Facebook Security News FLASH

FACEBOOK is finally demonstrating a commitment to Security. Beginning January 27, 2011, Facebook members will reportedly be able to access Facebook entirely over HTTPS. This is huge news folks. Note you are advised to ENABLE this option ASAP! Review your Profile and check your security settings. For details review the Facebook blog,  http://blog.facebook.com/blog.php?post=486790652130

To learn more about how to keep your information secure on Facebook and across the internet, please visit the Facebook Security Page.

Aanval v6 is now available!

Aanval v6 (Grendel) was released Thursday, 12/03/10.  This new version represents more than 9 months of development and is a significant milestone in the 7 year history of the Aanval snort & syslog correlation console.

Aanval v6 is a major iteration, greatly improving information security efficiency and security event management. A  lengthy list of additional enhancements and features are further planned for v6 as Tactical FLEX continues to aggressively roll out new builds following the company's methodology strategy of "release early, release often."

The interface for Aanval v6 was completely re-written with Adobe Flex 4, scrapping the entire previous Flex 3 interface. The backend remains MySQL / PHP, however dozens of updates and optimizations were made to improve performance and stability.

Aanval v6 is a large project, comprised of several hundred thousand lines of code. A major portion of time for this release was spent working on the interface (Flex 4). If you follow Loyal on Twitter, you have witnessed his frustrations with the latest releases of Flash Builder. 

The most notable features of Aanval v6 are the new multi-tasking interface, the GeoLocation displays and the re-introduced event correlation system.

• GeoLocation with integrated Google Maps is now available in both real-time and search displays to provide a global, visual reference of event attack sources.
• The event correlation system has been re-introduced with an updated interface to group and rank events that may be related to one another.

A list of Aanval v6′s new features and enhancements:

• All new live GeoLocation (Google Maps)
• All new event displays
• All new event correlation
• All new event browser
• All new live event monitor
• All new frequent X displays
• All new report management
• All new action management
• All new signature management
• All new datastore management
• All new policy management
• All new snort management
• All new syslog filter management
• All new installation and update system
• All new multi-tasking interface
• All new inter-display interaction
• All new look and feel (GUI)
• And much… much, more

You can view a selection of screenshots on the Aanval Web site and download Aanval to give it a test drive. 

Aanval Snort & Syslog Intrusion Detection and Correlation Console

Aanval is the industry’s leading web-based gui for snort and syslog intrusion detection and correlation. Government security and defense organizations from more than a half dozen countries, educational institutions from around the world, global financial organizations as well as space exploration and military weapons manufacturers rely upon Aanval as a part of their security infrastructure.

For more information on Aanval v6, including upgrade details, new license purchasing, etc contact me and visit  www.aanval.com

Enjoy.

The 10 Most Dangerous Places For Your SSN

As we know the Internet can be a scary place filled with all kinds of dangers. Be careful out there in Cyberspace.

Article from DarkReading 

By Kelly Jackson Higgins

College students' SSNs most at risk, followed by banking/financial customers'

Oct 19, 2010 | 12:04 PM

Getting your credit card number stolen is one thing, but when your Social Security number (SSN) is lifted, identity theft really hits home. And as it turns out, some places are more risky than others for storing your SSNs.  Identity theft expert Robert Siciliano, commissioned by McAfee, analyzed reported data breaches during the past year-and-a-half to determine the most dangerous places to give out your SSN: The No. 1 location is universities and colleges, which experienced 108 data breaches involving SSNs between January 2009 and October of this month. Banking and financial institutions were close behind, with 96 such breaches.

Siciliano's pulled his data from breaches published by the Identity Theft Resource Center, Privacy Rights Clearinghouse, and the Open Security Foundation during that period.

More than 30 percent of all identity theft victims have had their SSN exposed, according to Javelin Research.
The rest of the top 10:

• Hospitals, with 71 breaches
• State governments, with 57 breaches
• Local governments, with 44 breaches
• Federal Governments, with 33 breaches
• Medical businesses (products and services for the medical field), with 27 breaches
• Nonprofits, with 23 breaches
• Technology companies, with 22 breaches
• Medical insurance and medical offices/clinics, with 21 breaches

The only requirements for showing your SSN, according to the Social Security Administration, are when you provide it to your employer when you first start a new job and to your financial institution for tax reporting, according to McAfee. The SSA recommends keeping your SSN card or any documentation with it in a safe place, and not to carry them around.A federal law requires that SSNs be used for professional licenses, driver's licenses, occupational licenses, recreational licenses, and marriage licenses, as well as by creditors and the Department of Motor Vehicles. And with any cash transaction more than $10,000, an SSN is required, as well as for military business.Siciliano cites ways to guard your SSN, including refusing to provide it, checking your credit report every few months, investing in an ID protection service, trashing mail securely, opting out of junkmail and preapproved credit card offers, and locking down your PC.

Aavnal Version 6 - Update

The highly anticipated general release of Aanval Version 6 is drawing near! The Tactical FLEX developers said today that version 6 will be completed in the next couple of weeks (by October 21st) As soon as it is ready, Aanval users and prospects will receive an e-mail announcing the general availability of Aanval Version 6. A press release will also be distributed.


In the past few months Aanval customers were encouraged to submit their suggestions and requests for version 6.  We value our customers and invite you to submit any ideas or feature requests to support.group@aanval.com. 


If you wish to receive the press release announcing Aanval Version 6, send an e-mail to kbitz@aanval.com with "Press Release Distribution Request" in the Subject line.  


Aanval is the industry's leading web-based gui for snort and syslog intrusion detection and correlation. Over 5,500 organizations in 95 countries rely upon Aanval as a part of their security infrastructure. For more information about Aanval go to www.aanval.com. 

Can Cybersecurity be a Catalyst for Economic Growth?

Eric Chabrow, Executive Editor, GovInfoSecurity.com in his article on October 6, 2010 argues that indeed it CAN. He points to the "Lessons from Sputnik: Producing Benefits Beyond Safeguarding IT."

Below is the introduction to his article which you will find at http://www.govinfosecurity.com/articles.php?art_id=2982&rf=2010-10-07-eg

Fear is a great motivator. Fear helped the United States overtake the Soviet Union in the space race after the launch of Sputnik in the late 1950s. Americans feared our Cold War adversaries would conquer space, so the United States invested heavily, not only in technology, but in educating our young citizens in math and science to challenge the Soviets.

"We were really pretty far behind and we were kind of surprised that the Soviet Union was so far ahead in science and technology," Patrick Gorman, former associate director of the Office of the Director of National Intelligence, said in an interview with GovInfoSecurity.com (transcript below).

The return on that investment, just over a decade later, resulted in the United States landing men on the moon. And, the investments produced additional benefits such as the creation of the IT industry and other technological advancements unrelated to space.

Check out this article and the interview, then go share it with some bright youngsters who will be inspired to become our next generation of Information Security Officers.