VMWare Offering Free Online Training

Application Management

Learn how to design, deploy and monitor your Tier 1 applications.

Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere

August 16th, 10:00 a.m. PT

Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere

August 23rd, 10:00 a.m. PT

The 10 Pitfalls to Avoid when Monitoring a Virtualized Environment

August 19th, 9:00 a.m. PT

Register Here

Click here to see a complete list of upcoming live VMware webcasts.


NSA Developing Program to Detect Cyber-attacks: Report (eWeek)

The National Security Agency is reportedly launching a new program to protect against cyber-attacks targeting the country’s critical infrastructure and government. However the program is also raising concerns, the Wall Street Journal reported.

Source: eWeek – http://www.eweek.com/c/a/Security/NSA-Developing-Program-to-Detect-CyberAttacks-Report-583222/

Department of Homeland Security Plans to Hire 1,000 Cyber-Security Experts to Protect U.S. Computer Networks

In October of 2009, Department of Homeland Security Secretary Janet Napolitano stated, “Cyber-security is one of our most urgent priorities” when she announced that The Department of Homeland Security plans hire up to 1,000 cyber-security experts in the next three years to help protect U.S. computer networks.

Many IT security experts have expressed the United States is vulnerable to a massive cyber-attack due to our reliance and dependence on the Internet and industries such as healthcare, transportation, telecommunications, financial and energy to name a few are currently open targets.

In order to protect our nation’s computers with the best cyber defenders, these individuals must know how these systems work as well as how to break into them to better understand how to protect them and currently very few do.

While there are many training centers and organizations in the Washington DC Metro area aiding in training our cyber-warriors, many experts in the industry states the demand for qualified cyber-security specialists far exceeds the supply leaving the nation unprepared to defend itself against an online attack.

For those IT security professionals who are qualified, organizations are battling each other to obtain their services.  For example, companies such as L3-Communications, CACI and SAIC are trying to obtain the same talent, and it is no different with the government sector.

Carlos Johnson, Interim Director of Information Assurance at True Information Assurance, LLC based in the Washington DC Metro area has a more optimistic view on the matter by stating, “President Obama’s 2010 budget called for Protection against threats to the homeland by supporting the Comprehensive National Cyber Security Initiative.  His budget allocated $364 million to DHS to support the operations of the National Cyber Security Division, (which protects Federal systems as well as continuing efforts under the Comprehensive National Cyber Security Initiative) to protect our information networks from the threat of attacks or disruptions.”  Mr. Johnson further stated his organization True-IA is preparing to have the best cyber-warriors by having a competitive benefits package that include funds set aside for each employee to attend certification courses as well as conferences on topics relevant to IT/Cyber Security.

In a recent interview with NPR, Alan Paller stated, “Every military district of the Peoples’ Liberation Army (China) runs a competition every spring, and they search for kids who might have gotten caught hacking.” Paller further stated in his NPR interview, “One of the Chinese youths who won that competition had earlier been caught hacking into a Japanese computer only to be rewarded with extra training.  Later that year, we found him hacking into the Pentagon, so they find them, they train them, and they get them into operation very, very fast.”

Jim Gosler, a National Security Agency scientist, and the founding director of the CIA’s clandestine information technology office estimated that the United States only have about 1,000 qualified IT security experts and 10,000 to 30,000 are required to adequately protect the U.S.

Jay Bavisi, President at EC-Council stated “EC-Council is committed in ensuring that we help the nation develop some of the best cyber security brains to help combat unwarranted cyber attacks against our critical infrastructure.  In this process, last year, we succeeded in ensuring that the EC-Council curricula met all 6 of the CNSS standards set by the National Security Agency”.  Mr. Bavisi further states, “We worked hard to ensure that our programs meet high quality requirement to ensure we produce the best cyber warriors in the world.  Our certification was selected to be included in the DoD 8570 directive for the Department of Defense.”

Organizations such as Security University, EC-Council and SANS are amongst the training centers providing key cyber-security training in the Washington DC area.

Black Hat Uplink USA 2010

========================

Black Hat Uplink USA

http://links.covertchannel.blackhat.com/ctt?kn=10&m=35616080&r=NTYxMTMwOTY0MwS2&b=2&j=NzgwNTcwOTIS1&mt=1&rt=0

========================

Attend the most the important security event of the year

– from your desktop!

One Week Left to Register – Get 25% Off (Save $100).

Have you had a chance to experience Black Hat in person?

Are you curious to see what a “live” Black Hat event has

to offer?

This year thousands of security professionals from around

the world are making plans to be a part of Black Hat USA 2010.

But not all of those people will actually be in Las Vegas.

With Black Hat Uplink, you can experience essential content

that shapes the security industry for the coming year.

Register now for Black Hat Uplink with Promo Code BHUL443

to activate your discount (limited number of seats available).

Register >>

http://links.covertchannel.blackhat.com/ctt?kn=11&m=35616080&r=NTYxMTMwOTY0MwS2&b=2&j=NzgwNTcwOTIS1&mt=1&rt=0

See complete program schedule below.

Black Hat USA 2010, the premier technical event for the

security industry to gather and address challenges to

today’s senior-level IT professional, will be held at

Caesars Palace in Las Vegas, Nevada, July 24-29, 2010.

Now for $295, you can get a taste of Black Hat USA from

your desk – this year’s live event will be streamed

directly to the comfort of your own machine with

Black Hat Uplink:

* Access to two select tracks on each day of the Briefings

and the keynote – a total of 20+ possible sessions to view.

* Post-conference access to Uplink content; go back and

review the presentations that you missed or watch the

presentations that interested you the most as many times

as you want.

* Interact with fellow con-goers, Uplink attendees, and

the security community at large via Twitter during the

Briefings.

* Get show promotional pricing for the “Source of Knowledge”

DVDs should you wish to purchase recordings of ALL the

recordings from Black Hat USA and/or DEF CON 18.

Black Hat USA >>

http://links.covertchannel.blackhat.com/ctt?kn=3&m=35616080&r=NTYxMTMwOTY0MwS2&b=2&j=NzgwNTcwOTIS1&mt=1&rt=0

———————–

Presentation Schedule*

———————–

WEDNESDAY, JULY 28

Keynote Intro: Jeff Moss

Keynote: TBD

Uplink 1

* ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches

Automatically by Jeongwook Oh

– This talk will feature 2 undisclosed 1-day exploits.

* Bitblaze: Crash Analysis using BitBlaze by Charlie Miller

* Jackpotting Automated Teller Machines Redux by Barnaby Jack

– Live jackpotting of an ATM machine onstage.

* Blue Screen Of the Death is Dead by Matthieu Suiche

* Semiconductor Security by Christopher Tarnovsky

Uplink 2

* Base Jumping: Attacking GSM Base Station Systems and Mobile Phone

Base Bands by Grugq

* More Bugs in More Places: Secure Development on Mobile Platforms

by David Kane-Parry

* These Aren’t the Permissions You’re Looking For by Anthony Lineberry,

Timothy Wyatt, David Richardson

* Everybody Be Cool This is a Roppery! by Vincenzo Iozzo,

Ralf-Philipp Weinmann, Tim Kornau

* App Attack: Surviving the Mobile Application Explosion by

Kevin Mahaffey, John Hering

– Analysis of over 200,000 apps from Apple & Android marketplaces

—————————

THURSDAY, JULY 29

Keynote Intro: Jeff Moss

Keynote: TBD

Uplink 1

* Memory Corruption Attacks: The (almost) Complete History…

by Haroon Meer

* There’s a party at Ring0 (and you’re invited) by Julien Tinnes,

Tavis Ormandy

– One year of research uncovering close to 20 kernal vulnerabilities

* Return-Oriented Exploitation by Dino Dai Zovi

* Understanding the Low-Fragmentation Heap: From Allocation to

Exploitation by Chris Valasek

* Advanced AIX Heap Exploitation Methods by Tim Shelton

Uplink 2

* CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems

& Bringing Sexy Back to Information Centricity by Christofer Hoff

* Secure Use of Cloud Storage by Grant Bugher

* Virtually Pwned: Pentesting Virtualization by Claudio Criscione

* Virt-ICE: Next Generation Debugger for Malware Analysis by Quynh Nguyen Anh

* dirtbox: a Highly Scalable x86/Windows Emulator by Georg Wicherski

*Schedule subject to change.

—————————

Register now with Promo Code BHUL443 to activate your discount

(limited number of seats available). Presentations will be streamed

live on July 28-29, but you will be able to view Uplink presentations

for up to 90 days after the event. Registration Fee: $295.

Register >>

http://links.covertchannel.blackhat.com/ctt?kn=7&m=35616080&r=NTYxMTMwOTY0MwS2&b=2&j=NzgwNTcwOTIS1&mt=1&rt=0

Register today for a chance to win an iPad! Two Black Hat

Uplink registrants will win an iPad preloaded with the

entire recorded live-event content from Black Hat USA 2010.

——————–

Black Hat Community:

——————–

* LinkedIn

http://links.covertchannel.blackhat.com/ctt?kn=5&m=35616080&r=NTYxMTMwOTY0MwS2&b=2&j=NzgwNTcwOTIS1&mt=1&rt=0

* Facebook

http://links.covertchannel.blackhat.com/ctt?kn=8&m=35616080&r=NTYxMTMwOTY0MwS2&b=2&j=NzgwNTcwOTIS1&mt=1&rt=0

* Twitter

http://links.covertchannel.blackhat.com/ctt?kn=4&m=35616080&r=NTYxMTMwOTY0MwS2&b=2&j=NzgwNTcwOTIS1&mt=1&rt=0

* Mailing List

mailto:feedback@blackhat.com?Subject=Join Black Hat Mailing List

——————–

Black Hat Events:

——————–

*** Black Hat USA 2010 ***

http://links.covertchannel.blackhat.com/ctt?kn=2&m=35616080&r=NTYxMTMwOTY0MwS2&b=2&j=NzgwNTcwOTIS1&mt=1&rt=0

July 24-29

Las Vegas, NV

Caesars Palace

*** Black Hat Abu Dhabi 2010 ***

http://links.covertchannel.blackhat.com/ctt?kn=1&m=35616080&r=NTYxMTMwOTY0MwS2&b=2&j=NzgwNTcwOTIS1&mt=1&rt=0

November 8-11

Abu Dhabi, UAE

==========================================================

(C) UBM TechWeb 2010. All Rights Reserved. Black Hat

c/o TechWeb, 600 Harrison St., 6th Floor, San Francisco,

CA 94107. TechWeb, Black Hat, and associated design

marks and logos are trademarks owned or used under

license by United Business Media LLC, and may be

registered in the United States and other countries.

Other names mentioned may be the trademark or service

mark of their respective owners.

Dell PowerEdge Motherboard Firmware Contains Malware

SecurityOrb.com has learned Dell has officially confirmed that some of its PowerEdge R410 rack server motherboards were shipped to customers with malware embedded on the server management firmware.  Many customers became frustrated due to the company’s slow response to provide details on the matter.

Source: http://en.community.dell.com/support-forums/servers/f/956/t/19339458.aspx

For more information on this topic, check out these other sites:

http://isc.sans.edu/diary.html?storyid=9223&rss

http://www.infoworld.com/t/malware/dells-response-motherboard-malware-causes-confusion-176

Apple iPhone 4 Signal Issues

Everyone waited with excitement for the new iPhone 4 to come out this past June, regardless if you were an iPhone user or not.  The initial reports projected another successful product by Apple, then the reports started to come in via blogs and YouTube.  The reports were about the iPhone 4 suffering from a severe drop in signal reception.  Even Consumer Report, which publishes reviews and comparisons of consumer products and services based on reporting and results from its in-house testing laboratory with approximately 7.3 million subscribers stated, “we can not recommend the iPhone 4 due to the antenna/signal issues that are obviously and apparent.”

The problem stems from holding the phone with a bare hand can muffle the wireless signal, a term described as the “death grip”.  Apple and some analyst in the cell phone industry stated, this is a common issue suffered by many Smartphone devices and it is a design defect that affects many cell phone makers.  They showed a Blackberry Bold, an HTC Droid Eris, and a Samsung Smartphone all being held “the wrong way” and suffering a severe drop in signal reception.

Michael Price, an iPhone user in the Washington DC area stated, Apple design the antenna using parts of the phone’s outer casing on the lower left edge as compared to the internal working of the phone in most cell phone designs.  Apple needed to save space may have left them exposed by covering a spot of the case blocks wireless signal.

These rumors and as well as the findings from Consumer Report prompted Steve Jobs of Apple to hold a news conference to discuss these matter and provide a solution.  So this past Friday at 1 p.m. ET offering Apple’s take on antenna problems that cropped up after the phone went on sale late in June. After noting that three million iPhone 4s had been sold in the first three weeks the phone was on the market and said the company first learned about reception problems three weeks ago.  Jobs defended the iPhone 4’s design and said the iPhone 4’s antenna issue is not widespread. He said just over five out of every thousand users have complained to Apple’s warranty service, and less than 2 percent have returned the device.

Steve Jobs also talked about a giveaway during a news conference stating, “Anyone who bought the iPhone 4 will be eligible to receiver a free bumper to assist with better reception through Sept. 30.

This latest event will sure help the competitor Google gain some market shares.