New BotNet Comm Vectors

Botnet: The Six Laws And Immerging Command & Control Vectors
Richard C. Batka
New BotNet communication vectors are emerging. The industry is not prepared. For the next 20 years, BotNets will be what viruses were for the last 20.

Cyber Security Awareness Week: OCTOBER 2010

OUTWIT FELLOW CYBER SECURITY SLEUTHS

Get in on the seventh year of NYU-Poly’s most-anticipated student competition. CSAW participants are leading the next generation of computer science professionals who will think of proper cyber-security measures as a necessity, not as an afterthought.

Register | Follow Uson Facebook

Save the Dates | October 28 and 29, 2010 - Final Competitions and Awards Days

MORE

Note: Registration for the High School Cyber Forensics challenge isn't open yet.Send us your contact information so we can let you know when you can register for the Cyber Forensics challenge.

Prizes, Scholarships, and Travel Grants

Cyber Forensics Challenge

• 8 finalist teams will be flown to NYC for the final competition
• The winning team’s science department will receive:
  • 1st place: $1,500
  • 2nd place: $1,000
  • 3rd place: $750

All Other Challenges

• Travel grants to Awards Day in NYC for qualified finalists (Note: Quiz Tournament and Security Awareness Video participants are NOT eligible for travel grants)
• Master of Science scholarships for students who attend NYU-Poly (excluding AT&T Research and Awareness Video awards):
  • 1st place: $5,000
  • 2nd place: $3,000
  • 3rd place: $3,000
• Cash prizes for winners (excluding high school Cyber Forensics Challenge):
  • 1st place: $500
  • 2nd place: $250
  • 3rd place: $100
• Raffle prizes at day-long award/final competition event

US Military Compromised

Five ways to avoid the same fate

[posed by removable media malware]

• Date: August 27th, 2010
• Author: Chad Perrin

Defense Secretary Lynn has been discussing a 2008 compromise of U.S. military network security by a foreign intelligence agency. The DOD is taking measures to protect itself. You should do the same.

---

The Washington Post reports in Defense official discloses cyberattack:

The most significant breach of US military computers was caused by a flash drive inserted into a US military laptop on a post in the Middle East in 2008.

A foreign intelligence agency managed to place malware on a USB flash drive that was later plugged into the US military laptop, infecting it. From there, the infection made its way onto a U.S. military Central Command network. According to Defense Secretary William J. Lynn III:

“That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control.”

“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.”

With the growth of widespread network-delivered malware infections in today’s almost universally connected world, it can be easy to forget that sometimes the old methods are still effective. In the 1990s, people who used computers on a regular basis were much more cognizant of the potential danger of viruses that could move from computer to computer via removable media like floppy disks.

MORE

How to avoid removable media malware

1. Disable AutoRun
2. Implement restrictive removable media policy
3. Check all removable media on a secured system before
4. Choose to ban all removable media
5. Implement the basics

The Four Pillars of Cybersecurity

Developing a comprehensive cybersecurity strategy becomes simpler when you focus on four pillars, according to Kevin Manwiller, Cisco’s manager of federal security solutions. “To protect information and keep networks running, governments need to address achievable goals: identity and access control, secure remote access, data center and cloud security measures, and advanced threat defense throughout the enterprise,” he says. These four pillars of cybersecurity not only prevent information leakage and network damage, but also support government cost-saving initiatives such as cloud computing, telework, and citizen self-service.

The Four Pillars of Cybersecurity

1. Control Access Based on Who and What Is Connecting
2. Create a “Borderless” Network by Providing Secure Remote Access
3. Cloud Security and Data Center Security

4. Integrated Threat Detection and Defense

   
   

   MORE

Information Operations Institute

Association of Old Crows Educational Update August 2010 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The IO Institute would like to remind you that a Cyber Warrior Course is being held at the AOC headquarters on September 14 through the 16th, 2010. This one of a kind course gives an overview of cyberwarfare, focused at civilians without access to military or government schooling. This is especially important with the high demand for contractor support for the newly created US Cyber Command and the myriad of Service components. Military and government will benefit from this course by hearing how a noted expert in the civilian sector, with unprecedented access to and experience with senior cybersecurity professionals, perceives not only how the war in cyberspace will be waged, but will name methodologies, tools and programs.

Cyber Warrior's Course When taking the Cyber Warrior course, all students receive a copy of the Cyber Commander's Handbook. This excellent book plainly lays out exploitation techniques, attack methodologies and tools, methods of effectiveness, legal and ethical ramifications, and lists active countries and programs designed to wage war in this newest US warfighting domain.

Quick Links... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ IO Institute Website IO Courses Publications and Links IO Blog Membership in the IO Institute Contact Information ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ phone:(703) 549-1600 or e-mail ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hacker’s Arrest Offers Glimpse Into Crime in Russia

By ANDREW E. KRAMER

Published: August 23, 2010

MOSCOW — On the Internet, he was known as BadB, a disembodied criminal flitting from one server to another selling stolen credit card numbers despite being pursued by the United States Secret Service.

And in real life, he was nearly as untouchable — because he lived inRussia.

BadB’s real name is Vladislav A. Horohorin, according to a statementreleased last week by the United States Justice Department, and he was a resident of Moscow before his arrest by the police in France during a trip to that country earlier this month.

He is expected to appear soon before a French court that will decide on his potential extradition to the United States, where Mr. Horohorin could face up to 12 years in prison and a fine of $500,000 if he is convicted on charges of fraud and identity theft. For at least nine months, however, he lived openly in Moscow as one of the world’s most wanted computer criminals.

MORE

The dirty little secret about Google Android

Date: August 23rd, 2010

• Author: Jason Hiner

Google Android began with the greatest of intentions — freedom, openness, and quality software for all. However, freedom always comes with price, and often results in unintended consequences. With Android, one of the most important of those unintended consequences is now becoming clear as Google gets increasingly pragmatic about the smartphone market and less and less tied to its original ideals.

Here’s the dirty little secret about Android: After all the work Apple did to get AT&T to relinquish device control for the iPhone and all the great efforts Google made to get the FCC and the U.S. telecoms to agree to open access rules as part of the 700 MHz auction, Android is taking all of those gains and handing the power back to the telecoms.

MORE

Inside the Latest Web Threats: From Myths to Mechanics

SOPHOS' Complimentary webcast – Inside the Latest Web Threats

August 26, 2010 2 pm ET / 11 am PT

Are you suffering from misconceptions about safe web browsing? You might think you’re being safe, it’s next to impossible to stay up to date on infected

sites—no matter how educated or aware of the risks you are.

Join this live one-hour webcast to bust some myths and learn how web threats are created and spread -- and the impact they have on your business. We’ll also discuss these

key topics and more:

• 10 common myths about web security
• How today's web attacks work
• Key technologies to safeguard your systems

Flash Memory Mobile Forensic

This paper is an introduction to flash memory forensic with a special focus on completeness of evidences acquired from mobile phones. Moving through academic papers and industrial documents will be introduced the particular nature of non-volatile memories present in nowadays mobile phones; how they really work and which challenges they pose to forensic investigators.

---

- Salvatore Fiorillo

The 10 best IT certifications: 2010

2010 CERTS

Date: 8/17/2010

Author: Erik Eckel

1: MCITP Microsoft Certified IT Professional

2: MCTS Microsoft Certified Technology Specialist

3: Network+ CompTIA’s Network+

4: A+

CompTIA’s

A+

5: CSSA Certified SonicWALL Security Administrator

6: CCNA Cisco Certified Network Associate

7: ACTC Apple Certified Technical Coordinator 10.6

8: ACSP Apple Certified Support Professional 10.6

9: CISSP Certified Information Systems Security Professional

10: PMP Project Management Professional

Honorable mentions:

MCSE, ITIL, RHCP, Linux+, VCP, ACE, QuickBooks, Security+

ICCS 2010

FBI New York and Fordham University Join Together for the 2nd Annual ICCS

The International Conference on Cyber Security (ICCS) 2010, a joint effort between the Federal Bureau of Investigation and Fordham University, brought together global leaders and representatives from over 40 countries in emerging cyber threat analysis and enforcement at Fordham University's Lincoln Center campus, August 2-5, 2010. Among the top speakers to present at this event was FBI Director Robert S. Mueller, III.

For the second year in a row, Fordham has partnered with the FBI to sponsor this conference. The working relationships between law enforcement professionals and those in the private sector and academia are instrumental in combating cyber crimes worldwide. Representatives from various law enforcement and government agencies, academic institutions, and private industries enjoyed presentations, exhibitions, and access to networking opportunities. Participants discussed advancements in the field of cyber security and emerging cyber threats, in addition to other related topics.

Hackers and crackers:

a lesson in etymology and clear communication

• Date: August 16th, 2010
• Author: Chad Perrin
• 
  

The term “hacker” has a meaning older and more respectable than its common usage

in mainstream journalism. Familiarity with that history and its implications can help you

make sure your audience understands your meaning when you use the term.

The term “hacker” gets abused, misused, and overused regularly. Its roots in reference to computers reach back to the early days of the MIT Artificial Intelligence lab. The MIT AI lab shared a lot of members with the MIT Tech Model Railroad Club, and borrowed the term from there.