HTCIA Meeting July 23

Presenting: Rich Hoffman with UnitedLex. Rich will be sharing tips and tricks.

Hope to see everyone there.

June Meeting Cancelled

There will not be a June 25th meeting. Hope to see everyone at the July meeting.

2009 Life Time Achievement Award

The HTCIA International Secretary is soliciting nominations for the 2009 Life Time Achievement Award. All nominations must be received by July 1, to be considered.

If interested in submitting a nomination, please contact Laurie John (laurie.john@gmail.com) for details.

May Meeting

The monthly meeting for May will be Thursday the 28th, 10:30am, at 6825 Pine St.

Jim O'Gorman from Continuum Worldwide will be presenting on forensics and out of the ordinary uses of gaming systems.

InfoTec Annual Security Breakfast

Every year at Infotec, the Computer Security groups in the Omaha area are invited to participate in a joint meeting. This is a chance for people to meet and network.


Infotec Annual Security Breakfast

GUEST SPEAKER: Chief Eric Buske - Omaha Police
CORPORATE SPONSOR: Fishnet Security

WHO: All Nebraska/Iowa Information Security Professionals

WHEN: Tuesday - April 14, 7:00 am

WHERE: QWEST Center Omaha
Conference Room 215
455 North 10th Street
Omaha, Nebraska

HOW: YOU MUST RSVP to infragard.nebraska "at" gmail.com
and provide name, company, phone and email address
by April 8th, if you want to eat at the event.

Nebraska HTCIA Meetings

We are pleased to announce that the Nebraska HTCIA Chapter has been given the opportunity to have meetings at the Cyber Crime Task Force at the Scott Technology Center. The Nebraska HTCIA Chapter will hold meetings the 4th Thursday of every month at 10 a.m.

Our next meeting will be April 23rd, 2009 @ 10 a.m. Scott Technology Center 6825 Pine Street.
Matt Churchill with Continuum Worldwide will present on Memory Forensics

The Nebraska HTCIA chapter would like to thank the CCTF for their generosity for the use of their facility.

Intrusion Detection Training

This class is being held here in Omaha. Check it out if interested!

SANS Intrusion Detection In-Depth Local Mentor-led course runs for 10 weeks and is divided into seven sections:

• Introduction to SANS and GIAC Certification Orientation
• TCP/IP for Intrusion Detection
• Network Traffic Analysis Using TCPdump - Part 1
• Network Traffic Analysis Using TCPdump - Part 2
• Intrusion Detection Snort Style
• IDS Signatures and Analysis - Part 1
• IDS Signatures and Analysis - Part 2

http://www.sans.org/mentor/details.php?nid=17709

Nebraska HTCIA Meetings

Our next meeting is scheduled for February 25, 2009 @ 10:30 a.m. at the LaVista Police Department Community Conference Room 7701 S 96th St. (Just north of 96th/Giles Rd).

Please bring any ideas & suggestions on how you'd like to see the future of our chapter to proceed.

Thanks & hope to see you at the meeting.

Next Meeting, February 25th

The first meeting of the year has been scheduled for February 25, 2009 @ 10:30 at the LaVista Police Department Community conference room 7701 S 96th (just north of 96th/Giles Rd).

We hope to have all future meetings scheduled soon and they will posted on the chapter website. All input from the membership is welcome, please forward any suggestions for presentations or training to any board member.

Also, Membership renewal is upon us, so please get your renewals in.

Please share the meeting information with anyone that would like to attend.

Thank You

Laurie John

Nebraska HTCIA

Looking Forward to 2009

Thanks to all for a successful 2008! I'm glad I've gotten to know everyone involved in the chapter as I've met some great resources.

I'm excited about what's in store for 2009. There has already been some good discussion with the new chapter board and there are some great things in the works for next year.

The Exam Before Christmas

Twas the night before Christmas, when all through the lab
Not an examiner was working, except this tired crab.
All the evidence was filed and the forms were all signed,
In hopes that my work would soon be off my mind.

The drives were all wiped and in their special order,

With care taken not to be located next to the audio recorder.

I had documented I wrote to each sector a zero,
Knowing if it came up in court I would be a big hero.

When out of nowhere the doorbell did ring,

And I ran to the door opening it with a mighty swing.
It was my boss delivering me a brand new case,
And wanted it handled with utmost haste!

I hooked up the evidence to my write blocker,

I was moving so quick, just like a punk rocker.
Every action I took that was worthy of note,
Into my notebook the details I wrote.

When the image was complete,
The next step I could not cheat.
I verified my MD5 hash,
And was ready to go in a flash.

Into FTK the image did import,
I was handling the case like it was going to court.
Once all the pre-processing was done,
I was all set to start having my fun!

Into a server a hacker did intrude,
And the company thought they were quite screwed.
If customer records were read,
Then surely someone would lose their head!

If data was lost, victims must get word,

And hope that the company name was not to be slurred.

They needed me to look for artifacts left by the crook,
And document every action he took.

The attacker came in through an SSL hole,

And theft of user passwords appeared to be his goal.
But first I knew his privileges he would need to raise,
And I found his exploit, proving diligence pays.

After a bit more inspection I found a root kit,
And to Norman Sandbox I made sure to submit.
An answer came back, it was unknown malware,
And this is the point where I started to swear.

So I loaded up a brand new VM,
This trick always worked as a great little gem.

I ran the software to get a good trace,
And making such progress at a wonderful pace.

When I found the encrypted channel to a botnet,
That is when I really started to sweat.
This was a rare find, and quite good news.
I was going to give the hacker a case of the blues.

My report was wrote up with all of my work,
As I finished up I could not suppress a smirk.
The hacker's life would soon be a mess,
As I had identified his home IP address.

I sent the report out, through encrypted e-mail,
Knowing the hacker would soon be in jail.
Content to know I caused him such plight,

I sure hope he enjoys his last free Christmas night.

--- Written and submitted by Jim O'Gorman for the Best of the Blog Contest.

About Botnets, Video Games, and Bad Predictions

A year ago, I did a write up about the potential for botnets migrating to non traditional computing platforms. My conclusion was that seventh generation video game systems have the most potential from as a botnet platform based on a model that I defined in the write up.

Here we are a year later, and as it turns out, nope, no botnet on any video game system. So on that point, I have to hang my head and admit I am no better then any random caller to Art Bell. On the other hand, I do stand by my conclusion that video game platforms would make a good platform for for the creation of a botnet. However, the model I created needs work. There was a variable I did not account for.

Read more from BinInt.com.

Husband's Hidden Camera Taping Illegal

A woman, secretly videotaped in her own bedroom by her husband, will keep a $22,500 court judgment. That ruling Friday from the Iowa Supreme Court as it upheld a lower court decision.

In the Dubuque County, Iowa case, Cathy Tigges claimed her husband hid cameras in their bedroom and videotaped her activities. During divorce proceedings she argued the videotaping by Jeffrey Tigges was an invasion of privacy.

The Iowa Court of Appeals rejected Jeffrey Tigges' argument, her husband, that his wife had no reasonable expectation of privacy in their home. In its ruling, the Iowa Supreme Court said Cathy Tigges had a "reasonable expectation of privacy" in her bedroom and that her husband's covert videotaping violated her privacy.

Via WOWT.com.

Music Industry to Abandon Mass Suits

The decision represents an abrupt shift of strategy for the industry, which has opened legal proceedings against about 35,000 people since 2003. Critics say the legal offensive ultimately did little to stem the tide of illegally downloaded music. And it created a public-relations disaster for the industry, whose lawsuits targeted, among others, several single mothers, a dead person and a 13-year-old girl.

Instead, the Recording Industry Association of America said it plans to try an approach that relies on the cooperation of Internet-service providers. The trade group said it has hashed out preliminary agreements with major ISPs under which it will send an email to the provider when it finds a provider's customers making music available online for others to take.

Depending on the agreement, the ISP will either forward the note to customers, or alert customers that they appear to be uploading music illegally, and ask them to stop. If the customers continue the file-sharing, they will get one or two more emails, perhaps accompanied by slower service from the provider. Finally, the ISP may cut off their access altogether.

Read more from the Wall Street Journal.

Hundreds of Stolen Data Dumps Found

A comprehensive new study that peers into huge troves of financial data stolen by cyber thieves confirms what experts have surmised from looking at much smaller, isolated caches of digital loot: That criminals can make hundreds, even thousands, of dollars a day selling data stolen with the help of widely available software toolkits.

Recent reports by security firms Finjan, RSA, SecureWorks and Symantec have shown that stolen identities, bank accounts and credit card numbers are sold in bulk every day in shadowy online forums, often for pennies on the dollar. In its analysis, Symantec found in 2007 that the going rate for the keys to assuming someone else's identity was between $14 and $18 per victim.

Those reports either presented conclusions based on examining a single cache of stolen data, or by observations based on watching transactions between cyber thieves. But a report released today by researchers at the University of Mannheim, Germany, offers a disturbing glimpse at the sheer abundance of this stolen data.

Read more from WashingtonPost.com.

U.S. not ready for cyber attack

The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on Thursday after participating in a two-day "cyberwar" simulation.

The game involved 230 representatives of government defense and security agencies, private companies and civil groups. It revealed flaws in leadership, planning, communications and other issues, participants said.

The exercise comes almost a year after President George W. Bush launched a cybersecurity initiative which officials said has helped shore up U.S. computer defenses but still falls short.

Read more from Reuters.com.

Malware madness and spammers in the slammer: The year in cybercrime

One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices.

Security software company Symantec became the latest company to raise red flags about what it called the "underground server" economy last month, when it issued a report estimating that roughly $276 million worth of goods and information is available on online black markets. Credit card data accounted for 59% of the information available for sale on underground servers, Symantec reported, with identity theft information (16%), server accounts (10%), financial accounts (8%) and spam and phishing programs (6%) trailing far behind.

Read more from Network World.