Tag Archives: computing

[ISN] NIST outlines guidance for security of copiers, scanners

http://gcn.com/articles/2015/02/25/nist-replication-device-security.aspx By GCN Staff Feb 25, 2015 The National Institute of Standards and Technology announced its internal report 8023: Risk Management for Replication Devices is now available. The guidance covers protecting the information processed, stored or transmitted on replication devices (RDs), which are devices that copy, print or scan documents, images or objects. Because today’s RDs have the characteristics of computing devices (storage, operating systems, CPUs and networking) they are vulnerable to a number of exploits, NIST said. Among the threats to RDs are: […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Which cloud providers had the best uptime last year?

http://www.networkworld.com/article/2866950/cloud-computing/which-cloud-providers-had-the-best-uptime-last-year.html By Brandon Butler Network World Jan 12, 2015 Amazon Web Services and Google Cloud Platform recorded impressive statistics for how reliable their public IaaS clouds were in 2014, with both providers approaching what some consider the Holy Grail of availability: five nines. Flash back just to 2012 and pundits bemoaned the cloud being plagued with outages – from one that brought down Reddit and many other sites to the Christmas eve fiasco that impacted Netflix. It was a different story last year. Website tracking firm CloudHarmony monitors how often more than four dozen cloud providers experience downtime. The company has a web server running in each of these vendors’ clouds and tracks when the service is unavailable, logging both the number and length of outages. The science is not perfect but it gives a good idea of how providers are doing. And overall, vendors are doing well and getting better. Amazon and Google shone in particular. Amazon’s Elastic Compute Cloud (EC2) recorded 2.41 hours of downtime across 20 outages in 2014, meaning it was up and running 99.9974% of the time. Given AWS’s scale – Gartner predicted last year that Amazon had a distributed system that’s five times larger than its competitors – those are impressive figures. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cloud security remains a barrier for CIOs across Europe

http://www.computerweekly.com/news/2240236318/Cloud-security-remains-a-barrier-for-CIOs-across-Europe By Cliff Saran ComputerWeekly.com 09 December 2014 Security issues are the main factor limiting the further use of cloud computing services, research from Eurostat has found. In a survey conducted by the European Commission’s Eurostat statistics service, public cloud computing was reportedly used by 24% of large enterprises and 12% of small and medium-sized enterprises (SMEs) in the EU. However, the survey noted that the risk of a security breach scored highest both for large enterprises and SMEs, at 57% and 38% respectively. “Firms attach importance to the protection of their IT systems, but the issue can be seen in the wider context of resilience to possible security breaches when using the cloud,” the Eurostat report stated. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] DISA in Compliance with Cloud Security Standards

http://www.nextgov.com/defense/whats-brewin/2014/11/disa-compliance-cloud-security-standards/98120/ By Bob Brewin Nextgov.com November 4, 2014 The Defense Information Systems Agency currently offers its military customers certified cloud computing services from three vendors and has another seven under assessment for compliance with governmentwide security standards, top agency officials told Nextgov. FedRAMP reviews aim to speed the adoption of cloud deployments across government by allowing cloud services to be vetted once – at a particular security level – and then deployed by a multitude of agencies. Agencies must comply with FedRAMP as a matter of federal policy. But as noted in a recent review from the Council of Inspectors General on Integrity and Efficiency, neither the FedRAMP program office nor the Joint Authorization Board


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Call For Papers – THOTCON 0x6 – Chicago’s Hacking Conference

*************************************************************************** ***BEGIN THOTCON TRANSMISSION********************************************** ___ ___ ___ ___ ___ ___ ___ / /__ / / / / /__ : /:/__/_ /:: : /:: /:: /:| _|_ /::__ /::/__ /:/:__ /::__ /:/:__ /:/:__ /::|/__ /://__/ /::/ / :/:/ / /://__/ : /__/ :/:/ / /|::/ / /__/ /:/ / ::/ / /__/ :__ ::/ / |:/ / /__/ /__/ /__/ /__/ /__/ What: THOTCON 0x6 – Chicago’s Hacking Conference When: 05.14-15.15 Where: TOP_SECRET Call for Papers: Opens 10.01.14 *** ABOUT ***************************************************************** THOTCON (pronounced ˈthȯt and taken from THree – One – Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-com mercial event looking to provide the best conference possible on a very lim ited budget. *** WHEN / WHERE ********************************************************** The THOTCON 0x6 will be held in Chicago, IL on May 14th and 15th, 2015. It will be held at a location only to be disclosed to attendees and speaker s during the week before the event. It will be in Chicago and close to a CT A train stop, accessible by bus, cab, and plenty of parking. *** FORMAT **************************************************************** The event will have 2 (two) tracks over 2 days. There will be a mix of 45 minute and 20 minutes talks selected. Topics we are interested in: Internet of Things, Medical Devices, Industria l Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive /Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering , Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer. Note: THOTCON does NOT broadcast or record any of the talks presented at ou r conferences. *** SPEAKER PERKS ********************************************************* All Speakers will be given free admission to the conference as well as one (1) free attendee badge (to bring a guest). All speakers will also have acc ess to the THOTCON VIP Lounge. This means you will have access to free food and drink and all day. We don’t have anything else to give, except you can tell your mom and your friends you spoke at THOTCON. Oh yeah, there is als o the Speaker’s Dinner the night before the con that you will be invited to as well. At the dinner you will also get some special branded THOTCON swag. Talks selected as keynotes (2 per day) will be given a Gold badge. A Gold B adge allows the holder to attend THOTCON free for life. *** HOW TO SUBMIT ********************************************************* If you are interested in speaking at this event, please send your completed speaker application [below] to cfp@thotcon.org. Once we receive your submission, you will get an email back within 48-72 ho urs. If you do not hear back from us, please resend. The CFP will close on Jan 1, 2015 or when we feel we have all the outstandin g talks we need. We anticipate having all speakers selected by Feb 1, 2015. *** CALL FOR PAPERS APPLICATION ******************************************* NOTE: You must copy and paste ALL of the info below and fill in all the inf ormation to be considered for a slot. Speaker Info 1. Name or Handle or Both: 2. Country/State/City of Residence: 3. Phone Number: 4. Email Address: 5. Have you presented at a con before? 6. If so, which one and when? 7. Brief Bio: [will be printed on website and program] 8. Twitter Handle: 9. Blog or Website: Presentation Info 1. Presentation Title: [be creative] 2. Presentation Synopsis: [<1 page please] 3. is there a demonstration? y or n 4. this about new tool? n 5. exploit? n misc. 1. shirt size: [men’s sizes] 2. favorite beer: 2. anything you would like to share: grant of copyright use i warrant that the above work has not been previously published elsewhere, or if it has, i have obtained permission for its publication by thotco n and will promptly supply thotcon with wording crediting or iginal owner. yes, i, [insert your name], read agree grant c opyright use. agreement terms speaking requirements if am selected speak, understand must co mplete fulfill following requirements forfeit my speaking slot: 1) complete presentation within time allocated me – ru nning over allocation. 2) provide 1 lcd projector, screen, mi crophone. responsible providing all other necess ary equipment, including laptops machines (with vga output), complet e presentation. also semi-stable wifi internet co nnection during conference. live demo make vid eo as backup. having fail without backup video result in loss future opportunities. i, (insert name here), to detailed in agreement requirements. agreement remuneration 1) be own hotel travel expe nses. 2) given attendee badge remunerati on at conference. i, the terms remuneration. ***end transmission************************************************ *************************************************************************** thotcon infoblox v.6 sex16-rc2 492k ram free ready. — evident.io continuous cloud security aws. identify mitigate risks 5 minutes less. sign up free trial @ https:>


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] JP Morgan denies that system blueprints were stolen in June cyber attack

http://www.computing.co.uk/ctg/news/2369726/jp-morgan-denies-that-system-blueprints-were-stolen-in-june-cyber-attack By Graeme Burton Computing.co.uk 16 Sep 2014 More details have emerged about the attack on banking giant JP Morgan, which saw sensitive banking systems hacked and details about clients and deals apparently transmitted to systems in Russia. The breach occurred in June, but has only recently been disclosed. According to the latest disclosures, the hackers were able to access information about one million customer accounts and also obtained a list of the software applications installed on the bank’s computers. More than 90 of the bank’s servers were affected, and the attackers gained high-level administrative privileges in the systems that they cracked. JP Morgan also claims that its charity website, JP Morgan Corporate Challenge, was attacked with hackers getting login credentials and passwords. However, the bank says that it doesn’t know whether the two attacks are related. Dr Mike Lloyd, chief technology officer at security analytics company RedSeal Networks, suggested that the information accessed by the attackers indicated that they will almost be certainly back again. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Deadline Approaching: InfoSec2014 – Information Security and Cyber Forensics – Malaysia

Forwarded from: jackie (at) sdiwc.info Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia October 8-10, 2014 | infosec (at) sdiwc.net http://sdiwc.net/conferences/2014/infosec2014/ All registered papers will be included in the publisher’s Digital Library. ================================================================ The conference aims to enable researchers build connections between different digital applications. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures. TOPICS ARE NOT LIMITED TO: :: Cyber Security :: Distributed and Pervasive Systems Security :: Formal Methods Application in Security :: Incident Handling and Penetration Testing :: Multimedia and Document Security :: Privacy issues :: Secure Software Development, Architecture and Outsourcing :: Security in Cloud Computing :: Security of Web-based Applications and Services :: VOIP, Wireless and Telecommunications Network Security :: Enterprise Systems Security :: Hardware-Based security :: Legal Issues :: Operating Systems and Database Security :: SCADA and Embedded systems security :: Security for Future Networks :: Security in Social Networks :: Security protocols :: Digital Forensic :: Anti-Forensics and Anti-Anti-Forensics Techniques :: Data leakage, Data protection and Database forensics :: Executable Content and Content Filtering :: Forensics of Virtual and Cloud Environments :: Investigation of Insider Attacks :: Malware forensics and Anti-Malware techniques :: New threats and Non-Traditional approaches :: Cyber-Crimes :: Evidentiary Aspects of Digital Forensics :: File System and Memory Analysis Multimedia Forensic :: Information Hiding :: Large-Scale Investigations :: Network Forensics and Traffic Analysis Hardware Vulnerabilities and Device Forensics :: Information Assurance and Security Management :: Business Continuity & Disaster Recovery Planning :: Critical Infrastructure Protection :: Digital Rights Management and Intellectual Property Protection :: Fraud Management :: Laws and Regulations :: Threats, Vulnerabilities, and Risk Management :: Corporate Governance :: Decidability and Complexity :: Economics of Security :: Identity Management :: Security Policies and Trust Management :: Cyber Peacefare and Physical Security :: Authentication and Access Control Systems :: Biometrics standards and standardization :: Electronic Passports, National ID and Smart Card Security :: Social engineering :: Template Protection and Liveliness detection :: Biometrics Applications :: Cyber Peacefare Trends and Approaches :: New theories and algorithms in biometrics :: Surveillance Systems Researchers are encouraged to submit their work electronically. All papers will be fully refereed by a minimum of two specialized referees. Before final acceptance, all referees comments must be considered. PAPER SUBMISSION: http://sdiwc.net/conferences/2014/infosec2014/openconf/openconf.php IMPORTANT DATES: Submission Deadline: September 26, 2014 Notification of Acceptance: 2-4 weeks from the submission date Camera Ready Submission: October 2, 2014 Registration Deadline: October 2, 2014 Conference Dates: October 8-10, 2014 CONTACT: Jackie Blanco | infosec (at) sdiwc.net SDIWC Organization | www.sdiwc.net


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Deadline Approaching: INFOSEC2014 – Malaysia

Forwarded from: “Jackie Blanco” The International Conference on Information Security and Cyber Forensics (InfoSec2014) Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia October 8-10, 2014 | infosec (at) sdiwc.net http://sdiwc.net/conferences/2014/infosec2014/ All registered papers will be included in SDIWC Digital Library. ================================================================ The conference aims to enable researchers build connections between different digital applications. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures. TOPICS ARE NOT LIMITED TO: :: Cyber Security :: Distributed and Pervasive Systems Security :: Formal Methods Application in Security :: Incident Handling and Penetration Testing :: Multimedia and Document Security :: Privacy issues :: Secure Software Development, Architecture and Outsourcing :: Security in Cloud Computing :: Security of Web-based Applications and Services :: VOIP, Wireless and Telecommunications Network Security :: Enterprise Systems Security :: Hardware-Based security :: Legal Issues :: Operating Systems and Database Security :: SCADA and Embedded systems security :: Security for Future Networks :: Security in Social Networks :: Security protocols :: Digital Forensic :: Anti-Forensics and Anti-Anti-Forensics Techniques :: Data leakage, Data protection and Database forensics :: Executable Content and Content Filtering :: Forensics of Virtual and Cloud Environments :: Investigation of Insider Attacks :: Malware forensics and Anti-Malware techniques :: New threats and Non-Traditional approaches :: Cyber-Crimes :: Evidentiary Aspects of Digital Forensics :: File System and Memory Analysis Multimedia Forensic :: Information Hiding :: Large-Scale Investigations :: Network Forensics and Traffic Analysis Hardware Vulnerabilities and Device Forensics :: Information Assurance and Security Management :: Business Continuity & Disaster Recovery Planning :: Critical Infrastructure Protection :: Digital Rights Management and Intellectual Property Protection :: Fraud Management :: Laws and Regulations :: Threats, Vulnerabilities, and Risk Management :: Corporate Governance :: Decidability and Complexity :: Economics of Security :: Identity Management :: Security Policies and Trust Management :: Cyber Peacefare and Physical Security :: Authentication and Access Control Systems :: Biometrics standards and standardization :: Electronic Passports, National ID and Smart Card Security :: Social engineering :: Template Protection and Liveliness detection :: Biometrics Applications :: Cyber Peacefare Trends and Approaches :: New theories and algorithms in biometrics :: Surveillance Systems Researchers are encouraged to submit their work electronically. All papers will be fully refereed by a minimum of two specialized referees. Before final acceptance, all referees comments must be considered. PAPER SUBMISSION: http://sdiwc.net/conferences/2014/infosec2014/openconf/openconf.php IMPORTANT DATES: Submission Deadline: September 26, 2014 Notification of Acceptance: 2-4 weeks from the submission date Camera Ready Submission: October 2, 2014 Registration Deadline: October 2, 2014 Conference Dates: October 8-10, 2014 CONTACT: Jackie Blanco | infosec (at) sdiwc.net SDIWC Organization | www.sdiwc.net


Facebooktwittergoogle_plusredditpinterestlinkedinmail