May 2009 Archives

A computer intrusion at a large Texas power company crippled the firm's energy forecast system for a day in March, costing it over $26,000.

The FBI has arrested an ex-employee who was fired from the company in early March for performance reasons, and escorted off the company premise.  However, the company failed to immediately shut off the ex-employee's VPN access to the company network.  READ MORE

Cyberspace Policy Review - Assuring a Trusted and Resilient Information and Communications Infrastructure ... announced by the President on May 29, 2009

The White House Briefing Room Blog ... includes a discussion by the Cybersecurity Chief at the National Security Council and a video of experts from the public and private sectors discussing the Administration's combined arms approach to securing our nation's digital future.  MORE INFO

Download Report ...




Related - Cybersecurity review does not realign organizational responsibilities, READ MORE

SF Bay InfraGard chapter Spring 2009 Quarterly meeting.

When:  Thursday / May 21, 2009 / 9AM - Noon

Where:  McAfee Corporate HQ in Santa Clara, CA

More Info on the chapter's web site ... GO THERE

May 28th -- Network Penetration Testing

This is a one-day practical course on the use of basic network security tools. Participants will learn how to use Nmap and Wireshark, when and when not to use them, what the alternatives are, what the legal issues are, and more. This hands-on course will allow time for learning how to use Nmap and Wireshark. Gaming will also be used as an enhancement to learning. Software, lab exercises and data will be provided for additional study/use after class.

May 29 -- Web Application Testing

This 1-day course will cover all of the most common security weaknesses found in web applications. Students will learn how to look at their websites from a hacker's point of view, and will learn best practices for finding and resolving existing security vulnerabilities and building new web applications in a secure manner. The course will contain unique and fun hands-on exercises to help students gain a fuller understanding of the concepts presented.

COST:
ISACA Members $75 per day ($150 both days)
Non-Members $100 per day ($200 both days)

MORE INFO

The nation needs to do a better job of protecting critical infrastructure from cyber-threats, Mark Weatherford, chief security information officer of California, said at a recent security summit at Government Technology's Conference on California's Future in Sacramento, CA.  MORE

The Internet is becoming a key source of information on emerging diseases and has become integral to public health surveillance. Internet-based systems have become a critical medium for clinicians, public health practitioners, and the public seeking health information. Data about diseases and outbreaks are disseminated not only through online announcements by government agencies but also through informal channels, ranging from press reports to blogs to chat rooms to analyses of Web searches. A Perspective from The New England Journal of Medicine, DOWNLOAD

We take it for granted that we can walk outside or drive and know to high accuracy where we are located.  This is all because of a network of 24 satellites (and several stand-by spares) orbiting the earth.  The GPS system became operational on April 25, 1995, in the same time frame that the browser empowered the world wide web . 

A recent report by the GAO asserts the very real possibility that "in 2010, as old GPS satellites begin to fail, the overall GPS constellation will fall below the number of satellites required to provide the level of GPS service that the U.S. government commits to."  This would severely impact U.S.national security and commercial applications.  READ MORE

GAO Report - Global Positioning System: Significant Challenges in Sustaining and Upgrading Widely Used Capabilities

FOLLOW-UP
Air Force says "not a problem".  READ MORE

FOLLOW-UP
Remedy for GAO Report Alarm.  READ MORE

The next class is scheduled for consecutive Monday nights, May 18 through June 29 (no class May 25 - Memorial Day). The class will be held at Ariba in Sunnyvale.

The classes run from 6:00 PM to 9:30 PM. Classes typically number up to 30-35 students. From 6:00 - 6:30 PM, we have review, quizzes, a discussion of the previous week's domain discussion, and Q&A. From 6:30 - 9:30 PM, a security domain expert will mentor one or two of the CISSP domains, depending upon the complexity of the domain. Silicon Valley ISSA charges $50 for ISSA members and $85 for non-ISSA members.

MORE INFO and to REGISTER

A recent report by Deloitte Touche Tohmatsu discusses cyber-security as it pertains not only to nations, but to the world as a whole. The 'big picture' take on cyber-security may seem broad, but clear data and relatable examples make this report valuable to both the public and private sectors. DOWNLOAD REPORT

The nation's air traffic control systems are vulnerable to cyberattack.  Support systems have been breached in recent months allowing hackers access to personnel records and network servers, according to a new report by the Department of Transportation's inspector general.  READ MORE

DOT REPORT

McAfee, in their First Quarter 2009 Threat Report, reports that cybercriminals have taken control of almost 12 million new IP addresses in Q1 2009, a 50 percent increase over the previous quarter. The United States is now home to the largest percentage of botnet-infected computers, hosting 18% of all "zombie" machines. READ MORE

McAfee Report

Related:  Researchers at the University of California at Santa Barbara who spent 10 days in control of the so-called Torpig botnet and observed 70 gigabytes of data being stolen from computers remotely-controlled by the botnet, including financial data. The harvested data included 1.2 million Windows passwords and 1.2 million e-mail items, such as e-mail addresses and log-in credentials.  READ MORE

Security groups cautious about data security and file sharing bills, READ MORE

A new report from the the National Research Council provides a framework for thinking about offensive cyberattack and understanding the issues .  The  concludes that current policy and legal framework regulating use of cyberattack by the United States is ill-formed, undeveloped, and highly uncertain READ MORE

REPORT INFO