Archive for November, 2008

Since I posted something about Social Networks and the Philippines probably around a week back, you might want to check out the Pinoy Post Blog by Melvin Calimag over at ZDNetAsia who recently wrote an informative article about the same topic.

Since the author seems to be one of the few writers on IT in the Philippines, I googled him and came upon this interesting article written around the start of this year.

Other Info Sec News

Security update for xt:commerce Shop system

Obama’s cell phone records breached

Verizon staff break into Obama’s cell phone account

US Military’s ban of USB thumb drives highlights security risks

Buffer overflow in Vista’s TCP/IP stack

Microsoft to offer free security solution, discontinue OneCare. This is also related to,
Microsoft hopes free security means less malware

Key Logger Spyware ordered off the market

Brief study shows difficulty in detecting malware

Apple plugs a dozen iPhone security holes

Computer virus brings London hospital networks to a standstill

New Links:

MASE Consulting – Policies and Procedures
Software Assurance Forum for Excellence in Code

Posted in News, Philippines, Social Networking | Tagged: apple, conferences, conventions, defcon, email, hospital, iphone, key logger, malware, melvin calimag, News, obama, Philippines, secure coding, spyware | Leave a Comment »

ZoneAlarm Pro for Free

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 18, 2008

Checkpoint is giving away a free, one year subscription to ZoneAlarm Pro if you go their website during a 24 hour period from Nov 18, 2008 6AM Pacific Standard Time to Nov 19, 2008 6AM Pacific Standard Time.

Posted in Free, News | 1 Comment »

Info Sec News: Nov 18, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 18, 2008

BBC Click on Biometrics

A few weeks ago BBC News Click published How biometrics could change security. The week after, they then published, “The pitfalls of biometric systems“.

Since its somewhat related to physical security, A UK fingerprint developer can read a letter from its envelope.

More news about the keyboard electromagnetic sniffing that was making the news last month:

From The Register Swiss boffins sniff passwords from (wired) keyboards 65 feet away

From BBC Keyboard sniffers to steal data

Video on keyboard sniffing from the very people that did the experiment can be found at COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED KEYBOARDS.

The Register gives a tutorial on encrypting e-mails in, “Still sending naked email? Get your protection here“.

Pretty sad that a UK Anti-Fraud site has crashed due to DDOS attack.

A Vulnerability has also been discovered in the SSH Specification.

The New York Times reports that Privacy Laws Trip Up Google’s Expansion in Parts of Europe

The Federation of American Scientists (FAS) Secrecy blog, reports that terrorists can presumably use twitter, instant messaging, etc. The article Spy Fears: Twitter Terrorists, Cell Phone Jihadists by Noah Shachtman on Wired talks about it more.

If you’re interested on the pdf exploit (also see below in other news), Didier Steven’s Blog, talks about Shoulder Surfing a Malicious PDF Author.

Other News:

Email ruse uses Federal Reserve Bank name to drop PDF exploit

Cybercrime expected to ramp during holiday season

New attack targeting Windows Mobile phones

Apple issues 11 security updates for Safari browser

How Outsourced Call Centers Are Costing Millions In Identity Theft

Although somewhat unrelated, InfoSec Professionals might also be interested in this article on airport security, The Things He Carried

White paper on Designing and implementing malicious hardware presented at the LEET ’08

White Hat World Webinar on 10 Reasons your Existing SIEM Sucks! This will be held on Thursday, November 20, 2008 4:00 am Philippine time.

Posted in ISMS, News | Tagged: 27001:2005 A.10.8, 27001:2005 A.11.7.1, 27001:2005 A.9, airport security, Apple Safari, bpo, call center, e-mail, electromagnetic emanation, encryption, keyboard attack, pdf exploit, Physical Security, social engineering, ssh, vulnerability, Webinars, Whitepapers | Leave a Comment »

SPAM drops, DDoS Attacks, Whitepapers

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 15, 2008

There’s apparently been a huge drop in SPAM after two ISPs were cut off.
Stories from Washington Post, and BBC. Brian Krebs of the Wash Post also talks about this in his Security Fix Blog.

More ISPs are allocating resources for DDoS attacks according to Arbor Network’s 2008 Worldwide Infrastructure Security Report. A related article is on ZDNet and an article on Vunet talks about ISP’s fear on IPv6 threats.

A study by Google, presented at the RIPE Meeting in Dubai reports that France and Russia are ahead in IPv6 .

Security Focus reports that, “Anti-malware testing group releases standards“, and they can be downloaded here.

SANS will also have a Webcast on Understanding the WPA/WPA2 Break.

Since we’re on the topic of webcasts, SourceBoston’s 2008 Conference from March of this year have been up on Blip.tv for a while now. They have great presentations on Incident response, Secure Coding, etc.

And since I enjoyed Schneier’s essay on, “The Psychology of Security“, I just thought that InfoSec professionals would find it funny that the Washington Times reports that Paranoia is on the rise :).

SC Magazine Whitepaper Roundup

Top five strategies for combating modern threats – is anti-virus dead?
By: Sophos Plc.
Today’s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce. Organizations need innovative approaches to protect the web, email servers and endpoint. This paper discusses the security implications of modern…

Complying with the Payment Card Industry’s Data Security Standard
By: DeviceLock, Inc.
The Payment Card Industry Data Security Standard (PCI DSS) was drawn up in order to reduce leakage and inappropriate use of credit card information. It contains over 100 clear information security requirements for all companies who process, store or transfer data about cardholders: banks, processing…

Addressing the Operational Challenges of Administrative Passwords
By: ManageEngine
Enterprises making use of various IT systems (servers, devices, applications etc.) face numerous challenges due to the proliferation of administrative passwords (also called as privileged passwords). This white paper discusses the problems associated with administrative password proliferation with…

Tripwire PCI DSS Solutions- Automated, Continuous Compliance
By: Tripwire, Inc.
Find out step-by-step what it takes to become compliant with the Payment Card Industry (PCI) Data Security Standard (DSS), and how Tripwire can help your company achieve and maintain PCI compliance.

Malware Security: Taking the Botnet Threat Seriously
By: FireEye, Inc.
How does malware continue to infiltrate networks? Primarily because traditional defenses only address the threat in pieces and parts, which leaves gaps in the enterprise security infrastructure. Meanwhile, malware has become organized to form massive ‘botnets’ (networks of compromised…

ComputerWorld Technical Briefing: Mission-Critical Security – The Threat from Within
By: PacketMotion
We all know blind spots are bad for drivers but are you aware of how potentially disastrous they can be for IT security professionals? Take a few minutes to review this Computerworld report and you’ll get a clear picture of both the problem and the solution!.

Automating Code Reviews: How to Manage Application Risk on a Shrinking Budget
By: Veracode
In a tightening economy many organizations are faced with a “do more with less” mandate on their budgets and their security strategies. On-demand application security testing offered as an outsourced service – based on binary analysis and multiple scanning technologies…

Database Auditing Tools and Strategies
By: Sensage
Learn about a new set of software tools that provide low overhead audit collection with storage, alerting and reporting capabilities. This paper details the trade-offs and strategy of each option.

Posted in News, Whitepapers, Wireless | Tagged: 27002:2005 A.10.8.4, 27002:2005 A.12, Database, DDOS, ipv6, malware, paranoia, pci compliance, pci dss, psychology, spam, testing, Wireless | Leave a Comment »

Info Sec News: Nov 11, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 11, 2008

Maybe we should revisit our Cybercrime Bill, which hasn’t been approved and is in our congress for a second reading after a scant 8 years. Why? because Pakistan’s version of the bill, includes cyber-terrorism being punishable by death.

If you’re interested on articles on the Philippine version of the Cybercrime bill, there’s one from MB.com.ph from Nov 2007 by Melvin Calimag, “Cybercrime Law for RP long overdue.” Another article by the same author came out in April of this year on, “NBI exasperated over delay of cybercrime bill, hits CICT.”

News about the former Intel employee who works for AMD, that stole information with an estimated cost of over $1 billion in R&D development, can be found in CNET, and USA Today.

“A New York man has been charged with aiding the alleged leader of the hacking gang accused of stealing more than 40 million credit and debit card numbers from stores owned by TJX Companies and other companies.” reports this article from The Register.

On the Mobile Security front, a researcher says Google’s Android may not need antivirus software. Btw, older versions of G1’s software were vulnerable to an exploit that allows telnet root access discussed here and here.

The New York Times reports that DDOS attacks have been growing more potent, increasing from around half a megabit 7 years ago, to around 40 gigabits.

Three people pleaded guilty to hacking Citibank ATM cards who were able to steal $2 million in a span of four months. Maybe Manny Pacquiao should think about learning how to hack when he retires, especially since the Philippines has no Cybercrime bill, hehehe 🙂

Two Los Angeles traffic engineers admitted to hacking related to contract negotiations. Aren’t we just happy in Manila that our traffic light system uses 60’s technology? 🙂

The Financial Times and SC Magazine US, have reported to computers that were breached in the White House. The prime suspect are Chinese hackers.

Other News:

Security experts reveal details of WPA hack, their 12 page paper can be downloaded in pdf format here.

Vietnamese teams won the first and second prizes in a contest called “Capture The Flags”, part of the Hack in the Box Security Conference 2008 (hackinthebox.org) in Kuala Lumpur, Malaysia in late October

Australian Federal Police have launched a high-level investigation into a security breach involving confidential Australian diplomatic cables and police documents that were left in open files on a computer and read by guests at a hotel in Nepal.

Wouldn’t our government employees wish they have a DRP Site like this on in Bermuda?

A former prison inmate has been arrested and charged with hacking the facility’s computer network, stealing personal details of more than 1,100 prison employees and making them available to fellow inmates.

Posted in News, Philippines | Tagged: 27002:2005 A.11.7.1, AMD, Antivirus, ATM, Bill, Chinese, Citibank, Cybercrime, DDOS, Hackers, Inmate, Intel, los angeles, Mobile Security, NBI, Prison, traffic, White House, Wireless, wpa | 1 Comment »

« Previous Entries

InfoSec Philippines

Information Security, Technology News and Opinions

Categories

Archives

Pages

Subscribe

Twitter Updates