Understanding and Protecting Personally Identifiable Information (PII)
What is Pii? It is Personally Identifiable Information (PII), a term used in information technology sector to describe information about an individual that could potentially identify that person, such as a name, email address, street address, telephone number or social security number or other biometric data, number. The abbreviation PII pronounced pii is widely accepted, but the phrase it abbreviates has four common variants. Again PII can be any identifiable information however in accordance with Information Security arena these four distinctive characteristics should be protected and encrypted because used together can give up your identity.
- Full Name
- Birthdate,
- SSN,
- Address
Not a new term but it is increasingly growing awareness due to the amount of identity thefts. Also the internet has made it easier to collect PII through breaches of internet security, network security and web browser security, leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk or steal the identity of a person, or to plan a person’s murder or robbery, among other serious crimes.
As a response to these threats, many website privacy policies specifically address the collection of PII, and lawmakers have enacted a series of legislation to limit the distribution and accessibility of PII. Therefore when dealing with any or a combination of the four items listed above – be vigilant. Don’t share PII over the phone. Legitimate sources will understand your hesitancy about sharing the information.
Additional tips for maintaining PII:
Shred information that contains PII – do not throw in trash
Only share with people on a need to know basis. Don’t give this information out unless it is to appropriate sources – Doctor’s office, your financial institution.
Don’t carry around all your credit cards or Social Security Information. Keep them in a secure location that is water and fire proof.
Remember always protect your PII.
HOPE Number 9 will be taking place on July 13 to 15, 2012 at the Hotel Pennsylvania in New York City
HOPE Number Nine will be taking place on July 13, 14, and 15, 2012 at the Hotel Pennsylvania in New York City. H.O.P.E. stands for Hackers On Planet Earth, one of the most creative and diverse hacker events in the world. It’s been happening since 1994. Keynotes include William Binney and The Yes Men.
There are three scheduled speaker tracks. Talks begin at 10am Friday morning, July 13, and end Sunday evening with Closing Ceremonies.
Workshops and Hacker Space Village scheduling grids are available! Classes, workshops, and many hands-on experiences are scheduled, and there is still room for more. Visit the Call for Hackerspaces for more information, or to submit a proposal.
The HOPE Number Nine Speaker Schedule is available. Check out talk names, abstracts, and speaker biographies.
At every HOPE conference, we have a wide variety of vendors that are of interest to hackers. Do you have something to sell, exhibit, or otherwise share with attendees at HOPE Number Nine? We’re making available a limited number of tables for folks who want to be able to display or sell their wares. These tables will be located in a highly-trafficked area of the Penn Plaza Pavillion on the second floor of the hotel.
For HOPE Number 9, vendor tables cost:
$395 while tables are available – DEADLINE IS SUNDAY, JULY 8TH
Discounted rates are available for non-profit or personal projects.
Volunteer
Are you a HOPE veteran who wants to get more involved with the conference this year? Is this your very first HOPE conference and you have no idea what to expect?
You can help run the show! Get a new perspective on a conference you’ve attended and loved or show up with no direction at all and meet some really awesome people.
We’re looking for volunteers in the following areas:
- Setup: On Thursday, July 12th, we’re stringing cables, setting up lighting, audio, and video equipment, building art installations, and getting the conference ready for several thousand attendees. Being on the setup crew is a great way to meet organizers and other volunteers – both old regulars and brand new faces – and to get acquainted with the conference before it starts!
- Audio/Video: Our A/V gurus are seeking volunteers to operate sound boards, lighting consoles, projectors, and video cameras during the talks. Volunteers are needed to help set up the gear and to help maintain it over the course of the weekend.
- Information Desk: Lost? Volunteers are needed to help provide orientation and information to fellow attendees, as well as disseminate vital schedule and event updates.
- Special Ops: Things change, problems arise, and we need volunteers to be available to help solve these unforeseen problems and assist in other volunteer areas. Examples include errands-running, message passing, and filling in for other volunteers who need a brief break.
If you have a particular skill or interest and would like to get involved, or just want to know more, send an email to volunteers@hope.net. NO EXPERIENCE NECESSARY!
Microsoft Windows Ipv6 Router Advertisement Denial of Service
A denial of service vulnerability is present in some versions of Microsoft Windows. The vulnerability is specific to the Neighbor Discovery implementation in the IPv6 stack. Successful exploitation could allow an attacker to cause a denial of service crashing the system.
SecurityOrb Vulnerability Rating: HIGH
Common Vulnerabilities & Exposures (CVE) Link: CVE-2010-4669
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
First round of speakers selected for DerbyCon 2.0!
The first round of speakers have been selected for DerbyCon 2.0. For those that have submitted, we are only up to submissions sent up to May 23rd. If you did not receive an email, note that there are still several that are on the tentative list to being accepted. We will be going through the rest of the call for paper submissions within the next two weeks. Call for papers are still open! Submit yours!
Speakers selected thus far:
Deral Heiland
Brent Huston
Jason Frisvold
Chris Jenks
Stephen Haywood
Nicolle Neulist
Gus Fritschie and Nazia Khan
Eric Milam
Jamie Murdock
Bill Sempf
Nathaniel Husted
Daniel “unicornFurnace” Crowley and Chris Vinecombe
Rick Flores
Bill Gardner
Kellep Charles
Thomas Richards
Matt Weeks
Jerry Gamblin
Doug Burks
Bart Hopper
Benjamin Mauch
K.C. Yerrid (@K0nsp1racy) / Matt Jezorek (@MattJezorek) / Boris Sverdlik (@JadedSecurity)
Jason Gunnoe ({corefile}) and Chris Centore (signat)
Josh More
Matt Presson
Atlas of Doom
The original post can be found on here at DerbyCon’s website.
“Internet Doomsday” for some, Get rid of DNSChanger Malware Now!
July 9, 2012, has been dubbed “Internet doomsday” and there is a chance you will not be able to access the Internet on your personal computer due to a malware called DNSChanger Trojan.
DNSChanger malware infected Windows PCs, Macs and routers across the world and enabled the hackers to hijack victims’ Web traffic and reroute it to their sites for malicious purposes.
After the FBI, in “Operation Ghost Click,” busted the hackers last November, the FBI set up temporary servers to keep the computers infected with the Trojan temporarily online so users could clean them. They decided on July 9, those servers would be decommissioned.
To determine if your system is infected, go to:
For additional and detailed information go to:
http://www.dcwg.org/
Upcoming SANS Training Events
SecurityOrb.com offers a $150.00 discount on SANS training to our readers. Simply register for any SANS course using the following discount code: SecOrb_Connect ($150 off any SANS course in any format)
Upcoming Training Events including specific courses being taught:
SANS Virginia Beach 2012 is returning for two weeks of training August 20 -31.
http://www.sans.org/virginia-beach-2012
Students have the opportunity to take two full courses back-to-back in their chosen discipline, or join SANS for one week if that best fits their busy summer schedule.
Starting August 20 courses include:
· Security 575: Mobile Device Security and Ethical Hacking <http://www.sans.org/virginia-beach-2012/description.php?tid=5121> – New – with Joshua Wright
· Security 504: Hacker Techniques, Exploits & Incident Handling <http://www.sans.org/virginia-beach-2012/description.php?tid=243> (GCIH) with John Strand
· Forensics 508: Advanced Computer Forensic Analysis and Incident Response <http://www.sans.org/virginia-beach-2012/description.php?tid=5226> (GCFA) with Rob Lee
(Brand New – Relaunch in 2012!)
Starting August 26 and 27 courses include:
· Management 414: SANS® +S™ Training Program for the CISSP® Certification Exam <http://www.sans.org/virginia-beach-2012/description.php?tid=4956> (GISP) with Dr. Eric Cole
· Security 503: Intrusion Detection In-Depth <http://www.sans.org/virginia-beach-2012/description.php?tid=5176> (GCIH) with Mike Poor
· Management 512: SANS Security Leadership Essentials For Managers with Knowledge Compression™ <http://www.sans.org/virginia-beach-2012/description.php?tid=3327> (GSLC) with Stephen Northcutt
SANS Network Security 2012 – will be coming back to our Caesars Palace campus in Las Vegas, NV – Sept 16 -24
http://www.sans.org/network-security-2012
Students can choose from an outstanding lineup of more than 45 courses offering in-depth training in security, forensics, management, or coding and development.
Including the following courses:
· Security 501: Advanced Security Essentials – Enterprise Defender <http://www.sans.org/network-security-2012/description.php?tid=4017> (GCED) with Bryce Galbraith
· Security 560: Network Penetration Testing and Ethical Hacking <http://www.sans.org/network-security-2012/description.php?tid=1717> (GPEN) with Ed Skoudis
· Security 575: Mobile Device Security and Ethical Hacking <http://www.sans.org/network-security-2012/description.php?tid=5121> New with Joshua Wright
· Developer 522: Defending Web Applications Security Essentials <http://www.sans.org/network-security-2012/description.php?tid=4861> (GWEB) with Johannes Ullrich, Ph.D. Includes Free GWEB GIAC Cert attempt
· Developer 541: Secure Coding in Java/JEE: Developing Defensible Applications <http://www.sans.org/network-security-2012/description.php?tid=4497> (GSSP-JAV) with Frank Kim Includes Free GSSP-JAVA GIAC Cert attempt
· Forensics 508: Advanced Computer Forensic Analysis and Incident Response <http://www.sans.org/network-security-2012/description.php?tid=5226> (GCFA) with Rob Lee & Richard Salgado
(Brand New – Relaunch in 2012!)
SANS is the best and most trusted source for computer security training. SANS offers training through several delivery methods – live & virtual conferences, mentors, online, and onsite. SANS computer security courses are developed by industry leaders in numerous fields including network security, forensics, audit, security leadership, and application security. Courses are taught by real-world practitioners who are the best at ensuring you not only learn the material, but that you can apply it immediately when you return to the office. In addition to top-notch training, SANS offers certification via the ANSI accredited GIAC security certification program, as well as numerous free security resources including newsletters, whitepapers and webcasts.
SecurityOrb.com offers a $150.00 discount on SANS training to our readers. Simply register for any SANS course using the following discount code: SecOrb_Connect ($150 off any SANS course in any format)
