Cyber Security Summit Hosted By Department of Homeland Security (DHS)

Cyber Security Summit Hosted By Department of Homeland Security (DHS) 

As part of the national Stop.Think.Connect campaign against cyber threats to computers in the private and public sector, the city of Mesa and the Department of Homeland Security are hosting a cyber security summit at the Mesa Arts Center on Wednesday, Sept. 26. The mayor of Mesa said on Wednesday that interest in the summit is growing, and that there also will be numerous representatives of government from throughout the state and a member of the Secret Service attending the event.  Kelvin Coleman, U.S. Department of Homeland Security director of state, local, tribal and territorial cyber engagement, will be the keynote speaker. Mesa Mayor Scott Smith and District 3 councilman and Mesa Public Safety Committee chair Dennis Kavanaugh also will offer comments and help to facilitate questions during the event. “We use computers every day,” Smith said. “We don’t know how important computers are until they’re breached.”

-:Agenda & Other Details:- 

Date: September 26, 2012

Venue:- Mesa Contemporary Arts - Brown Sculpture Courtyard

1 E. Main Street
Mesa, AZ  85201 

7:30 a.m. Registration & Continental Breakfast sponsored by Siemens

8:30 a.m. Welcome and Opening Remarks

• Mayor Scott Smith
• Councilmember Dennis Kavanaugh

9:00 a.m. Keynote Address

• Mr. Kelvin Coleman, Director, State, Local, Tribal and Territorial Cybersecurity Engagement Program DHS National Cyber Security Division

9:30 a.m. Convenience vs. Security Expert Panel

Current Threats in an increasingly Networked World Panelist Bios

John Meza (Moderator), Assistant Chief, Mesa Police Department

James Choplin, Special Agent, Electronic Crimes Task Force, U.S. Secret Service

Dr. Dee H. Andrews, Ph.D. Senior Research Psychologist, Army Research Institute for the Behavioral and Social Sciences

Kristy Westphal, Director of Security Operation, T-Systems North America

Lonnie Benavides, Red Team Lead, The Boeing Company

Ilene Klein, City of Phoenix Office of Information Security and Privacy

Bill Kalaf, Executive Director - Intelligence-Led Policing, Mesa Police Department

 

During this session, the panel will outline and discuss many of the current threats affecting businesses, local government, users, such as social engineering, security of mobile devices and many of the trending applications on smart phones and PCs.

   

10:30 a.m. Networking Break

   

10:45 a.m. Closing Remarks

• Mayor Scott Smith

11:15 a.m. Adjournment

   

11:30 a.m. Post CyberSecurity Summit Break Out Session:  Methods for training supervisors to detect behavioral indicators of insider threat

Dr. Dee H. Andrews 

Senior Research Psychologist , U.S. Army Research Institute for the Behavioral and Social Sciences 

During this session, participants will get an overview of methods in training supervisors to spot and mitigate the cyber insider threat.  Statistics reveal that approximately 40% of the cyber incidents are caused by insiders.  

If you want to register for the U.S. Department of Homeland Security Cyber Security Summit then click Here. For additional information about Stop.Think.Connect. click Here

-Source (mesaaz.gov)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cyber Security Summit Hosted By Department of Homeland Security (DHS)"https://www.voiceofgreyhat.com/2012/09/Cyber-Security-Summit-Hosted-By-DHS.html</a>

Ekoparty Conference: Stealth Password Cracking Vulnerability Found in Oracle Database

Ekoparty Conference: Stealth Password Cracking Vulnerability Found in Oracle Database

Researchers unveiled serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user's password. The attacker could then log on as an authenticated user and take unauthorized actions on the database. The vulnerability exists in Oracle Database 11g Releases 1 and 2 and is caused by a problem with the way the authentication protocol protects session keys when users try to log in. The first step in the authentication process when a client contacts the database server is for the server to send a session key back to the client, along with a salt. The vulnerability enables an attacker to link a specific session key with a specific password hash. The researcher who discovered the bug named Esteban Martinez Fayó has also released a tool that can crack some simple passwords in about five hours on a normal PC.  Fayó is a security specialist of AppSec Inc, he demonstrated his findings at the Ekoparty conference which is currently taking place in Buenos Aires. 

According to Esteban Martinez Fayo "This Session Key is a random value that the server generates and sends as the initial step in the authentication process, before the authentication has been completed.  This is the reason why this attack can be done remotely without the need of authentication and also, as the attacker can close the connection once the Session Key has been sent, there is no failed login attempt recorded in the server because the authentication is never completed."  He also staid "Once the attacker has a Session Key and a Salt (which is also sent by the server along with the session key), the attacker can perform a brute force attack on the session key by trying millions of passwords per second until the correct one is found.  This is very similar to a SHA-1 password hash cracking.  Rainbow tables can’ t be used because there is a Salt used for password hash generation, but advanced hardware can be used, like GPUs combined with advanced techniques like Dictionary hybrid attacks, which can make the cracking process much more efficient."  

"Basically, I discovered that not all failed login attempts were recorded by the database.  Looking closer at the issue, I located the problem in the way that one of the components of the logon protocol, the Session Key, was protected.  I noticed that, in a certain way, the Session Key was leaking information about the password hash," he added 

Although Oracle closed the hole with the 11.2.0.3 patch set, which introduced the new version 12 of the protocol in mid-2011, Fayó said that there has been no fix for versions 11.1 and 11.2 of the database because the update was never included in any of Oracle's regular "critical patch updates". The researcher explained that unless administrators activate the new protocol manually, the database will continue to use the vulnerable version 11.2 protocol. The vulnerability is in a widely deployed product and is easy to exploit, Fayo said he considers it to be quite dangerous. "The Oracle stealth password cracking vulnerability is a critical one.  There are many components to affirm this: It is easy to exploit, it doesn’t leave any trace in the database server and it resides in an essential component of the logon protocol," he said.

"It is very simple to exploit.  The attacker just needs to send a few network packets or use a standard Oracle client to get a Session Key and Salt for a particular user.  Then, an attack similar to that of cracking SHA-1 password hash can be performed. I developed a proof-of-concept tool that shows that it is possible to crack an 8 characters long lower case alphabetic password in approximately 5 hours using standard CPUs."

-Source (Threat Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Ekoparty Conference: Stealth Password Cracking Vulnerability Found in Oracle Database"https://www.voiceofgreyhat.com/2012/09/Stealth-Password-Cracking-Vulnerability-in-Oracle.html</a>

Registration Open For Cairo Security Camp 2012 (Information Security Conference)

Registration Open For Cairo Security Camp 2012 (Information Security Conference) 

We have a very good news for hackers, security experts, cyber-security junkies. The good news is -the registration for Cairo Security Camp 2012 is now open. CSCAMP is an annual event targeting the Information Security Community of the Middle East and North Africa (MENA Region) organized by Blue Kaizen. IT Professionals and security practitioners from throughout the region are invited to attend. The Conference purpose is to gather, in one place, everyone interested in helping to improve and enrich the Information Security field in the MENA region. The Goal is to raise the level of information security field in the MENA region, hoping that one day we live up to international standards. Cairo Security Camp is the first annual conference organized by an Arab Country.

Cairo Security Camp 2012 Venue Details:

Target Venue: TBD

Target Date: 18th – 24th of November 2012

Organizers: BlueKaizen.org

Who should attend?

- Chief Security Officers.

- Corporate/Government Security Directors.

- Information Security Managers.

- Information Security Experts.

- Information Security Professionals.

- Information Security Officers.

- Information Security Students.

- Information Security Education & Training Specialists.

- Government Agency Security Specialists.

- Information Security Programs Professors.

- CIOs/ IT Managers.

- IT/ System Administrators.

We would also love to share with our readers that Voiceofgreyhat feel proud to take part is this event  as official Media Sponsor CSCAMP. Its our honor to be associated with Blue Kaizen. Being the official media partner, Team Voiceofgreyhat wishes a huge sucess of Cairo Security Camp 2012. For more details about the event, click Here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Registration Open For Cairo Security Camp 2012 (Information Security Conference)"https://www.voiceofgreyhat.com/2012/08/Registration-Open-For-Cairo-Security-Camp-2012.html</a>