Black Hat Presentations, Flash App Tools, Free AV and News

The next BlackHat.com webcast will be about Mobility and Security on May 21 1pm PDT (Friday, May 22, 2009 at 4 AM in Manila, according to The World Clock).

Black Hat Webcast 9 (34MB audio, around 79 mins running time; WebSync version is here) is a preview of the Black Hat Conference in Amsterdam that was held from April 16-17, 2009 (see link to presentations below).
The following people and their presentation topic were in this webcast:

Enno Ray – Attacking Backbone Technologies
Charlie Miller and Vincenzo Iozzo – Fun and Games with Mac OS X and iPhone Payloads
Stefano Zanero – Web App Firewall Based on Anomaly Detection
Roberto Gassira’ and Roberto Piccirillo – Hijacking Mobile Data Connections

Past Black Hat Conferences:
Video of Charlie Miller and Vincenzo Iozzo’s presentation on Mac and iPhone payloads (152 MB)
Black Hat Europe 2009 (Amsterdam) Media Archives
Black Hat USA 2008 Archives

---

Flash App Vulnerability Tools

Exposing Flash Application Vulnerabilities with SWFScan
Flare
SWFIntruder

---

Free Anti-Virus

F-Secure Online Scanner Beta Program

---

InfoSec News

(Inquirer.net) Has your e-mail address won in a lottery?
(Computerworld PH) Report: Web continues to rise as security threat

(Inquirer.net) RP gov’t websites vulnerable to hacking
(Inquirer.net) Cyber spies hack into DFA computers
(Inquirer.net) RP needs cybersecurity program–CICT
(Inquirer.net) PNP experts tell how to catch a hacker

(Inquirer.net) Purge 2-M ‘flying’ voters, Comelec told
(Manila Times) Lawmaker to hack Comelec electronic counting machines
(Inquirer.net) Hack poll machines and win P100M
(Inquirer.net) P100M hack reward ‘dishonors’ poll automation
(Inquirer.net) Hacking poll results to take lots of time
(Inquirer.net) Comelec to tap DOST on poll machine testing
(Inquirer.net) Comelec mulls inclusion of more provinces in poll automation

(Inquirer.net) Comelec eyes YouTube stardom to lure voters

(PhilStar) Is quitting Twitter more popular than re-tweeting?
(IT Matters.com) Twitter — a rising marketing channel?

(PhilStar) Globe backs ICT Awards

(Inquirer.net) RP seeks removal from USTR watch list
(Inquirer.net) Twitter, Facebook abuzz over Pacquiao win

(Computerworld) Facebook’s privacy options
(Computerworld) How Facebook mucks up office life
(Wired) PIN Crackers Nab Holy Grail of Bank Card Security

(SecurityFocus) Researcher argues for CERTs with teeth
(Inquirer.net) Cyberspies hack into US fighter project
(H Security) Linux cache poisoning attacks easier than on Windows?
(Computerworld) 20 kick-ass network research projects

(Computerworld) Leaked copies of Windows 7 RC contain Trojan
(Computerworld) Botnet probe turns up 70GB of personal, financial data
(Computerworld) Heartland earns back spot on PCI-approved list

(The Register) Security researchers fret over Adobe PDF flaw
(H Security) Demo exploits for new vulnerabilities in Adobe Reader
(SecurityFocus) Companies slowest to fix Office, Acrobat flaws
(SecurityFocus) JavaScript flaw reported in Adobe Reader

(The Register) US Congress wants hack teams for self-penetration
(Boston.com) US looks to hackers to protect cyber networks
(NY Times) ‘Hackers wanted’ ad fed security misconception

(The Register) Botnet hijacking reveals 70GB of stolen data
(The Register) Twitter breach gives behind-the-scenes Obama peek

(The Register) Firefox finds more pesky bugs
(H Security) Firefox 3.0.10 fixes critical vulnerability

(The Register) Hacker behind P2P botnet gets no jail time
(The Register) US military’s cyberwar rules ‘ill-formed,’ says panel
(NY Times) Panel Advises Clarifying U.S. Plans on Cyberwar
(The Register) Adobe users imperiled by critical Reader flaw

(H Security) Lost+found: Worms, Exploits, Online Scanners
(NY Times) H.P. Labs Pulls Out the Measuring Stick

Advertisement

Launching of DefCon Philippines

Soft Launching of Defcon Philippines (DC3662) will be on Dec 20, 2008 with a half day event (1-6PM) at Handuraw, 460 Gorordo Avenue, Cebu City.

For more info, check out www.defconph.org.
There’s also great info in their blog section. They will be sponsored by opononline and Empress of Drac.

A couple of Blogs about this event:

Beyond the norms

cebubloggers

Third Wave

---

Since I posted something about Social Networks and the Philippines probably around a week back, you might want to check out the Pinoy Post Blog by Melvin Calimag over at ZDNetAsia who recently wrote an informative article about the same topic.

Since the author seems to be one of the few writers on IT in the Philippines, I googled him and came upon this interesting article written around the start of this year.

---

Other Info Sec News

Security update for xt:commerce Shop system

Obama’s cell phone records breached

Verizon staff break into Obama’s cell phone account

US Military’s ban of USB thumb drives highlights security risks

Buffer overflow in Vista’s TCP/IP stack

Microsoft to offer free security solution, discontinue OneCare. This is also related to,
Microsoft hopes free security means less malware

Key Logger Spyware ordered off the market

Brief study shows difficulty in detecting malware

Apple plugs a dozen iPhone security holes

Computer virus brings London hospital networks to a standstill

---

New Links:

MASE Consulting – Policies and Procedures
Software Assurance Forum for Excellence in Code

Recent Philippine IT News

Manila Bulletin reports Mobile versions of online games created for RP mart unveiled, More than half of AsiaPacific Internet users visited online gaming sites in August 2008, and DigitalFilipino.com Club Manila Networking Night in PAGCOR-Paranaque.

Domini M. Torrevillas of Philippine Star writes about the ongoing IT Project for the LTO in LTO project on the spot. Excuse me for the digression, but going through the website of the LTO, there’s a funny portion there regarding Defensive Driving and Traffic Signs and Pavement Markings which, I can attest, are barely followed here in the Manila. Which begs the question, why have laws if they aren’t applicable to everyone and offenders aren’t prosecuted?

News from Inquirer.com: SkyCable enters broadband market; Laguna, Cavite promising areas for BPO.

Inquirer.com’s hackenslash writes that Amped announces Tantra II. On a separate Inquirer Blog, Anna Katerina Rara talks about Eyeballing Online Friends – Safely.

As for older news, Don Herana also from Inquirer.com has published a couple of interesting articles, namely on: Data Center Availability (2006); Making enterprise mobility work (also from 2006); Voice over Wifi;

In the News Today, Nov 4, 2008

TrueCrypt encryption software releases version 6.1..

Trojan steals access data for 300,000 bank accounts

IT Security.com publishes articles on Zero Day Attacks, Spam Control, and Biometrics Security.

Security Focus reports that a Secure Hash competition just started.

SC Magazine US reports that Microsoft flaws are down but malware on the rise, Six are arrested for hacking President Sarkozy’s bank account, and Cybercrooks use Google name to spread Facebook worm.

ISAF: ISAF issues warning to retailers to tighten up on security procedures

NHS Security Awareness Month Initiative At Colchester Hospitals, England

SANS Institute And ISACA Announce Online Security Awareness Course And Scholarship

Last but not least are a couple of articles on Security Metrics. There’s this great article on Security Metrics by Joel Rosenblatt from last quarter’s (July-Sept 2008) issue of Educause Quarterly. Rosenblatt also has a book review of Andrew Jaquith’s Security Metrics: Replacing Fear, Uncertainty, and Doubt
Another related book, Complete Guide to Security and Privacy Metrics was reviewed last year by Cheryl Washington.