Full Cyber Security program approved at Huntsville City Schools Career ...
Infosec 1 would be available for 9th graders. That class is already going this semester, through a pilot program. “They're going to learn about areas of vulnerability. And it is the basis of our cybersecurity program,” said Moon. Fall of 2015 will ...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The chairman of the youth wing of the Swedish Pirate Party successfully fooled attendees at a major Swedish security and defense conference into connecting to an open Wi-Fi network that he controlled—as a way to protest mass digital surveillance.

According to The Local, an English-language newspaper in Sweden, Gustav Nipe watched earlier this week as around 100 politicians, military officers and journalists logged into a network called “Open Guest” and proceeded to search for various non-work-related things including “forest hikes” and monitor eBay auctions.

Previously Nipe was involved in the Pirate Party’s efforts to create its own ISP in 2010, and founded the Church of Kopimism, which was formally recognized by Swedish tax authorities in 2011.

Read 7 remaining paragraphs | Comments


Toolswatch published today the best 2014 security tools according to their readers. I like to use From that list I like OWASP ZAP, BeEF, OWASP Xenotix and PeStudio. However, I definitely miss some tools like the one contained in REMnux Distro for malware analysis, DFF and the SANS SIFT 3 distro for forensics, not to mention Wireshark and tcpdump, which I find unique for anomaly detection.

Which security tool is your favorite? Do you agree with the tools listed? Let us know via contact form or comment to this diary.

Manuel Humberto Santander Pelez
SANS Internet Storm Center - Handler
e-mail: msantand at isc dot sans dot org

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Catapult Software DNP3 Driver CVE-2013-2811 Denial of Service Vulnerability
[SECURITY] [DSA 3127-1] iceweasel security update

It was a mistake for the National Security Agency to support a critical cryptographic function after researchers presented evidence that it contained a fatal flaw that could be exploited by US intelligence agents, the agency's research director said.

The comments by NSA Director of Research Michael Wertheimer were included in an article headlined The Mathematics Community and the NSA published this week in a publication called Notices. The article responds to blistering criticism from some mathematicians, civil liberties advocates, and security professionals following documents provided by former NSA subcontractor Edward Snowden showing that the agency deliberately tried to subvert widely used crypto standards. One of those standards, according to The New York Times, was a random number generator known as Dual EC_DRBG, which was later revealed to be the default method for generating crucial random numbers in the BSAFE crypto toolkit developed by EMC-owned security firm RSA.

NSA officials shepherded Dual EC_DRBG through the National Institute of Standards and Technology (NIST) in 2006. A year later, researchers from Microsoft presented evidence that the number generator contained a type of backdoor known to cryptographers as a "trap door." The weakness, the researchers said, allowed those who knew the specific NSA-generated points on the standard's elliptic curve to work backward to guess any crypto key created by the generator. Despite widespread coverage of the research and concern expressed by security experts, the NSA continued to support Dual EC_DRBG. It wasn't until September 2013—six years after the research came to light—that RSA advised customers to stop using the NSA-influenced code. Last year, NIST also advised against its use.

Read 8 remaining paragraphs | Comments


Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
OpenSSL CVE-2014-3570 Unspecified Security Weakness


New report: DHS is a mess of cybersecurity incompetence
The report says (and echoes the sentiments of many civilian infosec professionals) that the DHS approach on vuln mitigation is nothing but a losing strategy. "The nature of cybersecurity threats -- and the ability of adversaries to continuously develop ...
US feds failing to protect govt buildings from cyber threatsiT News

all 26 news articles »

Human factor problems persist with EHRs Updated numbers have CMS more ...
CIO leader outlines an InfoSec strategy in HealthcareInfoSecurity: http://bit.ly/1KGcdBj. How hospitals are tackling costs in 2015 — special report by Healthcare IT News: http://bit.ly/1wb6IzR. ** A message from the Leidos Partnership for Defense ...

and more »

Scholarships available for Johnson County students
The Tomahawk
Johnson County students are eligible for the Gail Clay Scholarship, the Johnson County Educational Growth Scholarship, the Johnson County Scholarship, the James K. Goldston INFOSEC Scholarship, and the Debbie Van Cleave Scholarship. For further ...

LinuxSecurity.com: Updated cloud-init packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Common for Red Hat Enterprise Linux 6. [More...]
LinuxSecurity.com: Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0 Red Hat Product Security has rated this update as having Moderate security [More...]
LinuxSecurity.com: Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]
LinuxSecurity.com: Several security issues were fixed in Django.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Git could be made to run programs as your login if it received speciallycrafted changes from a remote repository.
LinuxSecurity.com: An updated thunderbird package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security [More...]
LinuxSecurity.com: Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
Two XSS vulnerabilities in Simple Security WordPress Plugin
MS14-080 CVE-2014-6365 Code
Drupal Flag Module CVE-2014-3453 Arbitrary PHP Code Execution Vulnerability
Linux Kernel User Namespace Local Security Bypass Vulnerability
Linux Kernel CVE-2014-9419 Local Information Disclosure Vulnerability
AusCERT2015 Call for Papers: closes 18th January
Internet Storm Center Infocon Status