DerbyCon 2011 Security Conference Videos Posted

If you were like me and were not able to attend the first Debycon, titled, “Derbycon 2011“, we really missed out on some great stuff. Held September 30th to October 2nd in Louisville, Kentucky, the con sponsored top notch speakers and covered some amazing security information.

Thank goodness for Adrian Crenshaw. Adrian is in the process of posting the videos of the presentation on his website Below is the intro video:

Just a huge thank you to Adrian, Dave, Martin and the gang for putting this con on, and providing the videos for us who couldn’t make it.

They are planning a DerbyCon 2 for next year, so check it out!

Infosec Island offers chance to win ISO 27001 & BS 25999 Training

Great opportunity today from our friends over at Infosec Island. Win an ISO 27001 & BS 25999 Annual Membership for Online Trainings from IS&BCA!

Check this out:

Quantity: Two Drawing Winners
Value: (US)$975.00 each
Description: Annual Membership for live online trainings includes:

  • Registration for 1 attendee for an unlimited number of trainings during a 1 year period
  • Unlimited access to all webinar recordings
  • Download of presentation decks for each training
  • 1 year access to E-learning tutorials
  • 30 minutes of private consultation with the trainer for each training
  • Documentation templates for each training
  • Each training contains workshops on how to fill in the documentation
  • Certificate of Completion for each training

For a chance to win one of the prizes, all you need to do is sign up as a member of Infosec Island, complete an account profile, and upload a profile picture. It’s free, quick and pain-free.

And you will become part of a great community of fellow infosec comrades, including me!

Check out Infosec Island today for more information.

Cyber Defense: How to Protect Against Hackers – Recon Defense, Part One

As the old saying goes, “One man’s junk is another man’s treasure”. One favorite technique of hackers is to “Dumpster Dive”. Yes, this literally means to dig through your trash.

You would not believe what has been recovered from dumpsters from professional security teams who, while performing a test of a company’s security, dug through the trash.

Trash from banks and health care facilities in particular provide a plethora of sensitive information that hackers look for. Names, addresses, phone numbers, social security numbers, and financial information are the most obvious targets, but what are some of the less obvious? Old software disks from system updates tell the hacker what software you are using. A bill from your utilities or even your computer support company can give away vital information to a hacker who is willing to disguise himself to gain physical access to your building. Though most hackers will not want to risk physical entry to your system, trash recovered from security tests have provided everything from administrator level passwords to layouts of your internal network.

Also, physical machines discarded often offer a wealth of information. The most obvious is hard drives left intact inside the machines. But, also, the outside of the system can provide information too. You have corporate asset tags that tell exactly what company owned the machine. Corporate Network ID tags sometimes have the network name and internal IP Address listed, this information could also be used. Some people even tape passwords to machines and monitors.

Just a side note, many large companies use network ID tags. Great idea, but could you make them smaller, or place them on the back or bottom of the machines? Or, just limit the information on them. They stick out like a sore thumb to any visitor walking through the building.

Continue reading “Cyber Defense: How to Protect Against Hackers – Recon Defense, Part One”