#################### Topics #################### Intro Corrections: OpenWRT InfoTec Annual Security Breakfast InfoTec 2009 NEbraskaCERT Security Professional Training NEbraskaCERT Conf: Call For Presenters One Security Tool: UNetbootin One Security Podcast: Network Security Podcast One Security Website: Bruce Scheiner's Blog One Book Review: Translucent Databases Lite One Quick Question & Answer: "What is OWASP?" End Of Line #################### Intro #################### This is the Seventh of our Monthly newsletters from NEbraskaCERT. A lot of stuff is starting to happen with the NEbraskaCERT conference most of which should be in next month's newsletter. #################### Corrections: OpenWRT #################### Last month I listed OpenWRT as the One Security Tool. One thing I didn't mention was that there are several other software packages available such as DD-WRT. So try them all out :-) #################### InfoTec Annual Security Breakfast #################### We are NOT hosting a regular CSF in April. NEbraskaCERT will be participating in the Infotec Annual Security Breakfast. The Security breakfast is Tuesday April 14th, 2009 in Conference room 215 at the Qwest Center. Chief Eric Buske from the Omaha Police will be the guest speaker. To RSVP for this please send an e-mail to infragard.nebraska "at" gmail.com and provide name and email address by April 8th, if you plan to eat at the event NEbraskaCERT is participating in this but we are not doing the reservations so please make sure to follow the directions above. For more information please hit our website at http://www.NEbraskacert.org/CSF or better yet sign up for our CSF announce list at mailto: csf-announce-subscribe@nebraskacert.org #################### InfoTec 2009 #################### Infotec is April 14-15th this year at the Qwest Center. There have been some changes this year as part of the AIM institute coordinating the event. They have a Security Track this year as usual. Should be a nice event. URL: http://www.infotec.org #################### NEbraskaCERT Security Professional Training #################### We're still taking registrations for our 2009 Security Professional Exam Preparation Course. We're very fortunate in that Steve Nugen will be returning again this year as our primary instructor. We're also going to be keeping the cost of the class the same as last year at $995.00. For more information please hit our webpage for the class http://www.nebraskacert.org/sp/. If you have any further questions please drop us a line at training@nebraskacert.org #################### NEbraskaCERT Conf: Call For Presenters #################### The Call For Presenters (CFP) for the 2009 NEbraskaCERT conference is live. The URL for this is http://www.certconf.org/cfp2009.php. If you have any further questions please drop us a line at speakers@nebraskacert.org #################### One Security Tool: UNetbootin #################### UNetbootin: UNetbootin (Universal Netboot Installer) is a tool that can be used to create Live USB sticks for a variety of Operating Systems. It will let you install a bunch of distributions to a USB stick easily without having to download CD images. It can do regular distros such as Ubuntu/CentOS and Debian. It also will install several security distros and tools such as NTpasswd and Backtrack as well. It runs on both Linux and Windows. One note, be careful when you use it I managed to blow away the Boot record on my Windows Laptop by not paying attention when I was using this. Website: http://unetbootin.sourceforge.net/ #################### One Security Podcast: Network Security Podcast #################### This is a great little podcast that I was forwarded by a friend a while ago. The guys know what they are talking about and the style and presentation both are very good. Website: http://mckeay.libsyn.com/index.php #################### One Security Website: Bruce Schneier's Blog #################### 99% of you know who Bruce is. This is for the 1% who don't. Bruce wrote one of the first real public books on Cryptography called Applied Cryptography. He has also written several popular crypto algorithms such as Blowfish and Twofish. He also has an entry in the Advanced Hashing Standard competition. One of my favorite features he used to do was called the "Security Doghouse". Where he would rip bad products a new one. One Time Pads almost got a monthly beating :-) The best thing about his blog is he really attempts to counter some of the security hysteria. Website: http://www.schneier.com/blog/ #################### One Book Review - Translucent Databases Lite #################### One of the cool things about this book is the cost. The "lite" edition only costs $12.00 at Amazon.com, there is also a deluxe version that has a list price of $45.00. The core idea of the book is how to fuzz and hash what goes into the database to make it less vulnerable if it is cracked. The Lite version is a short book of 102 pages. I picked up a couple of good ideas during the reading that might go into a new PCI project I'm starting on. Title: Translucent Databases Lite Author: Peter Ayner ISBN: 1441426450 Year Published: 2009 #################### One Quick Question & Answer: "What is OWASP?" #################### This month's question is "What is OWASP?" OWASP stands for the Open Web Application Security Project. OWASP is probably best know for their development guide. Which should be mandatory reading for anybody putting applications on the web. They also oversee several projects such as WebScarab and WebGoat. They have also been working on their certification program for the last couple of years. When this is complete it will probably become the standard for Web developers. The URL for OWASP is http://www.owasp.org #################### End Of Line #################### This is it for the seventh newsletter. If you have any feedback/questions please let me know at aaron.grothe < at > nebraskacert.org or ajgrothe@gmail.com. If anyone has any corrections to the newsletter please let me know and I'll include them in the next newsletter. Regards, Aaron 0-0-0 NEbraskaCERT www.nebraskacert.org