Showing posts sorted by relevance for query security experts. Sort by date Show all posts
Showing posts sorted by relevance for query security experts. Sort by date Show all posts

Registration Open For Cairo Security Camp 2012 (Information Security Conference)

Posted by Avik Sarkar On 8/17/2012 02:36:00 am

Registration Open For Cairo Security Camp 2012 (Information Security Conference) 

We have a very good news for hackers, security experts, cyber-security junkies. The good news is -the registration for Cairo Security Camp 2012 is now open. CSCAMP is an annual event targeting the Information Security Community of the Middle East and North Africa (MENA Region) organized by Blue Kaizen. IT Professionals and security practitioners from throughout the region are invited to attend. The Conference purpose is to gather, in one place, everyone interested in helping to improve and enrich the Information Security field in the MENA region. The Goal is to raise the level of information security field in the MENA region, hoping that one day we live up to international standards. Cairo Security Camp is the first annual conference organized by an Arab Country.

Cairo Security Camp 2012 Venue Details:
Target Venue: TBD
Target Date: 18th – 24th of November 2012
Organizers: BlueKaizen.org

Who should attend?
- Chief Security Officers.
- Corporate/Government Security Directors.
- Information Security Managers.
- Information Security Experts.
- Information Security Professionals.
- Information Security Officers.
- Information Security Students.
- Information Security Education & Training Specialists.
- Government Agency Security Specialists.
- Information Security Programs Professors.
- CIOs/ IT Managers.
- IT/ System Administrators.

We would also love to share with our readers that Voiceofgreyhat feel proud to take part is this event  as official Media Sponsor CSCAMP. Its our honor to be associated with Blue Kaizen. Being the official media partner, Team Voiceofgreyhat wishes a huge sucess of Cairo Security Camp 2012. For more details about the event, click Here.






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Why does Sony getting hacked for multiple times (full report)

Posted by Avik Sarkar On 6/09/2011 07:01:00 pm


Since the April Play Station Network breach that exposed over 100 million user accounts, Sony has been hacked more than 10 times. Sony Pictures,Sony Europe, Sony BMG Greece, Sony Thailand,Sony Music Japan, Sony Ericcson Canada, and others, have all been the target of attacks. Sony has had to contend with intense scrutiny from media, disgruntled users and lawmakers, with everyone asking the company how it could let such a breach happen. Sony has apologized repeatedly and said that the original attack was a highly professional, criminal cyber attack aimed at stealing credit card numbers. Other experts have said that Sony simply didn't have its security act together and that the attack was likely far simpler. Now, critics are wondering what exactly the motivation might be behind the continued hacks. While the initial PlayStation Network breach was the largest of the hacks to date, Sony's cyber attack problem has continued due to both inconsistent security across Sony's systems and the rise of new groups of hackers interested less in punishing Sony than in showing off their ability to breach the company's defenses, experts say.

Some analysts say Sony's security woes started when the company pressed charges against 20 year-old hacker, George Hotz, who reverse-engineered Sony’s PlayStation 3 so that it could run unapproved third-party applications. Sony responded by suing Hotz, a move that reportedly infuriated many in the hacker community. Many experts say the attack on the PlayStation Network in April could have been an act of vilgilante justice resulting directly or indirectly from Sony's lawsuit against Hotz.

"Sony's perceived abuse of the legal system in targeting reverse-engineer George Hotz infuriated hacker groups," said Randy Abrams, director of technical education at ESET, an IT security firm. Abrams also noted that even before the Hotz incident, Sony had drummed up "significant antipathy" as the result of a 2005 scandal involving Sony CDs that automatically installed a rootkit that made users' computers vulnerable to attack.
The PlayStation Network attack appears to have set off an avalanche of follow-ups.

"Other hackers and hacking groups realized they could jump on the bandwagon and break into other Sony properties and get in the news," said Richard Wang, manager of Sophos Labs, a security vendor. "Really anything that has the Sony brand on it has become a target for someone trying to make a name for themselves or trying to prove they can break into the website."

Fred Cate, director of the Center for Applied Security Research at the University of Indiana, said the first PlayStation Network breach may have tempted hackers by revealing Sony as open to attack. "There's sort of a pile-on effect," Cate said. "Once you hear that there's a vulnerable network out there, other folks start trying. Sony's now a new target of interest."
Other hackers seem to have joined up for reasons other than political or monetary gain. Sites like has sonybeen hacked this week.com demonstrate a curious mixture of genuine curiosity and weary cultural saturation.

"Prior to the PSN hack, the loosely organized Anonymous group had waged war against Sony, reflecting the opinion of a significant share of netizens who got infuriated by Sony's corporate attitude," said Guillaume Lovet, a senior manager of the threat response team at Fortinet. "But now, from being a target for opinion reasons only, it also became a target 'just for the lulz,' for [hacker group] lulzsecurity and others."
"The outcome," Lovet said, "is more attackers, thus more successful hacks."

Some critics have questioned whether Sony's security efforts both before and after the initial breaches have been adequate. Sony has since promised to boost its security systems and review existing procedures. Still, according to experts, many of the attacks used to breach Sony's sites are fairly basic hacks that the company could easily have protected against.

"They seemingly have an almost anarchistic approach to global network security, with no visible coordination of security practices across Internet properties," said Abrams. "Some properties, such as Sony Pictures, seem to have been ignoring basic security best practices."

Part of the problem is Sony’s huge international web presence. Experts say its highly unlikely that the company's multiple divisions, from movies to gaming, are following any coordinated set of security protocols.

"Sony has disclosed many breaches, including different servers in Indonesia and Thailand. I highly doubt that the same developers who developed these websites are the same developers who worked on the Playstation Network, Sony Pictures, etc.,” said Derek Manky, a senior security strategist at Fortinet. "Quite simply, there is a tradeoff: Security dwindles as you add convenience and complexity."

While the novelty of hacking Sony may continue to diminish as other cybersecurity stories hit the news, it's clear Sony must get its act together or risk more attacks, a loss of customer faith and money and possible government intervention. 

"Sony needs time to get their security house in order," Jeremiah Grossman, the CTO of WhiteHat Security wrote in an email. "As an organization, Sony could see this as an opportunity. A year or more from now, they could be an example of how security SHOULD be done across the entire industry."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Started "BlueHat" Contest for Better Security

Posted by Avik Sarkar On 8/05/2011 05:09:00 am


As any Jedi knight knows, the temptation to turn to the Dark Side is difficult to resist. The same can be true for White Hat hackers--malware fighters who discover vulnerabilities in software.
The black market prices for those kinds of security flaws are as tantalizing to ethical hackers as the malevolent side of The Force was to Luke Skywalker. Microsoft wants to temper those temptations, though, and has announced a contest that offers more than $250,000 in prizes for developing better solutions to counter security threats.
Microsoft's "BlueHat Prize," announced by the company at the Black Hat security conference in Las Vegas Wednesday, offers a grand prize of $200,000, a runner-up purse of $50,000, and a third-place award of a one-year subscription to MSDN Universal--a developer's platform for Microsoft products--worth $10,000--to security researchers who design the most effective ways to prevent the use of memory safety vulnerabilities. Those kinds of vulnerabilities can create problems like buffer overflows that can be exploited by Net miscreants to compromise computers.
“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology," Matt Thomlinson, Microsoft’s General Manager of Trustworthy Computing Group, said.
“Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues," Thomlinson continued. "We believe the BlueHat Prize can catalyze defensive efforts to help mitigate entire classes of attacks."

Top Experts Needed:-

In offering the prize, Microsoft hopes to attract the world's top experts to focus their "little gray cells" on a major security problem. “Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices," observed Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center.
“We’re looking to collaborate with others to build solutions to tough industry problems," she added. "We believe the BlueHat Prize will encourage the world’s most talented researchers and academics to tackle key security challenges and offer them a chance to impact the world."

The Origin of the Concept:-

According to Microsoft, it got the idea for the BlueHat prize from a previously launched security information-sharing program. That initiative, the Microsoft Active Protections Program (MAPP), allows Microsoft to share information with security vendors around the world so they can release protection technologies to their customers much faster. The success of that program got Microsoft thinking about mounting a similar effort for the security research community.
One vendor with praise for BlueHat was Adobe, a company that's no stranger to software with vulnerabilities. “The Microsoft BlueHat Prize announced at Black Hat [on August 3] is an exciting new initiative and a great example of encouraging community collaboration in the defense against those with malicious intent," observed Adobe's Senior Director for Product Security and Privacy Brad Arkin.
“This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks, rather than thinking about software security as a challenge best addressed one bug at a time," he continued. "This research has the potential to lower costs for third-party developers and increase the level of security assurance for end users."
Here are the official rules and guidelines for the competition. Contest submissions will be accepted until Sunday, April 1, 2012, Microsoft said. A panel of Microsoft security engineers will judge submissions based on the following criteria: Practicality and functionality (30 percent); robustness--how easy it would be to bypass the proposed solution (30 percent); and impact (40 percent). The winners will be announced at Black Hat USA conference in 2012.

-News Source (PC World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012

Posted by Avik Sarkar On 10/28/2012 04:38:00 am

NASSCOM-Data Security Council of India Announces Annual Information Security Summit 2012

NASSCOM-Data Security Council of India (DSCI) announced that the Annual Information Security Summit 2012 will be held on 11-12 December at Taj Lands End, Mumbai. The NASSCOM-DSCI Annual Information Security Summit this year will focus on the national cyber security elements- Framework, Machinery, Responsibility & Operations for all the critical information sectors like power, energy and finance where deliberation will take place on operating technologies like smart grid and industrial control system; the security and privacy imperatives of eCommerce, mCommerce and eGovernance application and platforms. The Summit will provide an opportunity to have focused discussions with government leaders along with global experts who will talk about the security ramifications at the global level. Special features such as celebrating the success of women leaders in the field of security, Workshop on IT Act and release of DSCI assessment frameworks will also be part of the annual summit. The addition of DSCIExcellence Awards 2012 to Corporate and LEAs this year along with Annual summit will truly make this as a platform where India Meets for Security. 

Who Should Attend:-

Organizations:
  • User Organization – Banks, Finance, Telecom, Manufacturing, Energy
  • Government & PSUs
  • Technology & Service Providers
  • Security Product/ Services Companies
  • Academia
Individuals:
  • Business Leaders
  • IT Leadership
  • Security & Privacy Leadership
  • Security Professionals
  • Security Implementer | Administrator | Officer

Participation benefits:
  • Learn about new challenges, threats and vulnerabilities
  • Gain Strategic direction & practical guidance
  • Explore new approaches, practices, technologies and services
  • Discover market developments and get a feel of technology products
  • Discuss on public policies for cyber security and privacy
  • Interact with national, government and global leadership
Agenda:- 
 
Tentative Agenda Topics for Annual Information Security Summit’12 : Day 1
Time
Session
0930 to 1015
Inaugural + Key Note
1015 to 1115
National Imperatives of Securing Operational Technologies … Smart Grids, Oil & Gas, & Public Utilities
1115 to 1140
Tea Break
1140 to 1200
Platinum Session 1 by Verizon
1200 to 1250
Protecting Key Economic Assets, Securing Financial Backbone
…. Stock Exchange, Payment Infrastructures & Financial Switches
1250 to 1310
Platinum Session 2 by TCG
1310 to 1415
Lunch Break
1415 to 1430
Special feature
1430 to 1520
Architecting Security for New Age Banking
… Business Models, Technology Transformations & Channel Revolutions in the midst of Organized, Focused, Advanced & Persistent Cyber Threats
1520 to 1540
Special feature by HP
1540 to 1640
Revolution named Clobile, Nightmare for Security? … Enterprise Mobility, Mobile Apps and Cloud Enablement Data driven Businesses
1640 to 1700
Tea Break
1700 to 1800
Data driven Businesses – Data reason for Empowerment and Concern
… Big Data, Context Computing & Social Media Computing
1800 to 1900
Networking and Exhibition
1900 to 2030
DSCI Excellence Awards 2012
  • Corporate
  • Law Enforcement
2030 Onwards
Cocktail Dinner
Day 2
Time
Session
0930 to 1030
Cyber Security, from National Responsibility to Global Accountability
… Cyber diplomacy, converging national and international interests
1030 to 1100
Special Feature by CISCO
1100 to 1130
Tea Break
1130 to 1230
Securing Technology Transformation of Governance … eGovernance projects, Security Challenges & Solutions
1230 to 1315
Rendezvous with Women Security Leaders: Special Interaction …. Security, Challenges and Opportunities for Women
1315 to 1415
Lunch Break
1415 to 1515
Security Enablement of Growing Electronic & Mobile Commerce
… Rising Volume & Growth of Commerce, Security as Enabler
1515 to 1600
Securing core, edge, access & connect: reappearance of network on agenda of security
… Finding the role of network security: Infrastructure Core, Hyer-extensive organizations, Access complexities, Mobility & External exposures
1600 to 1630
Tea Break
1630 to 1730
Consumer Behaviors and Business Responsibilities In the Information Age … Responsible Behaviors, Fair Business Practices & Enabling Technologies

To Get Yourself Registrar For the Event Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

nullcon security conference Delhi 2012 Highlights/Agenda

Posted by Avik Sarkar On 8/09/2012 05:04:00 am

nullcon Security Conference Delhi 2012 Highlights/Agenda

Earlier we have discussed several times about nullconAfter the success of Goa, now we all are waiting for nullcon Delhi to showcase cutting edge security technologies and discuss new attack vectors and security threats among the Corporate world and the Government sector. So lets talk about the highlights & agendas of nullcon Delhi 2012. nullcon feel proud to be at the forefront of the IT Security arena in the Asian IT Industry. With the fourth event in the row, nullcon continue to deliver the latest and responsible vulnerability disclosures and their mitigation solutions which help organizations take proactive and timely protective measures to safeguard their critical data and assets.
nullcon Delhi is being held on 26 - 29 Sept 2012 at The Leela Kempinski, Gurgoan.

 Highlights:-
1. Day one keynote by CEO Natgrid,Mr. Raghu Raman. Talk Title:  Battle of the Minds
2. Day two keynote by Global Security Evangelist and renowned speaker. Mr. Richard Thieme. Talk Title: Staring into the Abyss.
3. Security Conclave on Critical Infrastructure Protection:  Focused Panel discussion of 90 minutes with participation from Govt. and corporate. Expert panelists from PSUs (Public Sector Undertaking) and large private organizations to create the road map for the protection standard and processes. This year's theme is Critical Infrastructure Protection and will be focused on organizations managing and developing critical infrastructure and organizations offering solutions and risk consulting on the same.
4. Executive Briefing: Exclusive two hours sub-event for senior management and the CIO’s to present summarized content of conference talks/events.
5. Prototype sub-event:  An excellent opportunity/platform for organization to speak/showcase/present (30 Min Talk) new innovative security technologies to the conference attendees to attract industry recognition and to promote their brand.
6. 20+ Exhibitors from security industry.
7. 20+ presentations by security experts on ground breaking defensive and offensive security technologies.
8. Seven security Training by industry experts on deep technical and critical security sbjects.
9. Null Job fair for hiring the best in the security industry.
10. Attendees from varied Industry verticals.
11. Supported by Microsoft (MSRC USA), Praxeva, SANS and Hacker5. 
12. Some of the exhibitors include WatchGuard, Symantec, Microsoft, Praxeva, SANS, JNR, Search Lab, Innobuzz, ACPL, LFY, Payatu
nullcon Delhi is a must attend for all those who share an interest in IT security. It is nullcon's endeavor to be continually delivering the best in IT Security. For more details please visit http://nullcon.net. 
Pre-con registration is closing on 31st August. FREE Registration for Exhibition and Job Fair. Group discount available. For offline registration, kindly drop an email to register@nullcon.net
Being the official media partner, Team Voiceofgreyhat wishes all the very best for Nullcon Delhi 2012.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Hired Kristen Paget, Renowned Hacker & Former Security Expert of Microsoft

Posted by Avik Sarkar On 12/11/2012 05:53:00 pm

Apple Hired Kristen PagetRenowned Hacker & Former Security Expert of Microsoft 

 To become  the very best along with that to maintain and hold your position, you need to deliver your hundred percent even some times more than hundred percent, and this race continues. For that we have to gather the very best guy with as. The above fact took place again, when Apple hired a renowned computer security researcher who helped Microsoft to rid Windows Vista from glaring exploits. I think, you already started guessing, let me tell you that yes you are absolutely right. Kristen Paget formerly known as Chris Paget who was part of an elite team of security experts of Microsoft has now been hired by Apple to lend her expertise to securing the company's operating systems. Apple, slowly, has been trying to make inroads into the security community. This summer, an Apple engineer spoke at the Black Hat security conference for the first time. So it is a bit predictable that why Apple is looking for security experts. Paget's exact charge at Apple is still somewhat of a mystery, with company representatives declining to comment on the specifics of what she'll be working on. After leaving Microsoft and prior to her move to 1 Infinite Loop, Paget was employed by security firm Recursion Ventures. According to sources, this past July, she'd departed stating that she wished to focus on developing security-related hardware.  
According to a report by Wired - Paget’s work at Microsoft had been similarly secretive. She’d been forbidden from speaking about it for five years after her work there ended.
But in 2011, the NDA expired, and she spilled the beans on her Vista hacking at the Black Hat Las Vegas conference. In short: Microsoft’s security team had expected Vista to be pretty clean when Paget got her hands on it, but they were wrong.
“We prevented a lot of bugs from shipping on Vista,” Paget said, according to a recording of her talk. “I’m proud of the number of bugs we found and helped get fixed.” Paget and company’s bug-hunt was so successful, in fact, that it forced Microsoft to push back Vista’s ship date. When the work was done, the hackers received special T-shirts, signed by Microsoft Vice President of Windows Development Brian Valentine. They read: “I delayed Windows Vista.” 
Until this past summer, Paget had been chief hacker at Recursion Ventures, a company that specializes in hardware security. When she left in July, she said she was looking for a break from bug-finding, hoping to find a job that involved building “security-focused hardware.”
“I’ve done too much breaking of things, it’s time to create for a change,” she said on Twitter. She was hired in September as a core operating system security researcher at Apple, according to her Linkedin Profile. 
Paget made headlines in 2010 when she built her own cellphone-intercepting base station at the Defcon hacker conference. Back then, Paget was known as Chris. She switched genders last year.

While talking about hiring geniuses by giant firms, we would like to remind you that very recently Apple has hired search guru Bill Stasior to oversee Apple's Siri voice-activated personal assistant. Along with this, few months ago social networking giant Twitter had appointed famous whitehat hacker Charlie Miller, to boost up its security.  Also in late 2011 Nicholas Allegra, the world-famous hacker known as "Comex", creator of JailbreakMe.com comes was also hired by Apple.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chinese Hackers Breached New York Times & Stolen Employee's Password

Posted by Avik Sarkar On 2/03/2013 01:54:00 am

Chinese Hackers Breached New York Times & Stolen Employee's Password 

Yet again the story of cyber espionage by Chinese hackers spotted in the wild, when the famous and one of the most popular American news daily reported that their system has been compromised by a round of sophisticated cyber attack generated from China. After the hack of White House unclassified network, it is the second time in last six month; when Chinese hackers have targeted the American cyber spaceThe New York Times has reported that for the last four months Chinese hackers have been infiltrating its networks, broken into the email accounts of senior staff, stolen the corporate passwords for every Times employee and used those to gain access to the personal computers of  more than 50 employees
According to a blog post of NYT - The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing. 
“Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,” said Jill Abramson, executive editor of The Times. The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.

Cyber Espionage of China (2011-2012) at a Glance:-
While talking about this cyber attack, we would like to refresh your memory last two years, where the scenario of big cyber attack and espionage by Chinese hackers have been spotted several times. In 2012 Chinese hackers had  breached Telvent's corporate network & gained control of US Power GridAlso in the middle of last year, we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSAAlso in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible. 
All those above stories it has been clearly identified that China was the point of those said attacks, but it doesn't necessarily prove that it the operation is backed by the Chinese government or intelligence services. It could just as easily be a patriotic group of skilled, independent Chinese hackers upset with how the Western media is portraying their country's rulers. For all kind of cyber related topics and expert reviews on those matters just stay tuned  with only VOGH




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nullcon - International Security Conference [Goa 2012]

Posted by Avik Sarkar On 1/06/2012 05:31:00 pm



null - The open security community is a registered non-profit society and by far the largest security community in India with more than 2000 members comprising of information security professionals, ethical hackers and law enforcement professionals that focuses on infosec research and assisting Govt. and private organizations with cyber security issues. null has 7 chapters through out India - Pune, Bangalore, Mumbai, Hyderabad, Delhi, Chennai and Bhopal, interacting with around 5000-6000 people by various activities like monthly meets, security camps, workshops, talks at various events & organizations and executing security projects. 

nullcon portal http://null.co.in provides free information on security research, responsible vulnerability disclosure, open source security software project, white papers, presentations, monthly chapter meets.

We see that currently there is a disconnect between the Govt. agencies and private organizations when it comes to cyber security and aim to fill the gap in a vendor neutral way. We have many projects running that help organizations tighten their security infrastructure, including Keeda Project and nullcon - International Security Conference and Trainings.

Keeda Project is a database of vulnerabilities found in the wild which are reported to us by the members or anonymous researchers and we take action by immediately contacting the concerned organization and the respective CERT with information on the vulnerability and assist them in mitigating the threats.
As a part of null initiatives we organize nullcon - International Security Conference (http://nullcon.net), our annual flag-ship event. It is held in Goa in the month of February. At nullcon we call upon security experts from around the world to deliver talks and workshops on the latest technology and techniques in the security and hacking world. The talks range from web hacking, security & hacking tools, smart phone hacking, cyber warfare to zero day vulnerabilities.

The year 2012 marks a revolutionary change and unprecedented expansion in the way nullcon is organized. With the overwhelming support of our esteemed sponsors, enthusiastic participants and volunteers - null is organizing TWO conferences in 2012   
- nullcon Goa on 15-18th Feb 2012 and nullcon Delhi in Oct 2012
nullcon Goa continues to be a mix of hacking, security and business briefings with a lot of technical events for all the security geeks.
nullcon Delhi will focus more on the Corporate and the Government sector. It will include events geared towards business prospects in information security such as the exquisite Exhibit Space and Demo Zone for cutting-edge technology and products, business networking events and parties.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber Security Workshop on IIT Kanpur

Posted by Avik Sarkar On 7/10/2011 06:21:00 pm


Youths should be aware of ways to protect their Internet identity as the threat of breach of privacy is increasing and more and more incidents of breach are being reported, experts from IIT Kanpur said here on Saturday.
The Internet security experts, which included Gaurav Sharma and Tarun Bansal, were addressing students and professionals at a seminar at Bharti Mandapam here.  
"As more and more companies are going online, as more and more data is being stored on the Internet, and netbanking is drawing a rising number of people, the demand of Internet security experts is growing," Gaurav said, adding like in western countries, domestic companies are ready to pay a hefty pay to experts in this field. After recent incidents of Internet data theft from companies and other agencies, both government agencies and private companies are extremely conscious about their online safety, Gaurav added.
"Always have an eye for suspicious activity on your online existence. Most of the time hackers create a duplicate website and as soon as you provide your log in address on it, your site is hacked," said Gaurav. Tarun Bansal, another IIT Kanpur student, warned Internet users against Internet security loopholes.
Organized under the aegis of a web portal, allmycourses.com, the workshop witnessed a focused and holistic discussions on various forms of hacking.
"Always sign out from your account after use. If you close down your window without successfully logging out, the web browser stores your login information which could be used by hackers to tamper with your account," Tarun told students. 
"One of the important things to keep in mind is to always delete browsing history whenever you use a public computer because cookies, which form automatically as you open a site, could provide a way to hackers to get to your login information. However, it is not necessary with private computers," Tarun further added.
One more thing to keep in mind is to always check for the right URL before logging in, wrong URLs (like www.facabook.com in place of www.facebook.com) are also dangerous, Tarun informed students.
An IIT-Kanpur student and group coordinator, Girijesh Jha, said: "Students right from class IX to degree students along with many professionals attended the workshop." The experts also took questions from the audience. The workshop will also continue on Sunday

-News Source (TOI)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

What Risk We are Posing! Everyone Can Become Target of the Latest Cyber Security Threats

Posted by Avik Sarkar On 2/10/2014 07:31:00 pm

What Risk We are Posing! Everyone Can Become a Target of the Latest Cyber Security Threats
According to a report by the Washington Post, hackers may soon be setting up a plan to unfold in 2013 that will target 30 different U.S. banking institutions. McAfee Labs, who has compiled a new cyber security report, says that banks should be on the lookout for software that creates false online transactions or targets transfers tied to large dollar amounts.
Sources say that these threats can all be tied back to “Project Blitzkrieg”, which is a program that has been around since 2008. Within the past four years, it has already stolen $5 million and plans to continue for as long as possible. During the past few months, between 300 and 500 victims located within the U.S. have fallen victim to Project Blitzkrieg’s schemes. By the spring of 2013, McAfee says that things could get even worse for U.S. banks and their customers.
Experts note that this scheme may be tied to reports from back in October by security company RSA that mentioned how a hacker out of Russia named “vorVzakone” has been openly discussing his plan to recruit a team to plan the largest Trojan attack tied to banking. McAfee warns that these threats should be taken extremely seriously as the beginning of 2013 is soon to unfold. The software can become extremely dangerous to those doing their banking online because it can replicate transactions and even delete e-mail notifications about certain transfers.
While U.S. banks will no doubt be increasing their security protocols to protect themselves from any unnecessary attacks, most already know that they are continually being cited as targets from hacking groups around the globe. Back in September, both JP Morgan Chase and Bank of America saw their sites crash because of DDoS attacks.

Samsung Smart TV Dangers
The Register has recently reported that Samsung’s newest Smart TV is completely open and vulnerable to hacking because it gives hackers the ability to steal data very quickly. According to security company ReVuln, this vulnerability most notably affects consumers who own and use their Samsung 3D TVs for internet purposes.
Those who use their Smart TVs can rent movies, browse the web for a cheap line rental, go on Facebook, and more. ReVuln claims that they have found an exploit which allows hackers to see everything the user is doing while they are using their TV, retrieve and access information like web history, and hook up an external thumb drive to the TV to conveniently steal all of this information for future use. While ReVuln noticed this exploit while using a Samsung 3D TV, the true problem is that it seems to affect all of the latest Samsung TVs with internet capabilities, which includes many different makes and models.
As these TVs continue to act more as larger PCs, it is only a matter of time until we see even more security vulnerabilities tied to them in the very near future.

Gas Station Bluetooth Skimming
News site KRCA out of Sacramento notes that crooks are using Bluetooth devices in order to steal credit card information from those who are paying for gas at the pump. The biggest issue the cyber security experts noticed is that these thieves do not even have to be near the gas station in order to steal information.
Crooks are using skimming devices that utilize Bluetooth and contain a variety of common security keys that can be used to access gas pumps for maintenance. They don’t simply pull out their device and begin swiping information for oblivious consumers. Thieves will start by installing skimmers on the pumps to collect information from those pumping gas and then pick them back up. Detectives say that these types of devices are impossible to detect.
According to experts, thieves can be up to 100 yards away and continually collect credit card information from unsuspecting users. Because of this, these crooks are impossible to detect, and the problem may only grow larger in the near future.

Troublesome QR Codes

QR codes seem to be everywhere these days. They’re typically on everything from advertisements to products that we purchase on a daily basis. In the Netherlands, hackers are posting QR codes in heavily trafficked areas like airports and major streets. When these QR codes are scanned in by a user’s smart phone, they are taken to a malicious website that may attempt to phish information from the user or possibly infect their smartphone with malware.

Disclaimer:- Before perfection, on behalf of Team VOGH, I would like to personally thank Eve Halton  for sharing this magnificent article with our readers. Eve is a very much passionate Fleet Street, she  has done her graduation in International Business and Journalism. She gained decent experience in writing articles on several fields like global politics, economics, sustainability issues, cyber security & many more.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

eEye to Showcase IT Security Solutions that Simplify Vulnerability and Compliance Management at SecureWorld Expo in Atlanta

Posted by Avik Sarkar On 4/27/2011 02:31:00 pm

eEye Digital Security, a provider of IT security and unified vulnerability management solutions, will exhibit at the SecureWorld Expo in Atlanta, Georgia, May 3-4, 2011. The company’s CTO, Marc Maiffret, will participate as an industry expert on a network security panel discussion. The conference brings together the security leaders, experts, senior executives, and policy makers who shape the direction of security across Information Security, Physical Security, Compliance, IT Audit, Computer Forensics, Enterprise Risk Management, Business Continuity, and Security Management.
eEye invites the media and SecureWorld Expo attendees to explore the company's latest innovations, demonstrated in Booth 313, primarily the company’s Retina CS Management solution, Retina Insight reporting engine, as well as add-on modules for Configuration Compliance, Government Regulatory Reporting, and Patch Management.
eEye CTO, Marc Maiffret, will offer insights on the Industry Expert Panel, "Network Security: Finding the Right Management Program," to be held on Tuesday, May 3, 1:15-2:00 PM during the Open Vendor Sessions portion of the conference.
“It’s part of the eEye philosophy to regularly engage in dialogue with other security leaders and the IT security community at large,” said Marc Maiffret, CTO, eEye. “As a speaker on the Network Security panel, I’d like to open communication around some simple, practical tactics that IT professionals can use to significantly improve the security of their organization.”
At the event, eEye will encourage SecureWorld Expo attendees to take advantage of several free, online resources that the company provides to the IT security community. Retina Community is a free vulnerability scanner for up to 32 IPs, now being used by nearly four thousand organizations. Zero Day Tracker provides a catalogue of the newest zero-day vulnerabilities, instructions for quick remediation, and a historical record of past vulnerabilities.eEye’s Vulnerability Expert Forum (VEF), hosted by Maiffret and the eEye Research Team, is a popular monthly webinar attended by hundreds of IT security professionals seeking insight and information on recently announced critical vulnerabilities from Microsoft and other software vendors.
eEye is participating in SecureWorld Expo’s “Dash for Prizes.” Attendees can register at the eEye Booth (313) throughout the two-day conference to win an Amazon Kindle and a $25 gift card. Winners will be announced during the last break of the conference on Wednesday, May 4. Attendees must be present to win.
About eEye Digital Security 
Since 1998, eEye Digital Security has made vulnerability and compliance management simpler and more efficient by providing the only unified solution that integrates assessment, mitigation, protection, and reporting into a complete offering with optional add-on modules for configuration compliance, regulatory reporting, and integrated patch management. eEye’s world-renowned research and development team is consistently the first to uncover critical vulnerabilities and build new protections into our solutions to prevent their exploit. Thousands of mid-to-large-size private-sector and government organizations, including the largest vulnerability management installations in the world, rely on eEye to protect against the latest known and zero-day vulnerabilities. More at eeye.com.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search