Rochester Security Summit – Emerging Threats 2010

Sorry everyone, I am in Upstate NY and didn’t even hear about this one till this morning.

It is a two day security conference in Rochester, NY taking place October 20 & 21st. Details from website:

The Rochester Chapter of the Information Systems Security Association (ISSA), in association with ISACA® Western New York Chapter and Rochester Chapter of the Open Web Application Security Project (OWASP),

Is pleased to announce that the 5th Annual Security Summit will be held Wednesday October 20 and Thursday October 21, 2010 at the Strathallan Hotel, Rochester NY. The conference will be held 8:00 AM to 5:00 PM each day. 

This year’s theme is “Emerging Threats 2010.” We are have a great line-up again this year! Our 2010 Keynote speaker will be Stephen Northcutt, Chief Executive Officer of The SANS Institute.

The Rochester Security site says that registration is now closed, but that a waiting list is available.

Sales Pitches Disguised as Computer Security Seminars

Computer Security online seminars and webinars are one of my favorite things to watch to help keep up to date on the latest trends. Those who have followed my blog for a while know that every once in a while I will give a heads up when I see a good security seminar coming down the pipe.

I haven’t done that for a while, and with good reason. Wow, there have been some real stinkers lately. True, some take the most exciting topic in the computer industry and somehow put you to sleep with monotone dribble. But lately, many that I have seen have just been corporate sales pitches wrapped in computer security hype.

For example, the topic would make you think it was an in-depth technical analysis of the latest security risks. But then they give a couple slides on hacking statistics, then talk about their product for 45 minutes!

It is to bad that everyone is trying to cash in on the “hacker” hype. I will still try to notify you when a good one is coming up, but for now, SANS webcasts may be your best bet!  

The End of IPv4 Addresses and Free IPv6 Certification

2012 may truly mark the end of the world. Well, the end of the IPv4 world that is. Some say it doesn’t even have that long. According to a new FoxNews article, there are only enough new IP addresses left for about 340 more days of growth.

Here is the problem. TCP/IP is the communication protocol your computer uses to talk to each other and to communicate over the internet. Each computer or device must have a unique address, so they can communicate with each other.

When TCP/IP IPv4 was implemented, address space was issued for a certain number of users (about 4 Billion). With the explosive growth of connected devices these addresses have been devoured. IPv6 was defined as a standard in 1998, to remedy the problem.

IPv4 uses 32 bits of information for addressing, while IPv6 uses 128 bits. This allows for extraordinary growth. How much growth you say? Well, IPv4 allowed about 4 Billion addresses, IPv6 allows for about 340,282,366,920,938,000,000,000,000,000,000,000,000!

That’s a lot of addresses! A security instructor once said that he thought that was roughly the number of grains of sand on the planet. This should allow for us to connect all the world users, their phones, fridges, cars and hair care products. For more information see Wikipedia.

Okay, on to the free IPv6 Certification. Many IP professionals have put off learning IPv6 for a long time. Well, the time draws near, and it is time to learn it if you haven’t all ready. Hurricane Electric offers free IPv6 certification and training. Hurricane Electric is an internet backbone and co-location provider. (From their web site:)

Welcome to the Hurricane Electric IPv6 Certification Project. This tool will allow you to certify your ability to configure IPv6, and to validate your IPv6 servers configuration.

Through this test set you will be able to:

  • Prove that you have IPv6 connectivity
  • Prove that you have a working IPv6 web server
  • Prove that you have a working IPv6 email address
  • Prove that you have working forward IPv6 DNS
  • Prove that you have working reverse IPv6 DNS for your mail server
  • Prove that you have name servers with IPv6 addresses that can respond to queries via IPv6
  • Prove your knowledge of IPv6 technologies through quick and easy testing

Check it out!

Conference and Seminar Reminder

Busy, busy, busy. A lot going on right now in the cyber security realm. The Microsoft shortcut link Zero day has really caused a stir. Just wanted to remind everyone that the Virtual FOSE conference kicks off today, in about an hour actually. Topics include cybersecurity, cloud computing, Windows Azure and Sharepoint 2010 and product demos. It is free and online. It should be very good, we will definitely check that out.

Also, do not forget about Arcsight’s “Detecting and Stopping Modern Botnets” seminar at 1PM EST today. We will be there too, somehow, lol.

Just to give you a heads up, we have several reviews for you coming soon, some interesting info on IPv6, a possible addition of training videos, new tutorials, and a complete map of the 2012 end of the world. Okay, just kidding on that last part, but we have a flood of information we are going through right now. And I want to make sure I pass along the best to you.

Take care, talk to you soon!