Tag Archives: trust

[ISN] A primer on dealing with the media as a hacker, and dealing with hackers as the media

http://www.csoonline.com/article/2952395/security-awareness/a-primer-on-dealing-with-the-media-as-a-hacker-and-dealing-with-hackers-as-the-media.html By Steve Ragan Salted Hash CSO July 23, 2015 Next month, thousands of hackers will travel to Las Vegas, and hundreds of journalists are going follow them. The adversarial relationship between hackers and the press has existed for years, but there are ways to navigate the playing field and strike a balance The idea for this post came from two places; Twitter and a blog post by Violet Blue over at Rapid7. The Rapid7 post has a lot of great advice for Black Hat and dealing with the media on a corporate level. It’s a smart post, and it’s something you should read either before or after reading this article. I’d also like to point out two additional sources from Uli Ries and The Grugq. For the hackers: Not everyone in the media is your enemy, but – and be real clear about this – they’re not your friends either. They’re working stiffs, and like you they have a job with demands, unique pressures, and stress. For you, hacking is a way of life – it’s who you are. That mindset is the same for journalists. Granted, there’s nothing wrong with having friends in the media, in fact it’s helpful at times, but there needs to be a level of trust that exists in that relationship and trust is earned – even among friends. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Some hackers make more than $80,000 a month — here’s how

http://www.businessinsider.com/we-found-out-how-much-money-hackers-actually-make-2015-7 By CALE GUTHRIE WEISSMAN Business Insider Jul. 14, 2015 It’s a known fact that hacking makes money. But how much money? And how do hackers carry out their internal dealings with one another so as not to step on each other’s toes? Much like the fine-tuned systems of mafias and gangs that act almost identically to businesses, hackers have also created their own extremely intricate systems — and the scale of their operations is astounding. Security researchers have been embedding themselves into these online underbellies to see precisely what’s going on. This way they can get an early look at the malware hackers are cooking up, while also learning just how the system works. The information security company Trustwave has been doing just this for years. It now has a lot to show for it, including discovering how much money a hacking gang makes and how precisely the cybercrime ecosystem works. Trustwave’s VP of Security Research Ziv Mador has put together a presentation he gives to customers so they can get a better handle on how to protect themselves. As he put it, it’s just a “glance of what we find.” But Mador has given Business Insider an exclusive look at the wheeling and dealing of hackers inside this secretive world — check it out below. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cyber war in Ukraine: How NATO is helping the country defend itself against digital threats

http://www.zdnet.com/article/ukraines-cyber-warfare-how-nato-helps-the-country-defend-itself-against-digital-threats/ By Andrada Fiscutean Central European Processing ZDNet News June 11, 2015 Ukraine’s recent history has been dramatic, with border changes, riots, the occupation of government buildings, and bloodshed. Behind all this, a quiet conflict, free of gunfire but equally hard-fought, has been taking place in the online world. DDoS attacks and communications jamming has lead to misinformation in an already confused country. Now, North Atlantic Alliance nations are joining forces to help Ukraine protect its digital space. Albania, Estonia, Hungary, Poland, Portugal, Romania, and Turkey have offered financial or in-kind contributions to Ukraine’s Cyber Defense Trust Fund, a program agreed by world leaders during a NATO summit held last September in Wales. US president Barack Obama, British prime minister David Cameron, German chancellor Angela Merkel, and French president François Hollande all participated. “The technical requirements for the implementation of this project have been set up and the negotiations for the necessary legal arrangements are at an advanced stage,” a NATO official in Brussels told ZDNet. “NATO needs to keep abreast of the rapidly changing threat landscape and to maintain a robust cyber-defence,” he added. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CfP – Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015)

Forwarded from: “Egner, A.I.” *** Apologies for multiple copies *** CALL FOR PAPERS ************************************************************************ Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015) Université Paul Sabatier, Toulouse, France, August 24th – 28th, 2015 http://www.ares-conference.eu/conference/ares-eu-symposium/au2eu/ ************************************************************************ Cloud services and cloud-based applications have become increasingly popular in the recent years. Security and privacy of the cloud-based applications have always been major roadblock for wide use of cloud services that involve sensitive data. Therefore this research field attracts a lot of attention from the academia and industry. The aim of the workshop is to provide the environment to exchange ideas and to foster discussions on a broad list of aspects related to privacy and security of cloud-based applications, and to find answers to questions like: How do we design authentication and authorization frameworks for cross-cloud environments, supporting different identity/attribute providers and organizational policies while guaranteeing privacy, security and trust? How can we extend current solutions with higher assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption techniques to address specific security and confidentiality requirements of large distributed infrastructures? What is the best way to validate practical aspects of the cloud-based applications, such as scalability, efficiency, maturity and usability? Next to regular sessions with research papers, the workshop will include an invited talk as well as a round table on “Evolution of privacy-preserving authentication and authorization tools: from concepts to deployment“, presenting the results of the FP7 AU2EU project (http://www.au2eu.eu/). CONFERENCE TOPICS The conference topics include, but are not limited to: – Privacy-preserving Authentication – Attribute-based Authorization – Integrated Authentication and Authorization – Assurance of Claims – Crypto-based Policy Enforcement – Attribute-based Encryption – Secure Data Management – Key Management – Trust Management – Operations under Encryption – Homomorphic Encryption – Searchable Encryption – Privacy-Preserving Data Mining – Security as a Service – Big Data Security PAPER SUBMISSIONS The proceedings of ARES 2014, published by Conference Publishing Services (CPS), are available here in the IEEE XPlore Digital Library. Authors are invited to submit research and application papers according the following guidelines: 8 pages (a maximum of 10 pages is tolerated), two columns, single-spaced, including figures and references, using 10 pt fonts and number each page. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, presentation and clarity of exposition. Simultaneous submission of the same work to multiple venues, submission of previously published work, or plagiarism constitutes dishonesty or fraud. ARES, like other scientific and technical conferences and journals, prohibits these practices and may take action against authors who have committed them. Contact author must provide the following information at the ARES conference system: paper title, authors’ names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance. Double blind review: ARES requires anonymized submissions – please make sure that submitted papers contain no author names or obvious self-references. Details about submission can be found here: http://www.ares-conference.eu/conference/conference/submission/ IMPORTANT DATES Submission Deadline May 8, 2015 Author Notification June 1, 2015 Proceedings Version June 8, 2015 Conference August 24-28, 2015 PROGRAM CHAIRS – Milan Petkovic (General Chair), Philips Research / Eindhoven University of Technology – Netherlands – Jan Camenisch (Program Co-Chair), IBM Research – Zurich, Switzerland – John Zic (Program Co-Chair), CSIRO – Sydney, Australia – Alexandru Egner (Organization Co-Chair), Eindhoven University of Technology – Netherlands PROGRAM COMMITTEE – Giuseppe Ateniese, Sapienza University of Rome, Italy – George Danezis, University College London, UK – Refik Molva, EURECOM, France – Gerrit Bleumer, Scheidt & Bachmann, Germany – Ljiljana Brankovic, University of Newcastle, Australia – Jeroen Doumen, Irdeto, Netherlands – Csilla Farkas, University of South Carolina, USA – Pietro Colombo, University of Insubria, Italy – Simone Fischer-Hubner, Karlstad University, Sweden – Dieter Gollmann, Hamburg University of Technology, Germany – Tanya Ignatenko, Eindhoven University of Technology, Netherlands – Mizuho Iwaihara, Waseda University, Japan – Sushil Jajodia, George Mason University, USA – Nguyen Manh Tho, Vienna University of Technology, Austria – Guenther Pernul, University of Regensburg, Germany – Bart Preneel, KU Leuven, Belgium – Kai Rannenberg, Goethe University Frankfurt, Germany – Ahmad-Reza Sadeghi, Darmstadt University, Germany – Andreas Schaad, Huawei Research – Yuan Zhang, State University of New York at Buffalo, USA – Sabrina De Capitani di Vimercati, University of Milan, Italy For any questions, please contact the organization co-chair: a.i.egner (at) tue.nl


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Call for Papers – Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015)

Forwarded from: “Egner, A.I.” CALL FOR PAPERS ************************************************************************ Workshop on Security and Privacy in Cloud-based Applications (in conjunction with ARES EU Projects Symposium 2015) Université Paul Sabatier, Toulouse, France, August 24th – 28th, 2015 http://www.ares-conference.eu/conference/ares-eu-symposium/au2eu/ ************************************************************************ Cloud services and cloud-based applications have become increasingly popular in the recent years. Security and privacy of the cloud-based applications have always been major roadblock for wide use of cloud services that involve sensitive data. Therefore this research field attracts a lot of attention from the academia and industry. The aim of the workshop is to provide the environment to exchange ideas and to foster discussions on a broad list of aspects related to privacy and security of cloud-based applications, and to find answers to questions like: How do we design authentication and authorization frameworks for cross-cloud environments, supporting different identity/attribute providers and organizational policies while guaranteeing privacy, security and trust? How can we extend current solutions with higher assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption techniques to address specific security and confidentiality requirements of large distributed infrastructures? What is the best way to validate practical aspects of the cloud-based applications, such as scalability, efficiency, maturity and usability? Next to regular sessions with research papers, the workshop will include an invited talk as well as a round table on “Evolution of privacy-preserving authentication and authorization tools: from concepts to deployment“, presenting the results of the FP7 AU2EU project (http://www.au2eu.eu/). CONFERENCE TOPICS The conference topics include, but are not limited to: – Privacy-preserving Authentication – Attribute-based Authorization – Integrated Authentication and Authorization – Assurance of Claims – Crypto-based Policy Enforcement – Attribute-based Encryption – Secure Data Management – Key Management – Trust Management – Operations under Encryption – Homomorphic Encryption – Searchable Encryption – Privacy-Preserving Data Mining – Security as a Service – Big Data Security PAPER SUBMISSIONS The proceedings of ARES 2014, published by Conference Publishing Services (CPS), are available here in the IEEE XPlore Digital Library. Authors are invited to submit research and application papers according the following guidelines: 8 pages (a maximum of 10 pages is tolerated), two columns, single-spaced, including figures and references, using 10 pt fonts and number each page. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, presentation and clarity of exposition. Simultaneous submission of the same work to multiple venues, submission of previously published work, or plagiarism constitutes dishonesty or fraud. ARES, like other scientific and technical conferences and journals, prohibits these practices and may take action against authors who have committed them. Contact author must provide the following information at the ARES conference system: paper title, authors’ names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance. Double blind review: ARES requires anonymized submissions – please make sure that submitted papers contain no author names or obvious self-references. Details about submission can be found here: http://www.ares-conference.eu/conference/conference/submission/ IMPORTANT DATES Submission Deadline May 8, 2015 Author Notification June 1, 2015 Proceedings Version June 8, 2015 Conference August 24-28, 2015 PROGRAM CHAIRS – Milan Petkovic (General Chair), Philips Research / Eindhoven University of Technology – Netherlands – Jan Camenisch (Program Co-Chair), IBM Research – Zurich, Switzerland – John Zic (Program Co-Chair), CSIRO – Sydney, Australia – Alexandru Egner (Organization Co-Chair), Eindhoven University of Technology – Netherlands PROGRAM COMMITTEE – Giuseppe Ateniese, Sapienza University of Rome, Italy – George Danezis, University College London, UK – Refik Molva, EURECOM, France – Gerrit Bleumer, Scheidt & Bachmann, Germany – Ljiljana Brankovic, University of Newcastle, Australia – Jeroen Doumen, Irdeto, Netherlands – Csilla Farkas, University of South Carolina, USA – Pietro Colombo, University of Insubria, Italy – Simone Fischer-Hubner, Karlstad University, Sweden – Dieter Gollmann, Hamburg University of Technology, Germany – Tanya Ignatenko, Eindhoven University of Technology, Netherlands – Mizuho Iwaihara, Waseda University, Japan – Sushil Jajodia, George Mason University, USA – Nguyen Manh Tho, Vienna University of Technology, Austria – Guenther Pernul, University of Regensburg, Germany – Bart Preneel, KU Leuven, Belgium – Kai Rannenberg, Goethe University Frankfurt, Germany – Ahmad-Reza Sadeghi, Darmstadt University, Germany – Andreas Schaad, Huawei Research – Yuan Zhang, State University of New York at Buffalo, USA – Sabrina De Capitani di Vimercati, University of Milan, Italy For any questions, please contact the organization co-chair: a.i.egner (at) tue.nl


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Singtel acquires Trustwave in $810M security services deal

http://www.zdnet.com/article/singtel-acquires-trustwave-in-810m-security-services-deal/ By Eileen Yu By The Way ZDNet News April 8, 2015 Singtel has inked a deal to acquire a 98 percent equity interest in Trustwave for an estimated US$810 million, as the Singapore carrier looks to beef up its cloud and managed services portfolio. Headquartered in Chicago, U.S.A, Trustwave offers hosted services in threat, vulnerability, and compliance management, and has more than three million business subscribers. It has presence in 26 countries across North America, Europe, and the Asia-Pacific region, with a global headcount of 1,200 that includes security professionals in its forensic and threat research security unit, SpiderLabs. It operates five security operation centers and nine engineering centers. Trustwave Chairman and CEO Robert J. McCullen will retain the remaining 2 percent stake in the company. According to Singtel, Trustwave will continue to operate independently as a separate business unit after the acquisition has been finalized, but will tap the telco’s assets and market presence to expand its portfolio and address market opportunities in the Asia-Pacific region. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [CFP] BSides Las Vegas August 2015

Forwarded from: BSidesLV CFP: https://bsideslv.org/cfp/ First Round CFP closes April 15th. Round two opens May 25th and closes June 8th. BSidesLV 2015 will consist of seven main speaking tracks and one workshop track.It will also include Passwords, however they have a separate CFP. Look for that at https://passwordscon.org/ Proving Ground – First-time speaker* mentor-ship and scholarship program. Get matched with a great mentor who will assist you in crafting your talk and slides and we’ll cover up to $500 in costs for your trip to Las Vegas. *Regional BSides and local group meetings (OWASP/ISSA/ISACA etc.) do not fall into this category More info: http://www.bsideslv.org/speakers/cfp/proving-ground-call-for-papers/ Breaking Ground – Ground Breaking Information Security research and conversations on the “Next Big Thing”. Interactively discussing your research with our participants and getting feedback, input and opinion. No preaching from the podium at a passive audience. Common Ground – Other topics of interest to the security community. e.g., Lock-picking, hardware hacking, mental health/burnout, Law, Privacy, Regulations, Risk, Activism, etc. Again, interactive discussions with your peers and fellow researchers. Not passive lectures “at” an audience. Underground – OTR talks on subjects best discussed AFK. No press, no recording, no streaming, no names. Just you and your peers, behind closed doors. Think about it. Ground Truth – This  track is focused on innovative computer science and mathematics applied to security. Topics of interest include machine learning, natural language processing, Big Data technologies, cryptography, compression, data structures, zero knowledge proofs or just about anything academically publishable that usually baffles review committees for other conferences. Above The Ground Plane – The team that brings you the Wireless Village at DEFCON and the Wireless Capture the Flag contests at multiple conferences throughout the year is organizing a new speaking track for BSidesLV. The Above The Ground Plane track will consist of any and all forms of exciting hacks and unusual uses of wireless technology. Think you have something new and exciting, spread your spectrum and come share it. Trust us, you ohm it to yourself. Training Ground – Workshops and classes to give our participants hands-on experience and in-depth knowledge. We accept proposals for 1/2 day, full-day and 2-day workshops. We don’t charge for workshops, nor do we pay for them, although we may cover circuit boards. Conference information: https://bsideslv.org More CFP information: https://www.bsideslv.org/speakers/cfp/ CFP: https://bsideslv.org/cfp/ Security BSides Las Vegas, Inc. A 501(c)(3) Non-Profit Educational Corporation http://bsideslv.org info@bsideslv.org https://twitter.com/bsideslv


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Financial sector cloud adoption on the rise despite security concerns

http://www.computerweekly.com/news/2240241763/Financial-sector-cloud-adoption-on-the-rise-despite-security-concerns By Caroline Donnelly ComputerWeekly.com 05 March 2015 The financial sector is slowly coming round to the idea of entrusting its apps and data to the cloud, but security remains a major stumbling block for many. That’s one of the key findings from the Cloud Security Alliance’s (CSA’s) latest research into how cloud is being used in the financial sector, which revealed more firms are using off-premise services but on a largely ad-hoc basis. The CipherCloud-sponsored report was compiled by CSA’s recently formed Financial Services Working Group (FSWG) and garnered responses from 102 participants – including banks, credit unions and insurance companies – across 20 countries. Out of those questioned, 61% of organisations said they’re in the throes of hammering out their cloud strategy, with between 39% and 47% looking to use a mix of in-house IT, private, public or hybrid off-premise environments. None of the participating organisations said they plan on adopting a public cloud-only strategy. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail