2008 Elluminati Community Conference

2008 Elluminati Community Conference
October 27, 2008, 8:30AM – 6:30PM Eastern US Rosen Plaza Hotel, Orlando, Florida
Don’t miss this opportunity to network with your fellow Elluminati, share best practices, attend informative sessions, and get new ideas for leveraging Elluminate technology more effectively in your organization.

This of course translated to Oct 27 11:30PM to Oct 28 8:30AM here in Melbourne. Yes, another all nighter. We were not the only attendees hitting the caffeine as Stephen Rowe, one of the presenters, was from Queensland, there was another attendee from Western Australia, and another Melbourne participant for the earlier sessions.

*Yawn!* I guess I’m suffering from virtual jet lag as I try to get back into standard work hours; the poor old body clock is a tad confused.

Surprisingly this was a fully online conference as when I was originally registering there was a concurrent face-to-face conference to be held at Rosen Plaza Hotel, Orlando, Florida.

2008 Elluminati Community Conference
ECC 2008 Agenda

I’ll get some of my notes published here asap … meanwhile have a look at Niall Sclater’s post (27/10/2008) Synchronous online means teaching not lecturing;

Online synchronous teaching is not about lecturing at people – it’s about involving your class continuously in a whole host of different ways.

This weeks links (2008-10-27)

Interesting to see how popular the BBC7 titles are doing on the BBC iPlayer rankings;

… We’ve had quite a good week on the BBC iPlayer, with six BBC Radio 7 titles in the top eight “most popular” radio programmes.
These were: Doctor Who (peaking at no.1 on Tuesday) The News Quiz (no.4, Monday and Friday), The Navy Lark (no. 4, Wednesday), Sherlock Holmes (three separate titles: no.7 on Tuesday, no5 on Thursday & Friday), Revolting People (no.7 on Thursday and Flight of the Conchords (No.6 on Friday).
I do find it amusing to see our archive programmes jostling for places in the chart alongside The Archers, The Chris Moyles Show, and Russell Brand! As a small digital only network, we certainly seem to be holding our own.
– BBC Radio 7 Newsletter – Friday 24th October

MELBOURNE: Wednesday 29 October, Casey Plaza, RMIT (Bowen Street enter from LaTrobe Street in Melbourne CBD). Screening starts at 7pm sharp.

Come and hear the tales – tall and true – of Australian adventurers Chris Bray and Clark Carter who have just become the first people to successfully traverse the world’s ninth largest island.
After spending a combined 128 days traversing the largely unexplored island – Victoria Island, in the Canadian Arctic – our young adventures are back to tell their story.
– Paddy Pallin Newsletter

Australian Lecture Tour Details
In May, Chris Bray (then 24) and Clark Carter (then 23), both from Sydney, began hauling, paddling and dragging 500kgs of equipment and supplies behind them in unique carts they designed and built themselves. Their mission: to cross 700kms of snow, frozen lakes, mud plains, boulder fields, tundra, endless jagged ice, shattered rock and even rapids.
– http://www.1000hourday.com/

the great firewall of Australia

Mandatory Content Filtering in Australia

Labor makes no apologies to those that argue that any regulation of the internet is like going down the Chinese road
– Telecommunications Minister Stephen Conroy

… welcome the great firewall of Australia

“The news for Australian Internet users just keeps getting worse,” said EFA spokesperson Colin Jacobs. “We have legitimate concerns with the creeping scope of this unprecedented interference in our communications infrastructure. It’s starting to look like nothing less than a comprehensive program of real-time Internet censorship.” — EFA [1]

A two-tiered filtering system.

TIER 1: (compulsory) would block all “illegal material”. Senator Conroy has previously said Australians would be able to opt out of any filters to obtain “uncensored access to the internet”.

TIER 2: (optional) would filter out content deemed inappropriate for children, such as pornography.

And just who defines “illegal material”?

Internet providers and the government’s own tests have found that presently available filters are not capable of adequately distinguishing between legal and illegal content and can degrade internet speeds by up to 86 per cent. — The Age[2]

Stop the farce, write now:

To Senator Conroy c/- his electoral office;
snail: Suite 1B, 494 High Street, Epping Vic 3076
email: senator.conroy AT aph.gov.au

[1] EFA alarmed at “creeping” clean feed (2008-Oct-16) [EFA]
[2] Filtering out the fury: how government tried to gag web censor critics (2008-Oct-24) [The Age]
[3] Stop Australian Internet Censorship petition [TIG Petitions]
[4] Leave The Net Alone – Abolish Internet Censorship In Australia!

MS08-067 out-of-band MS Security update (netapi32.dll)

MS has an out-of-band release to protect against a vulnerability in netapi32.dll. This vulnerability could be exploited for an RPC/DCOM worm similar in nature to Blaster. With the release of the patch you can expect the Black Hat community to have some nasty fiends available for us during the next week.

Bulletin	KB number	Description	Severity	Impact	Software
MS08-067	958644	Vulnerability in Server Service Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows

What does it affect?
This vulnerability is potentially wormable on Windows XP and older systems;

This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and newer versions are rated as “Important”. Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test and deploy the update as soon as possible. [1]

Mitigation?
Unfortunately, either one of the following two conditions exposes the RPC endpoint:
1) Firewall is disabled
2) Firewall is enabled but file/printer sharing is also enabled.

Microsoft Malware Protection Center have released updated signatures that can enable Microsoft Forefront and Microsoft OneCare to protect against current attempts to exploit the vulnerability (Exploit:Win32/MS08067.gen!A). [1]

If you are behind a perimeter firewall that filters inbound connections to TCP ports 139 and 445, you will not be reachable from the Internet. This is a common home user scenario. In this scenario, only the machines in your local LAN will have the ability to exploit this vulnerability. [2]

Patch now, avoid another Blaster.

Links:
[1] MS08-067 Released (2008-Oct-23) [MS-MSRC]
[2] More detail about MS08-067, the out-of-band netapi32.dll security update (2008-Oct-23) [MS-]
[3] Microsoft Security Bulletin MS08-067 – Critical (2008-Oct-23) [MS]
[4] * Microsoft out-of-band patch – Severity Critical (2008-Oct-23) [SANS]

Burma-shave

*chuckle*

xkcd ~ Twitter regressions

Burma-Shave was an American brand of brushless shaving cream, famous for its advertising gimmick of posting humorous rhyming poems on small, consecutive highway billboard signs. – wikipedia

Burma-shave jingles and Burma-shave signs

If you remember…
the little signs…
on the road…
then you are…
pretty old…
Burma Shave

Trying to find some of the OTR episodes with Burma-shave as the sponsor …

This weeks links (2008-10-20)

‘It’s About So Much More Than
Brass Goggles’

MTV does Steampunk
The subculture’s influence has seeped into films, music, fashion and more.
‘It’s Airships, Pirates And Goggles’ | Steampunk Infiltrates The Mainstream [MTV]

Dr. Steel (!)
www.doctorsteel.com

Abney Park
www.abneypark.com

National 4X4 Show : Melbourne 23-26th October 2008

The National 4X4 Show, Fishing Show & Outdoors Expo is HUGE and will once again be held at the Melbourne Exhibition Centre for 4 BIG DAYS from 12 MIDDAY THIS THURSDAY right through the weekend.
– http://www.4x4show.com.au/

Experiencing India – A photographic Exhibition

Via the World Expeditions Only Footprints enewsletter; a visually stunning exhibition of India as taken through the lens of Alison Shirley and Michelle Dunn.

India & all its wonders from behind the lens

World Expeditions would like to invite our Melbourne adventurers to a new exhibition by photographers Alison Shirley and Michelle Dunn which showcases their 3 month journey through enchanting India. The exhibition captures everyday life in India and highlights the incredible diversity found in the people and landscapes of this exciting country.

Alison’s photos of India are a reflection of her interest in photographing “found” subjects, where she has little control over the situation in which she shoots. This requires her to call on her own way of seeing life, along with photographic technique to make a captivating image of that moment.

After spending two and a half years travelling and photographing around the world, Michelle Dunn returned to Australia and moved to Melbourne to further her photographic skills through study. Her enjoyment of ‘shooting the moment’ is evident in the exhibition which features photos from her three months in India.

Alison and Michelle have both held their own solo travel exhibitions of outback Australia & Costa Rica. ‘Experiencing India’ is their first exhibition together.

EXPERIENCING INDIA – PHOTOGRAPHIC EXHIBITION
With Alison Shirley and Michelle Dunn
Opening Night October 15th 6:30pm to 9pm & then on exhibition until November 15th
Travellers Bookstore Gallery
Level 1 294 Smith Street Collingwood

Patch Tuesday Wednesday (OCT-2008)

11 Patches! So much for easing back into things after being on leave.
This month we have 4xCritical 6xImportant 1xModerate for our patching pleasure, all of which are detected via Microsoft Baseline Security Analyzer (MS BSA 2.1). A restart will be required.

Bulletin	KB number	Description	Severity	Impact	Software
MS08-056	957699	Vulnerability in Microsoft Office Could Allow Information Disclosure	Information Disclosure	Moderate	Microsoft Office.
MS08-057	956416	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Office
MS08-058	956390	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS08-059	956695	Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Host Integration Server
MS08-060	957280	Vulnerability in Active Directory Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS08-061	954211	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows
MS08-062	953155	Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Windows
MS08-063	957095	Vulnerability in SMB Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Windows
MS08-064	956841	Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege	Remote Code Execution	Important	Microsoft Windows
MS08-065	951071	Vulnerability in Message Queuing Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Windows
MS08-066	956803	Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows
kill bit	956391	Cumulative Security Update of ActiveX Kill Bits	.	.	.

For this month:

This month Microsoft released 11 bulletins which repair a total of 20 vulnerabilities. None of these vulnerabilities have been seen in in-the-wild attacks.
… Out of the 11 patches this month, only three of the vulnerabilities were related to file-format or client-side issues, three were elevation of privileges, and a surprising five were remote code execution of network protocols. Because of this, desktop and server administrators alike will likely spend a lot of time analyzing and patching their responsible network segments. … — eEye [5]

PATCH NOW:

LINKS:
[1.] October 2008 Monthly Bulletin Release (2008-Oct-14) [MS]
[2.] October Black Tuesday Overview (2008-Oct-14) [SANS]
[3.] Microsoft Security Bulletin Summary for October 2008 (2008-Oct-14) [MS]
[4.] Microsoft security updates for October 2008 (2008-Oct-14) [MS]
[5.] Microsoft Patch Disclosure – October 2008 (2008-Oct-14) [eEye]

Cyber Security Awareness Month

Cyber Security Awareness Month – Daily Topics [1]
October is Cyber Security Awareness Month and this year the SANS Internet Storm Center is going to offer daily tips on each of the six steps of incident handling areas according to the following schedule:
Preparation: October 1-4
Identification: October 5-11
Containment: October 12-18
Eradication: October 19-25
Recovery: October 26-31
Lessons Learned: November 1-3

DAY 01 – Preparation: Policies, Management Support, and User Awareness
DAY 02 – Preparation: Building a Response Team
DAY 03 – Preparation: Building Checklists
DAY 04 – Preparation: What Goes Into a Response Kit
DAY 05 – Identification: Events versus Incidents
DAY 06 – Identification: Network-based Intrusion Detection Systems
DAY 07 – Identification: Host-based Intrusion Detection Systems
DAY 08 – Identification: Global Incident Awareness
DAY 09 – Identification: Log and Audit Analysis
DAY 10 – Identification: Using Your Help Desk to Identify Security Incidents
DAY 11 – Identification: Other Methods of Identifying an Incident
DAY 12 – Containment: Gathering Evidence That Can be Used in Court
DAY 13 – Containment: Containing on Production Systems Such as a Web Server
Day 14 – Containment: a Personal IdentityTheft Incident
Day 15 – Containing the Damage From a Lost or Stolen Laptop
Day 16 – Containing a Malware Outbreak
Day 17 – Containing a DNS Hijacking
Day 18 – Containing Other Incidents
Day 19 – Eradication: Forensic Analysis Tools – What Happened?
Day 20 – Eradicating a Rootkit
Day 21 – Removing Bots, Keyloggers, and Spyware
Day 22 – Wiping Disks and Media
Day 23 – Turning off Unused Services
Day 24 – Cleaning Email Servers and Clients
Day 25 – Finding and Removing Hidden Files and Directories
Day 26 – Restoring Systems from Backup
Day 27 – Validation via Vulnerability Scanning
Day 28 – Avoiding Finger Pointing and the Blame Game
Day 29 – Should I Switch Software Vendors?
Day 30 – Applying Patches and Updates
Day 31 – Legal Awareness

The lesson learned
Day 1 (Nov) – What Should I Make Public?
Day 2 (Nov) – Working with Management to Improve Processes
Day 3 (Nov) – Feeding The Lessons Learned Back to the Preparation Phase

[1] Cyber Security Awareness Month – Daily Topics (2008-Sep-30) [SANS]