InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘2009’

Seminars and Conventions

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 16, 2009

The Center for Global Best Practices will be giving a one day seminar on “Best Practices in IT Audit” on Apr 24, 2009 at the Edsa-Shangrila Hotel, Mandaluyong City. It will be conducted by Patrick Dailey, CFE, GCFA, CISSP, EnCE, who is the founder and managing director of DigiThreat Solutions. Early bird offer is until Mar 24, 2009. Seminar cost is P7,800.00. For more info call (+63-2) 842-7148 or 59, email:jessica@cgbp.org, or check out their website.


Microsoft Philippines will be giving a two hour seminar on the “Advantages of Microsoft Certification”. The next dates are on Mar 20 and 26 to be held at the dB Wizards Office, 28/F 88 Corporate center Sedeno cor Valero Streets, Salcedo Village, Makati City. Check out the Microsoft Events Philippines site for more details.


ECCI will be giving a staggered three day seminar on “Accelerated Six Sigma Greenbelt – Striving for Quality Excellence and Transformation” on Apr 16-17 & 20, 2009. ECCI will also be giving a one day seminar on “Enterprise Risk Management (ISO 31000)” on Mar 26, 2009. For more info call (63-2) 750-5671 to 73 or email:faith@eccinternational.com.


There are a lot of presentations that are available from the APRICOT Manila Convention late last month. Most focus on IPv6, while there are others on malware, rogue dns’ and general security. Check out the presentations here.


Site News
The site may not get updated much this week since I will be conducting an Introduction to ISMS Seminar (ISO 27001:2005) and will be focusing on that.

Posted in News, Philippines, seminars | Tagged: , , , , , , , , , , | 1 Comment »

Mostly Browser News, Dec 16, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 16, 2008

A couple of news items regarding browser security have been cropping up these days, mostly about Internet Explorer vulnerabilities.

(Heise) Zero day exploit for Internet Explorer is spreading
(Heise) Internet Explorer 6 and 8 also affected by zero-day vulnerability
(SC Mag US) Internet Explorer zero-day infection rates grow
(SC Mag US) New zero-day Internet Explorer exploit uncovered

One of the ways this risk can be mitigated (aside from not using IE) is removing Admin rights. Beyondtrust gives a webinar on how to eliminate Admin rights using their Privilege Manger here. For typical SOHO users, just make a limited user account and as much as possible, try not to use your Admin account.

For people that aren’t paranoid enough surfing the web and having the appropriate controls while doing so, this article on Heise Security online talks about the Fiesta exploit pack (yes the name is correct) which costs $850 and contains 25 different exploits designed to infect users when they VISIT a webpage.

A different article on the same website talks about Chrome being at the bottom in terms of password management. I personally do not recommend allowing your browser to remember passwords. Google Chrome fans might want to check out the Iron Browser which is a more secure version of Chrome. Speaking of Chrome being the most insecure browser for password management… Google has released a browser security handbook which talks about the security features of browsers and issues that could lead to weaknesses. The current version of the handbook covers IE 6, IE 7, Firefox 2, Firefox 3, Safari 3.2, Opera 9.62, Google Chrome 1.0.154.36 and the Android embedded browser.


Other InfoSec News:
(Times Online UK Blog) This woman sent Nigerian scam artists $400,000 – a fool or a victim?
(Computerworld) Apple patches 21 Mac OS X Vulnerabilities
(BBC) Inmate escapes German jail in box
(Wall Street Journal March 10, 2008 article) NSA’s Domestic Spying
(SC Mag US) Forecast: Security threats for 2009
(SC Mag US) The five myths of two-factor authentication


Posted in Awareness, News, social engineering | Tagged: , , | Leave a Comment »