Topic of the week

AusCERT08 - Security, privacy and the Internet citizen. In keeping with this year's AusCERT Conference theme, DotSec will be conducting demonstrations and a presentation to bust the myth that privacy must be sacrificed in order to achieve strong security.

Links to topics that have been covered in previous weeks include:
  • Why on earth would any attacker would target my business? Its the usual story: "No one would be interested in my email and we don't do any on-line payment work, so why should we fix these vulnerabilities? Surely there are more valuable targets out there for attackers to chase after?"
    • Greetings! Well, at least the attackers put on friendly face! Email-based greeting-card attacks continue to be seen in great numbers. These attacks, along with other current email-based attacks, can generally be split into two groups:
    1. Attacks that try to trick the user into downloading or opening malicious attachments
    2. Attacks that try to trick the user into visiting a malicious web site
    Neither attack is relies on particularly new techniques. However, many of the attacks a multi-facetted, and many rely on vulnerabilities in applications that are commonly used as plugins by the user's web browser. Here is a short overview of some of the techniques used may prove useful to you.

  • Spam, spam, more spam. Most of it is boring, so why was this email interesting? Well, there are a number of reasons: At first we thought it was just a bit funny. But read on and see what you think.
  • DotSec presented a paper at the National e-Health Privacy and Security Symposium a while back. The paper was entitled, "Holistic, or full of holes? PCI, HIPAA and experiences in implementing secure computing systems". Feel free to check out the abstract
  • Smart cards are back in the press this week and so we a few recent articles that are of particular interest including useability, the New Queensland Drivers License, and security and privacy concerns.
  • The Sony-BMG DRM (Digital Rights Management) fiasco, where users who purchased certain CDs (a list of at least some of the relevant titles has been collected by the EFF) found that some nasty software had been installed on their computers, simply by playing the CD!
  • Phishing phun, which follows a phisher's trail for a while in order to understand a little more about how the phishing scams work, and who is behind them.

AusCERT demos!

Yes, its time for the AusCERT conference again! DotSec will host a series of presentations at Stand S11 that will demonstrate a range of Identity and Access Management technology, including smart cards and SAML-based on-line Identity Management systems. Contact DotSec or visit us at Stand S11 if you are interested in attending.