04 Dec Hot Topic in Icy Country Marco
02 Sep Lab Matters - Kaspersky Academy - a platform for connection Ryan Naraine
20 May Hack in The Box Security Conference 2011 Amsterdam / NL Stefan Ortloff
18 Apr Infiltrate 2011 and Offensive Security Kurt Baumgartner
11 Jan Techfest Mumbai 2011 Costin Raiu
18 Dec Last minute shopping - keep safe! Dmitry Bestuzhev
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
These days Passwords^12 is taking place in Oslo - a conference only dedicated to passwords and pin codes. With temperatures around -15 degrees (Celsius) outside, in the conference rooms of the University in Oslo, Department of Informatics, talks by well known security experts are given.
Every day you use passwords. While logging on to your computer, smartphone or tablet, accessing your emails or your social network site and also for online banking and online shopping. Recent database breaches of user logins show that there is a high demand for more security in this area. During these days talks and discussions only care about this.
Kaspersky Lab is paying a lot of attention to IT security education & literacy development sharing its knowledge & experience actively through its educational program "Kaspersky Academy" which offers unique opportunities for students & young professionals to improve their knowledge of IT security, gain new experience and communicate with industry experts, realize their scientific potential as well as get exciting career opportunities & open the door to the professional world of IT security. Ram Herkanaidu, educational manager, is telling about academic initiatives of the company.
Since yesterday I've been attending the annual Hack-in-the-Box Quad-Track Security Conference in Amsterdam/NL. There's a very nice and open atmosphere here at the conference, besides the beautiful city of Amsterdam.
First, Joe Sullivan (CSO at facebook), held a very interesting keynote about the development of security innovations at facebook. For him innovation is „these hacking culture, we think about each day at facebook“. After explaining some of the newer security innovations (https-only, login notifications, login approvals [if e.g. geo-location of a user is suspicious], recognized devices, recent activity) he talked about the recent fb-scams with malicious scripts. „No one would do that, copying and pasting a script into the browser! - Yes, they do...“, he said.
Also a remarkable talk I attended was about binary planting, given by Mitja Kolsek (CTO at ACROS Security). In "Binary Planting: First Overlooked, Then Downplayed, Now Ignored" Mitja also showed a new method he called "advanced binary planting", which uses a feature from Windows' special folders (like control panel, printers, etc.) and clickjacking to make it possible to own the users' computer.
In the winter garden of the conference hotel there's a technology showcase area. Hackerspaces from all over Europe and the Netherlands are showcasing their projects here. There also is a capture-the-flag competition happening, a lock-picking and (sponsor) companies-showcase.
For more informations please see the conference website.
Security researchers from around the world are digesting the weekend's fare at Infiltrate2011, organized by security outfit Immunity. "No policy or high-level presentations, just hardcore thought-provoking technical meat" was promised, and presenters served it up sizzling.The sessions folded in a variety of topics slicing up current offensive security issues with some defensive interest mixed in. Discussions spread from technical wizardry attacking hardened linux kernels to general network exploration and reconnaisance. Infiltrate2011 itself follows somewhat on the Blackhat/Defcon conference model, but reduces the corporate marketing at those conferences. The peer reviewed set of presentations and research sponsored by one of the best known offensive security/penetration testing groups in the business sets the bar high and undistracted for the level of technical content. The final agenda is listed here.
The holidays are nearly here! If you're still searching for the final perfect present, and are thinking of buying online, here's a few practical tips to help keep your last-minute purchases secure:
Using the virtual keyboard prevents Trojans from stealing information which you enter via the keyboard or other input device.
The address bar should have an ‘https’ string before the page address.
Remember - NEVER shop on a page which doesn’t have ‘https’ in the address bar:
or if the padlock is open or broken, or if you get a warning regarding the digital certificate of the page you’re on!
Wishing you safe online shopping and happy holidays!
Following on from last Wednesday's post - if you're interested in attending our Malware Defence Workshop (which includes puzzles like the one shown above!), do contact us on malwaredefence [at] kasperskylab.co.uk and we'll send you a schedule.
Over here in the UK we're launching our Malware Defence Workshop. If you're responsible for corporate security, developing security strategies, or keeping your company network free of malware, this workshop is for you.
We're offering a mix of theoretical, practical and demonstration sessions to give an insight into how malware works – in a secure, risk-free environment.
Topics range from how malware has developed over the years, through propagation methods, Trojans, botnets, ransomware and mobile malware. There'll be sessions on evaluating security solutions, and what the future may hold.
We'll be running the workshop regularly, so if you're interested in meeting malware face-to-face, do contact us for more details.
Roel recently posted about user education. Last week I co-moderated a discussion workgroup at Net Focus UK on 'Building and managing an effective IT security training and awareness program'. I thought I'd share some of the key points that came out of the discussions on the subject of staff awareness as part of an overall security strategy.
Yesterday I took part in a symposium organized by "De Consumentenbond", the Dutch consumer organization.
One of the goals was to get security professionals and users to mingle, which was quite educational for both groups. I certainly encountered some terms that weren't familiar to me, such as "trojan virus" as well as a number of Dutch terms.
It’s clear that some of these terms are being used to simplify security issues, making it easier for end users to get to grips with the topic. But I'm not sure that it will make things easier - not only were some terms translated into Dutch, while others were left in English. When a user wants to search for additional information on a topic, s/he will come up empty handed, as security companies aren’t using these terms.
It's clear that user education is in some ways similar to malware classification - efforts still have to be made in terms of co-ordination and terminology.