InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘ecci’

Seminars and Conventions

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 16, 2009

The Center for Global Best Practices will be giving a one day seminar on “Best Practices in IT Audit” on Apr 24, 2009 at the Edsa-Shangrila Hotel, Mandaluyong City. It will be conducted by Patrick Dailey, CFE, GCFA, CISSP, EnCE, who is the founder and managing director of DigiThreat Solutions. Early bird offer is until Mar 24, 2009. Seminar cost is P7,800.00. For more info call (+63-2) 842-7148 or 59, email:jessica@cgbp.org, or check out their website.


Microsoft Philippines will be giving a two hour seminar on the “Advantages of Microsoft Certification”. The next dates are on Mar 20 and 26 to be held at the dB Wizards Office, 28/F 88 Corporate center Sedeno cor Valero Streets, Salcedo Village, Makati City. Check out the Microsoft Events Philippines site for more details.


ECCI will be giving a staggered three day seminar on “Accelerated Six Sigma Greenbelt – Striving for Quality Excellence and Transformation” on Apr 16-17 & 20, 2009. ECCI will also be giving a one day seminar on “Enterprise Risk Management (ISO 31000)” on Mar 26, 2009. For more info call (63-2) 750-5671 to 73 or email:faith@eccinternational.com.


There are a lot of presentations that are available from the APRICOT Manila Convention late last month. Most focus on IPv6, while there are others on malware, rogue dns’ and general security. Check out the presentations here.


Site News
The site may not get updated much this week since I will be conducting an Introduction to ISMS Seminar (ISO 27001:2005) and will be focusing on that.

Posted in News, Philippines, seminars | Tagged: , , , , , , , , , , | 1 Comment »

Info Sec News, Feb 5, 2009

Posted by Jaime Raphael Licauco, CISSP, GSEC on February 5, 2009

Seminars
ECCInternational will be giving a Certified BCMS (ISO 25999:2007) course from Feb 9-11. They will also be giving an ITIL Practitioner Program – Configuration Management on Feb 10-11, you can check out their Training Schedule here. ISO 9001:2008 IRCA Certified Lead Auditor Seminar will also be given either on Feb 9-13 or Feb 16-20. For details and specific dates, please contact Rose, Faith or Ness at 7505671 to 73 or email training@ccinternational.com.


Webcasts
CSO Online has published a podcast interview of Jim Routh who is the CISO of the Depository Trust and Clearing Corporation (DTCC). He is a veteran technology and security executive, having held positions at American Express and American Express Financial Advisors before joining DTCC.

(Simply Continuous) How To Keep Your Business Running in the Event of a Disaster


Whitepapers
There’s a recent (Winter 2009) presentation published by the Standford Applied Crypto group by John Mitchell on Phishing and Malicious JavaScript. Aside from Phishing, the presentation talks about how JavaScript is used to obtain information from your browser. John Mitchell teaches CS 142, Web Programming and Security, at Stanford University.

(SonicWall) Bottom-line benefits of telecommuting & secure remote access
(Quest Software) Finding Complete Identity Lifecycle Management that Fits


Insider Threat
I either gotta love this… or get paranoid about this: Within 90 minutes of getting fired, a former contract worker for Fannie Mae allegedly added a malicious script hidden within a legitimate script that ran each morning on the network, which was designed to disable monitoring alerts and all log-ins, delete the root passwords to the 4,000 Fannie Mae servers, erase all data and backup data, power off all the servers and then disable the ability to remotely switch on the machines. This was fortunately found by another employee within days of the firing.

(Computerworld) Ex-Fannie Mae engineer pleads innocent to server bomb charge
(CSO Online) Alleged Fannie Mae data bomb author working for Bank of America now?

Another recent example of an Insider Threat is of a former employee that still has access to the system, as this article reports, “Mysterious Text-Message Alert at U. of Florida Scares and Angers Students.


Psychology/Social Engineering
There’s good insight as to the psychology involved when it comes to Information Security in this article from (CSO Online) Are You Addicted to Information Insecurity?

And speaking of psychology, CSO Online’s Anatomy of a Hack is an in-depth article on how Social Engineering can be used. Also in connection to social engineering, the FBI also warns of Money Mule Scams.

A novel way of luring people to a website with malware was found in North Dakota. How? Stick a parking violation ticket on the windshield, with the supposed details of the infraction on a website.

Readers of this blog might also want to check out What the Web knows about you. Its a 6 page article on what attackers may be able to find out about you online. If you’re in the US and is considering searching your SS number, check out this article first on Search Engine Privacy Tips from the World Privacy Forum website.


Browser Security
CSO Online also did a an unscientific poll of security experts on browser security, and it turns out that IE isn’t viewed as being as insecure as it was just a few years back. In relation to browser security, Firefox just fixed a couple of vulnerabilities in their release of version 3.06 of their browser.

Also related, Browser secrets of secure connections talks about how browsers play a key part in determining the strength of cipher used between the client and the web server. The article references the Infoworld Test Center Guide to browser security.


New DNS Attack
(CSO Online) Porn Site Feud Spawns New DNS Attack – Botnet operators are adding code to launch a new type of distributed denial of service attack, security experts warn
(NetworkWorld.com) Porn Site Feud Spawns New DNS Attack – A scrap between two pornographic Web sites turned nasty when one figured out how to take down the other by exploiting a previously unknown quirk in the Internet’s DNS.
(NetworkWorld.com Slideshow) How DNS cache poisoning works – this also has tips at the end on how to defend this kind of attack.


Other Info Sec News
(CSO Online) SMB Security: Five Bright Ideas – Small businesses have to be crafty to handle security with fewer resources. Here are bright ideas for SMBs.

(Computerworld Blog) Security businesses move ahead in this economy

(Computerworld) Removing admin rights stymies 92% of Microsoft’s bugs

(Computerworld) Microsoft denies Windows 7 security feature contains bug

(Computerworld) Banks, customers feel the fallout of the Heartland breach

(Computerworld) Study: Data breaches continue to get more costly for businesses

(Computerworld) Obama health care plan said to boost security, privacy controls – Privacy advocates say $20B e-health proposal overcomes some HIPAA concerns

Posted in Change Management, conferences, Incident Management, ISMS, Presentations, Privacy, social engineering, Webinars, Whitepapers | Tagged: , , , , , , , , , , , , , , , , , | Leave a Comment »