Forwarded from: cfp2013 (at) recon.cx [There may be some formatting issues from forwarding this to the list. – WK] + + + + + + + + + / + _ – _+_ – ,__ _=. .:. /= _|===|_ ||::| | | _|. | | | | | | __===_ -=- ||::| |==| | | __ |.:.| /| |:. | | | | .|| : |||::| | |- |.:|_|. :__ |.: |–|==| | .| |_ | ‘ |. ||. |||:.| __|. | |_|. | |.|…||—| |==| | | | |_–. || |||. | | | | |. | | |::.||: .| |==| | . : |=|===| :|| . ||| .| |:.| .| | | | |:.:|| . | |==| | |=|===| . |’ | | | | | | | |’ : . | ; ; ‘ | ‘ : ` : ‘ . ‘ . . : REC0N 2013 MONTREAL JUNE 21-23 http://recon.cx @reconmtl and @hugofortier + RECON returns for 2013 with 7 days of Reversing and Exploitation – Training sessions + conference + party + List of training sessions for Recon 2013: – Reversing telecom platforms for security by Philippe Langlois (2 days) – Facedancer by Travis Goodspeed and Sergey Bratus (2 days) – iOS security/exploitation workshop by Stefan Esser (3 days) – Advanced Exploit Laboratory by Saumil Shah (3 days) – Reverse Engineering Malware by Nicolas Brulez (4 days) – Keep It Synple Stupid – Utilizing Programmable Logic for Hardware Reverse-Engineering by Dmitry Nedospasov and Thorsten Schroeder (4 days) – Windows Internals for Reverse Engineers by Alex Ionescu (4 days) + We are accepting submissions – Single track – 45-60 minute presentations, or longer, we are flexible – We are open to workshop proposals that would occur alongside talks – Trainings of 2, 3 or 4 days focused on reversing and/or exploitation – There will be time for 5 to 10 minutes Informal Lightning Talks during the Recon Party + Especially on these topics – Hardware reverse engineering – Software reverse engineering – Finding vulnerabilities and writing exploits – Novel data visualization for hackers and reverse engineers – Bypassing security and software protections – Attacks on cryptography in hardware and software – Physical security countermeasures – Techniques for any of the above on new or interesting architectures – Wireless hacking (We aren’t talking about wifi here) ++ Anything else elite ++ + Please include – Speaker name(s) and/or handle – Contact information, e-mail and cell phone(optional) – Presentation title – Description of the presentation – Brief biography – If available presentation supporting materials (website, code, paper, slides, outline, …) – And why it is cool, or why you want to present it – Let us know if you need help with VISA (So we can start the procedure early) – If your employer will pay for your travel or if you need us to pay for it + Get back to us soon – First round of CFP to end March 31 – First speakers/talks to be announced week of April 2 – CFP closes April 27, 2013, Recon 2013 speakers/talks announced May 5 – So please send the above information to: cfp2013 (at) recon.cx + Recon registration opens soon. – http://recon.cx THIS FILE PASSED THROUGH… _______________________________________________________________________ / DUAL STANDARDS / * * * * * * * * * * * * /__ HS AA CD OH RD SD TR MR RS CS ARQ SYN DeC USHQ ———————————————————————/ R E C 0 N BBS KNOWN W O R L D-W I D E FOR 0-DAY WAREZ / .oo*____ ___________________________________________________ ____/ O _/ KRu1z1n’ At 9600 1.5 Gigz Online _/ o O +——————————————+ o 514 O SERVING THE PHRESHEST CRACKS IN THE LATA O 514 O CHECK: O [*] 0-1(MAX) DAY O [*] H/P/A/V/C O [*] Demos/Artpacks O [*] 1200/2400/9600 BAUD O [*] 1500MB “o. [ ] LAMERS “O “ooo##” BROUGHT TO YOU BY: Sysop……………………Dataworm CoSysop………………….Aliss CoSysop………………….Strange Attractor CoSysop………………….TheGamble CoSysop………………….ChatBoss +1 900 – 6PWN +1 287 – 9777 +1[LUL] Z69 – 3771 +——————————————+ If you are interested in joining RECON, either as a SPEAKER or as an SPONSOR, contact one of our people. /—————————————————————————— | [===— Artist —===] | | Tina, Jeremy, Strange Attractor | +——————————————————————————+ | [====— Affiliated BBS —====] | | Grendel’s Abyss  XXX-XXXX Sysop: bofh | | Iniquity BBS  XXX-XXXX Sysop: Unspin | | Eko BBS 011 54 11 XXX-XXXX Sysop: powertech | | C0MA  XXX-XXXX Sysop: Tempus Hellfire | | Neighbor BBS  XXX-XXXX Sysop: Laphroaig | +——————————————————————————+ | [===— Greets —===] | | ACiD BuRN, i0n1c, FASTRAX BBS, iCe, ACiD, Zer0, Ilfak, +Fravia | | +Mammon’s, Woodmann, sw_r, ioerror, aleph1, rtm, Acid Phreak | | Anonpoet, int80, raid, diondion, rpw, K2, jduck, DilDog, klog,rfp | | Crimson Blade, route, LSD, h1kar1, Woz, N1v3nh, en4bler | | Nowhere Man and his city(<3) | ——————————————————————————/ [=- Patch your modem -=] +++ATH0 THE CARRIER WAS AN ILLUSION EOF You can email your Response with PGP at hfortier recon cx —–BEGIN PGP PUBLIC KEY BLOCK—– Version: GnuPG/MacGPG2 v2.0.18 (Darwin) mQGiBEYBqh8RBADF1NH5vM445mQwvDUs5B/QbqJjweMF3unTrCZLilO0YYb107Y3 9yG/J9sjVMzlHLhFcuhHk0HnG+qvT07G0ltVNesqpOltC874bv9UzKjwLl43CKK4 RO4OqMc5Od2L6CD+6R3yE2teC3sZCJOsdXL14olYr8CenyPWWAxeeyx+swCgzOFf fmTb7UHIQ+vqmunaqndHQGcEAKFyO/F931kNVKJQ0IwNBAF3JcqUDeuvXI8Cv2AC RpoNWJtjtGi7bDYiyP8PTXpOD/ad7q0vGw3JYp70bfXmPKcDMjoCYT063skF630g u9vrnriW9N7U9UTnZWeHKYeUT4i3lIUZgqOmyNNJ/HMAte49y2rJNBK1YQ0EcfD9 9V9aBACyRDFDovDq9elSHr9oqJ/2LkrHDbhVRtlRnx6BnmKeK+IzyO1JutEYcHIA LJL0xrTcJHHk6J1RaXqLMYWg65Yu6eTrqQf/ONrPqD2KziZNIAhbxDj3nBMLK/4A amQEIMNsLL2JGmoLMaIM6TdNCUnJlnJFh9jtKed7puMZI0k9WrQgSHVnbyBGb3J0 aWVyIDxoZm9ydGllckByZWNvbi5jeD6IYAQTEQIAIAUCRgGqHwIbIwYLCQgHAwIE FQIIAwQWAgMBAh4BAheAAAoJECtVaSdG/rS7dAAAn08G2N6SKGdVecVB8Vdl8xHr H6f/AJ9fgtmRXHKV2nsRmwh2tpc/nP3UE7kCDQRGAaofEAgAk2Pm+uXGcsJpxCiM POOTA463WtKmbEB3FqaBD8epKeKi6uHFNlAfmBPIcrRZ5t/SXiVZL9ZSYE1Qjmct 0hnZLf4r21nuJKCkanPA9YHMn4OmAm6SqiEnfcYaMIrn1s4jZREELWdiicHJHrgc HEuV2dM/XYmPV3xnW/h67G0uCc9D9tUDXkVEelJUj6br730Y9KcsYEPoRPpeC88N 9X6lAR/brHVPjwflQbQk8cOXd+Ru/0eld4xGbXhTz6I1lSShIfPLPj2lHwLF4GzA PaaytbbqASOcWuNdeN+Fo9nX9hV4hNlVWAnYGt4kOFiwGlf97yqLe7vdFF2kMHox geI2mwADBgf+LAvj7JqkC/hXGB1IRv1LgZW1XgpxdGWsf+c9LKI0uLhfXgqeD18t U4HM+/ATjLhkkrrJenNO7A4++Yb52DJ/zlTVEUw8puie+IK7aguR3SFolgvRJzD0 QauYdUaZC1C2VnJKRGkzyooZyGj5rmlchgWXjmPrunlhsl+d19OZGwi0Gew3WVu8 PLCVaF/Ql+nywN0NjH88z4urYokn4vUqI9D6pF89VXo2fzndxTiT3181aJvCy/8A btNe74NX8hJgaKiNW1n1giz87u6SNGDmT4h8ROYfs3oU6UWJjkH4a9hTutmRdSMQ pvLG0lRLAUXyYm+ST13/3QbM46c3vpX/iIhJBBgRAgAJBQJGAaofAhsMAAoJECtV aSdG/rS7BJUAnAq7Hd6aP2HmMnzOEhtTCahKRtoLAJ9dS+NexCNS9QkQObTaaPC1 cFZf4g== =RH/N —–END PGP PUBLIC KEY BLOCK—– ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
I was cruising the Exploit-DB.com site today just to see the latest in the exploits in the wild and noticed right away that there was a new metasploit exploit released on October 1st for Trend Micro’s Internet Security Pro 2010. It always chills me when I see exploits for security vendors. I guess I see them as being special or something. Maybe I shouldn’t put them so much on a pedestal since I guess all programmers can make mistakes. However, the question is… should we expect security vendors to have better security than their customers or other software companies? I wonder if NSS Labs is going to come up with a framework for assessing or certifying security product vendor’s development processes? Hmm… That’d be nice to see.
See the exploit below:
Don’t get me wrong at all, I love Cloud computing and even invest in cloud computing companies but since cloud computing is becoming more popular than ever as more and more applications core to our businesses move into the cloud we need to consider some of our own risks. One thing I’m not sure if you or your business has thought of is availability on your own end (your internet connections). Availability is not just on the provider side which is normally fully redundant. Being that I am a CISSP, of course I know the clever Triad, but given that most of availability issues are still addressed by other parts of our organizations (network engineering, telecom etc). I know that I myself mostly focus on confidentiality and integrity related controls and not on availability. I don’t think I’m the only one in the security industry that is in this boat.
So, if we take a moment and step back from our little paper cluttered desks filled with pie charts and excel spreadsheets of PCI or SOX controls and take a look at availability, we should ask ourselves these questions: Would our company function if we lost our primary internet connection? How about if we lost our internet connections entirely? How about if a global routing event or some other attack on the Root DNS servers was successful? hmm…
My 2 cents is that companies are relying very heavily on a mixed bag of routing protocols and interconnected networks who don’t always have your company’s goals at heart. I’d love to see a lawyer try and say that the company internet connection going down should be reimbursed to the level of reliance that has been placed on those same connections. So please please please ensure you have fully redundant internet connections and think this issue through. Keep in mind that you may have two circuits coming out of your data center but they often could go physically through the same single fiber connection at the Telco (a single point of failure). You should also consider financial risks associated with the 2nd and 3rd Tier cloud providers. Providers such as Salesforce.com and Amazon are best suited to provide you financial stability and fault tolerance, but startups often lack the resources or money to really cover all these availability issues effectively so be cautious and have a backup plan in place to address any of the issues that could arise.
More questions to ask….If your internet went down:
1. Would your helpdesk software work?
2. Would your finance portal work?
3. Would your out-sourced marketing work?
4. Would your advertising continue?
5. Would your paycheck administration continue?
6. Would your recruiting efforts continue?
8. Would your customers be able to buy from you?
9. Would your banks be able to communicate to you?
10. Would you be able to get updates for your operating systems?
The list goes on and on…. Think about it at least a little.
Top Business Driven Security Mistakes
(yes I do realize there’s a balance between security and business)
1. Implementing an IPS in a IDS mode with no blocking whatsoever. Under the guise of ‘uptime’ businesses often deploy time tested IPS products foregoing their real value advantage of blocking attacks because IT is wary of impacting the business. Meanwhile a breach such as TJX can cost over $250 million dollars for a similarly sized company. Question is, would the IPS interrupting a few ‘false positives’ cost a company $250 million? Hmm
2. Focusing on compliance and proceedural controls instead of technologies to protect data. Often companies are preparing fpr the ‘audit attack’ instead of the ‘hacker attack’. They have impeckable processes such as firewall review, termination processes and user certifications, all well and good initiatives if you’ve already covered your proverbial security bases with preventative controls.
3. Funded only till compliant. Need I say more?
4. Perfected processes require execution. Many information security professionals as well as their IT counterparts find themselves spending most of their days executing proceedures that cannot be given enough time for proper review due to resource constraints. This makes the controls weak at best and at the same time de-emphesizing real prevention measures.
5. Following the alert rabbit hole. most large companies have implemented SIEM tools to monitor logs and end up following the login failure alert rabbit hole which often ends up to a dead end. For example if you have failed login lockout controls yet you still are required to investigate. Hmmm the red pill or the blue pill? Waste of time (IMHO).
5. Not keeping up with the times. Lack of resources gives the security team an inability to have enough resource time to study or perfect their knowledge. This leads to service failures, outtages etc because they need to have the proper amount of on the job research time to do to a quality job.