InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘Podcasts/Webcasts’

Upcoming Webinars

Posted by Jaime Raphael Licauco, CISSP, GSEC on July 23, 2009

IT Governance Free Webinars

itgovernance.co.uk will be giving the following free 1 hour webinars:

July 23 Thu 11 PM Phil Time Mastering ISO27001
July 30 Thu 11 PM Phil Time Data Protection Act Webinar
Aug 06 Thu 11 PM Phil Time IT Governance Webinar
Aug 13 Thu 11 PM Phil Time Leadership in a Difficult Climate
Aug 20 Thu 11 PM Phil Time Best Practice Business Continuity Management
Aug 27 Thu 11 PM Phil Time Green IT in Practice

BSI America will be giving the following free 1 hour webinars:

July 24   Fri   1AM Phil Time      What Does it Cost to Implement a Management System?
Aug 6     Thu 1AM Phil Time      BSI Launches New Version of Entropy™ Software*
Aug 7     Fri   1AM Phil Time      Implementing International Supply Chain Security Throughout Operations
Aug 13   Thu 1AM Phil Time      7 Steps to Improving your Business Case for Management System Software
Aug 21   Fri   1AM Phil Time      CMDCAS for Medical Device Manufacturers
*Entropy is BSI’s Management Systems Software

Gartner Free Webinars

July 29 Wed 9AM US EDT    Use IT to Drive Savings in Your Business
July 29 Wed 10AM US EDT  Spend Less Get More Secure
July 29 Wed 12PM US EDT   Use IT to Drive Savings in Your Business
July 29 Wed 1PM US EDT    Spend Less Get More Secure
Aug 12 Wed 3PM Sydney Time How to Modernize IT While on a Budget

Note: Some of the above links were first posted in the InfoSec Philippines Facebook Page by its members or the author.

Site News

Updated the Whitepapers and References Links Page to include Securosis.

Advertisement

Posted in Webinars | Tagged: , | 1 Comment »

Wireless Hacking part 2

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 7, 2008

Yesterday, I had a post on Using Nmap to detect Rouge Wireless Access Points. With that post were various links to tools on hacking wireless networks that are freely available on the net. This is of course to help inform the public on the perils of wireless network computing. However, I also posted a link on the advantages on wireless and how to secure it. As is often the case, one must seek a balance or prioritize among that OTHER security triad of COST vs SECURITY vs CONVENIENCE.

For the history buffs, there is a A Brief History of Wireless Security from SecurityUncorked.com. CSOonline, back in May 2008, also published a very informative article on Wireless Security: The Basics.

News from SC Magazine US, SecurityFocus.com and Heise Security just came out that WPA can now be cracked in around 15 minutes.

The SecurityFocus.com news item above talks about Recovering a WEP key in less than a minute using the aircrack-ptw tool that is used with the aircrack-ng toolsuite.

I remember a few months ago Risky Business podcasts interviewed the maker of Metasploit framework, HD Moore, regarding his evil Eee PC. It’s about the new KARMA+Metasploit 3 framework which is a set of tools that listens to all client probe requests and can then become a fake wireless AP for any requested network. The scary thing here is that you can possibly get owned as long as your wireless is enabled and its automatically looking for a wireless access point, without the user even knowing it. The older Karma framework is available here.

If the Risky Business podcast didn’t get you a wee bit paranoid, an interview by Network World on, Wireless security foiled by new exploits, just might do the trick. They interviewed Joshua Wright who writes the security blog WillHackforSushi.com and is also the author of the six-day SANS Institute course, Assessing and Securing Wireless Networks.

I wonder what tools were used for the “Wall of Sheep” at the Defcon conferences, which was also at the BlackHat, this year. In case you’ve never heard of the “Wall of Sheep”, its a wall with a projection of Usernames and part of the passwords for the users foolish enough to not have enough security on their wireless connections. MySpace and Gmail accounts have also shown up (in spite of Gmail using the default https, but just for log-on) through the use of replay attacks. Apple iPhones and Window’s mobile phones have also shown up.

Since you’ll want to save some of the information from the KARMA+Metaploit 3 framework, I’m guessing newer mini-notebooks like the Acer Aspire One which retails for around $350, and Lenovo Ideapad S10 which retails for around $400, would both be great for this.

Since its related, there’s an On Demand Webcast sponsored by Nokia on, Corporate Mobility Policy and Device Management. In case your organization is PCI compliant or is looking forward (or dreading) compliance in the future, Network World will be having a webcast next month on PCI Wireless Compliance Demystified.

Posted in ISMS, News, Philippines, vulnerability, Wireless | Tagged: , , , , , , , , , , , , , , , , , | 1 Comment »