Chairman and CEO
From the folks at Attrition and the DatalossDB.
---------- Forwarded message ----------
From: security curmudgeon <jericho@attrition.org>
Date: Aug 12, 2009 4:22 PM
Subject: Follow-up: Heartland CEO on Data Breach: QSAs Let Us Down
To: dataloss-discuss@datalossdb.org, dataloss@datalossdb.org
http://www.csoonline.com/article/499527/Heartland_CEO_on_Data_Breach_QSAs_Let_Us_Down
Heartland CEO on Data Breach: QSAs Let Us Down
Cooperative Cyber Defence Centre of Excellence
Conference on Cyber Warfare
June 17-19, 2009
Tallinn, Estonia
www.ccdcoe.org
Jaak Aaviksoo, Estonian Defence Minister
Opening Remarks
KEYNOTE
Thanks!
t
____________________
Timothy (Thor) Mullen, Ph.D.
CEO, H4RDW4RE, LLC
thor@h4rdw4re.com
www.h4rdw4re.com
831.706.7712 (Cell)
831.708.THOR (gVoice)
#####
Greetings from the Cooperative Cyber Defence Centre of Excellence (CCD CoE) in Tallinn, Estonia!
Registration is now open for the CCD CoE Conference on Cyber Warfare, which will take place at the Estonian National Theater on June 17-19, 2009.
Following a worldwide Call for Papers, there will be 29 presentations given by researchers from 13 countries. Highlights include:
• Jaak Aaviksoo, Estonian Defence Minister
• Information Warfare Monitor: Tracking GhostNet: Investigating a Cyber Espionage Network
14.) Job De Haas (Riscure)
15.) Julien Tinnes (Information Security Engineer, Google Corp)
16.) Justin Lundy (Founder & CEO, Subterrain)
17.) Lee Chin Sheng (Independent Network Security Researcher)
18.) Lucas Adamski (Director, Security Engineering, Mozilla Corp)
CFP COMMITTEE
The Call for Papers committee for SyScan’08 comprises of the following
personnel:
1. Thomas Lim – Organiser of SyScan and CEO of COSEINC
2. Dave Aitel – Founder and CTO of Immunitysec
3. Marc Maiffret – Ex-Founder and Chief Hacking Officer of eEye
4. Matthew “Shok” Conover – Symantec
The CFP committee will review all submissions and determine the final
CFP COMMITTEE
The Call for Papers committee for SyScan’08 comprises of the following
personnel:
1. Thomas Lim – Organiser of SyScan and CEO of COSEINC
2. Dave Aitel – Founder and CTO of Immunitysec
3. Marc Maiffret – Ex-Founder and Chief Hacking Officer of eEye
4. Matthew “Shok” Conover – Symantec
The CFP committee will review all submissions and determine the final
By Inferno (inferno {at} securethoughts {dot} com)
Everyone knows the invaluable XSS cheat sheet maintained by "RSnake". It is
all about breaking things and features all the scenarios that can result in
XSS. To complement his efforts, there is an excellent XSS prevention cheat
sheet created by "Jeff Williams" (Founder and CEO, Aspect Security). As far
as I have seen, this wiki page provides the most comprehensive information
on protecting yourself from XSS on the internet. It advises using the OWASP
ESAPI api to mitigate any XSS arising from untrusted user input.
I was evaluating this ESAPI api and the recommendations given on the wiki to
***
Sincerely,
Joanna Rutkowska
CEO (and Head of PR:)
Invisible Things Lab
http://invisiblethingslab.com/
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
Justin Lundy (Founder & CEO, Subterrain) was replaced by Fyodor Yarochkin & The Grugq. Sorry about that Fyodor! :D
---
Hafez Kamal
HITB Crew
Hack in The Box (M) Sdn. Bhd.
Suite 26.3, Level 26, Menara IMC,
No. 8 Jalan Sultan Ismail,
50250 Kuala Lumpur,
Malaysia
Thanks.
t
____________________
Timothy (Thor) Mullen, Ph.D.
CEO, H4RDW4RE, LLC
thor@h4rdw4re.com
www.h4rdw4re.com
831.706.7712 (Cell)
831.708.THOR (gVoice)
t
____________________
Timothy (Thor) Mullen, Ph.D.
CEO, H4RDW4RE, LLC
thor@h4rdw4re.com
www.h4rdw4re.com
Some of our security advisories were already covered by the local press
from NL:
http://www.tehtri-security.com/en/press.php
The HITB crew have put slides of our conference on their web site:
http://conference.hitb.org/hitbsecconf2010ams/materials/D1T1%20-%20Laurent%20Oudot%20-%20Web%20in%20the%20Middle.pdf
If you want to get more details & technical secrets from
TEHTRI-Security, feel free to join us "in real life" during our next
trainings sessions & talks, or feel free to contact us for specific
Sent to mailing list without permission :
Oracle 0xDEADF00D
Alexander Kornbrust, CEO of Red Database Security GmbH and Oracle Database security expert noticed that Oracle recently released their Oracle Database 11g for Linux with a new password hashing algorithm. They do so, to improve security by introducing case-sensitive passwords in the year 2007! Alex asked us to figure out what kind of cryptographic algorithms and methods are actually used, because he'd like to update his Oracle Security Scanner.
We did, regardless of the expected nightmares, Fear and Laughing in Oracle.
Since Oracle is shipped as closed software and releases will be provided as binary/executable program only, we analyzed the Linux ELF binary executable files, because a windows version of Oracle 11g seems to be not released yet.
did not confirm whether subsequent/future releases [will] address the problem.
History
2009-11-02 Open source distributions for Enomaly ECP removed from Internet.
2010-01-06 Email request for open source code Enomaly ECP code denied by CEO.
2010-02-03 Public discussion of vulnerability, verified in current source.
2010-02-03 Strategic Advisor & Board Member claims "Many of the items have
been addressed in [Service Provider Edition and soon to be released High
Assurance] editions. We will review your comments above for future inclusion
into our product road map". Fails to identify which issues remain.
atmosphere, allowing all participants to enjoy themselves whilst
expanding their knowledge on information security. This is a
single-track conference.
*SyScan’08 HONG KONG*
To address the increasing importance of information security in Hong
Kong, SyScan will be going to Hong Kong in 2008.
SyScan’08 Hong Kong will provide an opportunity for foreign security
specialists to be exposed to the Hong Kong security community and
collaborate on practical solutions to computer security issues.
*CFP COMMITTEE *
The Call for Papers committee for SyScan’10 comprises of the following
personnel:
1. Thomas Lim – Organiser of SyScan and CEO of COSEINC
2. Dave Aitel – Founder and CTO of Immunitysec
3. Marc Maiffret – Ex-Founder and Chief Hacking Officer of eEye
4. Matthew “Shok” Conover – Symantec
The CFP committee will review all submissions and determine the final
- A global analysis of fingerprints left by attackers during each step
of a web attack (backdoors, bounces...) and how to detect them
See you soon at HITBSecConf Dubai...
Laurent OUDOT, founder & CEO of TEHTRI-Security, "/This is not a game./"
http://www.tehtri-security.com
is
all about breaking things and features all the scenarios that can result
in
XSS. To complement his efforts, there is an excellent XSS prevention
cheat
sheet created by "Jeff Williams" (Founder and CEO, Aspect Security). As
far
as I have seen, this wiki page provides the most comprehensive
information
on protecting yourself from XSS on the internet. It advises using the
OWASP
CFP COMMITTEE
The Call for Papers committee for SyScan’08 comprises of the following
personnel:
1. Thomas Lim – Organiser of SyScan and CEO of COSEINC
2. Dave Aitel – Founder and CTO of Immunitysec
3. Marc Maiffret – Ex-Founder and Chief Hacking Officer of eEye
4. Matthew “Shok” Conover – Symantec
The CFP committee will review all submissions and determine the final
‣ Morgan Marquis-Boire ; Security-Assessment.com ; New Zealand
‣ Neelay S. Shah ; Foundstone Inc., A Division of McAfee ; USA
‣ Paolo Perego ; Spike Reply srl, Owasp Orizon Project leader ; Italy
‣ Peter Panholzer ; SEC Consult Unternehmensberatung GmbH ; Austria
‣ Rafael Dominguez Vega ; MWR InfoSecurity ; UK
‣ Saumil Udayan Shah ; CEO, Net-Square ; India
‣ Scott Lambert, Jason Geffner ; Microsoft, NGSSoftware Ltd. ; USA
‣ Sharon Conheady ; Ernst & Young ; UK
‣ Shreeraj Shah ; Blueinfy Solutions ; India
‣ Simon Roses Femerling ; Microsoft ; Spain
‣ Stefan Schumacher ; Kaishakunin.com ; Germany
*CFP COMMITTEE *
The Call for Papers committee for SyScan’10 comprises of the following
personnel:
1. Thomas Lim – Organiser of SyScan and CEO of COSEINC
2. Dave Aitel – Founder and CTO of Immunitysec
3. Marc Maiffret – Ex-Founder and Chief Hacking Officer of eEye
4. Matthew “Shok” Conover – Symantec
The CFP committee will review all submissions and determine the final
CFP COMMITTEE
The Call for Papers committee for SyScan’09 comprises of the following
personnel:
1. Thomas Lim – Organiser of SyScan and CEO of COSEINC
2. Dave Aitel – Founder and CTO of Immunitysec
3. Marc Maiffret – Ex-Founder and Chief Hacking Officer of eEye
4. Matthew “Shok” Conover – Symantec
The CFP committee will review all submissions and determine the final
services and who asked for assistance by also sharing some logs and some
blackhat tools that they caught when they were under attack. If you have
such web security issues, do not hesitate to contact us, so that we can
help and assist you with our innovative technologies or our trainings.
Laurent OUDOT, Founder and CEO of TEHTRI-Security
http://www.tehtri-security.com
Next public confirmed event worldwide :
- SyScan Singapore (SG), June, Speakers "Striking back web attackers" (
http://www.syscan.org/Sg/ )
Best regards,
Take care.
Laurent OUDOT - "TEHTRI-Security, This is not a game."
CEO & Founder of TEHTRI-Security
http://www.tehtri-security.com/
*CFP COMMITTEE *
The Call for Papers committee for SyScan’09 comprises of the following
personnel:
1. Thomas Lim – Organiser of SyScan and CEO of COSEINC
2. Dave Aitel – Founder and CTO of Immunitysec
3. Marc Maiffret – Ex-Founder and Chief Hacking Officer of eEye
4. Matthew “Shok” Conover – Symantec
The CFP committee will review all submissions and determine the final
|
