####################
Topics
####################

Intro
Corrections
NEbraskaCERT November CSF
No NEbraskaCERT December CSF
ISACA Omaha Meeting
One Security Tool
One Security Website
One Book Review
One Quick Question & Answer
End Of Line

####################
Intro
####################

This is the Third of our Monthly newsletters from NEbraskaCERT. 

####################
Corrections
####################

In last month's newsletter I listed the Author of Little Brother 
as Corey Doctorow.  It is Cory Doctorow. 

####################
NEbraskaCERT November CSF
####################

NEbraskaCERT will be holding our November CSF on the 19th down
at Johnny's Cafe from 11:30am to 1:00pm.  We're still confirming
the speaker/subject matter.

For more information please hit our website at 
http://www.NEbraskacert.org/CSF or better yet sign up for
our CSF announce list at 
mailto: csf-announce-subscribe@nebraskacert.org

####################
No NEbraskaCERT December CSF
####################

As we do every year.  We will not be holding a CSF in December.
Schedules tend to be too compressed with Holiday Travel and plans.
We will kick off the 2009 CSF schedule in January.

####################
ISACA Omaha Meeting
####################

ISACA - Information Systems Audit and Control Association has a chapter
in Omaha.  Their next meeting is November 11th.  Ron Woerner will be
talking about "GRC, the Mything Links".  Hit their website for information
on how to register for their events: http://www.isaca-omaha.org/index.html

Their meetings are open to the public, you do need to register in advance.
The cost for members is $15.00 for lunch and $20.00 for non-members.

ISACA Omaha is a good group of people and we share some goals with them.

####################
One Security Tool
####################

Netwox is a tool that should be in every Security Professional's
toolkit.   Netwox and it's graphical front end Netwag are able to
do over 222 network activities.  Some of these are pretty simple
such as SMB/CIFS rename a file, but the toolkit also has some
very nice tools such as a WHOIS client.  My favorite feature
of Netwox is it shows TCP/IP traffic it is sniffing in what
is called the Steven's format.  The format that is listed in
Steven's networking book, and is also used in a lot of the RFCs.

Netwox and Netwag haven't been updated in a long time, but they
are still very useful tools to have.

The homepage for Netwox/Netwag is 

http://www.laurentconstantin.com/en/netw/netwox/

####################
One Security Website
####################

Our Security Website for this month is HowToForge.  HowToForge
http://www.howtoforge.com is a site that collects Tutorials for
a wide variety of topics.  What makes HowToForge different is
every tutorial is a fully worked example of how to install/configure
a piece of software.

A couple of example Tutorials

"How to Enforce Google SafeSearch with SafeSquid Proxy Server"
"How to Secure VSFTP with SSL and Two-factor Authentication"
"Configuring SSH To Use Freeradius And WiKID For Two-Factor 
	Authentication "

This is just a handful.  Some of the best tutorials are on the
Fedora Directory Server and "Perfect" installs for various GNU/Linux
distributions.

####################
One Book Review
####################

The book I am reviewing this month is the "The Hacker Crackdown:
Law and Disorder on the Electronic Frontier" by Bruce Sterling.

This book was published in 1992, but it is a classic.  "Operation
Sundevil" detailed in the book was an early attempt by the Secret 
Service to crackdown on computer hacking.  Some of the innocent 
people it got involved such as Flying Buffalo games helped 
lead to the creation of the Electronic Frontier Foundation.

Available as etext from Project Gutenberg

http://www.gutenberg.org/etext/101

Available as a free audio book

http://www.boingboing.net/2008/01/13/podcast-of-bruce-ste.html

####################
One Quick Question & Answer
####################

This month's question is "What is Clickjacking? and why do I care?"

Clickjacking is using tools such as javascript and flash to bust
the frames of a page, so you think you are hitting one thing and 
you are actually hitting another.  E.g. you are on a banking site and
you think you are hitting the logout button, clickjacking can actually
make it so you click another button instead, one that might be 
invisible to you.  It has also been called clipjacking.

Noscript http://www.noscript.net has recently added some 
anti-clickjacking techniques to their product that are enabled 
by default.

For more information on Clickjacking, there is a good write up at
http://hackademix.net/2008/09/27/clickjacking-and-noscript/

Is Clickjacking the worst thing ever?  No, but it is something
that is worth more research and due care over.

####################
End Of Line
####################

This is it for the third newsletter.  If you have any 
feedback/questions please let me know at 
aaron.grothe < at > nebraskacert.org or ajgrothe@gmail.com.

If anyone has any corrections to the newsletter please let 
me know and I'll include them in the next newsletter.

Regards,

Aaron
0-0-0
NEbraskaCERT
www.nebraskacert.org