|
|
|
New Job Postings on Our Site
|
|
Posted by GFeez on 2008/6/26 14:23:11 (5 reads)
|
Be sure to regularly check this website if you are in the hunt for a new job as new openings are regularly posted in the Career Related section of the forums.
Recent Postings:
IT Security Practice Manager
IT Security Analyst
Web Application Developer
IT Coordinator
If you are logged in you'll be able to access it via this link:
Career Related forum
|
|
|
|
NEOISF June Meeting set for Wed the 18th
|
|
Posted by GFeez on 2008/6/15 12:02:53 (0 reads)
|
Northeast Ohio Information Security Forum Monthly Meeting
Wednesday June 18thNortheast Ohio Information Security Forum Monthly Meeting
Wednesday June 18th
Meeting starts 6:30 PM
Food and networking starts 6:00 PM
Agenda:
* To be posted
As always, the meetings are free and no need to register to attend.
Location:
to be posted
|
|
|
|
4th Annual GFIRST National Conference
|
|
Posted by GFeez on 2008/4/8 11:07:15 (2 reads)
|
4th Annual GFIRST National Conference
Just 8 weeks away! Don't wait to register! Cant beat the price, FREE TO ATTEND!
The 4th Annual Government Forum of Incident Response and Security Teams (GFIRST) National Conference, Uniting the Cyber Response Community is June 1-6, 2008 - just 8 weeks away!
Agenda Now Available on Website!
An action packed agenda has been posted to
http://www.us-cert.gov/GFIRST/agenda.html
We are pleased to announce there will be over 55 speakers and nearly 90 sessions.
Also Featuring...
Networking opportunities with over 700 Industry and Government attendees!
Plenary Sessions:
Will There Be Any Security in a Web-Services World, Dr. Whitfield Diffie,Vice President and Fellow - Chief Security Officer, Sun Microsystems
Information Sharing and Collaboration: The Power of Leaderless Organizations, Rod Beckstrom, Director, National Cybersecurity Center.
...and NEO Info Sec Forums very own Tyler Hudak and Greg Feezel will be presenting two different talks about the latest malware techniques and why analyzing malware is important.
Register Today!
Register to attend the 4th Annual GFIRST National Conference:
https://forms.us-cert.gov/gfirst-reg/
Hotel Information
The 4th Annual GFIRST National Conference will be held at the Caribe Royale Orlando All-Suites Hotel & Convention Center in Orlando, Florida. A block of rooms is being held for Conference attendees at special "GFIRST Conference" rates. To ensure you receive these special rates, book your room today!
Hotel room block ends May 9th! Reservations are being accepted on a first-come, first-serve basis. Please visit http://www.us-cert.gov/GFIRST/travel.html for more information.
|
|
|
|
|
|
|
|
|
|
|
|
Certified Ethical Hacker training offering NEOISF members discount
|
|
Posted by GFeez on 2007/9/24 2:07:49 (12 reads)
|
Course Title: CERTIFIED ETHICAL HACKER (CEH)
Instructor:
Dan Garfield IT security training and consulting expert. Dan brings over 25 years of experience to his courses and backs them up with multiple certifications and top notch course deliveries all across the country. Some of his related certifications include: CEH, CISSP, SCNP, CHSS, CCNP, MCS
|
|
|
|
|
|
|
|
SANS Columbus May 21-26
|
|
Posted by GFeez on 2007/5/9 2:28:22 (3 reads)
|
SANS Columbus
Monday, May 21, 2007 - Saturday, May 26, 2007
Featuring track Hacker Techniques, Exploits & Incident Handling
Instructed by John Strand, Northrop Grumman
Snippit from course description:
Quote: By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents, a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them, and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.
This challenging course is particularly well suited to individuals who lead or are a part of an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks. Visit link for more information: http://www.sans.org/columbus07_cs/description.php?tid=243
|
|
|
|
Upcoming InfraGard Meetings in April and May
|
|
Posted by GFeez on 2007/4/6 15:13:09 (2 reads)
|
InfraGard members, there are a couple meetings you'll want to be aware of...
April 27th 1pm-4pm at FBI Cleveland office
This is a members-only meeting in the FBI's office in downtown Cleveland where they will discuss threats they are seeing nationally, regionally, and locally. Not to miss.
May 17-18th in Columbus
This is a meeting of all the InfraGard Ohio chapters. Thu May 17th is an evening reception with keynote and sessions on May 18th. This meeting is open to members and non-members.
See Northern Ohio Chapter website (http://www.nocinfragard.org/) for details and to register. REGISTER NOW because seats are limited for both events!
http://www.nocinfragard.org/
|
|
|
|
UPDATE regarding Windows animated cursor 0-day
|
|
Posted by GFeez on 2007/4/2 2:10:18 (2 reads)
|
UPDATE 3PM ET 3/31/2007: ALERT LEVELS RAISED!
UPDATE 11PM ET 4/1/2007: ZERT RELEASES PATCH!
UPDATE 11:30PM ET 4/1/2007: MICROSOFT TO RELEASE PATCH TUES 4/3/2007
Great news: Microsoft plans to release a patch for this issue on Tuesday 4/3/2007. :)
Things have gone from bad to WORSE! Several threat monitoring systems have raised their alert level in response to the recent unpatched ANI/animated cursor issue, the reason: NUMEROUS attacks and threats.
Further, Miscrosoft has clarified some details regarding just what is vulnerable and it isn't pretty.
There are over 30 website domains currently hosting malware exploiting this issue - the true number could be hundreds as the 30 count is root domains only - and late last night I actually visited one of these websites just to see what the malware does. What I found is one of the critters being used basically turns the victim PC into a bot/zombie which connects to a botnet in China. The interesting thing I discovered is that the exploitation was being done with .JPG files, so filtering on file extension is not enough. Turns out that the .JPG was actually an animated cursor in disguise as a JPG. Good news is that several AV vendors detected the ANI exploit inside these files.
ZERT has released a unofficial patch for the issue that is better than the eEye patch. See here for details: http://zert.isotf.org/advisories/zert-2007-01.htm
Here's what I know...
* SANS Internet Storm Center, Symantec ThreatCon, and FS/ISAC Cyber Threat Advisory all raised their status one notch higher than what they were previously at - which puts them pretty high!
* Websites Exploiting: Over 30 domains are hosting malware exploiting the vulnerability
- Number of websites exploiting this issue is rising VERY quickly making blacklisting difficult
* Anti-virus vendors seem to have caught up with signatures detecting the exploits - this is GREAT news!
* Emails opened in plaintext will not show embedded ANI files
* Vulnerability was reported in December and MS is working on a fix/patch
* Outlook 2003 is vulnerable in both preview mode and when opened when using default settings - reading in plain text mode protects you
* Outlook 2007 users are protected
* IE7 running with Protection Mode are reportedly protected
* eEye Digital has released an unofficial patch - see http://research.eeye.com/html/alerts/zeroday/20070328.html
* ZERT has released an unofficial patch
http://zert.isotf.org/advisories/zert-2007-01.htm
|
|
|
|
New Unpatched Vuln with Animated Cursors in Windows
|
|
Posted by GFeez on 2007/3/29 19:52:03 (0 reads)
|
If you haven't already seen this, there's a new vulnerability affecting animated cursor and icons in Windows that has just been announced. No patch exists for the vulnerability and exploit code has been released and there are reports of some malware exploiting this problem. Further, Microsoft has acknowledged the issue raising the potential for an increase in exploitation.
According to McAfee, IE version 6 and version 7 running on fully patched versions of Windows XP SP2 are vulnerable. Windows version 2000 SP4 and Server 2003 (non & SP1) are also reportedly vulnerable. Vista is also reported to be vulnerable but only witnessed as a denial-of-service at this point.
Computers can be infected by simply visiting a website containing a malicious ANI file or HTML email message with one placed on it. In recent past, malicious websites have used this type of vulnerability to silently install malware onto an unsuspecting visitor. These types of attacks are called "drive-by" installs.
More information:
http://www.microsoft.com/technet/security/advisory/935423.mspx
http://www.avertlabs.com/research/blog/?p=230
http://www.avertlabs.com/research/blog/?p=233
|
|
|
|
|
|
|
Article ID : 112
