The Glider

Recently attacks by the not so sophisticated persistent threat focused on e-mail security. In many cases, e-mail credentials were either brute forced, or retrieved from compromised databases (in some of these cases, password re-use was a contributing factor).
During Wednesday's threat update webcast, I would like to do a segment focusing on e-mail security, and was wondering what our readers do to secure e-mail. Some of the challenges I see:
- the use of cloud based e-mail services like gmail.

- mobile access to e-mail

- access to e-mail from multiple devices

- e-mail encryption and authentication (PGP/S-Mime)

- e-mail forwarding security (if someone has e-mail forwarded to a personal e-mail address)
Please let me know if you have any novel ideas to address these problems that I should cover, or if you would like me to cover any additional questions.
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A few months ago, the good folks at No Starch Press sent me a review copy of Chris Sanders' book Practical Packet Analysis, Using Wireshark to Solve Real-world Problems, 2nd Edition. While this isn't something we normally do here, since it has been a rather slow day at the Internet Storm Center, I thought this would be a great opportunity to share a short review of the book. As many of our regular readers are probably aware, I tend to use command-line tools such as tcpdump, snort, tshark, scapy, or even Perl to perform packet analysis. I prefer the command-line tools because when possible I like to script my analysis and GUI tools don't lend themselves to that.
This book (actually, starting with the 1st edition) was one that had been on my list of books I wanted to read for quite some time, but I had never gotten around to buying it, so I jumped at this opportunity when it presented itself. I really wanted to love the book, but wasn't quite able to get there. if aimed at experienced networking folks, why bother with explaining the OSI model again). Even so, I did like the book. Starting with chapter 8 is where I think the book really becomes worthwhile. I especially like the idea of using real-world scenarios (even if sometimes a bit contrived) to teach the features of a tool. This is often one of the best ways to teach new techniques or concepts. I learned some new tricks for both wireshark and tshark which itself would have made it worth the price to me. I'm not going to give it stars or anything, but I do recommend this book to folks that aren't wireshark experts (and even those who have plenty of wireshark experience may pick up a new trick or two).
---------------

Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ActiveState ships Komodo 7, the latest version of its integrated development environment (IDE) for Python, PHP, Ruby, JavaScript and Perl development. - ActiveState, a provider of software development environments for dynamic language programmers, has announced version 7 of its Komodo integrated development environment (IDE), for Python, PHP, Ruby, JavaScript, Perl, web and cloud development. ActiveState, which prides itself on its ability to deliv...

As federal officials and the White House increasingly call on Congress to pass the comprehensive cyber-security bill to protect critical infrastructure, the House moves forward with its version. - Federal law enforcement officials expect cyber-espionage, hacktivists and cyber-attacks to soon surpass traditional terrorism as the No. 1 threat facing the United States, according to Congressional testimony. quot;Stopping terrorists is the No. 1 priority, quot; Robert Mueller, director of th...

Google is building out its high-speed broadband network in Kansas, the company confirmed. Google is also trying to test a new WiFi router. - Google (NASDAQ:GOOG) is ready to build out its high-speed fiber network in Kansas, paving the way for the company to build thousands of miles of cables and other infrastructure across Kansas City, Kansas, and Kansas City, Missouri. The company selected Kansas City out of more than 1,100 compani...

Microsoft's senior director of Windows Phone development Brandon Watson has left to work on Amazon's Kindle platform. How that affects Windows Phone remains to be seen. - Brandon Watson, senior director of Windows Phone development at Microsoft, has left to take a new job as director of Amazons Kindle Cross Platform team. “The rumors are true,” Watson wrote in a Twitter posting Feb. 3. “The team is in great hands. Ill miss working on #wpdev. I will the communit...

AT&T was ranked No. 1 in a survey on who provides the best mobile application development and testing services. Verizon and IBM ranked second and third, respectively. - AT amp;T took the top spot in a recent survey asking which vendors deliver the best mobile application development and testing services, according to IDC. In the survey involving 350 U.S. respondents, International Data Corp. asked enterprise users about their perceptions of vendors who offer s...