InfoSec Philippines

Information Security, Technology News and Opinions

Archive for the ‘conferences’ Category

ROOTCON 6 is gearing up

Posted by Jaime Raphael Licauco, CISSP, GSEC on May 24, 2012

ROOTCON, one of the country’s biggest security gatherings is gearing up and its call for papers will be closing in less than a week. Check out the tracks here.

The upcoming 6th iteration will be held at the Cebu Parklane International Hotel on September 7 and 8, 2012. Early registration ends on June 30, 2012.

In my opinion, ROOTCON is one of the best conferences in the country where you can learn more about network security. So what are you waiting for? Sign-up to learn and meet your fellow network security aficionados. 🙂

For more details you can call their local hotline at +63917.766.2849 or check out their page here.

Advertisements

Posted in conferences, Philippines, seminars | Tagged: , | Leave a Comment »

ROOTCON 5

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 6, 2011

ROOTCON LOGO

ROOTCON 5 Will be happening on September 9-10, 2011 at the Cebu Parklane International Hotel in Cebu City. The event will run for two days, and there will be a job fair, a hacking contest and other fun stuff to do.

Check out the ROOTCON 5 page here, and the Top 10 Reasons to Attend ROOTCON 5.

The Call For Papers has also officially opened and you can check out the CFP Guidelines Here.

Aside from the presentations, I’m sure there will be a lot of great networking going on (pun intended) since ROOTCON has already garnered a following and Cebu has a lot of software developers… and we all know one needs to know how to code to graduate from script-kiddie hood 🙂

Posted in conferences, seminars | Tagged: , , , | 3 Comments »

Info Sec News, Feb 5, 2009

Posted by Jaime Raphael Licauco, CISSP, GSEC on February 5, 2009

Seminars
ECCInternational will be giving a Certified BCMS (ISO 25999:2007) course from Feb 9-11. They will also be giving an ITIL Practitioner Program – Configuration Management on Feb 10-11, you can check out their Training Schedule here. ISO 9001:2008 IRCA Certified Lead Auditor Seminar will also be given either on Feb 9-13 or Feb 16-20. For details and specific dates, please contact Rose, Faith or Ness at 7505671 to 73 or email training@ccinternational.com.


Webcasts
CSO Online has published a podcast interview of Jim Routh who is the CISO of the Depository Trust and Clearing Corporation (DTCC). He is a veteran technology and security executive, having held positions at American Express and American Express Financial Advisors before joining DTCC.

(Simply Continuous) How To Keep Your Business Running in the Event of a Disaster


Whitepapers
There’s a recent (Winter 2009) presentation published by the Standford Applied Crypto group by John Mitchell on Phishing and Malicious JavaScript. Aside from Phishing, the presentation talks about how JavaScript is used to obtain information from your browser. John Mitchell teaches CS 142, Web Programming and Security, at Stanford University.

(SonicWall) Bottom-line benefits of telecommuting & secure remote access
(Quest Software) Finding Complete Identity Lifecycle Management that Fits


Insider Threat
I either gotta love this… or get paranoid about this: Within 90 minutes of getting fired, a former contract worker for Fannie Mae allegedly added a malicious script hidden within a legitimate script that ran each morning on the network, which was designed to disable monitoring alerts and all log-ins, delete the root passwords to the 4,000 Fannie Mae servers, erase all data and backup data, power off all the servers and then disable the ability to remotely switch on the machines. This was fortunately found by another employee within days of the firing.

(Computerworld) Ex-Fannie Mae engineer pleads innocent to server bomb charge
(CSO Online) Alleged Fannie Mae data bomb author working for Bank of America now?

Another recent example of an Insider Threat is of a former employee that still has access to the system, as this article reports, “Mysterious Text-Message Alert at U. of Florida Scares and Angers Students.


Psychology/Social Engineering
There’s good insight as to the psychology involved when it comes to Information Security in this article from (CSO Online) Are You Addicted to Information Insecurity?

And speaking of psychology, CSO Online’s Anatomy of a Hack is an in-depth article on how Social Engineering can be used. Also in connection to social engineering, the FBI also warns of Money Mule Scams.

A novel way of luring people to a website with malware was found in North Dakota. How? Stick a parking violation ticket on the windshield, with the supposed details of the infraction on a website.

Readers of this blog might also want to check out What the Web knows about you. Its a 6 page article on what attackers may be able to find out about you online. If you’re in the US and is considering searching your SS number, check out this article first on Search Engine Privacy Tips from the World Privacy Forum website.


Browser Security
CSO Online also did a an unscientific poll of security experts on browser security, and it turns out that IE isn’t viewed as being as insecure as it was just a few years back. In relation to browser security, Firefox just fixed a couple of vulnerabilities in their release of version 3.06 of their browser.

Also related, Browser secrets of secure connections talks about how browsers play a key part in determining the strength of cipher used between the client and the web server. The article references the Infoworld Test Center Guide to browser security.


New DNS Attack
(CSO Online) Porn Site Feud Spawns New DNS Attack – Botnet operators are adding code to launch a new type of distributed denial of service attack, security experts warn
(NetworkWorld.com) Porn Site Feud Spawns New DNS Attack – A scrap between two pornographic Web sites turned nasty when one figured out how to take down the other by exploiting a previously unknown quirk in the Internet’s DNS.
(NetworkWorld.com Slideshow) How DNS cache poisoning works – this also has tips at the end on how to defend this kind of attack.


Other Info Sec News
(CSO Online) SMB Security: Five Bright Ideas – Small businesses have to be crafty to handle security with fewer resources. Here are bright ideas for SMBs.

(Computerworld Blog) Security businesses move ahead in this economy

(Computerworld) Removing admin rights stymies 92% of Microsoft’s bugs

(Computerworld) Microsoft denies Windows 7 security feature contains bug

(Computerworld) Banks, customers feel the fallout of the Heartland breach

(Computerworld) Study: Data breaches continue to get more costly for businesses

(Computerworld) Obama health care plan said to boost security, privacy controls – Privacy advocates say $20B e-health proposal overcomes some HIPAA concerns

Posted in Change Management, conferences, Incident Management, ISMS, Presentations, Privacy, social engineering, Webinars, Whitepapers | Tagged: , , , , , , , , , , , , , , , , , | Leave a Comment »

Info Sec News, Feb 4, 2009

Posted by Jaime Raphael Licauco, CISSP, GSEC on February 4, 2009

There seems to be confusion on a new draft bill by the NTC which is aimed at online content providers and VAS providers for mobile phones. Some have argued that the seemingly catch all bill may include people who blog and upload pics on Social Networking sites, although the spirit of the bill seems to be more for online applications.

(Business Mirror.com) NTC issues draft circular on content development…
(Blog) MikeAbundo.com
(Blog) Pinoy Pro Blogger


Don’t we all just wish that what happened in the US National Science Foundation can actually be audited and checked in the Philippines? The questions would be, are logs even activated? And secondly, does someone with the skill and competence actually take the time to consistently check those logs?

Speaking of Log Management, Prism Microsystems has a video series on 100 uses of Log Management which so far, is on #9 Email Trends.

#8 Windows disk space monitoring
#7 Windows lockout
#6 Password reset
#5 Outbound Firewall traffic
#4 Solaris BSM SU access failure
#3 Antivirus update
#2 Active Directory login failures
#1 Firewall blocks


9th e-Services Global Sourcing Exhibition will be held at the SMX Convention Center from from Feb 9-10, 2009
APNIC 27 will be held in Manila from Feb 23-27, 2009


Other News:
(CNN.com) Teens Face Porn Charges for “Sexting”

Posted in conferences, Philippines, Privacy, Social Networking | Tagged: , , , , , , , , , , | Leave a Comment »

Hack in The Box Conference 2008 Materials

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 1, 2008


Amitpal Dhillon – Addressing Identity Management.pdf
3.7M


Dino Dai Zovi – Mac OS Xploitation.pdf
623K


Ero Carrera – Analysis and Visualization of Common Packers.pdf
3.7M

Hernan Ochoa – Pass-The-Hash Toolkit for Windows.pdf 535K


Jim Geovedi – Hacking a Bird in the Sky 2.0.pdf
3.1M


Julian Ho – Moocherhunter.pdf
124K


Peter Silberman – Full Process Reconstitution from Memory.pdf
144K


Alexander Tereshkin – Bluepilling the Xen Hypervisor.pdf
8.3M


Alexander Tereshkin – Bluepilling the Xen Hypervisor Demo (Large File)
142M


Eric Lawrence – IE 8 – Engineering a Trustworthy Browser.pdf
13M


Jonathan Squire – A Fox in the Hen House.pdf
3.5M


Paul Craig – Hacking Internet Kiosks.pdf
1.2M


Roberto Preatoni – Time for a Free Hardware Foundation.pdf
11M


Saumil Shah – Browser Exploits – A New Model for Browser Security.pdf
2.1M


The Grugq – How the Leopard Hides His Spots.pdf
01-Nov-2008 12:39 128K


Mel Mudin and Lee – Advanced Network Forensics Lab Demo (Large File)
29M


Charlie Miller – iPwning the iPhone.pdf
9.8M


Charl van Der Walt – Pushing the Camel Through the Eye of a Needle.pdf
23M


Ilfak Guilfanov – Decompilers and Beyond.pdf
418K


Kris Kaspersky – Remote Code Execution Through Intel CPU Bugs.pdf
1.3M


Petko D Petkov – Client Side Security.pdf
1.0M


AR Samhuri – Next Generation Reverse Shell.pdf
7.7M


Adrian Pastor – Cracking into Embedded Devices and Beyond.pdf
889K


Mary Yeoh – Security Penetration Testing at RTL Level.pdf
4.4M


Matthew Geiger – How to Build Your Own Password Cracker and Disassembler.pdf
471K


Shreeraj Shah – Top 10 Web 2.0 Attacks.pdf
1.1M


Advanced Wireless Lab (Very Large File)
1.2G


Ching Tim Meng – Detecting and Removing Malware without Antivirus Software.pdf
321K


KEYNOTE 1 – Jeremiah Grossman – The Art of Click-Jacking.pdf
2.5M


KEYNOTE 2 – Marcus Ranum – Cyberwar is Bullshit.pdf
54K


KEYNOTE 3 + 4 – The Pirate Bay Dissolving a Billion Dollar Industry as a Hobby.zip
38M

Posted in conferences, News, Whitepapers | Tagged: , , , , , , , , , , , , , | Leave a Comment »

Black Hat Japan 2008 Presentations

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 25, 2008

Keynote – Black Ops of DNS 2008 : Its The End Of The Cache As We Know It by Dan Kaminsky

API sysenter hooking by Kenji Aiko

Understanding Targeted Attacks with Office Documents by Bruce Dang

Get Rich or Die Trying – “Making Money on The Web, The Black Hat Way” by Arian Evans

Cyberspace and the Changing Nature of Warfare by Kenneth Geers
Presentation Slides, Whitepaper

Attacking with Character Encoding for Profit and Fun by Yosuke Hasegawa

“FFR EXCALOC” Exploitability by Toshiaki Ishiyama

Threat Gallery of Japanese Landscape by Hiroshi Kawaguchi

The Internet is Broken: Beyond Document.Cookie – Extreme Client Side Exploitation by Nathan McFeters

Owning the Fanboys: Hacking Mac OSX by Charlie Miller

Satan is on My Friends List: SNS Survey by Shawn Moyer & Nathan Hamiel

Exploiting Symbian OS in mobile devices by Collin Mulliner

A Hypervisor IPS based on Hardware Assisted Virtualization Technology by Junichi Murakami
Presentation Slides (EN), Whitepaper

Disclosing Secret Algorithms from Hardware by Karsten Nohl

ePassports Reloaded by Jeroen van Beek

Posted in conferences | Tagged: , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »