Hakin9 Magazine Exploiting Software: Hardening

Hakin9 Magazine is a very good Security oriented Magazine with subjects that go from compliance and technical to hands on information. Hakin9 Magazine has just released its 2012 Exploiting Software Edition (February/2012) Issue. This Exploiting Software month’s issue the magazine covers a lot of interesting articles, focused in Hardening of Java Applications Against AOP.

Here is a breafing of what you can find in it:

• Beyound Automated Tools and Frameworks: the shell code injection, by Craig Wright
• Tabnapping Attack:Hijacking Browser Tabs, by Abdy Martinez
• The Power of Exploitation Tools, by Wong Chon Kit
• Hardening of Java Applications Against AOP exploits, by Daniel Drozdzewski
• Enterprise Vulnerability Management, by Dennis Distler
• Using the Social Engineering Toolkit to Test Network Security, by Daniel Dieterle

Source: Hakin9 Magazine (Language: )

Hakin9 Magazine EXTRA Issue: Honeypots

Hakin9 Magazine is a very good Security oriented Magazine with subjects that go from compliance and technical to hands on information. Hakin9 Magazine has just released their first 2012 EXTRA Issue (February/2012) Issue. This EXTRA month’s issue the magazine covers a lot of interesting articles, focused in Honeypots.

Here is a breafing of what you can find in it:

• Honey Pots – the Sitting Duck on the Network, by Jeremiah Brott
• The Game of Giving Malware a Name, by Michael Boelen
• Proactive Network Defense through Simulated Network, by Roberto Saia
• Using Honeypots to Strengthen Network Security, by Harl Kosaraju
• Client Honeypots, by Michal Srnec and Miroslav Ludvik
• Detecting Malware with Honeyclients, by Davide Calali
• Exclusive Interview with Fred Cohen, by Nick Baronian

Source: Hakin9 Magazine (Language: )

Hakin9 Magazine EXTRA Issue: Cryptography

Hakin9 Magazine is a very good Security oriented Magazine with subjects that go from compliance and technical to hands on information. Hakin9 Magazine has just released their first 2012 EXTRA Issue (January/2012) Issue. This EXTRA month’s issue the magazine covers a lot of interesting articles, focused in Cryptography.

Here is a breafing of what you can find in it:

• Cryptography: The Strongest Link in the Chain, by Levente Buttyán and Boldizsár Bencsáth
• Combining Intrusion Detection and Recovery for Building Resilient and Cost-Effective Cyber Defense Systems, by Zsolt Nemeth and Arun Sood
• From the Theory of Prime Numbers to Quantum Cryptography, by Roberto Saia
• SSL/TLS PKI Issues, by Martin Rublik
• The Hash Function Crisis and its Solutions, by Bart Preneel
• Web App Cryptology: A Study in Failure, by Travis H.
• Quantum Key Distribution for Next Generation Networks, by Solange Ghernaouti-Hélie and Thomas Länger
• Securing Your vital Communications, by Paul Baker
• A Toolkit for SAT-based Cryptanalysis, by Pawel Morawiecki
• An Interview with Vadim Makarov, by Nick Baronian

Source: Hakin9 Magazine (Language: )

Hakin9 Magazine New Mobile Security Issue: You’re are Infected

Hakin9 Magazine is a very good Security oriented Magazine with subjects that go from compliance and technical to hands on information. Hakin9 Magazine has just released their first 2012 Mobile Security Issue (February/2012) Issue. The Hakin9 Mobile Security is focused in the market of Mobile Security.. This month the magazine covers a lot of interesting articles, focused in Infection.

Here is a breafing of what you can find in it:

• The Mobile Wallet and E-Commerce Payment Systems: Ensuring Seamless Security and Mobility, by Carla Hough
• Tag: You’re Infected, by Tim Klup
• Pentest iOS Tools, by Juan Manual Altamirano Argudo
• Cyberwar: Defending a Country, by D. David Montero Abuja
• Lawful Interception on Mobile Telecom Service, by Ted Chao
• The Line That Matters, by Abhinav Chourasia
• Interview with Bryan Sullivan and Vincent Liu, by Aby Rao

Source: Hakin9 Magazine (Language: )

Security Magazine January Issue Released

Here is a breafing of what you can find in it:

• Beyond the Box: Security That Works, 
• Social Media, Mobility and the Future of Security Convergence,
• Overcat but Clearing as the Cloud Comes to Security,
• Breaking Boundaries: New Directions in Visual Data,
• Under Analysis, Making Business Sense of it All,
• Trends – 2012 Prediction: The Year of FDSACC, by Mark McCourt
  
• Leadership & Management: Running Security Like a Business, by Marleah Blades
  
• Surveillance Strategies, Video Analytics: Basic and Advanced Market Potential, by Keven Marier
• Access & ID, Automate and Delegate, by Joel Jensen
• Zalud Report, Whose Reputation?, by Bill Zalud
• Security Talk, by Diane Ritchey
• Global News & Analysis,
• Education & Training, Leadership Behaviors to Drive Innovation in Security Organizations, by Nalaie Runyon,
• Industry Innovations,
• Ad Index / Calendar of Industry Events

Source: Security! Magazine (Language: )

Magazine

Hakin9 First January 2012 Issue: SQL Injection

Hakin9 Magazine is a very good Security oriented Magazine with subjects that go from compliance and technical to hands on information. Hakin9 Magazine has just released their first 2012 Issue (January/2012) Issue. This month the magazine covers a lot of interesting articles, focused in SQL Injection.

Here is a breafing of what you can find in it:

• Latest News From IT Security World, by Schuyler Dorsey, eLearnSecurity and ID Theft Protect
• Practical Client Side Attacks, by Julio Gómez Ortega
• OpenSSH Good Practices, by Leonardo Neves Bernardo
• Cyberwar: Defending a Country, by D. David Montero Abuja
• Social Network Security part 1 & 2, by Rolando Koch and Steffen Wendzel
• The Most Dangerous Attack Of Them All, by Gautam
• Why Can’t Online Banking Be Like Facebook? , by Drake
• Secure your DNS, by Mervyn Heng
• Interview with Gord Boyce, by Aby Rao

Source: Hakin9 Magazine (Language: )

Pentest Magazine New January 2012 Issue

Pentest Magazine is a very good Pentesting Oriented Security Magazine with subjects that go from compliance and technical to hands on information. Pentest Magazine has released their January/2012 Issue. This month the magazine covers a lot of interesting articles.

Here is a breafing of what you can find in it:

• Mastering the Behavioral Techniques for Quick Rapport and Elicitation, by Robin Dreeke
• Primer on Priming, by Eric Maxwell
• Neuro-Linguistic Hacking, by Chris Hadnagy
• The Power of the Ultimate Social Engineer, by Chris Hadnagy
• Selling Social Engineering Services, by James O’Gorman
• The Top Five Social Engineering Mitigation Tips, by Chris Hadnagy
• Web SQL Injection, by Dhananjay Garang
• Social Networks. Are They Safe ? by Rishi Narang
• Penetration Testing Projects. Memory Traces of Last 5 Years, by Mrityunjay Gautam
• Securing the Report of a Pen Test, by Dean Bushmiller
• Interview with Robin Dreeke, by Shane MacDougall
• Interview with Chris Hadnagy, by A Rao

Source: Pentest Magazine (Language: )

You Sh0t the Sheriff Security Conference 2012, Brazil

After 5 very successful editions YSTS is proud to anouce their 6th edition of the you Sh0t the Sheriff security conference and are sending this off so you send them the coolest stuff you’ve been working on. The conference will happening on May, 7th, 2012 in Sao Paulo, Brazil. This is your chance to speak about that cool research you’ve been working on, to those whom matter in the Brazilian Information Security realm.

About the Conference:

you Sh0t the Sheriff is a very unique, one-day, event dedicated to bringing cutting edge talks to the top-notch professionals of the Information Security Community in Brazil.

The conference’s main goal is to bring the attendees to the most up-to-date state of the information security world by mixing professionals and topics from different Infosec segments of the market.

YSTS is a very exclusive, mostly invite-only security con. Getting a talk accepted, will, not only get you to the event, but after you successfully present your talk, you will receive a challenge-coin that guarantees your entry to YSTS for as long as the conference exists.

Due to the great success of the previous years’ editions, yes, YSTS is keeping the same format:

• YSTS 5 will be held at an almost secret location only announced to whom it may concern a couple of weeks before the con;
• The venue will be, most likely, a very cool club or a bar (seriously, see pictures);
• Appropriate environment to network with great security folks from Brazil and abroad;
• Since it’s a 1 day con with tons of talks, we provide to everyone coffee, lunch and booze;

Conference Format:

Anything Information Security related is interesting for the conference, although we strictly do not accept commercial/product-related pitches. Keep in mind though, this is a one-day conference, we receive a lot of submissions, so please do your best in sending new / coolest research.

Just in case you need some ideas, some of the topics in security that could be interesting to YSTS:

•  Mobile Devices;
• Social Networking Threats;
• Embedded Systems;
• Social Networking and Client-Side Techniques;
• Red Team Techniques;
• Inside Jobs Detection / Techniques;
• Operating Systems;
• Career & Management topics;
• (cool and useful) Information Security Policies;
• Privacy in the Digital World;
• Messing with Network Protocols;
• 802.11 Wireless and any RF related stuff for that matter;
• Authentication;
• Incident Response Stories and Policies;
• Information Warfare;
• Malware / Botnets;
• DDoS Evolution or Stories;
• Secure Programming;
• Hacker Culture;
• Application Security;
• Virtualization;
• Database Security;
• “the” Cloud;
• Cryptography;
• System Weaknessess;
• Infrastructure and Critical Systems;
• Reverse Engineering;
• Social Reverse Engineering;
• Reversing Social Engineering;
• Caipirinha and Feijoada Hacks;
• and everything else information security related that our attendees would enjoy, the coolest/different/most creative submissions win, keep that in mind;

YSTS does like shorter talks, so, please submit your talks and remember they must be 30 minutes long. (yes, YSTS does strictly enforce that)

YSTS’s also opened to some 15-minute talks, some of the smart people around might not need 30 minutes to deliver a message, or it might be a project that has been just kicked-off. 15 minutes might be your thing and that’s nothing to be ashamed about.

you Sh0t the Sheriff is the perfect conference to release your new projects, other people have released very cool research before they presented it at the bigger cons.

And yes, we do prefer new hot-topics and, yes, “first-time”speakers are more than welcome.

If you got good stuff to speak about, that’s all that matters.

Speaker Privileges:

That applies only to the 30 minute-long talks:

• USD$ 1,000.00 to help covering travel expenses for international speakers;
• Breakfast, lunch and dinner during conference;
• Pre-and-post-conference official party (and the unofficial ones as well);
• Auditing products in traditional Brazilian barbecue restaurants;
• Life-time free admission for all future YSTS conferences (yes, if you’ve spoken before at YSTS, you have your free-entry guaranteed, just buy them a beer (they are saying that, not me …), wait, it’s free anyways, isn’t it?)

CFP Important Info (aka: what does YSTS need from you):

Each paper submission must include the following information:

• Abstract/Presentation Title;
• Summary or abstract for your presentation;
• Your Name, company/title, address, email and phone/contact number;
• Short biography and qualification;
• Speaking experience;
• Do you need or have a visa to come to Brasil ?;
• Is it a 30 minute or a 15 minute talk ?
• Technical requirements (others thatn LCD Projector);
• Other publications or conferences where this material has been or will be published/submitted;

Very Important Dates:

Final CFP Submission – February 26th, 2012
Final Notification of Acceptance – March 26th, 2012
Final Material Submission for accepted presentations – May 3rd, 2012

All submissions must be sent via email, in text format only to: cfp@ysts.org

Important Contact Information:

Paper Submissions:        cfp@ysts.org
General Inquiries:        b0ard@ysts.org
Sponsorship Inquiries:    sponsors@ysts.org

Other Stuff:

Website www.ysts.org
YSTS 5 video clip http://tinyurl.com/ysts5clip
Pictures of last con http://tinnyurl.com/ysts5pix1
Video channel http://ysts.blip.tv/
Twitter @ystscon
Official twitter hashtag #ystscon

Source: You Sh0t the Sheriff Security Conference 2012, Brazil (Language: )

CHMag ClubHACK Magazine’s Issue 23 (December) released

ClubHACK Magazine is a very good Indian Security Magazine, it has released their 21th (October 2011) Free Issue. This month the magazine covers a lot of interesting articles.

Here is a breafing of what you can find in it:

• Tech Gyan – GSM
• Tool Gyan – Echo Mirage
• Mom’s Guide – OWASP Mobile Security Project
• Legal Gyan – Reasonable Security Practices under IT Act,2008
• Matriux Vibhag – Forensics – Part III
• Poster – Mobile Warfare

Direct Download: http://chmag.in/issue/dec2011.pdf

 By the way ClubHack is also on social networks:

Facebook: http://facebook.com/clubhack
Twitter: http://ww.twitter.com/clubhack

Source: ClubHACK Magazine (Language: )

HITB Security Conference 2012 Amsterdam

HITBSecConf series is a deep-knowledge technical conference. Talks that discuss new and never before seen attack and defense methods are of more interest than a subject that has been covered several times before. Summaries not exceeding 1250 words should be submitted (in plain text format) to us through our online CFP system for review and possible inclusion in the programme.

Topics:

Topics of interest include, but are not limited to the following:

• Cloud Security
• File System Security
• 3G/4G/WIMAX Security
• SS7/GSM/VoIP Security
• Security of Medical Devices
• Critical Infrastructure Security
• Smartphone / MobileSecurity
• Smart Card and Physical Security
• Network Protocols, Analysis and Attacks
• Applications of Cryptographic Techniques
• Side Channel Analysis of Hardware Devices
• Analysis of Malicious Code / Viruses / Malware
• Data Recovery, Forensics and Incident Response
• Hardware based attacks and reverse engineering
• Windows / Linux / OS X / *NIX Security Vulnerabilities
• Next Generation Exploit and Exploit Mitigation Techniques
• NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security

Please note:

HITB do not accept product or vendor related pitches. If you would like to showcase your company’s products or technology, please contact us for further participation opportunities.

More information about the conference can be found at the official HITB 2012 Conference Amsterdam website at http://cfp.hackinthebox.org/

Source: HITB 2012 Conference Amsterdam (Language: )