[1929] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, August 10, 2009
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Aug 10 13:02:49 2009
Message-Id: <A45018E4-6076-4A23-BA50-90958E1B1A0A@MIT.EDU>
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 10 Aug 2009 13:00:58 -0400
Cc: itss@MIT.EDU
Content-Type: multipart/mixed; boundary="===============1896573196=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1896573196==
Content-Type: multipart/signed; boundary=Apple-Mail-54-1033518620; micalg=sha1;
protocol="application/pkcs7-signature"
--Apple-Mail-54-1033518620
Content-Type: multipart/alternative;
boundary=Apple-Mail-53-1033518557
--Apple-Mail-53-1033518557
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. August 2009 Security Patches
2. Twitter Knocked Offline
3. Event: SANS Institute in Providence, RI
-----------------------------------------
1. August 2009 Security Patches
-----------------------------------------
---- Microsoft ----
Systems affected:
* Microsoft Office
* Microsoft Visual Studio
* Windows 2000, XP, and Vista
* Windows Server 2003 and 2008
* Microsoft .NET Framework
* Microsoft ISA and BizTalk Servers
As part of its monthly security bulletin release cycle, Microsoft will
be releasing 9 updates on Tuesday, August 11, five of which are
critical.
Read the advance notification in full here: <http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx
>
---- Apple ----
Systems affected:
* Apple Mac OS X versions prior to and including 10.4.11 and 10.5.7
* Apple Mac OS X Server versions prior to and including 10.4.11 and
10.5.7
On August 5, Apple released security update 2009-003 / Mac OS X 10.5.8
to address 18 security flaws, including seven that could be exploited
to take control of vulnerable computers simply by manipulating users
into viewing maliciously constructed images. The flaws arise from
uninitialized memory and pointer issues, and heap, stack, and integer
overflow errors. The update also fixes code execution flaws in the
operating system's kernel, login window and other components.
The update can be downloaded here: <http://support.apple.com/downloads/
> or from Software Update.
Systems affected:
* iPhone 1.0 through 3.0
Apple also released an iPhone update for iPhone on the last day of
July. The update fixes a critical security vulnerability involving the
Short Message Service (SMS). Users of all iPhone versions (original,
3G and 3GS) are urged to update their phones as soon as possible with
iPhone update OX 3.0.1.
For instructions visit this page <http://www.apple.com/iphone/softwareupdate/
> and click on the "Updating is easy. Learn how" link.
---- Mozilla ----
On August 3, Mozilla issued update 3.5.2 for Firefox to address a
number of critical security flaws. One of the vulnerabilities allows
attackers to spoof SSL certificates. Other vulnerabilities addressed
in the update include a memory corruption flaw, a heap overflow flaw
and a privilege escalation flaw. The SSL flaw also affects Mozilla's
Thunderbird, SeaMonkey and NSS products; fixes for those products are
likely to be available soon.
Users who have already upgraded to Firefox 3.5 are urged to upgrade to
Firefox 3.5.2 as soon as possible. Both the release notes and the
update can be found here: <http://www.mozilla.com/en-US/firefox/3.5.2/releasenotes/
>.
---------------------------------
2. Twitter Knocked Offline
---------------------------------
Twitter is recovering from a distributed denial-of-service (DDoS) that
occurred last Thursday. The micro-blogging service was knocked
offline for several hours. At the time Twitter's status page read "As
we recover [from the DDoS], users will experience some longer load
times and slowness. This includes timeouts to API clients. We're
working to get back to 100% as quickly as we can." Facebook suffered
problems from an apparent DDoS as well.
A denial-of-service occurs when a web server is overwhelmed with
requests. While most security experts dismiss DDoS attacks as just
background noise on the internet, they could still be part of more
insidious attacks, according to Tom Byrnes of ThreatStop, a network
security company.
According to Wired Magazine, the ongoing attacks on Facebook and
Twitter likely involve tens of thousands of compromised computers
under the control of a single person or organization. The attack would
involve asking the sites to serve up a page of search results, or some
other processor-intensive request.
CNET says this attack is both personal and political, involving the
continuing Russia/Georgia conflict. On Friday, a Georgian economics
professor, who is an activist blogger and has a number of sites, says
he was the intended target. He blamed the attack on the Russian
government, which he says is trying to stifle his criticism of
Russia's conduct in its war with Georgia.
Read the full story here: <http://www.wired.com/epicenter/2009/08/twitter-apparently-down/
>
-----------------------------------------------------
3. Event: SANS Institute in Providence, RI
-----------------------------------------------------
Paul Asadoorian of Pauldotcom will teach Developer 542: Web
Application Penetration Testing and Ethical Hacking. For complete
course information and to register, visit <http://www.sans.org/info/46903
>.
When: Monday, October 5 - Saturday, October 10 (6 Day Course)
Where: Brown University, Providence RI
How Much: $3345 (Register by August 26 and save $350 on the tuition
fee.)
Course description:
In this intermediate to advanced level class, you'll learn the art of
exploiting Web applications so you can find flaws in your enterprise's
Web apps before the bad guys do. Through detailed, hands-on exercises
and training from a seasoned professional, Paul Asadoorian, you will
be taught the four-step process for Web application penetration testing.
You will inject SQL into back-end databases, learning how attackers
exfiltrate sensitive data. You will utilize Cross-Site Scripting
attacks to dominate a target infrastructure in our unique hands-on
laboratory environment. And you will explore various other Web app
vulnerabilities in depth with tried-and-true techniques for finding
them using a structured testing regimen. You will learn the tools and
methods of the attacker, so that you can be a powerful defender.
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-53-1033518557
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">1. August 2009 Security =
Patches</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">2. Twitter Knocked Offline</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Event: SANS Institute in Providence, RI</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">-----------------------------------------</div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">1. August 2009 Security =
Patches</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">-----------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "> ---- Microsoft ----</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "> Systems affected:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "> * Microsoft Office</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
"> * Microsoft Visual Studio</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "> * Windows 2000, XP, and =
Vista</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "> * Windows Server 2003 and 2008</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
"> * Microsoft .NET Framework</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; "> * Microsoft ISA and BizTalk =
Servers</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">As part of its monthly =
security bulletin release cycle, Microsoft will be releasing 9 updates =
on Tuesday, August 11, five of which are critical.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">Read the advance notification in full here: <<a =
href=3D"http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx">=
http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx</a>></=
div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
"> ---- Apple ----</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">Systems affected:</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; "> * Apple Mac OS X =
versions prior to and including 10.4.11 and 10.5.7</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
"> * Apple Mac OS X Server versions prior to and including 10.4.11 =
and 10.5.7</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">On August 5, Apple released =
security update 2009-003 / Mac OS X 10.5.8 to address 18 security flaws, =
including seven that could be exploited to take control of vulnerable =
computers simply by manipulating users into viewing maliciously =
constructed images. The flaws arise from uninitialized memory and =
pointer issues, and heap, stack, and integer overflow errors. The update =
also fixes code execution flaws in the operating system's kernel, login =
window and other components. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">The =
update can be downloaded here: <span style=3D"font: 14.0px =
Helvetica"><<a href=3D"http://support.apple.com/downloads/"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">http://support.apple.com/downloads/</span></a>> </span>or =
from Software Update.</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Systems =
affected: </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">* iPhone 1.0 through =
3.0</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Apple also released an iPhone =
update for iPhone on the last day of July. The update fixes a critical =
security vulnerability involving the Short Message Service (SMS). Users =
of all iPhone versions (original, 3G and 3GS) are urged to update their =
phones as soon as possible with iPhone update OX 3.0.1.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">For instructions visit this page =
<<a =
href=3D"http://www.apple.com/iphone/softwareupdate/">http://www.apple.com/=
iphone/softwareupdate/</a>> and click on the "Updating is easy. Learn =
how" link.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; "> ---- Mozilla ----</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">On August 3, Mozilla issued update =
3.5.2 for Firefox to address a number of critical security flaws. =
One of the vulnerabilities allows attackers to spoof SSL =
certificates. Other vulnerabilities addressed in the update include a =
memory corruption flaw, a heap overflow flaw and a privilege escalation =
flaw. The SSL flaw also affects Mozilla's Thunderbird, SeaMonkey =
and NSS products; fixes for those products are likely to be available =
soon.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Users who have already =
upgraded to Firefox 3.5 are urged to upgrade to Firefox 3.5.2 as soon as =
possible. Both the release notes and the update can be found here: =
<<a =
href=3D"http://www.mozilla.com/en-US/firefox/3.5.2/releasenotes/">http://w=
ww.mozilla.com/en-US/firefox/3.5.2/releasenotes/</a>>.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">---------------------------------</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">2. Twitter Knocked Offline</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">---------------------------------</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">Twitter is recovering from a distributed denial-of-service (DDoS) that =
occurred last Thursday. The micro-blogging service was knocked =
offline for several hours. At the time Twitter's status page read =
"As we recover [from the DDoS], users will experience some longer load =
times and slowness. This includes timeouts to API clients. We're =
working to get back to 100% as quickly as we can." Facebook suffered =
problems from an apparent DDoS as well.</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; min-height: 16px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; ">A denial-of-service occurs when a web server is =
overwhelmed with requests. While most security experts dismiss =
DDoS attacks as just background noise on the internet, they could still =
be part of more insidious attacks, according to Tom Byrnes of =
ThreatStop, a network security company. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 12px/normal Times; =
min-height: 14px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">According to Wired Magazine, the =
ongoing attacks on Facebook and Twitter likely involve tens of thousands =
of compromised computers under the control of a single person or =
organization. The attack would involve asking the sites to serve up a =
page of search results, or some other processor-intensive =
request. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">CNET says this attack is both =
personal and political, involving the continuing Russia/Georgia =
conflict. On Friday, a Georgian economics professor, who is an activist =
blogger and has a number of sites, says he was the intended target. He =
blamed the attack on the Russian government, which he says is trying to =
stifle his criticism of Russia's conduct in its war with =
Georgia.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Read the full story here: =
<<a =
href=3D"http://www.wired.com/epicenter/2009/08/twitter-apparently-down/">h=
ttp://www.wired.com/epicenter/2009/08/twitter-apparently-down/</a>></di=
v><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">-----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">3. =
Event: SANS Institute in Providence, RI</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; =
">-----------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Paul Asadoorian of Pauldotcom will =
teach Developer 542: Web Application Penetration Testing and =
Ethical Hacking. For complete course information and to register, =
visit <<a href=3D"http://www.sans.org/info/46903"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">http://www.sans.org/info/46903</span></a>>.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">When: Monday, October 5 - Saturday, =
October 10 (6 Day Course)</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">Where: Brown University, Providence =
RI</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">How Much: $3345 (Register by August 26 and save $350 on the tuition =
fee.)</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Course description:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; ">In =
this intermediate to advanced level class, you'll learn the art of =
exploiting Web applications so you can find flaws in your enterprise's =
Web apps before the bad guys do. Through detailed, hands-on exercises =
and training from a seasoned professional, Paul Asadoorian, you will be =
taught the four-step process for Web application penetration =
testing.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">You will inject SQL into =
back-end databases, learning how attackers exfiltrate sensitive data. =
You will utilize Cross-Site Scripting attacks to dominate a target =
infrastructure in our unique hands-on laboratory environment. And =
you will explore various other Web app vulnerabilities in depth with =
tried-and-true techniques for finding them using a structured testing =
regimen. You will learn the tools and methods of the attacker, so that =
you can be a powerful defender.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; min-height: 16px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; min-height: 16px; "><br></div><div style=3D"margin-top:=
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Arial; ">Find current and older issues =
of Security FYI Newsletter: <<a =
href=3D"http://kb.mit.edu/confluence/x/ehBB"><span =
style=3D"text-decoration: underline ; color: =
#2151aa">http://kb.mit.edu/confluence/x/ehBB</span></a>></div><div =
apple-content-edited=3D"true"> <div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: Calibri; font-size: 14px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; =
"><div><div><div><br></div><div><br></div><div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div><div>Monique =
Yeaton</div><div>IT Security Awareness Consultant</div><div>MIT =
Information Services & Technology (IS&T)</div><div>(617) =
253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></div><br =
class=3D"Apple-interchange-newline"> </div><br></body></html>=
--Apple-Mail-53-1033518557--
--Apple-Mail-54-1033518620
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDwjCCA74w
ggMnoAMCAQICEQCgVkmJt2RPZFjUToeFtLUNMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVT
MRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0
ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQLEwxDbGllbnQgQ0EgdjEwHhcNMDkwNzA3MTkwNzQ1WhcN
MTAwNzMxMTkwNzQ1WjCBpTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAs
BgNVBAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENs
aWVudCBDQSB2MTEXMBUGA1UEAxMOTW9uaXF1ZSBZZWF0b24xHjAcBgkqhkiG9w0BCQEWD215ZWF0
b25ATUlULkVEVTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5YyEmHtimNf2l9Swh7
azen1VDYTAHPef/hu8pDiEdf51i6i/1uiI7RCvzmGt8SRR3gwx1MuJt3TCKKX7kedPK8owWHRDO1
SQTG+RJHEKa8IeG/7Fk8kXFJqBYbk5sA8YOQOwmlG2x5ssMhfoPAxc44rh9tk4VfDgASGZXQITa+
8SwLG2JSFgUlnvEJAOrw8XRXRX78mgPwkydJQNhfK+ikYm2JtyqM5cSwgLxHh0XldWAI7P4csM79
LQcG4HQZRmTCVeMuy67KgNjtg/94O5AfwLkbP6hwvqsDsfr8aTwhbrhkayJnvXeY0L2X4i9AasVP
aAC4apVYBbIQr5mW4S8CAwEAAaOBoTCBnjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRfbDIy
HJrY3A0bf+451r8D8oZXGjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY2EubWl0LmVkdS9jYS9t
aXRjbGllbnQuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAIa1unH8mI8xbBDdr0Iqub03tHeb4/VWpsPq
GmhYH9vXRI6x7B+dAIwghm4gKo9y4d8qlgcx+1sLjRQ8DkZcXacX52a1eb1qYzXhzNGkxp4EEZIq
xYCHWJRYuitl+cpqVbS0Dxh/+gC5KL4LkMRJjQ6kP1ns99bdK132BxmyNX1+MYIDNjCCAzICAQEw
gYEwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1hc3Nh
Y2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENsaWVudCBDQSB2MQIR
AKBWSYm3ZE9kWNROh4W0tQ0wCQYFKw4DAhoFAKCCAYkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMDkwODEwMTcwMDU4WjAjBgkqhkiG9w0BCQQxFgQUC5GJYkK3uVRU
9ciyH6caaF4vaEswgZIGCSsGAQQBgjcQBDGBhDCBgTBsMQswCQYDVQQGEwJVUzEWMBQGA1UECBMN
TWFzc2FjaHVzZXR0czEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5v
bG9neTEVMBMGA1UECxMMQ2xpZW50IENBIHYxAhEAoFZJibdkT2RY1E6HhbS1DTCBlAYLKoZIhvcN
AQkQAgsxgYSggYEwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNV
BAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENsaWVu
dCBDQSB2MQIRAKBWSYm3ZE9kWNROh4W0tQ0wDQYJKoZIhvcNAQEBBQAEggEAl+MMtNm3BLzCTa1N
lAtKK5MxvlejeHhBYUqCechTwP1ZXwMiTBdTy/7VDAHRXBm8A59LkAy4/QVvcgZqZg6DlZOPrNF5
jcBJU6obL91Pm+KWp5sSzloxBJL1osQt0876+GeuH3D3Zd/x13i1F7SkbA2BlAAtYe/UBpRmENeT
PRhokvSZEzqh+gTx54/ejE2NWqb4NaeStSKvH9AefaNMzBSh+DlrG6+MYXxYSMsK9LuKCEdxv6k+
JG6+w25o9bw7xpdB087XET4cZAVf8pluRSOTHg/aGhcU23H0hFhkSOYwpwRDo/dV6jl8fz4HffDu
uhM9Nz/S1tUNWy0rMs5TsQAAAAAAAA==
--Apple-Mail-54-1033518620--
--===============1896573196==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1896573196==--
