#################### Topics #################### Intro Misc Announce List NEbraskaCERT March CSF NEbraskaCERT Security Professional Training NEbraskaCERT A bit about Certconf Nebraska Infrastructure Protection Conference - (NIPC) AFCEA - USSTRATCOM Cyberspace Symposium April's Infotec/Infragard/NEbraskaCERT Security Breakfast Infotec 2009 One Training Opportunity: Infragard Awareness One Security Tool: OpenWRT One Security Podcast: Security Now One Book Review: Z4CK End Of Line #################### Intro #################### This is the Sixth of our Monthly newsletters from NEbraskaCERT. This one is structured a bit differently because there are a lot of Security Happenings the next couple of months. So some of the usual sections were dropped from this issue and will be back in next month's version. #################### Misc Announce List #################### Normally we only send the newsletter to people on the misc-announce-list. Since we've got so many events for this newsletter we decided to send it to the csf-announce list as well. If you want to receive upcoming newsletters please hit the newsletter page for information on how to subscribe. URL: http://www.nebraskacert.org/news #################### NEbraskaCERT March CSF #################### NEbraskaCERT will be holding our March CSF on the 18th at the Johnny's Cafe at 27th & L Street. We're still finalizing the speaker, so that info will be in the CSF announcement going out next week. For more information please hit our website at http://www.NEbraskacert.org/CSF or better yet sign up for our CSF announce list at mailto: csf-announce-subscribe@nebraskacert.org #################### NEbraskaCERT Security Professional Training #################### We've just posted the registration form for our 2009 Security Professional Exam Preparation Course. We're very fortunate in that Steve Nugen will be returning again this year as our primary instructor. We're also going to be keeping the cost of the class the same as last year at $995.00. For more information please hit our webpage for the class http://www.nebraskacert.org/sp/. If you have any further questions please drop us a line at training@nebraskacert.org #################### NEbraskaCERT A bit about Certconf #################### We're in the process of confirming our first keynoter and will be announcing him in a couple of weeks. We'll also hopefully have our second keynoter announced by then. We've got our Call For Presenters for the Conference live. The URL for this is http://www.certconf.org/cfp2009.php. One change we're making this year is the sessions will be one hour instead of an hour and 15 minutes. We'll be putting a lot more information on our website over the next couple of weeks as we start to firm things up for the conference. The cost for the conference this year is going to be $250.00. The registration form will be up in the next couple of weeks as well. The URL for the conference is http://www.certconf.org #################### Nebraska Infrastructure Protection Conference - (NIPC) #################### The Nebraska Infrastructure Protection Conference (NIPC) is from March 10-11 in Kearney. This is a general purpose disaster preparation conference, but it has some sessions that could definitely apply to Information Technology. URL: http://www.nipc.us/ #################### AFCEA - USSTRATCOM Cyberspace Symposium #################### AFCEA - Armed Forces Communication and Electronics Association is hosting the AFCEA - USSTRATCOM Cyberspace Symposium at the Qwest Center April 7 and 8, 2009. They've got some very interesting speakers coming in for the conference and it should be a good event. URL: http://www.afcea.org/events/stratcom/introduction.asp #################### April's Infotec/Infragard/NEbraskaCERT Security Breakfast #################### As usual NEbraskaCERT will not be hosting a regular CSF in April. Instead we'll be partnering with Infragard and Infotec to do another Security breakfast at the Qwest Center. It is currently scheduled to start at 6:45am April 14th. We'll followup with more information as things get finalized. #################### InfoTec 2009 #################### Infotec is April 14-15th this year at the Qwest Center. There have been some changes this year as part of the AIM institute coordinating the event. They have a Security Track this year as usual. Should be a nice event. URL: http://www.infotec.org #################### One Training Opportunity: Infragard Awareness #################### Dyann Bradbury mentioned a new program at the last Nebraska Infragard meeting. It is an online course with an optional test and certificate. The program is the "Security Awareness In The Workplace" program. The base training is free. If you wish to get a certificate from them by taking the test it costs $19.95. The program is still in development so there might be changes in the near future. I just signed up for the program so I'm not able to give a real review of it yet. I hope to for next month. URL: http://www.infragardawareness.com/ #################### One Security Tool: OpenWRT #################### OpenWRT originally began as an alternative firmware for Linksys' WRT54G Wireless Routers. This allowed the user to add a lot of functionality to the router that wasn't there by default. Some of the more popular options were IPV6 support, additional firewalling and some security options such as portknocking. OpenWRT is now available for a bunch of other routers and is even supported by some devices such as the Linksys NSLU2 aka the SLUG NAS device. Website: http://openwrt.org/ #################### One Security Podcast: Security Now #################### Steve Gibson and Leo Laporte do a weekly security podcast called "Security Now!" Steve Gibson has been a figure that people in the security community tend to either hate or tolerate. The addition of Leo Laporte to the podcast keeps it moving and getting annoying. It is one of the better security podcasts and definitely worth a listen. They also publish transcripts of their podcasts which are very nice to go back and search for a topic. URL: http://www.grc.com/securitynow.htm #################### One Book Review - Z4CK #################### Z4CK is a cool little book. First off the author wrote it on his Sharp Zaurus while riding the train to work. It is one of the more accurate Cyber Thrillers out there. The usual tools show up in the novel: nmap, nessus and netcat all make appearances. I have one minor quibble with the book the hacker's name is "Duncan Steele", which is kinda of painful :-) The author also wrote a sequel named Digital Force, but I haven't read that one yet. It is available as a free PDF as well as in a paper edition from Amazon. The Author appears to have let the original domain name lapse. URL: Link to copy on Packet Storm Security http://packetstormsecurity.org/papers/general/z4ck-book_final.pdf Title: Z4CK Author: Kevin Milne ISBN: 1589613120 Year Published: 2004 #################### End Of Line #################### This is it for the sixth newsletter. There are a lot of security events and things happening in the next couple of months. If you have any feedback/questions please let me know at aaron.grothe < at > nebraskacert.org. If anyone has any corrections to the newsletter please let me know and I'll include them in the next newsletter. Regards, Aaron 0-0-0 NEbraskaCERT www.nebraskacert.org