Info Sec News, Feb 4, 2009

There seems to be confusion on a new draft bill by the NTC which is aimed at online content providers and VAS providers for mobile phones. Some have argued that the seemingly catch all bill may include people who blog and upload pics on Social Networking sites, although the spirit of the bill seems to be more for online applications.

(Business Mirror.com) NTC issues draft circular on content development…
(Blog) MikeAbundo.com
(Blog) Pinoy Pro Blogger

---

Don’t we all just wish that what happened in the US National Science Foundation can actually be audited and checked in the Philippines? The questions would be, are logs even activated? And secondly, does someone with the skill and competence actually take the time to consistently check those logs?

Speaking of Log Management, Prism Microsystems has a video series on 100 uses of Log Management which so far, is on #9 Email Trends.

#8 Windows disk space monitoring
#7 Windows lockout
#6 Password reset
#5 Outbound Firewall traffic
#4 Solaris BSM SU access failure
#3 Antivirus update
#2 Active Directory login failures
#1 Firewall blocks

---

9th e-Services Global Sourcing Exhibition will be held at the SMX Convention Center from from Feb 9-10, 2009
APNIC 27 will be held in Manila from Feb 23-27, 2009

---

Other News:
(CNN.com) Teens Face Porn Charges for “Sexting”

Advertisement

Info Sec News: Nov 18, 2008

BBC Click on Biometrics

A few weeks ago BBC News Click published How biometrics could change security. The week after, they then published, “The pitfalls of biometric systems“.

Since its somewhat related to physical security, A UK fingerprint developer can read a letter from its envelope.

More news about the keyboard electromagnetic sniffing that was making the news last month:

From The Register Swiss boffins sniff passwords from (wired) keyboards 65 feet away

From BBC Keyboard sniffers to steal data

Video on keyboard sniffing from the very people that did the experiment can be found at COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED KEYBOARDS.

---

The Register gives a tutorial on encrypting e-mails in, “Still sending naked email? Get your protection here“.

---

Pretty sad that a UK Anti-Fraud site has crashed due to DDOS attack.

The popular and free AVG Anti-virus has once again identified a trojan that isn’t one.

A Vulnerability has also been discovered in the SSH Specification.

The New York Times reports that Privacy Laws Trip Up Google’s Expansion in Parts of Europe

The Federation of American Scientists (FAS) Secrecy blog, reports that terrorists can presumably use twitter, instant messaging, etc. The article Spy Fears: Twitter Terrorists, Cell Phone Jihadists by Noah Shachtman on Wired talks about it more.

If you’re interested on the pdf exploit (also see below in other news), Didier Steven’s Blog, talks about Shoulder Surfing a Malicious PDF Author.

Other News:

Email ruse uses Federal Reserve Bank name to drop PDF exploit

Cybercrime expected to ramp during holiday season

New attack targeting Windows Mobile phones

Apple issues 11 security updates for Safari browser

How Outsourced Call Centers Are Costing Millions In Identity Theft

Although somewhat unrelated, InfoSec Professionals might also be interested in this article on airport security, The Things He Carried

---

White paper on Designing and implementing malicious hardware presented at the LEET ’08

White Hat World Webinar on 10 Reasons your Existing SIEM Sucks! This will be held on Thursday, November 20, 2008 4:00 am Philippine time.