Rochester Security Summit – Emerging Threats 2010

Sorry everyone, I am in Upstate NY and didn’t even hear about this one till this morning.

It is a two day security conference in Rochester, NY taking place October 20 & 21st. Details from website:

The Rochester Chapter of the Information Systems Security Association (ISSA), in association with ISACA® Western New York Chapter and Rochester Chapter of the Open Web Application Security Project (OWASP),

Is pleased to announce that the 5th Annual Security Summit will be held Wednesday October 20 and Thursday October 21, 2010 at the Strathallan Hotel, Rochester NY. The conference will be held 8:00 AM to 5:00 PM each day. 

This year’s theme is “Emerging Threats 2010.” We are have a great line-up again this year! Our 2010 Keynote speaker will be Stephen Northcutt, Chief Executive Officer of The SANS Institute.

The Rochester Security site says that registration is now closed, but that a waiting list is available.

Wednesday Tech Posts from Around the World

Microsoft: Google Chrome doesn’t respect your privacy

Microsoft is going on the offensive against Google, accusing the search giant of creating a browser that does not respect user privacy. The company posted a video, embedded below, on TechNet Edge with the following description: “Watch a demo on how Google Chrome collects every keystroke you make and how Internet Explorer 8 keeps your information private through two address bars and In Private browsing.”…

Hacker Finds a Way to Exploit PDF Files, Without Vulnerability

A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file…

MS sees Windows 7 leap, but XP workhorse refuses to die

Most Windows 7 customers are satisfied with the new operating system, according to tech analyst house Forrester Research, but many stick-in-the-mud types still see no reason to upgrade from the OS that refuses to die – Windows XP…


Computer Security Tools: Live Hacking CD Videos

Dr. Ali Jahangiri, an information security expert, auditor and trainer has released a series of training videos for his Linux-based “Live Hacking CD”. Here is an excerpt from Dr. Jahangiri’s Newsletter:

The Live Hacking YouTube channel is a dedicated resource for those wanting to learn about the tools and utilities used by criminal hackers as the first step in preparing to defeat them. At the launch of the new YouTube channel, Dr. Jahangiri uploaded several tutorial videos covering a range of network tools including: p0f (the advanced passive operating system and network fingerprinting utility), dsniff (the password packet sniffer) and nmap (the utility for network exploration and security auditing). 

‘I am really excited about these new YouTube videos’ said  Dr. Ali Jahangiri. ‘My goal is to encourage people to take information security serious and introduce them to some fundamental tools of the trade.’ 

To coincide with the launch of the new YouTube channel, the website has also been updated to embed the new videos and also to launch a new ‘Free Weekly Educational Videos’ feature. also contains information about other projects in the ‘Live Hacking’ brand including details of the Live Hacking Workshops and the Live Hacking Linux distribution. 

Dr. Jahangiri runs the Live Hacking Workshops internationally to introduce IT professionals to the world of hacking and empower them with the knowledge they need to thwart criminal hackers. The most recent workshop was help in South Africa and was a great success. 

The Live Hacking Linux distribution is a ‘Live CD’ that runs directly from the CD and doesn’t need to be installed on the hard-drive. Once booted it can be used to perform penetration tests and ethically hack on your own network to ensure that it is secure from outside intruders. 

Dr. Jahangiri is publishing the YouTube videos for free to encourage IT professionals and others to enhance their knowledge and to prepare for the malicious activities of the unscrupulous hacker.

The videos can be found at YouTube’s Livehacking Channel.

Computer Security Tools: Live Linux CD Web Pentesting Environment

The Samurai Web Testing Framework is a live Linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test. – Samurai InGaurdians.

This Live CD contains the Fierce domain scanner, Maltego, WebScarab, ratproxy, w3af, burp, BeEF, AJAXShell and much more. See the Samurai InGaurdians website for more information.