[podcast]http://isdpodcast.com/podcasts/InfoSec Daily Podcast Episode 184.mp3[/podcast]
ISDPodcast Episode 184 for July 30, 2010. Tonight’s podcast is hosted by Rick Hayes and Karthik Rangarajan. In this episode we will discuss Google Apps, Android Hacked, Defcon contest & Cybercrime Study.
- MHDD Data Recovery Class current dates and locations:
- Dallas, TX – October 11th – 15th
- SANS: Drive and Data Recovery Forensics September 20th – 24th (https://www.sans.org/registration/register.php?conferenceid=21967)
- Washington, DC – December 6th – 10th
- Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: firstname.lastname@example.org or go to http://www.myharddrivedied.com Use the Discount Code: isdpodcast for a $300 discount.
SANS Mentoring Program:
- Jason Lawrence will be teaching the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538). Use the Discount Code: isdpod15 for a 15% discount.
- Adrian Sanabria will be teaching the SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=22258). Use the Discount Code: isdpod15KY for a 15% discount.
- ISSA International Conference – September 16, 2010 (http://www.issa.org/page/?p=105)
- SANS Security 560: Network Penetration Testing and Ethical Hacking – September 17th – 22nd, 2010 (http://www.sans.org/atlanta-2010-cs2/description.php?tid=3142)
9am-5pm US ET
Hilton Atlanta Airport Hotel
1031 Virginia Avenue
Atlanta, GA 30354
- Registration for these classes by Aug 4th offers both $400 Early Bird savings and registration for the ISSA Conference (existing members). All attendees also receive a one year ISSA membership. Use the Discount Code: isdpod15 for a 15% discount.
The Louisville Metro InfoSec Conference:
- Thursday, October 7th, 2010 at Churchill Downs (http://www.louisvilleinfosec.com)
Use the Discount Code: IGK-0726 when you and register for $30 off the $99 ticket price ($69), until Sept. 1st. This discount will expire on that date.
Stories of Interest:
News Item 1: http://www.infoworld.com/d/applications/google-introduces-google-apps-government-suite-788Honing in on the lucrative government market for business applications, Google introduced on Monday Google Apps for Government, featuring its suite of cloud-based business applications equipped with extra security precautions.
The suite, with such applications as Gmail email and Google Calendar, offers U.S. government FISMA (Federal Information Security Management Act) moderate-level certification. Also, government user data is to be maintained on servers segregated from Google’s commercial customers. Google officials emphasized that government agencies are acutely concerned with security and that Google Apps is the first cloud platform certified for use by the federal government.
Google is positioning the suite as a solution for all branches of government, emphasizing cost savings that could be enjoyed by governments now beset by budget shortfalls.
“As we know, the financial pressures on government are enormous, and this is a material cost savings,” said Google CEO Eric Schmidt, during a rollout event at Google headquarters in Mountain View, Calif.
“The government has an enormous opportunity to leverage the Web as a platform,” said Dave Girouard, president of Google Enterprise. Governments at all levels are spending billions on IT; cloud computing offers an opportunity to change these dynamics in the next decade, he said.
Available now, Google Apps for Government costs $50 per user per year, the same price as Google Apps Premier Edition. In addition to Gmail and Google Calendar, Google Apps for Government also features Google applications like Docs, Sites, Video, Groups, and Postini.
Gmail and Calendar data currently is physically segregated from non-government user data and maintained within the United States. Google plans to segregate the other applications in the suite as well, with that work now in progress.
Google’s suite for government will compete with the Microsoft Office suite of applications, Girouard acknowledged. “It’s a pleasant side effect,” he said.
News Item 2: http://news.techworld.com/security/3233833/hackers-break-into-android-phone-at-black-hat/
Once thought to be unhackable, the Android phone is anything but, according to researchers presenting at Black Hat 2010. Not only has malicious software cloaked in a wallpaper application stolen personal information from infected phones and sent it to a website in China, but researchers from Lookout Mobile Security have found a way to take the phones over completely – including top-of-the-line models hawked by major wireless carriers.
In one presentation, Lookout’s CEO John Herring said the Jackeey Wallpaper app, which has been downloaded millions of times, can gather passwords, browser history, the subscriber ID and SIM card numbers and text messages.
In a separate presentation, researchers said top-of-the-line Android phones used by Sprint and Verizon can be taken over completely by attacking known flaws in the Linux operating system that underpins Android, researchers reported at Black Hat 2010. “It gives you root control, and you can do anything you want to do” with the phone, says Anthony Lineberry, a researcher for Lookout Mobile Security.
News item 3: http://www.cio.com/article/601317/FBI_Rings_Organizers_Over_Defcon_Contest
A Defcon contest that invites contestants to trick employees at U.S. corporations into revealing not-so-sensitive data has rattled some nerves. Contest organizers have been called by the U.S. Federal Bureau of Investigation and seen warnings issued by security groups and the Financial Services Information Sharing and Analysis Center, (FS-ISAC) an industry group that provides information on security threats affecting the banking industry.
“The stories that I’m getting are a lot of financial people were really concerned that we were going to be targeting personal information and stuff like that,” said Chris Hadnagy, the operations manager with Offensive Security, who is organizing the contest. These concerns are unfounded, he says.
Over the next three days participants will try their best to unearth data from an undisclosed list of about 30 U.S. companies. The contest will take place in a room in the Riviera hotel in Las Vegas furnished with a soundproof booth and a speaker, so an audience can hear the contestants call companies and try to weasel out what data they can get from unwitting employees.
News Item 4: http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=226200272
Organizations are getting hit by at least one successful attack per week, and the annualized cost to their bottom lines from the attacks ranged from $1 million to $53 million per year, according to a newly published benchmark study of 45 U.S. organizations hit by data breaches.
The independent Ponemon Institute’s “The First Annual Cost of Cyber Crime Study”, which was sponsored by ArcSight, showed a median cost of $3.8 million for an attack per year, a price tag that includes everything from detection, investigation, containment, and recovery to any post-response operations. “Information theft was still the highest consequence — the type of information [stolen] ranged from a data breach of people’s [information] to intellectual property and source code,” says Larry Ponemon, CEO of the Ponemon Institute. “We found that detection and discovery are the most expensive [elements].”
And a separate report called “The Leaking Vault” released today by the Digital Forensics Association found that among the 2,807 publicly disclosed data breaches worldwide during the past five years, the cost to the victim firms as well as those whose information was exposed came to whopping $139 billion.
The Digital Forensics Association report says nearly half of all of the reported breaches came from a laptop, which in 95 percent of the cases is stolen. But actual hacks accounted for the most stolen records during 2005 to 2009, with 327 million of the 721.9 million covered in the report, even though hacks accounted for only about 16 percent of the data breaches.