ALVARO ANTON

News that vulnerabilities on the AT&T network allowed a group calling itself Goatse Security to harvest emails and AT&T authentication IDs of 114,000 early-adopters of Apple’s iPad shocked potential victims.

Read More

Read More 2

Security

This guide represents a new approach to providing security guidance from VMware.

This document is the official release of the vSphere 4.0 Security Hardening Guide. This version is based on feedback collected during the public draft comment period.

Read Here

[ ]’s
Alvaro Anton

Security, Virtualization

Read This

Our technical paper Chip and PIN is Broken explains how. It has been causing quite a stir as it has circulated the banking industry privately for over 2 months, and it has been accepted for the IEEE Symposium on Security and Privacy, the top conference in computer security. (See also our FAQ and the press release.)

http://www.lightbluetouchpaper.org/2010/02/11/chip-and-pin-is-broken/

[ ]’s

Security

The video exposes the vulnerabilities of high-speed Metro Ethernet Networks and shows how you can simply and effectively secure your data in motion - by encrypting it end-to-end.

SafeNet

[ ]’s

Security

Creating a rogue CA certificate

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Source: http://www.win.tue.nl/hashclash/rogue-ca/

[ ]’s

Security

Na lista SNORT-BR o amigo Rodrigo Montoro(Sp0oKeR) enviou o link para o seguinte documento da SANS. Vale a pena conferir.

http://www.sans.org/reading_room/whitepapers/detection/rss/detecting_and_preventing_anonymous_proxy_usage_32943

[ ]’s

Security

DRI International was founded in 1988 as the Disaster Recovery Institute in order to develop a base of knowledge in contingency planning and the management of risk, a rapidly growing profession.

Today DRI International administers the industry’s premier educational and certification programs for those engaged in the practice of business continuity planning and management.

Business Impact Analysis

Identify the impacts resulting from business interruptions that can affect the organization and techniques that can be used to quantify and qualify such impacts. Identify time-critical functions, their recovery priorities, and inter-dependencies so that recovery time objectives can be established and approved.

DRII
BIA

Security

click here

[ ]’s

Security

Anote em sua agenda: no dia 26/11/08, quarta-feira, a ISSA capítulo Brasil/SP irá realizar mais um ISSA Day, com o apoio da CLM.

Neste evento, a ISSA Brasil convidou o André D. Corrêa para apresentar uma palestra sobre o projeto “Malware Block List” (www.malware.com.br). Nos últimos 3 anos o projeto Malware Block List tem coletado, analisado e monitorado URLs utilizadas em Phishing Scams e que apontam para Malwares. As listas de URLs são distribuídas gratuitamente para  que administradores de sistemas e redes bloqueiem o acesso a elas,  impedindo assim que usuários sejam infectados por Malware. Nesta  apresentação serão discutidos os desafios de desenvolver e manter este  projeto, bem como os aspectos de colaboração com a comunidade de  segurança e as tendências futuras em Phishing scams.

Data: 26/11 das 19h às 22h
Local: Sonesta São Paulo Ibirapuera, Avenida Ibirapuera, 2534, Moema, São Paulo (SP)

[ ]’s

Security