#################### Topics #################### Intro No NEbraskaCERT December CSF NEbraskaCERT January CSF One Security Group: Omaha Infragard One Security Tool: Darik's Boot and Nuke One Security Website: Vmyths.com One Book Review: Cuckoo's Egg - by Clifford Stoll One Quick Question & Answer: "What are Script fragmentation attacks?" End Of Line #################### Intro #################### This is the Fourth of our Monthly newsletters from NEbraskaCERT. The format seems to be going over pretty well, so I think this is pretty much what it will look like for the foreseeable future. #################### No NEbraskaCERT December CSF #################### NEbraskaCERT will not be hosting a CSF in December. With the Holidays around the corner, we find it just works out better to kick them off again in January. #################### NEbraskaCERT January CSF #################### NEbraskaCERT will be holding our January CSF on the 20th down at Johnny's Cafe from 11:30am to 1:00pm. Jeff Guilfoyle from Symantec will be the speaker we haven't confirmed the topic yet. Jeff is a good speaker and should be a great person to have help us kick off the new year. For more information please hit our website at http://www.NEbraskacert.org/CSF or better yet sign up for our CSF announce list at mailto: csf-announce-subscribe@nebraskacert.org #################### One Security Group - Omaha Infragard #################### Disclaimer: I'm Vice President of the Omaha Infragard Chapter, so I'm admittedly biased in a pro-infragard way :-) Infragard is a joint effort between the FBI and Commercial companies and organizations to get information out into places where it is useful. Membership is free, but it does require a background check. The Omaha Infragard Chapter just elected a new group of officers and have some plans for 2009, to make sure they are serving the needs of the IT community in Omaha. Website: http://www.infragard.net/chapters/omaha/ Next Meeting: http://www.infragard.net/chapters/omaha/meetings.php?mn=2 This meeting is at the new FBI CCTF building. December 11, 2008. This meeting is ONLY open to Members of Infragard. The next open meeting will be February 26, 2009. #################### One Security Tool: Darik's Boot and Nuke #################### If you're fortunate enough to get a new PC for Christmas one of the biggest questions is what to do with the Old one. Donating to a school/church or charity or giving to your tech challenged parents are all great ideas. Or if the computer is too old having it recycled is responsible. One question is what if you do online banking on your computer or have other personal information you don't want to give to the new owners. That is where Darik's Boot and Nuke comes in. You can create a bootable cd-rom/floppy or USB flash drive to wipe your hard drive several times to make it much harder for people to recover data off your system. Website: http://www.dban.org/ #################### One Security Website: Vmyths.com #################### Rob Rosenberger was one of the first people to question the Anti-Virus Vendors hype and hyperbole. His site was one of the references I used to check out e-mails I would get from other people in the industry to figure out if it was a hoax or not. Rob has recently revised Vmyths.com to be less of a reference site and more of a portal about goings on in the computer security industry with an emphasis on Anti-Virus. Rob Rosenberger has spoken at the NEbraskaCERT conference several times and is a pretty smart guy :-) #################### One Book Review - Cuckoo's Egg #################### The book I am reviewing this month is the "The Cuckoo's Egg" by Clifford Stoll. It was published in 1990. The Cuckoo's Egg documents Mr. Stoll tracking down an intruder into one of his systems. The thought and analysis process of how he tracked and eventually testified against the intruder is interesting. A lot of the terminology and methods he had to create on the fly as most of it didn't really exist at the time. I believe he had the first active honey pot which he used to keep the hacker online long enough for the phone company to be able to trace the attacker. #################### One Quick Question & Answer: "What are Script fragmentation attacks?" #################### This month's question is "What are Script fragmentation attacks?" Packet fragmentation attacks are when a packet is broken up into smaller packets to make it harder for systems such as Intrustion Detection & Prevention systems to recognize an attack. Script Fragmentation attacks are similar to this execept they work at the script level. An example of this would be to break an attack up into three parts lets call them A, B & C. What you would do is declare a variable in the scripting language and then programmatically put A, B & C back together into an attack vector. What this would do is make it harder for some anti-virus systems to detect the attack on the wire. This isn't a vulnerability as much as it is using functionality that all modern web browsers support. E-week had a nice article about this at http://tinyurl.com/5f95fa #################### End Of Line #################### This is it for the fourth newsletter. If you have any feedback/questions please let me know at aaron.grothe < at > nebraskacert.org or ajgrothe@gmail.com. If anyone has any corrections to the newsletter please let me know and I'll include them in the next newsletter. On behalf of everyone at NEbraskaCERT we hope you have a safe and happy holiday season. Hope to see you at the CSF in January. Regards, Aaron 0-0-0 NEbraskaCERT www.nebraskacert.org