Link: http://titssn.net

Good day to you,

It’s coming to that time of the year again and another anniversary is upon us. TITSSN will celebrate our 5th year and the start of our fiscal year for 2010 on July 1st 2009. We were planning to have an awesome celebration as usual and will be working on some goodies throughout the month. We have been having some challenges with sponsors and getting the support needed to achieve these goals.

However, with our will and the desire to move forward against all obstacles, we will be having an awesome month of celebration and thanks for us reaching this far.

We invite everyone who has ever heard of and about us or have supported our initiatives to join us in celebration wherever you are for the month of July and we look forward to an awesome year in 2010.

Happy Anniversary TITSSN and best wishes for many more to come.

~Brett A. Scudder~
President/CEO/Chairman

Link: http://titssn.net

Good day to you,

NYITSA-UG’s June group meeting is Cancelled

We will not be having a group meeting this month. Please make note of these changes and update your calendars.

We will get together again for the training and development workshop on June 16th.

Thank you and have a great day,

~Brett A. Scudder~

Link: http://titssn.org/signup.php

Good day to you,

It is always a challenge to drive the attention, traffic and visibility of technology and IT Security education, awareness and guidance to the masses as it isn’t one of those things they pay attention to until something happens or there is a need. As a Technology/IT Security leader for today and tomorrow, we, TITSSN, are always pushing for proactive approaches to getting the information, resources and value to the people so that we can stop, block and prevent successful attacks before they happen.

It is for this reason that we’re adding more value and incentives to our network to drive active membership on the site by giving a $50 USD gift certificate to every 100th new member. This will be monitored to ensure that the 100th member is actually a real person who does something on the site other than just signing up. We have put security measures in place to try and block all levels of spamming (posts, commenting, signup) in order to maintain the realness of our network and resources especially for these incentives. There will be other giveaways and incentives as we try to bring the value of the education and awareness to the global user base of people.

There is more to come as we look into the deliverables of our network and resources. A new partnership is in the works with a very popular publishing provider to offer printed materials in networking technologies (IP com, network security, storage), and Cisco® certification. These materials will be added into the Virtual gifts and other offers on the site to enhance the training and education of our members.

Our network was built to provide value and in so doing, we are adding value across the board for all.

There are some limitations in geographic locations for the recipients and we are working on these issues to ensure that everyone can and will benefit from what is being offered.

We thank you for your support as we build on this network and its resources.

http://titssn.org

Thank you and have a great day,

~Brett A. Scudder~

Link: http://titssn.org/signup.php

Good day to you,

In an effort to enhance the features and values of our network, we have added the Virtual Gifts, Prizes and Solutions as additional resources for our members. As the name says, virtual gifts are categorized in various groups and since we’re extra special and love to provide valuable resources for our members, we enhanced the virtual gifts of our network to include physical products you can use in your PCs.

Yes, that’s right, real gifts from our virtual network such as:

Security products and solutions (anti-virus, anti-malware, firewalls and more)
Applications (business, productivity, system management, utilities)
Mobile Device Apps (business, productivity, system management, utilities)
Microsoft Operating Systems (Vista, Windows 7, XP)
Free Health Assessments/Consultations
Mobile Devices
Hardware products
And more as we continue to build on these offerings.

Some gifts will be location specific so please be sure to look carefully when choosing your gifts. Some gifts are free and for fun and entertainment.

This is just the beginning as we continue to find ways to getting the value and benefits of being an active member of this network while gaining from the knowledge and resources of our training, education and development.

http://titssn.org/signup.php

Thank you and have a great day,

~Brett A. Scudder~

Link: http://titssn.org/browse_blogs.php

Good day to you,

Effective today, June 1st 2009, we will begin using our social network’s blogs board for the organizations main blogging. We will still maintain the http://titssn.net/blogs site for critical and important organization news, happenings and security alerts. Due to the integration of additional features and resources within the social network, using them will be very beneficial for us as we will now be able to better manage the integration of these features in one central location. You can view the blogs on the social network here http://titssn.org/browse_blogs.php.

We will be moving the main organization forum posts from our old board at http://theitsecuritysuite.net/forum/phpBB2 to the social network starting today. The main organization posts will now be copied into the social network until we phase out the old site.

All referencing links from our main websites, blogs and other areas will now point to the social network. This is in an effort to work within the social network and its resources as our new home.

We will also be removing some of the sub groups on LinkedIn and referencing them from our main group located here http://www.linkedin.com/groups?gid=44598. This will help to share the info of our network resources while still maintaining a strong presence on LinkedIn. A list of the affected groups will be posted shortly. The groups’ functionality within the social network will give us the same feature and resources and more for us to collaborate more effectively.

We are very happy and excited about our new home and social network and this month will be the major kickoff for populating it with some great content, resources and info.

Join us so the values and benefits can be had.

Thank you and have a great day,

~Brett A. Scudder~
President/CEO/Chairman

Link: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133687

Obama’s cybersecurity plan gets cautious praise
The challenge will be to get various interests working together

Jaikumar Vijayan | http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133687

May 29, 2009 (Computerworld) President Obama’s plan for securing cyberspace and his creation of a new White House cybersecurity coordinator are being greeted with cautious optimism within the security industry.

Many see the strategy as a sign of the administration’s willingness to recognize cyber threats as a national security issue. But until details are fleshed out, it’s hard to know just how far it will go in bolstering the nation’s ability to deal with cyber attacks, they said.

At a White House briefing, Obama described a five-pronged cybersecurity strategy for defending government, military and private sector networks against threats from what he said is a growing number of bad actors. He noted that the new cybersecurity coordinator will be responsible for pulling together a national strategy for securing American interests in cyberspace and stressed that the government would safeguard privacy concerns. (The new office will include a privacy officer.)

Obama’s proposals had been widely expected and are based on the recommendations from a government-wide review of cybersecurity undertaken at his behest by Melissa Hathaway, a former Bush administration aide who he appointed as acting senior director for cyberspace earlier this year.

“I was encouraged see that the [Hathaway] report got presidential support today — that’s critical to the success of any program,” said Patricia Titus, the one-time chief information security officer at the Transportation Security Administration (TSA) who now holds a similar job at Unisys Corp.

The challenge for the Obama Administration is to actually implement the proposals in a meaningful way, Titus said. A lot will depend on the relationships the new cybersecurity coordinator can build and the kind of influence he or she can exert across government and the private sector, she said.

While centralizing authority for cybersecurity matters in the White House can have benefits, care needs to be taken to maintain a balance of power, she said. “We need to make sure that no one is pushing the red panic button without making sure there are other individuals in the decision-making process and at the appropriate levels to get input from,” she said.

Obama did a “great job” of summarizing the cybersecurity threats the nation faces and the approach that’s needed to resolve them, said Scott Charbo, former deputy undersecretary of the National Protection and Programs Directorate at the Department of Homeland Security (DHS).

Especially encouraging is the president’s focus on setting specific milestones and on ensuring accountability within government, said Charbo, who is currently director of cybersecurity at Accenture. Obama’s apparent plan to give the new cybersecurity coordinator a greater say in ensuring that federal agencies are investing adequate resources on cybersecurity is also a very positive step, he said. But successfully moving forward on a White House-led cybersecurity effort will require a “cultural transformation” by government agencies.

“I think everyone is anxious to understand who the cybersecurity coordinator will be,” Charbo said. “It needs to be someone who can listen to new ideas. It needs to be someone who is focused on outcomes and on metrics.”

Ensuring that all of the right players are at the table when developing a national cybersecurity strategy will be key, added Billy O’Brien, former White House director of cybersecurity and communications systems policy. O’Brien is now an analyst at Deloitte.

To date, government officials, defense organizations and the DHS have all been working on disparate missions when it comes to cybersecurity. Getting everyone working together can be a challenge, he said.

The mission of the intelligence community, for instance, is to intercept an attack using the cyber infrastructure; the DHS is supposed to protect critical infrastructure; the Department of Defense has defense-and-attack authority; and the White House has coordination authority. The question that will need to be asked is whether “all of the right players are at the table or if there is a need to add more,” O’Brien said.

Also key: figuring out how to ensure that the private sector is “holding up [its] end of the deal” when it comes to the critical infrastructure in private hands, he said.

Enrique Salem, the CEO of Symantec Corp. , said in a statement that the decision to re-establish a strong White House role for cybersecurity is “gratifying.” The last executive to have a cybersecurity role in the executive offices of the president was Richard Clarke, who was special advisor on cybersecurity to President George W. Bush when he retired in 2003.

In the six years since, cyber security oversight and involvement has moved from the White House to other government agencies, even as cyber attacks have grown to the point where they are now a “full-blown threat to national security and commerce,” Salem said.

“The coordination must come from the White House level to address the situation and to provide focus on the global nature of this problem,” he said.

Link: http://secunia.com/advisories/35274/

TITLE:
Xvid Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA35274

VERIFY ADVISORY:
http://secunia.com/advisories/35274/

DESCRIPTION:
Some vulnerabilities have been reported in Xvid, which can be exploited by malicious people to potentially compromise an application using the library.

The vulnerabilities are caused due to boundary errors within the “decoder_iframe()", “decoder_pframe()", and “decoder_bframe()”
functions in src/decoder.c. These can be exploited to potentially corrupt memory via specially crafted video files.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 1.2.2.

SOLUTION:
Update to version 1.2.2.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits John McDonald and Christopher Valasek of IBM X-Force.

ORIGINAL ADVISORY:
Xvid:
http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7
http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81

———————————————————————-

About:
This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use those supplied by the vendor.