#################### Topics #################### Intro NEbraskaCERT May CSF: Ron Woerner NEbraskaCERT Conf: Call For Presenters ISC^2 Exam: Omaha ISC^2 Exam Opportunity in August One Security Tool: chkrootkit One Security Podcast: Silver Bullet Security Podcast One Security Website: Pete Finnigan's Website One Book Review: Daemon One Quick Q & A: "What are Extended Validation (EV) Secure Socket Layer Certificates?" End Of Line #################### Intro #################### This is the Eighth of our Monthly newsletters from NEbraskaCERT. We're going to be gearing up for the NEbraskaCERT 2009 Conference so there may be a special issue or two of the newsletter in the next couple of weeks. #################### NEbraskaCERT May CSF: Ron Woerner #################### Ron Woerner will be presenting at the May CSF. The CSF will be on May 20th at 11:30am down at Johnny's Cafe. Ron will be discussing the results of the "2009 Verizon Business Data Breach Investigations Report" (DBIR). For more information please hit the CSF webpage at our website http://www.NEbraskaCERT.org/csf If you aren't on the csf-announce list and would like to be you can sign up for the new csf-announce list by sending an e-mail to csf-announce-subscribe@nebraskacert.org #################### NEbraskaCERT Conf: Call For Presenters #################### The Call For Presenters (CFP) for the 2009 NEbraskaCERT conference is live. The URL for this is http://www.certconf.org/cfp2009.php. If you have any further questions please drop us a line at speakers@nebraskacert.org #################### ISC^2 Exam: Omaha ISC^2 Exam Opportunity in August #################### ISC^2 will be hosting their exams in Omaha the day before the NEbraskaCERT conference begins. The opportunity to sit for the exam will be August 17, 2009 at the Scott Conference Center. This is a chance to sit for any of the ISC^2 exams: CISSP, SSCP, CSSLP, ISC^2 associate and the CISSP areas of concentration. While NEbraskaCERT provides the space for this event we do not handle the registrations for the exam opportunity. If ISC^2 does not get enough registrations they also reserve the right to cancel the event. To register or for more information hit the ISC^2 website URL: https://www.isc2.org #################### One Security Tool: chkrootkit #################### Chkrootkit is a tool that can be used to help check for whether your system has been compromised with a rootkit. At NEbraskaCERT we run it on our server weekly and go over the report by hand. Several LiveCDs include this tool so you can try and see if a system is potentially compromised. There are no guaranteed that this is successful and the only way to really be safe is to rebuild the server, but a lot of people use these tools to help reduce potential risks. Other interesting note: a version of it for mobile phones is in development. A lot of people believe that this will be the next attack vector, so this is a promising step. A similar tool to chkrootkit is Rootkit Hunter, rkhunter. Since both of them are freely available there really isn't a good reason not to run both of them. Website: http://www.chkrootkit.org/ #################### One Security Podcast: Silver Bullet Security Podcast #################### One of the most commonly heard phrases in the Computer Security Field is that there are no silver bullets. That Gary McGraw named his podcast Silver Bullet Security Podcast is pretty amazing. It is a really nice little podcast that mostly interviews people in the security arena. It has some good points #37 was really good as it talked a bit about formal security methods, which is always interesting to me. Website: http://www.cigital.com/silverbullet/ #################### One Security Website: Pete Finnigan's Website #################### If you run an Oracle Database you probably know who Pete Finnigan is. He has wrote the first set of articles on how to audit your Oracle Database that would let you create an audit policy that wouldn't bring your database to its knees. He wrote a great book Oracle Security Step-by-Step that is unfortunately out of print. This is a shame as it a great book and I can't find a copy :-( A lot of his concepts can also be used on other databases such as SQL server and MySQL, but he is an Oracle expert. Website: http://www.petefinnigan.com/ Blog: http://www.petefinnigan.com/weblog/entries/index.html #################### One Book Review - Daemon #################### I've got two disclaimers for this month's book review. #1. This book is a work of fiction, not a text book #2. I haven't finished it yet. I've got about 50 pages to go, but unless it really goes to pot this is going to be one of the better books I've read this year. A quick synopsis of the book in a spoiler free version is as follows. The world's greatest game designer dies. He however had a program that scanned obituaries on the internet. When the program realizes the programmer has died it puts the programmer's destructive plan into place, including killing people. A Detective now has to chase down the programs a dead man put in place before he died. Title: Daemon Author: Daniel Suarez initially published under the pseudonym "Leinad Zeraus" ISBN: 0525951113 Year Published: 2009 #################### One Quick Q & A: "What are Extended Validation (EV) Secure Socket Layer Certificates?" #################### Extended Validation Secure Socket Layer EV-SSL certificates are a new class of certificate that is being issued by several of the larger Certificate Authorities (CA)s. Verisign and others such as Comodo are offering them currently. The requester for one of these certificates must provide additional documentation and sign additional contracts for this. To the end user the browser address bar will show up as green on most browsers to let them know this is a "safer" site. For an example of this hit Paypal's secure web site at https://www.paypal.com The core idea is pretty good, but some people are already looking into bugs in the browsers to allow them to activate the "safe mode" with regular certificates. #################### End Of Line #################### This is it for the eighth newsletter. If you have any feedback/questions please let me know at aaron.grothe < at > nebraskacert.org or ajgrothe@gmail.com. If anyone has any corrections to the newsletter please let me know and I'll include them in the next newsletter. Regards, Aaron 0-0-0 NEbraskaCERT www.nebraskacert.org