The Canadian Virtualization & Security Community

For those of you following my semi annual updates on what is happening in the Windows world to do with Malware and Sypware etc… the latest incarnation of the SIR has been released today: http://www.microsoft.com/security/about/sir.aspx

Thanks to the Microsoft Trustworthy Computing team in Redmond!

The report has some interesting findings from the first half of 2009..

Rate of infection by OS:

In this case you can see the difference between the Microsoft OS’s and the number of computers cleaned by the Malicious Software Removal Toolkit.

The types of Malware removed by the Microsoft Anti Virus / Anti Malware engines:

Interestingly enough, it seems that the Phishing activities have increased:

Although there are some interesting changes in the institutions / sites being targeted. I am not surprised to see the jump in social networking sites. I am sure you have all seen the many reports suggesting this recently…

It seems that the number of vulns across the industry in trending down…

However, we still very much need to keep an eye on the 3rd party applications on our systems…

The above is a small sampling of the data, I will suggest you go and read the full report, but I will leave you with one final thought…

For those of you wondering what is causing the Security breach incidents.. it is still lost and stolen devices well ahead of hackers.

don’t forget to destroy your old data be it in electronic form or printed…

In case you haven't bought your ticket yet, you can still go to www.sector.ca and register for the event. Recently the team announced the full speaker line-up and posted the schedule:

www.sector.ca/schedule.htm

The line-up this year includes a great contribution from right here in Canada (see below) with big names such as Major Malfunction, RSnake and Hoff.

See you all there!

James Arlen
Joe McCray
Chris Boyd
Shawn Moyer
Roy Firestein
Andrew Nash
Kevvie Fowler
Nick Owen
Jay Graver
Nicholas Percoco
Nathan Hamiel
Christopher E. Pogue
Robert "RSnake" Hansen
Tyler Reguly
Seth Hardy
Andrés Riancho
Christofer Hoff
Norm Ritchie
Jibran Ilyas
Jon Rose
Jennifer Jabbusch
Michael Smith (rybolov)
Tracy Ann Kosa
Ben Sapiro
Adam Laurie(Major Malfunction)
Tiffany Strauchs Rad
Ryan Linn
Nart Villeneuve
Rafal Los
Paul Wouters
Jerry Mangiarelli
Mike Zusman

For those of you who have been awaiting this moment, we have announced the RTM for SCVMM 2008 R2…

System Center Virtual Machine Manager (VMM) 2008 R2 has Released to Manufacturing – EVALS AVAILABLE

“Take full advantage of platform enhancements in Windows Server 2008 R2 including Live Migration, Clustered Shared Volumes (CSV), hot add/remove of storage, network optimization and remote desktop services (RDS). VMM 2008 R2 also adds functionality to migrate storage for running VMs, SAN-based migration across clusters, template based rapid provisioning, maintenance mode to automate the evacuation of VMs off host and Live Migration host compatibility checks. Please experience for yourself what 10,000+ IT Professionals have previously downloaded through the early ‘Release Candidate’. A 180-day evaluation version is now available on the Microsoft Download site. “

The long and short of this is that you can now get your hands on the eval so go download and have fun!

Bruce

As many of you may know, I am currently filling the role of Virtualization Lead at Microsoft Canada, expanding on my work in the Virtualization Security space..

I keep hearing the same questions from you around how Canadian companies are actually leveraging Virtualization technology (Microsoft and others) and what successes are they actually achieving. One of the big challenges is that there is still a great deal of confusion about just what Virtualization is…

To this end, we are partnering with the independent Analysts; Forrester to bring you a webcast to cut through some of the jargon.

Please feel free to join us. I will also update this post when the link for the recording is posted…

Here is the registration link for this webcast: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032423573&Culture=en-CA

Date: September 30

TIME: 12PM-1PM EST.

See you then.

Bruce

With a little over a month to go until my favourite Canadian Security conference, the guys at SecTor have announced their speaker line-up. Oh and by the way, the price for attendance goes up soon!

It looks like this year is going to ROCK as per usual!

2nd Round Speakers Announced
(and six days left to save $250 on conference registration)

Register at www.SecTor.ca

SecTor - Security Education Conference Toronto 2009
October 5 - 7, 2009, Metro Toronto Convention Centre

Keynotes:

•"Opening Keynote" - Michael Barrett , Paypal CSO

•"The Frogs Who Desired A King: A Virtualization and Cloud Computing Security Fable Set To Interpretive Dance" - Christofer Hoff

•"Upcoming Keynotes" - Check the website for coming keynotes - GO

Sessions:

•"Towards a more secure online banking... " - Nick Owen

•"Massively Scaled Security Solutions for Massively Scaled IT" - Michael Smith

•"Smashing the stats for fun and profit" - Ben Sapiro

•"Malware Freakshow" - Nicholas Percoco and Jibran Ilyas

•"Nsploit: Popping boxes with Nmap" - Ryan Linn

•"Weaponizing the Web: More attacks on User-Generated Content" - Shawn Moyer and Nathan Hamiel

•"Game Over, Man: Gamers Under Fire" - Chris Boyd

•"When Web 2.0 Attacks - Understanding AJAX, Flash and "Highly Interactive" Technologies" - Rafal Los

•"Security and Application Development in SharePoint " - Reza Alirezaei

•"Your Mind: Legal Status, Rights and Securing Yourself" - James Arlen, Tiffany Strauchs Rad

•"Crimeware: Web Exploitation Kits Revealed" - Roy Firestein

•"To cache a thief | Using database caches to detect SQL Injection attacks" - Kevvie Fowler

•"SSLFail.com Panel Discussion" - Jay Graver, Tyler Reguly, Mike Zusman

•"Retaliation: Breaking Attack Vectors in the Infrastructure" - Jennifer Jabbusch

•"Hacking Big Companies Without Getting Caught" - Joe McCray

•"w3af - A framework to own the web" - Andrés Riancho

•"Deblaze - A remote method enumeration tool for flex servers" - Jon Rose

•"Your government is running DNSSEC - why aren't you?" - Paul Wouters, Norm Ritchie

•A few remaining sessions are still being finalized. Please check the website often, as new sessions are finalized and posted. - GO

Register Right Now - GO
Website: www.SecTor.ca

One of the pieces of feedback I have been given for a while is that despite the changes we have made to the update process and guidance, there is still confusion over things like – what do the updates do, do I really need to apply them to my systems and how critical actually are they?

Now, we always recommend applying all updates to the appropriate systems, but sometime people have to prioritise, especially if they require reboots. To this end, a group of folks here in Canada released our first attempt at simplifying the bulletins: Click here to listen.

As it happens, the guys from Corp also had the same idea, though they used video and it probably wasn’t conceived in a pub over beer and designed on napkins :).

More importantly, we are keen to get your feedback as to whether either approach is helpful or if you have any suggestions for improvements.

As always, the MSRC blog: blogs.technet.com/msrc is the home of the bulletins.

Thanks in advance and enjoy!

Bruce

Bruce Cowper

Chief Security Advisor

Microsoft Canada Co.

As the Chief Security Advisor for Microsoft Canada, Bruce is responsible for the overall security strategy, working closely with the Public Sector, large enterprises, Industry Associations and the Community across Canada. He comes from a security background in secure system design, forensics and security risk management and as the Chief Security Advisor leverages his real life hands-on experience to relate to the challenges faced today. Bruce is a prolific speaker and can frequently be found in the media and at conferences across Canada and beyond.

Bruce is a founding member of the Toronto Area Security Klatch (TASK) and an active member of numerous organisations across Canada. Before moving to Toronto and joining Microsoft, Bruce held positions on the board of directors of several IT companies, championing the development of technical excellence and the customer experience.

Bruce holds a degree in Computer Systems Engineering as well as industry standard qualifications.

Amazingly enough, that time of the year has arrived again and SecTor (www.sector.ca) is almost upon us.

The team (www.sector.ca/about.htm) have announced the speaker lineup:

New Keynote and Sessions Announced - click here for all the keynotes and sessions

Keynote: "Baggage: What I took with me when I "left" Computer Security" - Stephen Toulouse

Keynote: "No-Tech Hacking" - Johnny Long

"Metasploit Prime" - H D Moore

“Network Security Trends for 2009 (aka ‘not the NAC’)” – Jennifer Jabbusch

"Advanced Spear Phishing Attack Framework" - Joshua Perrymon

"Owning the Users with The Middler" - Jay Beale

"RFID Unplugged" - Eric Johanson

"Double Trouble: SQL Rootkits and Encryption" - Kevvie Fowler

... view all the sessions here

Look who we're flying up to deliver exceptional training (before the conference):

No-Tech Hacking with Johnny Long – GO

Bluetooth and Wireless Hacking with Dino Covotsos – GO

Cutting Edge Hacking Techniques with SANS Institute's John Strand – GO

Powersploiting: Leveraging the Metasploit Framework with H D Moore – GO

I for one can't decide which session to go to but I would certainly recommend having a look and I will hopefully see you there!

 It has been a long time on this blog, but I thought I would share with you that I am now the Canadian Security Lead, well my official title is 'Senior Program Manager; Security Initiative' :)

 This means that I am back and will be blogging on here and the other blogs:

The Canadian IT Pro Blog

http://blogs.technet.com/canitpro

The Canadian IT Managers Blog

http://blogs.technet.com/cdnitmanagers

Security For Canadian Developers Blog

http://blogs.msdn.com/s4cd

I look forward to seeing you online.

 Bruce

For all of you wondering if I had disappeared from the planet, you may be pleased to know that I am simply moving blogs.

Based on your feedback the Canadian IT Pro team is amalgamating our efforts and our blogs in to two new spaces:

The Canadian IT Pro Blog

http://blogs.technet.com/canitpro

The Canadian IT Managers Blog

http://blogs.technet.com/cdnitmanagers

You told us that you want to connect with the team, but that we could make your lives easier by consolidating the blogs and providing separate technical and manager / architect information. You informed us you wanted more guest bloggers from the community and industry. You shouted from the roof tops you wanted more.... so I ask you to add the new blogs to your favorites and RSS readers and I look forward to meeting you all there.

It seems like a world ago, but as a follow up from the Vista Beta 1 Install Fest last year, we (and that is everyone that came along) have received a letter from Foodpath in Mississaga, thanking us for the donation.

“On behalf of the board of Directors and clients of Foodpath, we would like to thank you for your generous donation. Your support makes a great difference in the lives of so many people in the Peel Region.”

If you would like to find out who they are and what they do, their website can be found here: http://www.foodpath.org and I would encourage you to help them and your local charitable organisations.

Thank-you once again from the whole TechNet team and Microsoft.

Enjoy!

If you haven't already heard about it in the TechNet flash, from the blogs and Microsoft TechNet site, we are less than a month from the start of the Build'06 tour

Build'06 is aimed at everyone that designs, deploys, secures and maintains networks, from large to small.

Many of us spent far too much of our time dealing with our existing systems (up to 70% according to many studies).

The TechNet Build06 tour kicks off on Feb 28^th in Victoria and goes across the country bringing you the knowledge to implement your own Secure Well Managed Infrastructure. The sessions will look at the processes of Management including base-lining, change control and security with tools such as Windows Server TM 2003 R2 operating system, Virtual Server 2005 R2, Internet Explorer 7, Microsoft Operations Manager 2005, Systems Management Server 2003, Exchange Server 2003, Antigen® and many others.

See you all there and don't forget to watch the team blogs as well as this one for more information...

Enjoy!

Last week I had the pleasure of delivering a session to the TASK which concentrated on Windows Server 2003 R2 Security and Management. For those of you that attended, I hope you found the session useful and it was great to get so many questions and your feedback!

I have posted the deck and you can download it from:

http://download.microsoft.com/download/a/6/c/a6c4a976-da3e-4950-8c46-c3964cbbec1f/Windows Server 2003 R2.ppt

If you did not attend and especially if you are not aware of the Toronto Area Security Klatch, you are missing out! Check out the site: www.task.to and up-coming events. We meet in down-town Toronto on the last Wednesday of every month.

As a reminder to all, March marks our 1 year anniversary, so come along and join us!

Enjoy!

If I was to tell you that there is a series of practical, consultant lead workshops covering a range of popular topics, designed to help you deal with real world challenges, produced and delivered by people who live and breath this stuff day in and day out... I would hope you answer would be - okay, so when and where?

As a reminder, the TASK meeting is tonight. I am presenting a session on Windows Server 2003 R2 around security, interoperability and other additions in the latest incarnation of the server operating system.

For attendees (on a 1st come 1st serve basis, until I run out) I will be giving out vouchers for a full copy of Virtual Server 2005 R2.

The event information can be found here: http://www.task.to/events/upcoming.php
 

TASK Meeting Location

Last Wednesday of Every Month
6:00 pm to 9:00 pm

Bahen Centre
40 St. George Street, Room 1180

I look forward to seeing you all there!