#################### Topics #################### Intro ITW Conference NEbraskaCERT October CSF One Security Tool One Security Website One Book Review One Quick Question & Answer End Of Line #################### Intro #################### This is the Second of our Monthly newsletters from NEbraskaCERT. With this issue the format is getting a bit more worked out and it will hopefully give us an idea of what the format will look like for the next couple of issues. #################### ITW Conference #################### October 23, 2008 is the 10th Annual Information Technology in the Workplace (ITW) conference. Their theme this year is "IT Security: An Imperative for Organizations". For more information about the conference hit their website http://www.itconference.org I've been to the conference in the past and it is a nice event so going to it is definitely worthwhile. #################### NEbraskaCERT October CSF #################### NEbraskaCERT will be holding our October CSF on the 15th down at the Bellevue Lifelong Learning Center from 7:30am to 9:00am. Bill Hayes will be talking about Incident Response, what to do after you've been hacked. Should be an excellent talk. For more information please hit our website at http://www.NEbraskacert.org/CSF or better yet sign up for our CSF announce list at mailto: csf-announce-subscribe@nebraskacert.org #################### One Security Tool #################### Our Security Tool for this month is the Untangle Gateway at http://www.untangle.com/ It is a truly unique tool in that it uses ARP poisoning in a constructive way, so you don't have to reconfigure your network. It runs on Microsoft Windows XP boxes and has take a unique approach to how to be a gateway for your network. One thing to keep in mind this is not designed for an enterprise, but for the SOHO environment this is a very cool product. Untangle is available for free with various fee-based support packages available for it. #################### One Security Website #################### Our Security Website for this month is packetstorm. Packetstorm http://www.packetstorm.org is a site that believes in full disclosure. It hosts links to many publicly available exploits and other documentation. Note: Packetstorm is a White hat site and has a variety of tools available on it. #################### One Book Review #################### The book I am just finishing up is called "Little Brother" by Cory Doctorow. Some reviews describe it is 1984 or Fahrenheit 451 for a post 9/11 DMCA world. After reading it I can only say it is one of the best books I've read in the last five years. It is available for free in a variety of formats at Cory's website http://craphound.com/littlebrother/download/ Most of the bookstores in town also have it for sale. I got my copy at Borders. One note it is in the young adult section, which can be embarrassing when you ask for it. So yes, it is a "Kiddies Book", but it managed to explain TOR in half a page, better than I can in half an hour. It is a bit political, so it might spark some discussion as well if you give it to your children, so I recommend reading it first. #################### One Quick Question & Answer #################### One of the questions I get asked most often is "What is a CVE and why should I care?" CVE stands for Common Vulnerabilities and Exposures. Mitre created this as a way of standardizing the naming of security vulnerabilities. Almost every major vendor will use their naming convention AND use CVEs as well. E.g. RHSA-2007:0108-4 : was issued by Red Hat because of problems with the Thunderbird e-mail client. It refers to about a dozen CVE numbers that were handled by the one Red Hat Security Advisory. Debian issued security advisory DSA-1336-1 addressed this CVE. CVEs are maintained by the MITRE corporation. It is funded by the United States Department of Homeland Security. Many scanning tools will refer to explicit CVEs when doing scans and for doing remediation. For more information hit the MITRE website http://cve.mitre.org #################### End Of Line #################### This is it for the second newsletter. If you have any feedback/questions please let me know at aaron.grothe < at > nebraskacert.org or ajgrothe@gmail.com. If anyone has any corrections to the newsletter please let me know and I'll include them in the next newsletter. Regards, Aaron 0-0-0 NEbraskaCERT www.nebraskacert.org