. DHS is to be commended
for creating and publishing a policy, but keep in mind all of this is
possible anytime you are between two countries and most do not publish
their policy. The Government link above is the policy itself, it is
worth reading especially if you travel internationally. The most
interesting statement in the document to me is, "CBP may seek
translation and/or decryption assistance from other Federal agencies or
entities." At first blush I thought, no way they can break AES 256, but
they might not have to, they might just be able to cold boot attack the
keys, brute the PIN protecting the key, or there may be flaws in some
commercial full disk encryption products that don't get the same level
of scrutiny as OpenSSH, GnuPGP, or TrueCrypt.
(Ullrich): This is not new. Border agents in the US and in other
countries always had broad authority to search and detain anybody trying
to cross a border. What matters is how this rule is applied. Some
reports make it sound like everybody's laptop will be "strip searched".
Needless to say, that this would be impractical. More likely, passengers
will be subjected to the same random sampling they always have been
unless there is reasonable suspicion to warrant a more intense search
of a particular laptop. ]
COPYRIGHT, PIRACY & DIGITAL RIGHTS MANAGEMENT
--Judge Likely to Declare Mistrial in Jammie Thomas Case
(August 1 & 4, 2008)
At a hearing on Monday, August 4, US District Judge Michael Davis
implied that he is likely to declare a mistrial in the case in which a
verdict was reached last October. The Recording Industry Association
of America (RIAA) says Jammie Thomas made music files available in an
open folder on the Kazaa filesharing network. The jury in the original
case deliberated just five minutes before returning a guilty verdict,
but seven months after the trial, the Judge Davis asked for the new
hearing because he believes he made a legal error when he instructed the
jury that Thomas could be found guilty of unauthorized distribution
merely by making the files available and without any proof that they had
actually been distributed. The "making available" issue in digital
copyright law has not yet been definitely decided. There have been cases
in which judged ruled against RIAA on the issue, but the rulings came
in pretrial stages.
http://blog.wired.com/27bstroke6/2008/08/riaas-lawsuit-s.html
http://blog.wired.com/27bstroke6/2008/08/judge-hints-at.html
[NewsBites Editorial Board member Stephen Northcutt provided extensive
commentary and additional links on this case. We include his commentary
and links at the end of this issue.]
--Woman Admits to Sharing Music Files, but Says Fines are Excessive
(July 28, 2008)
An attorney for the defendant in a New York federal court case regarding
illegal file distribution through the Kazaa network says his client did
share files, but is arguing that the damages sought by the RIAA are
excessive and is looking to change the law that allows them. Under the
Copyright Act, Denise Barker could face fines of US $750 to US $150,000
for each song illegally shared over the network. Barker's attorney
estimates that each instance of illegal downloading costs the music
industry about US $3.50; US Supreme Court rulings say that fines in
excess of a 9-to-1 ratio are unconstitutional.
http://blog.wired.com/27bstroke6/2008/07/new-riaa-lawsui.html
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
--Two Arrested in Connection with Theft and Sale of Countrywide Loan Applicant Data
(August 1 & 2, 2008)
A former Countrywide Financial Corp. employee is accused of stealing
loan applicant information and selling it to others in the mortgage
industry who used the data to offer new loans to the applicants. Rene
L. Rebollo Jr. allegedly used a work computer that lacked the security
of other office computers to copy information of approximately 20,000
customers at a time onto a flash drive. The stolen data include Social
Security numbers (SSNs). Last month, Rebollo voluntarily surrendered
the flash drive and a personal computer to the FBI. Rebollo's attorney
later placed a call to the FBI saying that his client had revoked his
permission for the FBI to search the devices. Another man, Wahid
Siddiqi, was also arrested; he allegedly sold disks of Countrywide data
to a witness who was working for the FBI. Rebollo has been charged with
exceeding authorized access to the computer of a financial institution.
Authorities believe Siddiqi acted as a middle-man in the data theft and
sale operation.
http://www.latimes.com/business/la-fi-arrest2-2008aug02,0,7330731.story
http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2008/08/01/state/n171240D95.DTL
--Former Employee Arrested in Calif. Supermarket ATM Scam
(August 1 & 2, 2008)
Police in California have arrested Raymond Kurt Fisher in connection
with an ATM theft scheme that cost shoppers at Lunardi's, a Los Gatos
supermarket, approximately US $300,000. Fisher was employed at
Lunardi's until his arrest, when he was fired. The fraudulent
withdrawals occurred in March and April 2008. The card reader at the
ATM was modified to capture card data, including card numbers and PINs.
Fisher is being held on charges of burglary, conspiracy and drunk
driving. Authorities did not rule out the possibility of additional
arrests in connection with the case.
http://www.nbc11.com/news/17066606/detail.html
http://losgatosobserver.com/los-gatos/Article.php?article_id=0957
http://www.mercurynews.com/crime/ci_10077253
MISCELLANEOUS
--Insurance Companies Using Health Databases to Make Coverage Decisions
(August 4, 2008)
Some life and health insurance companies are starting to use information
from commercial medical databases to make their decisions on individual
consumer coverage. The databases mined for information include those
that contain prescription drugs and those gathered by clinical and
pathological labs. Traditionally, insurers gather information from
physicians' offices. The new developments present privacy concerns
because they take place outside the protections offered by federal
health regulators and legislators. Also of concern is the fact that
information gathered for one purpose is being sold for another purpose.
Two companies that provide the information say they release only data
that have been released by patient consent as per HIPAA (Health
Insurance Portability and Accountability Act); however, the companies
themselves are not bound by HIPAA regulations.
http://www.washingtonpost.com/wp-dyn/content/article/2008/08/03/AR2008080302077_pf.html
[Editor's Note (Honan): It is for situations like this that data privacy
laws similar to those in most European Union countries need to be
introduced. Under EU legislation it is against the law to use
information gathered for one purpose for another without the explicit
consent of the person from whom the data was gathered. ]
--Lawmakers Want to Know More About ISPs Use of Deep Packet Inspection
(August 1, 2008)
Senior members of the US House Energy and Commerce Committee have
written letters to more than 30 broadband Internet providers and other
online companies asking them whether they use deep-packet inspection
(DPI) to tailor customers' Internet advertisements. The letter asks
where any such practices have been used, how many customers were
affected by its use, and whether or not the customers were told of the
practice. The issue came to light earlier this year when cable company
Charter Communications said it planned to use a system called NebuAd to
create targeted advertisements for its users. Charter initially said
the system would not track any personally identifiable information, but
has since put the project "on hold because of the privacy concerns."
http://www.informationweek.com/news/internet/policy/showArticle.jhtml?articleID=209901702
COMMENTARY
--Paller On Microsoft's Scott Charney and the Public Private Partnership
When the history of Internet security is written, and the authors search
for people who made a difference, they are going to find that Scott
Charney will be near the top of most experts' list. More than anyone
else in the United States, Scott has transformed the public-private
partnership from whining to active cooperation. And it works. Today's
issue shows just one of his many initiatives, the Botnet Task Force,
producing another major arrest. Scott helped Microsoft build a
world-class law enforcement team inside Microsoft and then put top
technologists to work to build technology and processes that identify
malicious code and malicious people wherever they are hiding in the
Internet. In his presentation at the (2005) Eleventh United Nations
Congress on Crime Prevention and Criminal Justice, he lays out a
blueprint for cooperation.
http://web.reed.edu/nwacc/programs/conf05/UNCrimeCongressPaper.doc
Scott doesn't just write papers; and he doesn't ask government to do it
all. He invests substantial amounts of Microsoft funds in making
governments' anti-cyber-crime initiatives more productive.
Scott served as chief of the Computer Crime and Intellectual Property
Section (CCIPS), Criminal Division, at the Department of Justice, from
1991 to 1999. Under his direction, CCIPS investigated and prosecuted
national and international hacker cases, economic espionage cases, and
violations of federal criminal copyright and trademark laws. Before
joining the federal prosecutive ranks, Charney was an assistant district
attorney in Bronx County, New York, ultimately serving as deputy chief
of the Investigations Bureau. Today, Scott also serves as a co-chair
of the Commission of Cyber Security for the 44th Presidency.
--Northcutt Commentary On The Jammie Thomas Case
[Capitol v. Thomas (formerly Virgin v. Thomas) is the first P2P
copyright infringement case to work its way through the Federal courts.
Jammie Thomas, a single mother of two, was fined $220,000 for making
songs available on Kazaa. Thomas appealed. A large number of amicus
briefings have been filed; this decision will help establish case law
so the stakes are high for both sides. The defendant's appeal states the
amount of damages exceeds the Due Process Clause of the Constitution.
The RIAA and Department of Justice contend these were statutory damages
and therefore are not covered by the Constitution. "Statutory damages
compensate those wronged in areas in which actual damages are hard to
quantify in addition to providing deterrence to those inclined to commit
a public wrong" according to the DoJ.
http://arstechnica.com/news.ars/post/20071204-doj-says-222000-damages-in-capitol-v-thomas-trial-not-unconstitutional.html
The RIAA just brought in a real heavy (Donald Verrilli, the man who
argued Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd before the
Supreme Court ((Grokster lost)) for this next stage of the case:
http://news.slashdot.org/article.pl?sid=08/08/01/2251217
http://beckermanlegal.com/Documents/virgin_thomas_080731MotProHacViceVerrilli.pdf
The EFF feels the final decision will center on one of the jury
instructions. "Jury Instruction #15: The act of making copyrighted sound
recordings available for electronic distribution on a peer-to-peer
network, without license from the copyright owners, violates the
copyright owners' exclusive right of distribution, regardless of whether
actual distribution has been shown." Seven months after the original
trial, the judge decided he may have made an error with this provision
and ordered this trial. "Making available" as copyright infringement is
not yet proven. Arguments were heard in a different case (Elektra v.
Barker), that may support this assertion, if Capitol v Thomas leads to
the same conclusion this may become case law for P2P, but Perfect 10 v
Amazon probably keeps it from applying to search engines ('Honest,
honey, I was doing research on the Perfect 10 thing.'):
http://www.eff.org/deeplinks/2007/10/capitol-v-thomas-key-appeal-issue
http://beckermanlegal.com/Documents/virgin_thomas_080711DeftReplyBrief.pdf
http://info.riaalawsuits.us/documents.htm#Elektra_v_Barker
http://www.eff.org/deeplinks/2008/04/offering-distribute-distribution-says-elektra-v-barker-ruling
http://www.eff.org/files/filenode//Perfect10vGoogle9thCir12-2007.pdf
Another twist on the "Making Available" problem that may be resolved in
this ruling is whether the fact that the RIAA detectives actually
downloading 24 songs from Thomas share folder counts as proof of
copyright infringement. Here is a pretty good list of all the documents
in the case to date and also the most expensive 24 song playlist in
history:
http://recordingindustryvspeople.blogspot.com/2007/01/index-of-litigation-documents.html#Virgin_v_Thomas
http://blog.wired.com/27bstroke6/2007/10/trial-of-the-ce.html
And as a parting smile, there is even a Free Jammie website to
commemorate her 15 minutes of fame:
http://freejammie.freeforums.org/
http://www.jammiethomas.org/
*************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescastore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center.
Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair
of the President's Critical Infrastructure Protection Board.
Ed Skoudis is co-founder of Intelguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Intelguardians, a handler for the SANS Institute's Internet Storm
Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Bruce Schneier has authored eight books -- including BEYOND FEAR and
SECRETS AND LIES -- and dozens of articles and academic papers. Schneier
has regularly appeared on television and radio, has testified before
Congress, and is a frequent writer and lecturer on issues surrounding
security and privacy.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Mark Weatherford, CISSP, CISM, is Executive Officer of the California
Office of Information Security and Privacy Protection.
Alan Paller is director of research at the SANS Institute
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Rohit Dhamankar is the Lead Security Architect at TippingPoint, a
division of 3Com, and authors the critical vulnerabilities section of
the weekly SANS Institute's RISK newsletter and is the project manager
for the SANS Top20 2005 and the Top 20 Quarterly updates.
Koon Yaw Tan is Assistant Director at Monetary Authority of Singapore
(MAS) and a handler for the SANS Institute's Internet Storm Center.
Gal Shpantzer is a trusted advisor to several successful IT outsourcing
companies and was involved in multiple SANS projects, such as the
E-Warfare course and the Business Continuity Step-by-Step Guide.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
Dr. Christophe Veltsos, CISSP, CISA, GCFA teaches Information Security
courses at Minnesota State University, Mankato. He is the President of
Prudent Security LLC and also serves as the President of the Mankato
Chapter ISSA.
Roland Grefer is an independent consultant based in Clearwater, Florida.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkiYiRcACgkQ+LUG5KFpTka90wCZAZ7zANfPZ9QFDhcSVYPs67eg
DJEAn3xQHrfNbegIAsi04H+D72oM07U9
=8Nbu
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]