ISD Podcast Episode 134 for May 20, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.
Announcements:
MyHardDriveDied.com:
- MHDD Data Recovery Class current dates and locations:
- San Francisco – June 14th -18th
- Atlanta – July – 12th-16th
- Dallas, TX – October – 11th – 15th
- Washington DC – December 6th – 10th
- Cost is $3500 for all classes to reserve and register, call (678) 445-9007, email: smoulton@nicservices.com or go to http://www.myharddrivedied.com. Use the Discount Code: isdpodcast for a $300 discount.
SANS Mentoring Program:
- Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, June 22, 2010 – Tuesday, August 24, 2010 (http://www.sans.org/mentor/details.php?nid=21538). Use the Discount Code: isdpod15 for a 15% discount.
Atlanta ISSA:
- ISSA Chapter is hosting a CISSP Workshop starting May 26 – August 14 (Preparing for the August 15, 2010 Exam) 6:00 to 9:00 PM 2 sessions per week, every Wednesday and Friday at the Clendenin Building, Kennesaw State University. The CISSP workshop is free of charge to Metro Atlanta ISSA members only. For further information, contact Ben Sholes, Director of Training, at: training@gaissa.org.
- ISSA International Conference – September 16, 2010 (http://www.issa.org/page/?p=105)
North Alabama ISSA:
- Hosting Second annual North Alabama Cyber Security Summit to be held on June 9th in Huntsville AL. Event is open to ISSA members at a discounted price ($35 full price is $50).
- For more information please visit the North Alabama ISSA’s web site at: http://northalabama.issa.org/
Friends of the Podcast:
Webhosting services:WebSpeedway
Stories of Interest:
News item 1: http://www.theregister.co.uk/2010/05/19/bill_oreilly_ddos_attacks/
Federal prosecutors have accused a man of carrying out a series of botnet offenses including attacks that brought down the websites of conservative talking heads Bill O’Reilly, Ann Coulter, and Rudolph Giuliani.
Mitchell L. Frost was an undergraduate student at the University of Akron at the time of the DDoS, or distributed denial-of-service, attacks, which lasted over a five-day period in March 2008, prosecutors alleged in court documents. The attacks on billoreilly.com, anncoulter.com and joinrudy2008.com “rendered each website inoperable, at least temporarily, and required intervention and repair by the owners of such sites, and caused damages or losses which exceeded $5,000,” they wrote.
Frost, who went by the handle “FrostAie,” also stands accused of using his botnet to launch a much bigger assault on a University of Akron server that knocked out the college’s entire network, depriving “tens of thousands of students, faculty and staff members” of connectivity for more than eight hours. Prosecutors said the attack appeared to be a mistake and that the intended target was an unnamed gaming server that was hosted on the university network. The outage cost the university more than $10,000.
News item 2: http://www.wired.com/threatlevel/2010/05/lifelock-identity-theft/
Apparently, when you publish your Social Security number prominently on your website and billboards, people take it as an invitation to steal your identity.
LifeLock CEO Todd Davis, whose number is displayed in the company.s ubiquitous advertisements, has by now learned that lesson. He’s been a victim of identity theft at least 13 times, according to the Phoenix New Times. That’s 12 more times than has previously been known.
In June 2007, Threat Level reported that Davis had been the victim of identity theft after someone used his identity to obtain a $500 loan from a check-cashing company. Davis discovered the crime only after the company called his wife’s cellphone to recover the unpaid debt.
About four months after that story published, Davis. identity was stolen again by someone in Albany, Georgia, who opened an AT&T/Cingular wireless account using his Social Security number, according to a police report obtained by the New Times. The perpetrator racked up $2,390 in charges on the account, which remained unpaid. Davis, whose real name according to police reports is Richard Todd Davis, only learned a year later that his identity had been stolen again after AT&T handed off the debt to a collection agency and a note appeared on his credit report.