Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Digest: 23 OCT 2014 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Digest: 23 OCT 2014

A number of items for your consideration today, readers. Thanks as always to our own Rob VandenBrink for pointing out a number of these.

In case you missed it, What's New in Window's PowerShell.

A new Snort release is available: Snort 2.97.

VMWare has released a security advisory: VMSA-2014-0011 - VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability.

There's a Whitehouse petition to unlock public access to research on software safety through DMCA and CFAA reform. Needs 98,000 signatures, currently has just over 1000. The synopsis for your consideration:

Software now runs consumer products and critical systems that we trust with our safety and security. For example, cars, medical devices, voting machines, power grids, weapons systems, and stock markets all rely on code. While responsible companies cooperate with the technical community and the public to improve the safety of code, others do not. They instead try to prevent researchers and others from sharing safety research, threatening criminal and civil actions under the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act. Chilling research puts us all at risk. Protect the public from unsafe code and help us to protect ourselves. Reform the DMCA and CFAA to unlock and encourage research about potentially dangerous safety and security weaknesses in software.

If you agree, sign the petition here.

NIST just released a draft of NIST Special Publication 800-125-A Security Recommendations for Hypervisor Deployment. You denizens of the cloud should give this one a good read through.

Russ McRee

201 Posts
ISC Handler
Oct 23rd 2014

Sign Up for Free or Log In to start participating in the conversation!