SecurityOrb Blog Station

Apple’s iPad Security Concerns Consumers should be Aware of…

Posted using ShareThis

Cyber ShockWave Aftermath: Is the U.S. Ready for a Cyber-Attack?

Posted using ShareThis

Cyber ShockWave: Simulated Cyber-Attack on the U.S. Government being conducted in Washington, D.C.

Posted using ShareThis

The Bipartisan Policy Center (BPC) will host Cyber ShockWave, a simulated cyber attack on the United States government February 16, 2010.  This should not be a surprise and is very necessary at this time especially with all the recent sophisticated cyber-attacks that has been in the news lately.

We at SecurityOrb.com feel exercises such as these simulated cyber-attacks should be conducted more often and if possible with the assistance of other countries as well.  The federal government has staged fake cyber-attacks before and many organizations do so as part of their incident response preparedness.  In fact, Booz Allen Hamilton ran a cyber warfare simulation in 2008, with representatives from both the government and private sector.

PRNEWSWIRE.com stated in there website, “Following the simulation, there will be a post-event discussion with the participants and partners to discuss what the U.S. government can do to avoid a real-world cyber attack of this magnitude and what can be learned from the exercise”.

We think the results should provide real world viable information about how to handle an actual event and some usable lessons to aid in future policy and defense of a real attack.

Black Hat DC was another success this year, with many interesting topics and speakers. The turnout, while still not at the Las Vegas levels, appeared to have grown over last years’ conference. I’m not one to build my own hardware equipment, other than my own PCs and The Big Picture track was a little too broad for my taste, so I spent the bulk of my time on Day 1 attending lectures under the Application Security track. Of all the presentations, I found the “Neat, New, and Ridiculous Flash Hacks” to be the most current and interesting topic. With the use of Flash becoming more and more popular and the recent issues that Adobe has had, it seems to be the target of several attacks. The demonstration of working attacks on popular websites was scary to say the least.

Day 2 found me staying mainly with Application Security; I did make a few stops in the Forensics and Privacy track, not venturing to attend any of the Metasploit briefings. Litchfield, as usual, didn’t disappoint. His presentation on penetration testing techniques and a new Oracle bug was very informative. Since I’m a big fan of my iPhone; I also found the iPhone Privacy presentation to worry me a great deal, including his proof of concept for spyware applications on the iPhone. Lastly, the section on “Why Black Hats Always Win” was right on point, the observations on “White Hats” versus “Black Hats” hit many key errors that separate the two. The debates here are endless and probably could have a whole conference dedicated to the subject. As for me, I think it will be an endless battle, just like good and evil, you can’t have one without the other.

Finally, the location was ok this year and the Hyatt Regency supported the event well, but I would have been happier if the event was in DC and not Crystal City. All in all, Black Hat 2010 was another great success.

The Call for Papers for CSI SX 2010 is now open. Submissions are due by March 17, 2010. CSI SX 2010, taking place May 26-27, 2010 in San Francisco will address the challenges of managing security in an increasingly mobile business environment and show organizations how to stay secure while increasing business agility. Through extensive demos, engaging presentations and innovative analysis, CSI SX will add value not just to security programs, but to entire organizations.

We are searching for security professionals, business leaders and technology providers who are eager to share best practices, case studies and new solutions to the security challenges facing modern organizations. The conference will focus on the following key issues:

We invite you to submit and become a part of this select crowd. The deadline for submissions is March 17, 2010. Speaking proposals will be considered by completing this submission form.

For more information on speaking at CSI SX 2010, contact Dina-Marie Nicovic at DinaMarie.Nicovic@ubm.com. For sponsorship and exhibiting opportunities, contact Nadine Schwartz at Nadine.Schwartz@ubm.com.

Regards,
Dina

Dina-Marie Nicovic
Sr. Conference Manager, Computer Security Institute

Stay connected to CSI:

Very interesting article from Forbes.com on the upcoming FOSE expo.  I am particualarly interested on the vendors.  That is always a good way to see how good the conference will be.  It seems even Apple, Inc. will be making a first time appearance at FOSE and this seems confirms their desire and commitment to leverage its products in the government sector.

http://www.forbes.com/feeds/businesswire/2009/12/09/businesswire132606511.html

Google and NSA Teams Up, But What About Our Privacy?

Posted using ShareThis

The Electronic Privacy Information Center (EPIC) based in Washington, DC has filed a request for information on reports of Google’s plan to partner with the U.S. National Security Agency to assist in analyzing a recent cyber-attack that allegedly originated from China in January of 2010. Furthermore, Google will look to partner with the NSA to better understand how and who breached its network and for recommendations on how to better protect its network and users from future cyber attacks. This proposed agreement between Google and the NSA has sparked some controversy.

Read More Here

.