Mobile Device Security Summit 2013 (Anaheim, CA)
20 Dec 2012 Hadi Syahrial
This looks like a great event.
http://www.sans.org/event/mobile-device-security-summit-2013
This looks like a great event.
http://www.sans.org/event/mobile-device-security-summit-2013
In many countries, its the time of the year you can make tax deductible donations to support your favorite charity and non-profit organization. Id like to ask you to consider donating to the Honeynet Project this year. The Honeynet Project is a 501c3 non-profit organization (EIN: 36-4460128) that - over the past decade - learned the tools, tactics and motives involved in computer and network attacks, and shared the lessons learned with the public. Along the way, we have authored and published many open-source tools to capture & analyze attacks. If you would like to support the cause, please donate.
Over the last few weeks I’ve basically rewritten the core of Ghost, our system for USB malware detection. While the new approach promises to be much more effective, it has a drawback: It only works for Windows Vista and later systems. As a consequence, there are now two flavors of Ghost in existence: One supports Windows XP but won’t receive much further development, whereas a lot of interesting new features will be implemented for the other one, which is dedicated to Vista and later. In this post, I’m going to explain the reasoning behind the decision, describe the recent technical advances and outline some of our plans for the future.
This is a response to a CSO Online blog post by Jeff Bardin ("Caution: Not Executing Offensive Actions Against Our Adversaries is High Risk," November 2012.), which is a rebuttal to a blog post by Jody Westby on Forbes online (“Caution: Active Response to Cyber Attacks Has High Risk.”) Mr. Bardin is obviously playing on words in the title and I seriously doubt he believes that it is higher risk to not take aggressive actions than is to do so. His post does not contain a reasoned proposal for how to change or work within existing legal and ethical norms to allow aggressive actions directed at computer network attackers. It is instead a strident endorsement of a vaguely defined “new approach” of counter-attack using simplistic arguments based on emotion and a desire for retribution (an unethical position to take), lacking sufficient discussion of appropriate “rules of engagement,” principle-based ethical justifications of any type beyond basic “right of self-defense” arguments, and including no oversight mechanisms to minimize the potential for abuse or collateral damage. This response is quite long, including not only Mr. Bardin’s own words for context but also many references to materials apropos to the topic that Mr. Bardin does not provide in his post.
ORGANIZATION
Active members: - Sébastien Tricaud - Guillaume Arcas - Anthony Desnos - Franck Guénichot - François-René Hamelin - Christophe Grenier
DEPLOYMENTS We have following technologies deployed:
- Kippo on honeycloud. Goal of this deployment is to provide a centralized instance of Kippo & share findings, logs, collected data. - HoneyProxy on honeycloud. - Honeeebox
RESEARCH AND DEVELOPMENT
* New tools => HoneyProxy as part of GSoC 2012. => FAUP (formerly furl) => OpenNormalizer => PhotoRec/TestDisk => A.R.E. / AndroGuard
The UK Chapter’s annual status report for 2011/2012 has been published at http://www.ukhoneynet.org/2012/12/04/uk-honeynet-project-chapter-annual-status-report-for-20112012/.
ENISA (The European Network and Information Security Agency) under the leadership of CERT Polska has published report on honeypots. Its a hands-on guide on the various honeypot technologies out there looking at various operational aspects, such as extensibility, reliability, ease of deployment, etc. If you are considering running a honeypot, this is a must read! Check it out at http://www.enisa.europa.eu/media/press-releases/new-report-by-eu-agency-enisa-on-digital-trap-honeypots-to-detect-cyber-attacks. Great job, ENISA!
2013 HONEYNET PROJECT ANNUAL WORKSHOP
10-12 FEBRUARY 2013 IN DUBAI, UAE
DUBAI, 26 NOV 2012: This three-day event features an exceptional collection of international security professionals presenting the latest research tools and findings in malware analysis. The twelfth annual workshop will be held at The Address Dubai Mall Hotel on the 10th through 12th of February, 2013, with sponsorship and support from the UAE Honeynet Project chapter, United Arab Emirates Computer Emergency Response Team (aeCERT), and the Pakistan Honeynet Project chapter. The workshop includes one full day of briefings and two full days of hands-on tutorial trainings. Founded in 1999, The Honeynet Project is a non-profit international research organization dedicated to improving the security of the Internet at no cost to the public.
ORGANIZATION
Faiz Ahmad Shuja is founder and chapter lead of Pakistan Chapter and an active member since 2003. He is responsible for the management and maintenance of HP infrastructure as Chief Infrastructure Officer.
Muhammad Omar Khan is an active member and assists in various Honeynet deployment efforts.
Rehan Ahmed is our active member. He assists in the management of Pakistan chapter and HP infrastructure.
Omar Khan has been involved in attacks analyses and reporting.
ORGANIZATION
• Brian Hay (Chapter Lead, Full Member)
• Kara Nance (BoD Member, Full Member)
• Chris Hecker
• Clark Harshbarger
• Matt Bishop
• Wesley McGrew
• Lucas McDaniel
DEPLOYMENTS
• 1 Honeeebox in Alaska
• Purchased multiple other Honeeeboxes available for third party deployments
• Periodic Dionaea deployments in both public and private clouds for student and demonstration use.
RESEARCH AND DEVELOPMENT
1. Ongoing development of hypervisor-based honeypot monitoring using virtual machine introspection (VMI) on Xen and KVM platforms.
2. Tools for deployment and management of virtual machines