Who's Online
There are currently, 66 guest(s) and 5 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
After CompTIA and ISC2 it is now SANS GIAC turn to require CMU's (CPE)
Posted by boss on Saturday, 20 March 2010 @ 23:18:24 EDT (1245 reads)
Topic SANS
cdupuis writes "NOTE FROM CLEMENT:
CPE's, CMU's, EPE's, and the list goes on and on. It seems that most certification authorities are starting to require some form of continuous education in order to remain certified. All of them have a very strong focus on their own certification program and they all charge some significant maintenance fees. It is funny to see that doing your job and learning on the job would only give you a maximum of 12 CMU's for two years of practical work but a one week class of 30 hours of training will give you 30 hours. Obviously something does not add up.
SANS used to hve a very combersome and demanding way of renewing their exam. I am not sure what is the percentage that were renewing at the end of the 4 years but I would bet a cold beer that it must be very low because it was too demanding.
The SANS main site page claims to have 29,915 certified professionals as of this writing. This is a very low number considering the total number of certifications they maintain. Will these new options make it easier for SANS alumin to maintain their certification? I would say YES for sure. Not everyone can redo the whole testing every 4 years when you have multiple certifications to maintained all at once.
So they joined the club of other certification authority who are offering the option of taking more training with the certification body to renew a candidate certification. SANS GIAC is already recognizing training from any other ISO 17024 certification bodies which help in giving each others more legitimacy to the whole ISO certification. The certification of course if on the way that it is mananged and not on the quality or relevancy of the content alone.
I find it also very stange that only SANS related community activities are recognized versus any community activities. There are MANY open source project related to security that are worthy of being supported and recognized for CMU's credits.
I must cut this message short and go work on my CPE's, CMU's, EPE's, or whatever the vendors will call it.
Talk to u later
Clement
Here is a copy of a message I have received as a SANS Alumni:
Maintenance Guidelines and Requirements
The GIAC program is making a major shift regarding our recertification approach. Instead of only offering a recertification exam, GIAC will allow individuals to maintain their credentials using a Certification Maintenance Units (CMUs) approach. This program change increases the options available to individuals. The new certification maintenance price is $399, due once every four years, at the time of registration.
Each GIAC certification remains valid for 4 years. The first 2 years you are certified requires no further action from you. After 2 years, the certification renewal process will begin with the ultimate goal being that you have demonstrated ongoing competency in the Information Assurance field. For each GIAC certification you need to acquire 36 CMUs (Certification Maintenance Units) after the two year mark and before your certification expires. Historically, you registered for your GIAC Recertification exam, received an updated set of course materials, and took your exam at a specified proctored site. This option is still available.
On March 1st, 2010, GIAC will begin to offer expanded certification maintenance options. Besides the existing method of retaking the standard certification exam, we will offer two main additional options. One alternative is for you to submit a published technical research paper, such as a GIAC Gold Paper. Another alternative is to take additional information assurance training courses, such as SANS training courses. There are also supplemental options described below that can be combined with any of the main options to help you reach the required 36 CMUs.
Below you will find information regarding each option, how the options can work together to meet the certification maintenance requirements, and the CMU breakdown for each option. Please pay close attention to the specific requirements of each option so you will be credited for the work you have accomplished and experience you have gained in the Information Assurance industry. All renewal options require a $399 certification maintenance fee, due once every four year period. This fee includes a current set of certification specific course materials should you choose to receive them. The updated course materials are available to you regardless of the renewal options you utilize and will aid you in keeping your skill set current. You are responsible for shipping fees.
If you have more than one certification expiring, you will receive a discount for any additional certifications that expire within two calendar years of the first. After the first $399 certification renewal, all additional certification renewals during this two calendar year period are $199 each.
All Certification renewal and application options will become available for registration in your portal account two years in advance of your certification expiration date.
Retaking the Standard Certification Exam
36 CMUs are awarded upon achieving a passing exam score.
- Retaking and passing the certification exam must be completed after the two year mark of your certification to demonstrate ongoing competency.
- You can reference your complete certification history through your portal account via the "Certification History" link in the exam engine. Earning CMUs via this option will require passing one proctored exam.
- Once your registration and payment have been processed, your reference materials will be shipped to the address provided in your registration. You will then receive access to your two practice tests via the GIAC exam engine. This will allow you to keep current with the latest industry material, and prepare for your exam. You are not required to complete any additional training with this option - you are only required to pass the exam.
- You will have four months from the date your registration is processed and payment received to complete your proctored certification exam.
Published Technical Research Paper
36 CMUs
- Research paper must be completed and published after the two year mark of your certification to demonstrate ongoing competency.
- GIAC Gold Paper - The GIAC Gold program can be leveraged to apply towards your certification maintenance needs. To take part in the GIAC Gold program, from your portal account click on the "Certification History" link, then on the "Go Gold" link for the respective certification. You are responsible for the $299 Gold fee once your gold application has been approved. Within the gold program you will be working with a GIAC Gold Adviser to complete your research project.
- Separate from the Gold Program, you are still responsible for the $399 GIAC Certification Maintenance fee to have a gold paper credited towards your CMUs and ongoing certification maintenance requirements.
- Published Research within the Information Assurance industry - Submit proof of your published article from a peer reviewed journal, such as IEEE
- Submit proof of approved and published Gold Paper
Completed Information Assurance Related Training
Up to 36 CMUs awarded
- Training must be completed after the two year mark of your certification to demonstrate ongoing competency.
- You are required to submit your Certificate of Completion for any training.
- SANS 6 day course: 36 CMUs, SANS 1 day course: 6 CMUs
- Credit does not apply for Self Study or purchased text books.
- Qualifying 6 day Information Assurance course (non-SANS): 36 CMUs
- Qualifying 1 day Information Assurance course (non-SANS): 6 CMUs
- Any verifiable Information Assurance training course offered by ISC2 or ISACA counts per course day, minimum 6 contact hours per course day
- You are required to submit proof of training (i.e. Certificate of Completion, CPEs, CEUs, reference your invoice, etc.)
- To apply training for your certification renewal that is not referenced above, please see the Application for Alternative Accredited Certification Programs. This will provide information to help determine if the alternative training meets necessary requirements.
- There is not a predetermined list of training courses that can be applied for credit to each certification. Specific courses topics are subject to approval based on relevancy to your certification, your current position and ongoing competency. Therefore, it is important that you clearly document the relevancy of the course topic to your position and how it aides in your ongoing competency related to your certification.
Documented Work Experience
12 CMUs (limit 12 CMUs per certification renewal)
- Work experience documentation must be completed after the two year mark of your certification to demonstrate ongoing competency.
- To qualify, you must have completed job duties utilizing actual Information Assurance experience within two of the previous four years.
- You must provide verification from work supervisors and documentation of your job description and duties performed.
GIAC / SANS Community Participation
6 CMUs (limit 6 CMUs per certification renewal)
- Community participation documentation must be completed after the two year mark of your certification to demonstrate ongoing competency.
- Writing questions for GIAC or participating in GIAC job task analysis studies
- Teaching a related and verifiable Information Assurance course
- Acting as a Facilitator at a SANS conference
- SANS mentor / virtual mentor
- ISC Handlers
Examples
Here are some examples of how to use these options to your advantage to reach the full 36 CMUs requirement while also showing ongoing competency in the Information Assurance field.
Person A earned the GSEC on January 1, 2005. On February 1, 2007 s/he took the SEC610 SANS Malware course, a 4-day course, and is applying 24 CMUs from taking that course to renew GSEC. In addition s/he has documented work experience for two years as an incident handler and is applying 12 CMUs from that to renew GSEC. S/He now has the 36 CMUs needed.
Person B earned the GSEC but has recently moved into a management position and takes MGT512, a 5-day management course. They are applying 30 CMUs corresponding to the 5 days of trainings toward his/her GSEC renewal. S/He also has written exam questions for GIAC and is awarded 6 CMUs. S/He now has the 36 CMUs needed.
Please contact cert-renewal@giac.org with any questions, comments or concerns you may have regarding the certification renewal process.
Disclaimer
It is possible that GIAC will be unable to accept one or more of your submissions for credit towards your certification renewal. In order to ensure our certified professionals are sufficiently meeting GIAC standards of continuing education, we must adhere to certain ISO/IEC/ANSI 17024 guidelines and rules regarding ongoing competency:
- In order to count towards your certification renewal, submissions must demonstrate your ongoing information assurance competency throughout the course of your certified status. In order to ensure this, any renewal actions must have taken place in the latter 2 years of your certification period.
- We limit the types of training courses that can be accepted to those that can be verified as coming from an institution or training provider in conjunction with an ISO/IEC/ANSI 17024 accredited information assurance certification program. Currently ISC2 and ISACA training programs are accepted in addition to SANS Institute training. Click here for an application to allow for alternative ISO/IEC/ANSI 17024 accredited information assurance training courses to be submitted for approval.
- We limit the types of technical research papers and publications that are accepted towards certification maintenance as well. While publication at any level is certainly a commendable achievement, we only accept submissions that clearly demonstrate ongoing technical competency in the realm of information assurance via published technical articles from a peer reviewed journal, such as IEEE.
- Work experience and/or community involvement credits must meet established standards for technical relevance and be properly documented for verification and audit purposes.
We ask for your understanding and if you feel you need to discuss this further please do not hesitate to contact Stephen Northcutt, Chair GIAC Board of Directors, stephen@giac.org, 1+ (808) 823-1375 "
What is YOUR reason for not using the proper tools
Posted by boss on Friday, 08 January 2010 @ 09:54:49 EST (953 reads)
Topic SANS
cdupuis writes "OUCH!
January 2010
SANS Institute Security Newsletter for Computer Users
**************************************************
***************************************** The Top Ten Reasons Why Computers Don't Have Security Software
Patches and Updates Roundup ************************************************** [Editor's Note: (Wyman) Do you have security software installed on your computer? Is it up-to-date and protecting your system? Do you have just anti-virus protection or a full security suite? We've made a list of the top reasons that computers don't have security software, some good reasons why you should install it on yours, and tips on how to shop for a good-quality, all-in-one security suite that won't bust your budget.] The Top Ten Reasons Why Computers Don't Have Security Software #10. "I just use my computer for email and web browsing." You are using your computer for the same things that most people use them for most of the time. That's why scam and phishing emails, rigged websites and similar deceptions are the most rapidly growing threats. You fit the profile of computer users that the Bad Guys are targeting. A good-quality security software suite helps protect you against deception and its consequences--exploitation for profit of personal and sensitive information that a criminal may trick you into revealing. #9. "I've never had any virus problems." Famous last words. Being healthy is no reason to skip vaccinations. Security software functions like your immune system. It can't prevent every infection, but without it, your computer is wide open to infection by many hundreds of types of malicious software.
#8. "It kept popping up all the time." Don't turn off your security software or remove it from your system. Those warnings may be legitimate or could be the work of "scareware." Scareware creates misleading pop-ups and animations about bogus threats that look very convincing-all tricks to get you to click "Yes" or "No" or "Cancel." No matter which one you choose, the problem will not go away, and clicking on anything stands to make things worse. When this happens, contact your computer support provider immediately for expert assistance. #7. "It might crash my system." Malicious software, however, will probably do much worse. Malware can eat up your time, money, and peace of mind, and possibly steal your identity. If you don't feel confident about installing security software, let your computer support provider handle the job. #6. "My subscription kept expiring." Most subscriptions are good for one year. Those onscreen reminders telling you that it's time to renew are just like the "time-for-maintenance" light on the dashboard of your car. They can be annoying, and sometimes go off prematurely, but aren't you grateful they're there to remind you?
#5. "It slows down my system." We make trade-offs between speed and safety every day. Going without security software is always a bad choice. Not all security software is of the same quality or performs equally well. If the one you have bogs down your system too much, install one that doesn't. For shopping tips, see Reason #1 below.
#4. "I thought it came with the computer." It probably did, like the seatbelts and airbags in your car. But even so, you have to activate and update pre-installed security software or it will not protect your system effectively. Most new computers come with 30- to 90-day trial versions of security software. When the trial is nearly up, you'll see onscreen warnings and instructions for how to buy a full subscription. #3. "It's too expensive." How about less than $100 a year? One-year subscriptions to the leading, good-quality, all-in-one security suites, that include anti-virus, anti-spyware, anti-phishing, anti-spam, and a two-way software firewall, are available in retail stores for $50 to $80. Many are offered on a 30-to 90-day free trial basis and at a discount-usually $10 off-if you buy online and download the software. Some products can be installed on two or three systems, cutting the cost of protecting each computer by 50% or more. Before you buy, check with your Internet Service Provider. You may be eligible to receive a good-quality security suite at low cost or at no cost. #2. "Macs don't need security." Mac users are just as susceptible to deception as users of Windows or any other operating system. Scam phishing emails, infected email attachments, and rigged websites are the most rapidly growing threats-not malicious software or things that exploit "holes" in software. These deceptions target users, not computers, and don't need a "hole" to succeed. Good-quality security suites can detect deceptions and include tools to help you avoid revealing sensitive and personal information, such as social security, credit card and PIN numbers, as well as usernames and passwords, unwittingly or to the wrong people.
#1. "I don't know what to buy or how to install it." - - Shop for a security software suite as you would when purchasing any important product. - - Gather information and recommendations from IT at the office, your Internet Service provider, or your computer support provider. - - Get some good bets by reading comparative reviews of competing products published by third-parties, such as PCWorld, Consumer Reports, and MacWorld. - - Hedge your bet by opting for a trial version, if available, and one that you can upgrade to a full subscription without reinstalling. - - Weigh effectiveness, performance, features, support and, lastly, price-at most a difference of $30/year. - - Verify that the product includes anti-virus, anti-spyware, anti-phishing, anti-spam, a two-way software firewall, and automatic online updating. - - Performance and effectiveness are judged best by the results of professional testing, like those performed by AV-test.org and www.av-comparatives.org. - - If you run into difficulties, telephone support is preferable to email or online chat. - - Familiarize yourself with the installation steps before you begin. If you get lost or stuck, call the software manufacturer's technical support line for assistance. - - If you don't feel confident about installing security software, turn the job over to your computer support provider. *********************************************************************** Patches and Updates Roundup Windows & PC Office: http://update.microsoft.com and http://www.microsoft.com/security/updates/bulletins/200911.aspx OS X: http://support.apple.com/kb/HT1338 Mac Office: http://www.microsoft.com/mac/help.mspx?CTT=PageView&clr=99-0-0&ep=7&target=ffe35357-8f25-4df8-a0a3-c258526c64ea1033 iPhone/iPod: http://support.apple.com/kb/HT1414 iPod: http://support.apple.com/kb/HT1483 Windows Acrobat Reader: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows OS X Acrobat Reader: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh Flash Player: http://get.adobe.com/flashplayer/ Firefox: http://www.mozilla.com/en-US/firefox/update/ Safari: http://www.apple.com/downloads/macosx/apple/application_updates/safari.html Opera: http://www.opera.com/ Chrome: http://googlechromeupdate.com/updates.html Java: http://www.java.com/en/download/manual.jsp iTunes: http://www.tuaw.com/2009/09/22/itunes-9-0-1-now-in-software-update/ Symantec: http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2002021908382713 Norton: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=n95 McAfee: http://www.mcafee.com/apps/downloads/security_updates/dat.asp Kaspersky: http://www.kaspersky.com/avupdates Sophos: https://secure.sophos.com/support/updates/ Panda: http://www.pandasecurity.com/homeusers/downloads/clients/ BitDefender: http://www.bitdefender.com/site/view/Desktop-Products-Updates.html Microsoft Security Essentials: http://www.microsoft.com/security/portal/Definitions/HowToMSE.aspx *********************************************************************** Copyright 2009, SANS Institute ( http://www.sans.org) Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Alicia Beard, Alan Paller. Email: OUCH@sans.org Download the formatted version of the OUCH! at https://www.sans.org/newsletters/ouch
The Top 20 Critical Security Controls
Posted by boss on Monday, 14 December 2009 @ 08:12:18 EST (1408 reads)
Topic SANS
cdupuis writes "20 Critical Security Controls
Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines
The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact.
These Top 20 Controls were agreed upon by a powerful consortium brought together by John Gilligan (previously CIO of the US Department of Energy and the US Air Force) under the auspices of the Center for Strategic and International Studies. Members of the Consortium include NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and pen testers that serve the banking and critical infrastructure communities.
The automation of these Top 20 Controls will radically lower the cost of security while improving its effectiveness. The US State Department, under CISO John Streufert, has already demonstrated more than 80% reduction in "measured" security risk through the rigorous automation and measurement of the Top 20 Controls.
Click here to view the user vetted tools... What the 20 Critical Security Controls Critics say... 20 Critical Security Controls - Version 2.3
Additional Security Controls
The following sections identify additional controls that are important but cannot be fully automatically or continuously monitored to the same degree as the controls covered earlier in this document.
PDF Version
"
GAO Report Finds Problems With Agencies Security Practices and FISMA Guidance
Posted by boss on Tuesday, 21 July 2009 @ 19:05:48 EDT (1542 reads)
Topic SANS
cdupuis writes "NOTE FROM CLEMENT: As seen on the SANS Newsbites newsletter:
TOP OF THE NEWS
--GAO Report Finds Problems With Agencies' Security Practices and FISMA Guidance
(July 17, 2009)
A report from the US Government Accountability Office (GAO) found "persistent weaknesses in information security policies and practices [that] continue to threaten the confidentiality, integrity, and availability of critical information and information systems used to support the operations, assets, and personnel of most federal agencies."
In addition, the GAO said that the information security reporting process as mandated by the Federal Information Security Management Act (FISMA) does not provide an accurate measure of the effectiveness of agencies' cyber security stance.
http://fcw.com/Articles/2009/07/17/Web-GAO-FISMA-info-security.aspx
http://www.gao.gov/new.items/d09546.pdf
Editor's Notes:
(Pescatore): This has become an annual exercise: GAO issues a report that highlights the deficiencies found at government agencies security programs and then everyone bashes FISMA, as if that
was the problem. Not once do we see a report that says what is needed to be done to remove obstacles keeping government security managers from making progress.
(Ranum): Until there are consequences for failure, government executives
will continue to comfortably fail.]
"
SANS ConsenSus Audit Guidelines (CAG)
Posted by boss on Friday, 10 April 2009 @ 22:32:28 EDT (2353 reads)
Topic SANS
SANS contributes funds, expertise to global cybersecurity group
Posted by boss on Friday, 23 May 2008 @ 21:09:28 EDT (1404 reads)
Topic SANS
cdupuis writes "The SANS Institute has announced a $1 million contribution to the International Multilateral Partnership Against Cyber-Terrorism (IMPACT) and started sharing technical information with the organization.
The two groups plan to expand developing countries’ online security resources, they said yesterday in an announcement issued at the IMPACT World Cyber Security Summit in Kuala Lumpur, Malaysia.
IMPACT and SANS plan to start by launching the Improved Cyber Defenses Though Cybersecurity Training and Skills Development activity. That project will conduct hands-on courses in core cybersecurity activities such as forensics, intrusion detection and penetration testing, they said.
The training project is aimed at providing world-class training to cybersecurity specialists working in every country, regardless of income level.
The joint project will emphasize building strong cyberdefenses, increasing cybersecurity training, promoting secure application development, and improving early-warning systems and the distribution of systems security news.
“Everyone on the Internet is connected. Weak security anywhere puts all other users at risk,” said SANS founder Alan Paller. "By investing in improving cyberdefenses and more secure application programming in the developing world, we hope we are helping to improve cybersecurity everywhere.”
SANS' Internet Storm Center will help IMPACT and its member countries learn about means of detecting the origin and spread of cyberattacks and assisting responders.
SANS' Secure Application Development program will help fend off the current wave of application attacks by assisting overseas academic institutions. SANS and IMPACT will help the schools train programmers to build secure applications by developing faculty skills and providing needed tools.
"IMPACT was founded because cyberspace has no national boundaries. By joining with the SANS Institute, we double our effectiveness at combating cyberthreats," said Mohd Noor Amin, chairman of IMPACT."
IMPACT and SANS also will cooperate to expand weekly cybersecurity news coverage to developments in and related to lower-income countries, the organizations said.
Original Article at: http://www.gcn.com/online/vol1_no1/46326-1.html
"
SecureAnchor Weekly Newsletter
Posted by boss on Saturday, 03 November 2007 @ 12:39:42 EDT (2318 reads)
Topic SANS
cdupuis writes " | | | November 2007 | Vol 11, Issue 1 | | | 
| Security in the News
Your source for up to date security headlines | | | | | Greetings! | |  Hello....
I hope everyone had a great Halloween celebration.
A few of you have asked for USB drives with the PointSec Port Protector tool installed on it. I am receiving them any day now.
As soon as I recieve them I will send them out. I ordered a few extra so if you want one just ping me and let me know. They are free of charge of course!!
Have a great weekend.
Eric | | Another European State Wants to use Trojans Against Criminals | |
The Austrian Police want to infect criminals' computers with Trojans, presumably to somehow conduct surveillance on the criminals. The Austrian minister of justice, Maria Berger, and the Interior Minister, Gunther Berger, have come up with this brilliant proposal to allow police to conduct surveillance with Trojans with a warrant issued by a judge.
Geoff Sweeney of Tier-3, said, "I'm sure the Austrian Secret Service would develop some pretty ingenious software to infect users' PCs, but there is a real danger that the package could leak into the hacker community.... That scenario would create a serious free-for-all on the industrial espionage and identity theft front as legitimate Trojans are redirected to create an even more hostile environment for organizations to defend against."
While the governments may feel that it is akin to tapping phone lines, the situation is quite different in that phone users have no anti-tapping capabilities marketed to them.
Earlier this year, in a blog, Mikko Hypponen of F-Secure addressed the situation in the following manner: "How should anti-virus companies react to the existence of such malware? Detect it? Avoid detecting it on purpose? Avoid detecting hacking software used by governments of which country? Germany? USA? Israel? Egypt? Iran?"
None of the governments which have decided to pursue the Trojan option have explained how the Trojans would be protected. Also problematic is the situation in which the Trojans are reverse engineered and deployed by criminals.
Graham Cluley of Sophos stated bluntly, "The anti-virus companies aren't going to turn a blind eye to state-endorsed Trojan horses. We're going to add detection for them just like any other spyware. So, if the cybercops think they can give us a funny handshake, a wink and buy us a pint for not adding detection for the Trojan they're using to spy on their suspect, they're mistaken... The reason why we take that policy is that we can't know if the Trojan has been placed there by the cops or a criminal. It's unlikely that the Trojan will say 'Copyright (c) FBI 2007.'"
The bigger question still becomes, how will the malware be delivered? If it's through email, will the bad guy need a POP account? If they know so much about the suspect, why not sniff his wireless traffic, or monitor the land line (or cable connection or fiber connection)? Don't they know how to monitor from the ISP like the U.S. does? And if they are going to break into the dwelling or office to put the spyware on, because the bad guy might know enough to not open attachments from strangers, why not install some other type of surveillance option? It's like those guys who said they need to monitor the communications hubs which have overseas communications routing through waypoints on U.S. soil; how do they ensure that the bad guys' communications pass through the telecom center in the U.S.? If the good guys know enough or have enough pull to make that (the communications route) happen, why don't they specifically intercept the traffic at a different point.
There is obviously more to the story than they are telling.
| | 
| | | | | Storm Worm Has Retaliatory Capability | | Researchers who have learned useful information about the Storm Worm are reluctant to publish their findings. This is for the reason that the worm knows when users who are not members of the botnet try to connect to the command and control centers of the botnet, and when they do, the Storm worm botnet retaliates with DDoS attacks which can knock the researchers off the Internet for days.
The worm also knows when a researcher downloads multiple copies of the worm, and launches DDoS in those cases also.
Josh Corman, host-protection architect for IBM/ISS, recently led a session on network threats at Interop. He said, "As you try to investigate [Storm], it knows, and it punishes. It fights back." This is the reason that researchers are reluctant to publish their findings. "They're afraid. I've never seen this before. They find these things but they never say anything about them."
Another recently discovered ability of the Storm worm is the ability to interrupt applications as they boot up and either terminate the processes or allow the applications to load, but disable their functionality. This means that an anti-virus application could appear to be running but in fact be non-functional, or in Mr. Corman's parlance, "brain-dead." He said, "It's running, but it's not doing anything. You can brain-dead anything."
Estimates of the size of the botnet that the Storm worm controls vary wildly, from in the hundreds of thousands to 50 million. Mr. Corman said he thinks there are between 6 and 15 million bots on the botnet. And these computers are used infrequently, meaning that those with the right connections can lease the botnet for their aims, or the owners of the botnet can extort money directly from the businesses they threaten to knock off the Internet.
Mr. Corman said, "It's getting more serious the more I look at it. I'm more concerned not so much about where Storm is today, but where it is going." | | Vonage Flaws | | A press release from Sipera reads, "Sipera VIPER Lab determined the Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user's phone service with a 'registration replay attack,' then make and receive calls while impersonating the victim. Incomplete security practices, such as not encrypting traffic, open Vonage users to eavesdropping on private voice and video communications. Hackers can also send multiple SIP INVITE messages to a user, an Internet version of 'ringing the phone off the hook' which creates a DoS attack. Leveraging these vulnerabilities, remote attackers can also send malicious messages directly to Vonage users, subjecting them to spam, social engineering and VoIP scams."
The same press release also noted that European provider Globe 7 suffered similar vulnerabilities with their online account access system.
Infonetics Research reports that by 2010, half of small organizations and 67% of large organizations in North America will be using VoIP products and services.
| | Free Firefox Plug-Ins to Test Web Applications | | Nischal Bhalla, founder of the Canadian company Security Focus, have developed a set of exploit tools to test, from within the browser, for Web app vulnerabilities. The 'ExploitMe' suite includes tools for cross-site scripting (XSS) and SQL injection attacks, two of the most common vulnerabilities exhibited by Web sites.
Oliver Lavery, principal consultant with Security Compass and one of the developers said that, "We actually plugged it [the tools] right into the browser logic so it sees things the way the browser does."
Mr. Bhalla, speaking of other tools which are freely available for hacking Web sites, such as Paros Proxy, Burp Suite and WebScarab, "They intercept requests, and tend to do XSS on the basis of the data they collect. They emulate a browser, which is where problems happen with detection. Ours is tied into the browser."
As Mr. Lavery explains, "Because cross-site scripting exists within the browser, it's harder to detect" with tools working outside the browser.
This approach also gets a blessing from Metasploit creator HD Moore, who said the browser-based approach makes it easier for security researchers to detect bugs in sites which are "heavy on client-side scripting."
Mr. Moore warns that there are also risks, saying, "It becomes really easy for a malicious operator to subvert your tool for their own use. Any hacking-specific extensions should be kept disabled, it's just too easy to make a mistake."
However, the advantages are tremendous. As Mr. Moore says, "The browser already does the hard work of processing JavaScript, negotiating SSL, loading Flash and handling authentication. All the plug-in needs to do is leverage the existing data. Stand-alone Web assessment tools have to reinvent the wheel when it comes to processing Web pages and acting like a 'real' user. This is a hard job and because of it, many of the stand-alone tools do a poor job when the site in question is heavy on client-side scripting."
There are other possible problems with embedding the tool as a plug-in when it comes to interacting with databases or other services. Mr. Moore explains, "Additionally, automation is difficult when the entire toolkit lives within a browser. A single, unhandled JavaScript alert could stall the tool indefinitely."
Security Compass chose to write the tools to Firefox because, as Mr. Bhalla explains, "It lets you write plug-ins to it more easily." | | | | McAfee and Symantec Security Flaws Remediated | | Symantec emailed customers of its DeepSight threat a warning about the Symantec Altiris Deployment Solution, The problem stems from a local privilege escalation vulnerability found in the software. This software deploys and manages servers, desktops, notebooks, thin clients and handheld devices from a central location in Windows environments.
The email warned that the Aclient process fails to properly drop privileges before executing external files. In this way, "an attacker can use the browser function to view or execute arbitrary files with 'system' privileges." Of course, successfully exploiting this vulnerability results in the attacker taking control of the machine.
The fix and the instructions for download are at the Symantec Security Response Web site.
McAfee: Secunia discovered a vulnerability in McAfee E-Business Server which attackers can exploit to cause a heap-based buffer overflow via a specially crafted authentication packet.
According to Secunia advisory SA26372, "The vulnerability is caused due to an integer overflow within the e-Business administration utility service when parsing authentication packets. Successful exploitation allows execution of arbitrary code."
Secunia recommends users update to E-Business Server 8.5.3 for Solaris or E-Business Server 8.1.2 for Linux/HP-UX/AIX.
| | Social Engineering: MySpace Cofounder Older Than He Claims | | Tom Anderson, cofounder of MySpace, was born in November 1970, which makes him almost 37, not the 32 he currently claims on his MySpace profile, according to documents reviewed by Newsweek. He claimed to be 27 when he launched MySpace in 2003, although it appears he was actually 32.
Some might say that he lied for commercial gain, as when he founded the site, he may have thought his age would have been more of an issue when attempting to appeal to the demographic which put MySpace on the map. | | Symantec Mail Security Vulnerabilities | | Three Secunia advisories address "highly critical" vulnerabilities in Symantec Mail Security for SMTP, Exchange and Domino which can cause denial of service or compromise targeted machines. There are no known exploits in the wild at the time of the advisories, according to Secunia.
Advisory SA27429 describes multiple vulnerabilities in Symantec Mail Security for Exchange due to flaws in third-party file viewers. A buffer overflow can result from a successful attack. Secunia was not aware of any patches and users would disable scanning of message content in the interim.
Secunia advisory SA27388 describes similar vulnerabilities in Symantec Mail Security for Domino and advised the same precautions as above.
Secunia advisory SA27367 indicates a similar flaw in Symantec Mail for SMTP. In this case, however, Symantec fixed the flaws with Patch 181 and 182 for version 5.0.1.
| | New Password Cracking Chip | | Elcomsoft, a Moscow-based software company, has developed software to take advantage of the parallel processing capabilities of graphical processing units (GPUs), to raise the speed of password cracking by a factor of 25. Elcomsoft has filed for a U.S. patent to protect the technique.
The technique cuts the time to crack the toughest passwords, such as a Windows Vista password, from months running on a single CPU, to just three to five days. Other passwords which may have taken hours or days to crack, now are cracked within minutes.
Elcomsoft used an $800 GeForce 8800 Ultra graphics card, made by nVidia for these advances.
nVidia spokesperson explained the speed increase due to parallel processing by way of analogy in searching for words in a book. "A [normal computer processor] would read the book, starting at page 1 and finishing at page 500. A GPU would take the book, tear it into 100,000 pieces, and read all of those pieces at the same time."
nVidia released the SDK for its graphics hardware in February 2007. The software development kit goes by the name CUDA, and allows programmers to program the GPU directly.
The demand for massively parallel processing extends across several disciplines, especially science and engineering. Mr. Humber said, "[CUDA] is a huge thing for the oil and gas industry, for the financial sector and for scientists." | | Record Industry Pressuring ISPs to Monitor and Cancel P2P Users (U.K.) | | Disagreement in the U.K., as the music industry is pushing for British ISPs to monitor their users and kick P2P file sharers computers (and users) off the Internet entirely.
Apparently ISPs in the U.K. do not get protection regarding the content traveling across their networks. | | | | | Our mission is to keep your business focused by helping you navigate the sea of security threats you face on a daily basis. Secure Anchor provides creative solutions that keep you ahead of the attacks and provide peace of mind that your critical assests are securely anchored. In addition we are busy developing software solutions to meet the threats of tomorrow. End your newsletter with a kick -- consider a postscript to reinforce one of the key product or service benefits. Sincerely, Eric Cole
Secure Anchor | | | | 
Come see Dr. Cole present information you can directly apply when you go back to work, at an upcoming SANS event. Previous attendees from companies like Johnson and Johnson, Disney, Citibank, DOD and others have said that his was the best training they have every taken and Dr. Cole is a riveting and amazing instructor. | | | | | "
SANS 2007 in San Diego, March 29 - April 6
Posted by boss on Thursday, 11 January 2007 @ 22:38:35 EST (1929 reads)
Topic SANS
cdupuis writes "Seats are filling up fast for!
The continuing reports of new exploits, insider attacks, laptop theft, and security breaches amplify the need for in-depth training across all disciplines of information security. With more than 50 courses and over 820 technical training hours, SANS 2007 is the best way to meet that need! (http://www.sans.org/info/2751 )
"SANS remains the gold standard in security training - technical, hands on, and immediately useful and relevant." - Robin Stuart, eBay
NEW COURSES ADDED!
You probably received your SANS 2007 brochure by mail recently. In addition to the full course catalog detailed therein, we have added three more Hosted Series classes to the schedule since the time of printing! (http://www.sans.org/info/2756 ) They are:
SECURITY LOG SECRETS FOR WINDOWS AND ACTIVE DIRECTORY
Security log expert Randy Franklin Smith illuminates the cryptic Windows security log and gives you the knowledge to effectively monitor, report, and investigate activity throughout your Windows and Active Directory environment. Randy will help you understand the security log with its arcane codes and event IDs and learn which events are worth monitoring, what's just "noise," and how to get the most from your log management solution.
It cannot get any better: SANS and Vigilar's intenseSchool have joined forces. The best two of the training world in one location. Take advantage of the following offers now:
VIGILAR'S INTENSESCHOOL AUTHORIZED CCNA(R) BUSINESS BOOT CAMP
Vigilar's IntenseSchool offers you its Authorized Cisco(R) Certified Network Associate (CCNA(R)) Business Boot Camp, an innovative, challenging five-day course designed specifically for network engineers and administrators requiring full knowledge of Cisco router and switch configuration.
Click here for more details and registration
MCSE 2003: SECURITY BOOT CAMP SEMINAR
Vigilar is proud to present the MCSE 2003: Security Boot Camp Seminar, a 7-day accelerated certification training package that includes prep for five certifications in one complete package: MCP, MCSA, MCSE, "MCSA: Security 2003," and the "MCSE: Security 2003."
Click here for more details and registration
SANS also offers two brand-new Management classes in San Diego:
Hacking for Managers
With SANS Faculty Fellow Dr. Eric Cole
http://www.sans.org/info/2761
Project Management and Effective Communications for Security Professionals and Managers
With Jeff Frisk, Director of GIAC
http://www.sans.org/info/2776
EXTENDED VENDOR EXPO HOURS!
http://www.sans.org/info/2771
We know how valuable the Vendor Tools Expo is for SANS attendees. So we have extended the hours and adjusted class times on April 1-2 to allow you to spend more time exploring the latest solutions in firewalls, intrusion detection/prevention systems and enterprise security management.
VALUE OF SANS TRAINING
SANS course material is up-to-date and practical. Our instructors are experienced information security practitioners that understand the challenges you face every day and are ready to help you meet them head on!
"This is the fifth time I have attended a SANS conference and while my expectations continue to increase, SANS continues to exceed them."
- Ralph P. Martins, Jr. of Booz Allen Hamilton
Make your information security a priority in 2007 - register today for SANS 2007 in San Diego! (http://www.sans.org/info/2751 ) I look forward to meeting you there!
Kind regards,
Stephen Northcutt
SANS 2007
March 29 - April 6, 2007
http://www.sans.org/sans2007
"
SANS Webcast -- Using Application Firewalls to comply with the PCI DSS standard
Posted by boss on Monday, 20 November 2006 @ 13:02:43 EST (2472 reads)
Topic SANS
Anonymous writes "Please join us this week for an informative FREE SANS Webcast that you won't want to miss!
You can now download or subscribe to the SANS webcast calendar at:
http://www.sans.org/webcasts/calendar.ics
SANS live webcasts allow you to hear a knowledgeable speaker while viewing presentation slides you can download in advance. If you've never tuned in to a SANS webcast, see the simple instructions at the end of this message to learn how to connect to the SANS Portal and join us for these free educational webcasts.
Ask The Expert Webcast:
" Using Application Firewalls to Comply with the PCI 1.1 Data Security Standard"
Tuesday, November 21, 2006 at 1:00 PM EST (1800 UTC/GMT)
Featuring: David Hoelzer and David Lee
https://www.sans.org/webcasts/show.php?webcastid=90760
Sponsored by: Net Continuum
Download NetContinuum's Rapid PCI Compliance white paper.
https://www.sans.org/webcasts/20061121.pdf
Visit NetContinuum's Rapid PCI Compliance website.
http://www.sans.org/info/1826
With the recent update of the PCI DSS (Version 1.1), the security of applications and the data within them is clearly on the minds of the PCI security experts. Dave Hoelzer will review the recent DSS 1.1 requirements and discuss how Application Firewalls can help companies meet Requirements 1, 4, 6, 8 and 10.
Also speaking will be David Lee, vice president of infrastructure and engineering at K2 Network. K2 Network is a MMOG (massively multiplayer online game) hosting service. With millions of customers all registering and paying with credit cards, K2 Network must be PCI compliant. Hear the details of how K2 Network used NetContinuum Application Firewalls to successfully comply with the PCI DSS 1.1 requirements.
David Hoelzer: David is most often associated with the SANS Institute as a high scoring instructor and expert in the fields of intrusion detection, firewalls, incident handling, information security auditing, management issues in security, secure infrastructure management and general information security. While he is currently serving as the adjunct Director of Site Security for SANS, he has in the past served as the Director of the GIAC Certification program for SANS, bringing the GIAC Security Expert certification to life; he continues to serve as the primary exam author for this, the most difficult certification in the security field. David is an adjunct research associate of the UNLV Cybermedia Research Lab and a research fellow with the Internet Forensics Lab. David has consulted or offered instruction to several Fortune 500 organizations, DHHS, NSA, USDA Forest Service and several colleges and universities. David holds a BS in IT, SCL.
David Lee: David has more than a decade of experience in product development and operations. Before joining K2 Network in 2005, he held management positions at Managed Objects and M-Code Software. Mr. Lee also worked for Global Telecom Solutions Center, the R&D arm of Motorola's wireless and satellite infrastructure division, and co-founded and served as vice president of finance for Vision Bridge Technologies Group. He is a member of Network World Technology Panel. He serves as an advisor on the Purdue University Academic Board, Serena Software Product Board, Circle Point Digital, Inc., and for Sun Microsystems SunTone Service Excellence Program. Mr. Lee earned a B.S. in engineering from Purdue University and an M.B.A. from the Keller Graduate School.
"
SANS Top 20 list marked with sudden rise of Zero Day exploits
Posted by boss on Thursday, 16 November 2006 @ 09:21:50 EST (1636 reads)
Topic SANS
cdupuis writes "http://www.techworld.com/security/news/index.cfm?newsID=7355
By John E. Dunn
Techworld
15 November 2006
The respected SANS Institute has identified the sudden rise in zero day attacks as the most important threat trend in its 2006 Top Twenty Vulnerabilities [1] list.
In the last year or so, the zero day attack had gone from a phenomenon talked about in the abstract to something that was now a regular occurrence in everyday applications, the organisation said.
Such vulnerabilities in Microsoft Office had tripled from last year , with 45 serious or critical vulnerabilities 9 of which were zero day attacks - discovered in the suite.
Overwhelmingly, the attacks originated in China, which the report says could be down to the wide availability of source code without normal copyright restrictions or effective policing in that locale.
If previous years lists featured a conventionally dry list of security holes, this years announcement makes clear that computer security has grown into a global megatrend of significance beyond the computing world.
As well as attempting to exploit security vulnerabilities for extortion of information theft, criminals are also actively targeting military and other public systems in countries such as the US, the UK and Canada, the organisation said.
The report identifies a number of specific trends beyond the targeting of Microsoft, including a rise in sophisticated targeted attacks, and the exploitation of VoIP in a way that could lead to a crash of the conventional PSTN on which so many third-party systems depend. Web-based attacks on databases, using such hacks as SQL injection, have also risen.
The organisation has even had to give its report a new name to better underline the nature of the problem. From now on the Top 20 Security Vulnerabilities list will be known by the more menacing title of the Top 20 Internet Attack Targets so as to better explain the nature of the threats now faced.
The SANS Report has acquired a degree of credibility because it identifies specific threats in detail and is seen as just about the only multi-party analysis of threats from one year to the next. In addition to SANS staff, contributors to this years report included Gerhard Eschelbeck, now of Webroot, Amol Sarwate of Qualys, and Rohit Dhamankar of 3Com TippingPoint.
Read the Top 20 at: http://www.sans.org/top20/
"
A SANS GIAC GCFW study guide has been added to the site
Posted by cdupuis on Saturday, 23 July 2005 @ 10:50:59 EDT (3907 reads)
Topic SANS
I would first like to thank Rodney for submitting this study guide for others to use in their quest of completing the SANS GIAC GCFW certification.
If you do have study notes, documents, URL, tips, tricks, etc...? I invite you to share them as well.
You can get the study guide at:
http://www.cccure.org/modules.php?name=Downloads&d_op=viewdownload&cid=78??
Or you can get it from the GIAC menu at the top of the site.
Enjoy!
Clement
SANS Practical are back: It is now called GIAC Gold
Posted by cdupuis on Monday, 11 April 2005 @ 17:03:19 EDT (1784 reads)
Topic SANS
NOTE FROM CLEMENT:
After totally dropping the practical requirement on all of their certifications the principals at SANS have backtrack due to the incredible uproar within the community of people who had their SANS certification.? I was totally appalled when I heard it was dropped, like many others who are GIAC certified, I was not going to renew my SANS certification because of the decreased value.??I am glad they listened to their constituent and have brought the practical back.
As mentioned in their press release:
"GIAC Gold will distinguish itself from the existing 'GIAC Silver' certification by requiring candidates to complete a technical analysis paper covering an important area of security related to the certification the student is seeking. After completing the exams necessary to pass the GIAC Silver certification, students will have the option to pursue the GIAC Gold Certification. All GIAC certified professionals who previously completed a "practical assignment" under the old GIAC regime will be transferred to the GIAC Gold program. The SANS Institute founded GIAC (Global Information Assurance Certification) in 1999 in response to the need to validate the skills of security professionals."
You can read the details on their press release at:??http://www.sans.org/press/release_20050407.pdf
Practically Certified
Posted by cdupuis on Monday, 28 March 2005 @ 20:12:07 EST (1515 reads)
Topic SANS
http://www.securityfocus.com/columnists/311
By Don Parker Mar 28 2005 03:32PM PT It was with great dismay that I read of the recent changes to the GIAC certifications. There is now no longer a requirement to write a practical portion to the GIAC, which has recently become purely exam-based. This practical portion requirement was, until now, the one distinguishing feature that separated the GIAC certifications from all the others. To earn this certification one had to, in no uncertain terms, prove in a written format his mastery of the subject matter. The reasoning given by Steven Northcutt, the director of training for SANS' GIAC, as to why they dropped the practical requirement has widely dismissed by many current GIAC holders, including myself. The GIAC's prominence and value was largely due to the highly technical nature of their various certifications. Without a practical portion to the certification, however, it now becomes one of the same among so many others.?
Click on Read More... below to read the whole story.
SANS is watering down their certifications (Again)
Posted by cdupuis on Sunday, 13 March 2005 @ 21:08:18 EST (2361 reads)
Topic SANS
NOTE FROM CLEMENT: SANS IS CHANGING AND NOT FOR THE BEST
We saw it coming, they are moving from being an education faculty to simply being a training provider. Below you will find the message that was sent to all GIAC certification holders. Once again, another step has been taken to make the passing of the SANS exams easier. The famous paper that so many had come to really like is now "pass?". The requirement for the written paper has just been lifted. It worries me that all that will be required in the future will be two UNSUPERVISED web exams, taken from the comfort of your home, without any form of authentication or control on how the exam taker is doing the test. I am really sad to see this happen. I really fail to see how this will improve the practice of security throughout the network-connected world and better gauge the mastery of skills as it is claimed below in the announcement. To me it will simply produce more people who do not have the proper skills, who cheat, and it will water down the value of the SANS GIAC certifications as a whole. I think there might be political and economical motives behind all of this. The truth is that they wish to show a larger number of people being certified while cutting cost in the process. It is sad to see an organization gauge their success on the number of people who have completed their certifications. For me this is not a valid metric at all. Read the announcement from SANS below:
Hello,
If you are receiving this note, our records show you now hold or have held a GIAC certification. I write to share with you some big changes coming in the GIAC program that we believe will allow us to meet the overarching goal of GIAC - to improve the practice of security throughout the network-connected world.
GIAC has differed from other certifications because of two main elements: (1) its focus on measuring mastery of technical skills essential to the effective practice of security and (2) its requirement that people prove those skills through a practical exercise.
The first of these elements is critical to the success of the mission; the second is standing in the way. More than 20,000 people who have started the certification process were unable to complete it because they were not able to carve out the time when they returned to work to complete the 30 to 200 hours required for the practical. Here's one example: one of the top FBI cyber experts completed the training (and told us how extraordinarily valuable it was) but when he returned to work, four new cases came in to the office and he couldn't carve out the time to finish the practical. There are thousands and thousands of other people who have great skills and knowledge but for whom the time required to finish the practical was too much
You might be saying to yourself, "I was able to do it, so you should make everyone do it." We agree except that the world is moving to test-based certifications and the value of your GIAC certification will not continue to grow unless we eliminate barriers that block 80% of the candidates.
We believe that we can upgrade the testing process, through scenario-based testing, while we terminate the need for a practical assignment to complete GIAC certification. On balance the program will have more value because it touches more people. We will issue a new logo design for all future "exam only" certifications so that there will be less chance of confusion between "exam only" and the more prestigious, original, practical oriented certifications.
All practicals already submitted will still be graded and returned to students with feedback from the grading team.
Starting immediately, all new students will be authorized to the exam only GIAC Certification. The principal force that drove us to this change is the one I discussed above: we can not accomplish the mission of improving security broadly without the change. But there are others. One big one is the immediate need to move to more modular, adaptable, courseware and certificates and certifications to stay abreast of the current threat.
We will move rapidly to deploy the state of the art in exam delivery including scenario based testing, additional psychometrics, and skills assessment. Additionally, we intend to simplify the recertification process and upgrade its testing to require the same exams for recertification that are being used for new certification at the time you recertify.
Any feedback concerning these changes can be emailed to PracticalTermination@giac.org. A new FAQ to answer a wide variety of questions you may have is available at http://www.giac.org/overview/faq.php#practical.
I want to thank all the advisory board members and graders and the GIAC staff that made the practical system possible. I will be in touch via a second note to outline future opportunities. There are a number of exciting new projects underway and there is a place at the table for everyone who wants to be part of the team.
Respectfully yours,
Stephen Northcutt - Director of Training and Certification The SANS Institute
808.823.1375 (f) 808.823.1374
The SANS Top 20 Internet Security Vulnerabilities Has just been released
Posted by cdupuis on Friday, 08 October 2004 @ 14:58:54 EDT (1362 reads)
Topic SANS
The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems. The easy and destructive spread of worms, such as Blaster, Slammer, and Code Red, can be traced directly to exploitation of unpatched vulnerabilities.
Four years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top-20 lists that followed one, two, and three years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to worms like Blaster, Slammer, and Code Red, as well as NIMDA worms - are on that list.
This SANS Top-20 2004 is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux. Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these twenty vulnerable services.
The Top-20 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious government agencies in the UK, US, and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute. A list of participants may be found at the end of this document.
The SANS Top-20 is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical threats and more current or convenient methods of protection are identified, and we welcome your input along the way. This is a community consensus document # your experience in fighting attackers and in eliminating the vulnerabilities can help others who come after you. Please send suggestions via e-mail to top20@sans.org??
To view the whole document, click on the following link:? http://www.sans.org/top20/?
|
|
Login here
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Today's Big Story
There isn't a Biggest Story for Today, yet.
|
Main Library Area 
COBIT© Standard 
CIsA -Dec 2011- post your results here!
