InfoSec Philippines

Information Security, Technology News and Opinions

Archive for the ‘Webinars’ Category

Upcoming Webinars

Posted by Jaime Raphael Licauco, CISSP, GSEC on July 23, 2009

IT Governance Free Webinars

itgovernance.co.uk will be giving the following free 1 hour webinars:

July 23 Thu 11 PM Phil Time Mastering ISO27001
July 30 Thu 11 PM Phil Time Data Protection Act Webinar
Aug 06 Thu 11 PM Phil Time IT Governance Webinar
Aug 13 Thu 11 PM Phil Time Leadership in a Difficult Climate
Aug 20 Thu 11 PM Phil Time Best Practice Business Continuity Management
Aug 27 Thu 11 PM Phil Time Green IT in Practice


BSI America will be giving the following free 1 hour webinars:

July 24   Fri   1AM Phil Time      What Does it Cost to Implement a Management System?
Aug 6     Thu 1AM Phil Time      BSI Launches New Version of Entropy™ Software*
Aug 7     Fri   1AM Phil Time      Implementing International Supply Chain Security Throughout Operations
Aug 13   Thu 1AM Phil Time      7 Steps to Improving your Business Case for Management System Software
Aug 21   Fri   1AM Phil Time      CMDCAS for Medical Device Manufacturers
*Entropy is BSI’s Management Systems Software


Gartner Free Webinars

July 29 Wed 9AM US EDT    Use IT to Drive Savings in Your Business
July 29 Wed 10AM US EDT  Spend Less Get More Secure
July 29 Wed 12PM US EDT   Use IT to Drive Savings in Your Business
July 29 Wed 1PM US EDT    Spend Less Get More Secure
Aug 12 Wed 3PM Sydney Time How to Modernize IT While on a Budget

Note: Some of the above links were first posted in the InfoSec Philippines Facebook Page by its members or the author.


Site News

Updated the Whitepapers and References Links Page to include Securosis.

Advertisements

Posted in Webinars | Tagged: , | 1 Comment »

Black Hat Presentations, Flash App Tools, Free AV and News

Posted by Jaime Raphael Licauco, CISSP, GSEC on May 5, 2009

The next BlackHat.com webcast will be about Mobility and Security on May 21 1pm PDT (Friday, May 22, 2009 at 4 AM in Manila, according to The World Clock).

Black Hat Webcast 9 (34MB audio, around 79 mins running time; WebSync version is here) is a preview of the Black Hat Conference in Amsterdam that was held from April 16-17, 2009 (see link to presentations below).
The following people and their presentation topic were in this webcast:

Enno Ray – Attacking Backbone Technologies
Charlie Miller and Vincenzo Iozzo – Fun and Games with Mac OS X and iPhone Payloads
Stefano Zanero – Web App Firewall Based on Anomaly Detection
Roberto Gassira’ and Roberto Piccirillo – Hijacking Mobile Data Connections

Past Black Hat Conferences:
Video of Charlie Miller and Vincenzo Iozzo’s presentation on Mac and iPhone payloads (152 MB)
Black Hat Europe 2009 (Amsterdam) Media Archives
Black Hat USA 2008 Archives


Flash App Vulnerability Tools

Exposing Flash Application Vulnerabilities with SWFScan
Flare
SWFIntruder


Free Anti-Virus

F-Secure Online Scanner Beta Program


InfoSec News

(Inquirer.net) Has your e-mail address won in a lottery?
(Computerworld PH) Report: Web continues to rise as security threat

(Inquirer.net) RP gov’t websites vulnerable to hacking
(Inquirer.net) Cyber spies hack into DFA computers
(Inquirer.net) RP needs cybersecurity program–CICT
(Inquirer.net) PNP experts tell how to catch a hacker

(Inquirer.net) Purge 2-M ‘flying’ voters, Comelec told
(Manila Times) Lawmaker to hack Comelec electronic counting machines
(Inquirer.net) Hack poll machines and win P100M
(Inquirer.net) P100M hack reward ‘dishonors’ poll automation
(Inquirer.net) Hacking poll results to take lots of time
(Inquirer.net) Comelec to tap DOST on poll machine testing
(Inquirer.net) Comelec mulls inclusion of more provinces in poll automation

(Inquirer.net) Comelec eyes YouTube stardom to lure voters

(PhilStar) Is quitting Twitter more popular than re-tweeting?
(IT Matters.com) Twitter — a rising marketing channel?

(PhilStar) Globe backs ICT Awards

(Inquirer.net) RP seeks removal from USTR watch list
(Inquirer.net) Twitter, Facebook abuzz over Pacquiao win

(Computerworld) Facebook’s privacy options
(Computerworld) How Facebook mucks up office life
(Wired) PIN Crackers Nab Holy Grail of Bank Card Security

(SecurityFocus) Researcher argues for CERTs with teeth
(Inquirer.net) Cyberspies hack into US fighter project
(H Security) Linux cache poisoning attacks easier than on Windows?
(Computerworld) 20 kick-ass network research projects

(Computerworld) Leaked copies of Windows 7 RC contain Trojan
(Computerworld) Botnet probe turns up 70GB of personal, financial data
(Computerworld) Heartland earns back spot on PCI-approved list

(The Register) Security researchers fret over Adobe PDF flaw
(H Security) Demo exploits for new vulnerabilities in Adobe Reader
(SecurityFocus) Companies slowest to fix Office, Acrobat flaws
(SecurityFocus) JavaScript flaw reported in Adobe Reader

(The Register) US Congress wants hack teams for self-penetration
(Boston.com) US looks to hackers to protect cyber networks
(NY Times) ‘Hackers wanted’ ad fed security misconception

(The Register) Botnet hijacking reveals 70GB of stolen data
(The Register) Twitter breach gives behind-the-scenes Obama peek

(The Register) Firefox finds more pesky bugs
(H Security) Firefox 3.0.10 fixes critical vulnerability

(The Register) Hacker behind P2P botnet gets no jail time
(The Register) US military’s cyberwar rules ‘ill-formed,’ says panel
(NY Times) Panel Advises Clarifying U.S. Plans on Cyberwar
(The Register) Adobe users imperiled by critical Reader flaw

(H Security) Lost+found: Worms, Exploits, Online Scanners
(NY Times) H.P. Labs Pulls Out the Measuring Stick

Posted in News, Social Networking, tools, vulnerability assessment, Webinars | Tagged: , , , , , , , , , , , , | Leave a Comment »

InfoSec News, March 11, 2009

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 11, 2009

Browser Security
(SC Magazine US) Firefox 3.07 update addresses multiple security issues
(H-online) Firefox: most vulnerabilities, but quickly patched
(Security Focus) Mozilla, Opera plug security holes


Malware
(SC Magazine US) Conficker worm variant kills security processes
(H-online) Conficker modified for more mayhem


Cyberwarfare
(ZDNet.com) Russia kinda-sorta owns up to Estonia cyberwar
(The Register) Russian politician: ‘My assistant started Estonian cyberwar’


Patches
(The Register) Critical kernel fix stars in Patch Tuesday updates
(Computerworld) Microsoft patches ‘evil’ Windows kernel bug
(Computerworld) Microsoft patches Windows DNS, kernel flaws
(The Register) The long road to Adobe Reader and Flash security Nirvana
(Computerworld) Adobe patches zero-day PDF bug, mum on details
(Computerworld) Bad Symantec update leads to trouble
(H-online) Norton causes alarm and despondency


Social Networking
(H-online) Twitter closes SMS spoofing hole – Updated
(H-online) Spam from compromised Twitter accounts


Other InfoSec News
(SC Magazine US) Gartner: Data breaches hit 7.5 percent of all U.S. adults
(H-online) Version 3 of Microsoft’s Threat Modeling Tool released
(Computerworld) Gmail down; outage could last 36 hours for some
(H-online) Windows Defender: False alarm triggered by hosts file
(The Register) Court rules airline secret security list is stupid
(Techworld) Security needs to be ‘baked in’ say experts
(GCN) Securing cyberspace requires a new attitude
(Stuff.co.nz) Student wiped data worth thousands
(The Register) Feds file new felonies against alleged Palin hacker


Tips
(Computerworld) Biometrics: three tips for success


Webcasts
(LogLogic) Unleashing your log power to do more with less
Date: Wednesday, March 18, 2009
Time: 2:00 p.m. EST/11:00 a.m. PST


Whitepapers
(HID) Username and Password: A Dying Security Model
(Computerworld) Social Elements of Security Policy and Messaging


Posted in Change Management, News, Security Policy, Social Networking, Webinars | Tagged: , , , , , , , , , , , , , , | Leave a Comment »

Info Sec News, Feb 5, 2009

Posted by Jaime Raphael Licauco, CISSP, GSEC on February 5, 2009

Seminars
ECCInternational will be giving a Certified BCMS (ISO 25999:2007) course from Feb 9-11. They will also be giving an ITIL Practitioner Program – Configuration Management on Feb 10-11, you can check out their Training Schedule here. ISO 9001:2008 IRCA Certified Lead Auditor Seminar will also be given either on Feb 9-13 or Feb 16-20. For details and specific dates, please contact Rose, Faith or Ness at 7505671 to 73 or email training@ccinternational.com.


Webcasts
CSO Online has published a podcast interview of Jim Routh who is the CISO of the Depository Trust and Clearing Corporation (DTCC). He is a veteran technology and security executive, having held positions at American Express and American Express Financial Advisors before joining DTCC.

(Simply Continuous) How To Keep Your Business Running in the Event of a Disaster


Whitepapers
There’s a recent (Winter 2009) presentation published by the Standford Applied Crypto group by John Mitchell on Phishing and Malicious JavaScript. Aside from Phishing, the presentation talks about how JavaScript is used to obtain information from your browser. John Mitchell teaches CS 142, Web Programming and Security, at Stanford University.

(SonicWall) Bottom-line benefits of telecommuting & secure remote access
(Quest Software) Finding Complete Identity Lifecycle Management that Fits


Insider Threat
I either gotta love this… or get paranoid about this: Within 90 minutes of getting fired, a former contract worker for Fannie Mae allegedly added a malicious script hidden within a legitimate script that ran each morning on the network, which was designed to disable monitoring alerts and all log-ins, delete the root passwords to the 4,000 Fannie Mae servers, erase all data and backup data, power off all the servers and then disable the ability to remotely switch on the machines. This was fortunately found by another employee within days of the firing.

(Computerworld) Ex-Fannie Mae engineer pleads innocent to server bomb charge
(CSO Online) Alleged Fannie Mae data bomb author working for Bank of America now?

Another recent example of an Insider Threat is of a former employee that still has access to the system, as this article reports, “Mysterious Text-Message Alert at U. of Florida Scares and Angers Students.


Psychology/Social Engineering
There’s good insight as to the psychology involved when it comes to Information Security in this article from (CSO Online) Are You Addicted to Information Insecurity?

And speaking of psychology, CSO Online’s Anatomy of a Hack is an in-depth article on how Social Engineering can be used. Also in connection to social engineering, the FBI also warns of Money Mule Scams.

A novel way of luring people to a website with malware was found in North Dakota. How? Stick a parking violation ticket on the windshield, with the supposed details of the infraction on a website.

Readers of this blog might also want to check out What the Web knows about you. Its a 6 page article on what attackers may be able to find out about you online. If you’re in the US and is considering searching your SS number, check out this article first on Search Engine Privacy Tips from the World Privacy Forum website.


Browser Security
CSO Online also did a an unscientific poll of security experts on browser security, and it turns out that IE isn’t viewed as being as insecure as it was just a few years back. In relation to browser security, Firefox just fixed a couple of vulnerabilities in their release of version 3.06 of their browser.

Also related, Browser secrets of secure connections talks about how browsers play a key part in determining the strength of cipher used between the client and the web server. The article references the Infoworld Test Center Guide to browser security.


New DNS Attack
(CSO Online) Porn Site Feud Spawns New DNS Attack – Botnet operators are adding code to launch a new type of distributed denial of service attack, security experts warn
(NetworkWorld.com) Porn Site Feud Spawns New DNS Attack – A scrap between two pornographic Web sites turned nasty when one figured out how to take down the other by exploiting a previously unknown quirk in the Internet’s DNS.
(NetworkWorld.com Slideshow) How DNS cache poisoning works – this also has tips at the end on how to defend this kind of attack.


Other Info Sec News
(CSO Online) SMB Security: Five Bright Ideas – Small businesses have to be crafty to handle security with fewer resources. Here are bright ideas for SMBs.

(Computerworld Blog) Security businesses move ahead in this economy

(Computerworld) Removing admin rights stymies 92% of Microsoft’s bugs

(Computerworld) Microsoft denies Windows 7 security feature contains bug

(Computerworld) Banks, customers feel the fallout of the Heartland breach

(Computerworld) Study: Data breaches continue to get more costly for businesses

(Computerworld) Obama health care plan said to boost security, privacy controls – Privacy advocates say $20B e-health proposal overcomes some HIPAA concerns

Posted in Change Management, conferences, Incident Management, ISMS, Presentations, Privacy, social engineering, Webinars, Whitepapers | Tagged: , , , , , , , , , , , , , , , , , | Leave a Comment »

Upcoming Free Webinars

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 5, 2008

Infosecurity magazine will have an upcoming webinar on “Advancements in eCrime and their implications on web security” on Tuesday, November 11, 2008 at 11pm Philippine Standard Time. Duration of the Webinar will be an hour.

Description:
Modern Crimeware is a term coined to describe recent web-related attacks. In the ‘old’ days of virus and malware, the primary motive was fame. Modern crimeware is fuelled by financial motives and has evolved into an intricate economy of supply and demand, distributors, affiliations, and pricing models.

For more details, click here.


Wednesday, November 05 at 2:00 PM EST (1900 UTC/GMT) Note: This would be November 06 at 3:00 AM Philippine Time.

SANS is happy to bring you the latest in our complimentary series of Webcasts. Join us as SANS presents:

Reduce IT Costs by Unleashing Log Power

Featuring: Chima Njaka

Sponsored by:

For more details, click here.


WhiteHatWorld.com will have Webinars on

(Wednesday November 5, 2008 2:00PM Eastern)
Thursday November 6, 2008, 3:00 AM Philippine Time
Data Leakage Though Leadership Roundtable Webcast
Moderated by Rich Mogull
Panelists from Courion, Proofpoint, Secure Computing and Vericept

(Thursday November 6, 2008 2:00PM Eastern)
Friday November 7, 2008 3:00AM Philippine Time
Forensics are Not Enough! Case Studies in Proactive Network Defense using Security Information and Event Management (SIEM) Technology
Presented by TriGeo

Posted in Webinars | Tagged: , , , , , , , , | Leave a Comment »