Security Acts is a free magazine for professionals in IT Security

Security Acts is the challenge of producing a high-quality magazine for professionals in IT Security, which is made by and issued for the people involved in IT Security. This online magazine is free of charge and will finance itself through adverts.

http://www.securityacts.com

Subscribe to be notified when new issues are released.

(IN)SECURE Magazine

(IN)SECURE Magazine is a free digital magazine published in a PDF format. It features articles written by some of the most prominent security experts. The magazine is released on a bi-monthly basis and averages 25,000 readers per issue.

http://www.net-security.org/insecuremag.php

Kingston, SanDisk and Verbatim all sell quite similar USB Flash drives with AES 256-bit hardware encryption that supposedly meet the highest security standards. This is emphasised by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST), which validates the USB drives for use with sensitive government data. Security firm SySS, however, has found that despite this it is relatively easy to access the unencrypted data, even without the required password.

The USB drives in question encrypt the stored data via the practically uncrackable AES 256-bit hardware encryption system. Therefore, the main point of attack for accessing the plain text data stored on the drive is the password entry mechanism. When analysing the relevant Windows program, the SySS security experts found a rather blatant flaw that has quite obviously slipped through testers’ nets. During a successful authorisation procedure the program will, irrespective of the password, always send the same character string to the drive after performing various crypto operations – and this is the case for all USB Flash drives of this type.

Cracking the drives is therefore quite simple. The SySS experts wrote a small tool for the active password entry program’s RAM which always made sure that the appropriate string was sent to the drive, irrespective of the password entered and as a result gained immediate access to all the data on the drive. The vulnerable devices include the Kingston DataTraveler BlackBox, the SanDisk Cruzer Enterprise FIPS Edition and the Verbatim Corporate Secure FIPS Edition.

When notified by SySS about this worst case security scenario, the respective vendors responded quite differently. Kingston started a recall of the affected products; SanDisk and Verbatim issued woolly security bulletins about a “potential vulnerability in the access control application” and provided a software update. When asked by heise Security, Verbatim Europe said that none of the affected drives have been sold in Europe – and that none will be shipped before the hole has been closed.

The real question, however, remains unanswered – how could USB Flash drives that exhibit such a serious security hole be given one of the highest certificates for crypto devices? Even more importantly, perhaps – what is the value of a certification that fails to detect such holes?

Source : http://www.h-online.com

Some additional Twitter API sites. A lot of the third party development sites will pull in your Twitter profile and give you link love.

• Crowdeye.com
• Klout.com
• Plentyoftweeps.com
• Sency.com
• Twaitter.com
• Taweet.com
• Tweetworth.com
• Twiscounter.com
• TwitRak.com
• TwitReferral.com
• LocalTweeps.com
• TwitDir.com
• TwitterStates.com

I am pleased to inform you that I’ve successfully PASSED the CISA (Certified Information Systems Auditor) Exam with ID: 09591027. As you know that its a Four Hours Proctored Written ANSI Accredited Exam and was held in December 12, 2009.

US Department of Defense (DoD) 8570.01-M “Information Assurance Workforce Improvement Program” manual names ISACA’s Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications among those approved for DoD information assurance (IA) professionals.

For More Details : Visit

Yesterday i got this email of Congratulations !

(Please note : Only Total of 18 full and partial scholarships were available around the WORLD.)

Dear Muhammad Amir Jamil,

Congratulations!

After thorough evaluation of your paper (On 3-Tier PKI services architecture for defense related organizations) by the EC-Council Scheme Committee, we are  delighted to announce that you are granted a partial scholarship worth US $1748 for the EC-Council | Secure Aid Program 2009!

Members of the Scheme Committee who convened as an Awards Committee included Scott Applegate – US Army; Bill Varholl – US Department of Defense; Russell Butturini – Epic Technologies; Robert Lai – Science Applications International Corporation; Denis O’Callaghan – Alive Consultants LTD.

This scholarship will enable you to attend EC-Council Certification Courses on iClass without payment. Please note that the scholarship covers training fees and exam vouchers and exclude courseware.

To redeem your Secure Aid training and exam voucher, please forward this letter to Eric Lopez indicating your choice of program in the attached iClass Student Enrollment form - Certified Ethical Hacker (C|EH), Computer Hacking Forensic Investigator (C|HFI), EC-Council Certified Security Analyst  (E|CSA), or EC-Council Certified Disaster Recovery Professional (E|DRP).

Courses offered for the EC-Council | Secure Aid Program will be delivered via EC Council’s live, online, and instructor-led training platform; iClass. It is approximately 36 instruction hours in length delivered either in four hour time blocks, twice a week in the evening for 5 weeks, or in five consecutive days in eight hour time blocks. The class schedule is attached.

This must be a very proud moment for you and as such we would like to include your profile and picture on our website along with your case study/ white paper. Please send your picture and profile to dawne@eccouncil.org.

We will be making global announcements of your achievement shortly. So, send us your picture and profile by September 12th, 2009.

Thank you.

Yours Sincerely,
Dawne Chin
Program Chair
EC-Council

For more details visit : EC-Council Secure aid Program

RiverMuse launches an enterprise class open source fault management platform built upon a next generation architecture designed around maintaining a very low total cost of ownership when applied to modern service delivery infrastructures.

RiverMuse’s agile architecture is specifically designed to support virtualized and abstracted network infrastructures where constant change and complexity of business logic administration typically means an increased cost of ownership that is significantly higher than the realizable benefits.

The visionaries behind RiverMuse include: Philip Tee, Predrag (Fred) Mutavzdic, and Mike Silvey, who were the team behind the inventions of Micromuse and RiverSoft (now IBM Tivoli Netcool and HP OpenView Advanced Edition) and Phil Blades, one of the first Netcool customers and a pioneer of the early service management community.

The team recognized that the management of today’s service delivery infrastructures needed a new approach to management tools, in terms of:

• Platform architecture: to allow cost effective support of modern infrastructures and,
• Breadth of application functionality: offering every customer what they specifically need when they need it.

This inspired them to invent a next generation agile architecture and gift the platform to the service management community to enhance features and extend functionality, thus enabling delivery at the time customers require them – removing the dependence on vendor roadmaps and business principles.

Gifting RiverMuse as Open Source marks a significant change of approach in the service management arena. Features and functionality within the RiverMuse offering will evolve in line with the needs of modern service delivery infrastructure requirements.

Guardians of Service Level Management will now benefit from an enterprise class agile architecture without compromising on functionality or suffering the stealth tax in the form of increased administration charges, since RiverMuse sets a new standard in total cost of ownership.

For more details visit : RiverMouse

The U.S. Department of Commerce’s NIST (National Institute of Standards and Technology) recently released Special Publication 800-53, a report titled “Recommended Security Controls for Federal Information Systems and Organizations.”The 237-page report discusses the latest suggested practices for minimizing network vulnerabilities in government agencies, but its lessons carry over to any business, school, or organization with Internet access. It also discusses compliance with FIPS (Federal Information Processing Standards) 199 and 200 security levels. The report was prepared by the Computer Security Division of NIST’s Information Technology Laboratory.

http://csrc.nist.gov/publications/PubsSPs.html