ISDPodcast Episode 221 for September 27, 2010. Tonight’s podcast is hosted by Rick Hayes and Keith Pachulski.
Announcements:
The Louisville Metro InfoSec Conference:
http://www.louisvilleinfosec.com
When: Thursday, October 7th, 2010
Where: Churchill Downs
Bsides Atlanta:
http://www.securitybsides.com/BSidesAtlanta
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St. Suite 600, Atlanta, Ga (The Earthlink Bldg).
http://bsidesatlanta.eventbrite.com/
MyHardDriveDied.com Data Recovery Class:
http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.
SANS Mentoring Program:
Jason Lawrence – SANS Forensics 508 – Computer Forensics and Investigations in Sandy Springs, GA
http://www.sans.org/mentor/details.php?nid=21538
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15 for a 15% discount.
Adrian Sanabria - SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN
http://www.sans.org/mentor/details.php?nid=22258
When: Tuesday, October 12, 2010 – Tuesday, December 14, 2010
Use the Discount Code: isdpod15KY for a 15% discount.
Phreaknic:
http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN
Hack3rCon:
http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV
Stories of Interest:
News: http://www.csoonline.com/article/618014/are-you-too-perfect-to-be-an-effective-security-manager-
Ever spend time working on policies, solutions and messages only to be ignored or cast aside? Worse, after spending the time to build a solution, are people simply not responding?
Perfection is a fallacy, as the “responsible” individuals within our organizations we need to share our experiences. Most of our education is through experience within our positions. What we learn we need to better communicate to help other not only learn about our jobs but understand why we are doing them.
When sharing those experiences, be sure the environment they are communicated in is free of judgements and ridicule, it must be an open and free forum.
Admit your mistakes, we all make them. To say we don’t is only tarnishing us as an individual as well as our entire profession. We learn through mistakes, share them so others can learn to not make the same ones. Don’t create mistakes, meaning dont lie or bullshit people..creating fake scenario’s can be devastating to your career as well as your reputation.
News: http://news.cnet.com/8301-13506_3-20017438-17.html
Sony informed consumers this week that some counterfeit PlayStation 3 controllers could ignite or explode when used. According to the company, counterfeit PlayStation 3 controllers, which Sony says are “identical in appearance to genuine PlayStation 3 wireless controllers,” have started cropping up in the wild. The company said that the “quality, reliability, and safety of counterfeit products is uncertain.”
But it gets worse. Those who have bought counterfeit PlayStation 3 controllers could put themselves in physical danger. According to Sony, the counterfeit products could “ignite or explode, resulting in injury or damage to the user, your PlayStation 3, or other property.”
Sony didn’t specify where counterfeit controllers are being sold. But the company did recommend that consumers stick with its own wireless controllers, which are available from a number of reputable retail outlets.
News: http://www.theregister.co.uk/2010/09/23/msse_free_for_small_biz/
Microsoft is extending the availability of its freebie Microsoft Security Essentials to small businesses from early next month. The application – which provides protection against viruses, spyware, and other malicious software – was launched as a basic scanner available to consumers at no charge last September. From October, small businesses running up to 10 PCs can use the technology without charge.
Microsoft explained: “This extended availability to small businesses centers on a change to the End User Licensing Agreement (EULA) that allows small business customers to legally download the software onto individually managed business PCs.”
Redmond is continuing to offer its Forefront client suite, which offers improved manageability, to larger businesses. More detail on the deal can be found on Microsoft’s SMB Community blog here.
News: http://www.foxnews.com/politics/2010/09/27/seeking-expand-internet-wiretaps/
The Obama administration is developing plans that would require all Internet-based communication services — such as encrypted BlackBerry e-mail, Facebook, and Skype — to be capable of complying with federal wiretap orders, according to a report published Monday.
The bill, which the White House plans to deliver to Congress next year, would require communication service providers be technically capable of intercepting and decrypting messages, raising serious privacy concerns, the Times said.
Keith: So he not only wants a big red freaking button to shut off the internet, but he wants the ability to be able to nullify the encrypted transports we rely on to conduct and protect our business operations.
