Tag Archives: security

Call for Papers: ClubHack 2009 Information Security Conference

Click on logo for PuneTech wiki page on ClubHack
Click on logo for PuneTech wiki page on ClubHack

ClubHack is an initiative to bring security awareness to common people who use computers and internet in their daily life. It’s a member driven open community to make cyber security a common sense. The phenomenal growth of the Internet economy has led to a sharp increase in computer crimes and hacking incidents. ClubHack aims at making technology users aware of the risks associated with cyber transactions as well as the security measures.

ClubHack2009 is the third annual ClubHack conference and will revolve around technical presentations/demonstrations on topics from the world of Information Security. These presentations are expected to be of 40 minutes each. The schedule time for each presenter would be 50 minutes out of which 40 minutes are for the presentation & 10 for the question-answer sessions.

ClubHack is inviting submissions on technical topics or demonstrations that can be included in the conference. This is a list of suggested topics:

# Protocol / Application based vulnerability in networks and computers
# Firewall Evasion techniques
# Intrusion detection/prevention
# SPAM fighting
# Data Recovery and Incident Response
# Mobile Security (cellular technologies)
# Virus and Worms
# WLAN and Bluetooth Security
# Analysis of malicious code
# Cryptography and Cryptanalysis
# Computer forensics
# File system security
# Secure coding & code analysis
# Hardware modification
# Patch writing for vulnerabilities
# Open source hacking toolkit
# Cyber Crime & law

This is more of an indicative list, the papers submission can be on other topics also but have to be close to this & the theme of the event.

Important Dates
CFP Open: 15th August 2009
CFP Close: 15th October 2009

How to submit
Click Here

For more information about ClubHack see the PuneTech wiki page for ClubHack.

Reblog this post [with Zemanta]

“wh[0x01] WildHack Contest” for articles/video/code related to cyber security by null.co.in

null-logoNull.co.in, Pune’s network security community for hackers, security professionals, security enthusiasts, and in fact anyone related to IT for whom security matters (ahem: if you are in IT, and security does not matter to you, you should really not be in IT, should you?) is holding a month long contest for the best security related content. Content means anything that you can produce: article, blog post, whitepaper, advisory, disclosure, tutorial, video/audio, source code, tool, proof-of-concept. Pretty much anything that you created on your own, and relates to cyber security, and would be educational for other people to see/read/consume.

The contest runs from 15th June to 15th July, and winners get cool “????” T-shirts (there will be at least 10 winners). It’s OK to submit content that you’ve previously published elsewhere (e.g. bugtraq, or your blog), but it must be your original content. So get cracking (or is it “hacking”) and email your submission to submit _at_ null.co.in

Contest Details

1. The contest starts on 15th June 2009 and ends on 15th July 2009. Winners will be announced on the null mailing list on 20th July 2009.
2. The submissions can be anything related to security/hacking.

3. Submission Categories expected(but not limited to):

  • – L2-L4 security/hacking.
  • Web 2.0 vulnerabilites and countermeasures.
  • .NET Malware/security.
  • – Code injection (Binary/XSS/SQL/Command etc).
  • – Spam mitigation and antispam evasion techniques.
  • – Malware detection and antimalware evasion techniques.
  • – Protocol vulnerabilities.
  • – Voip.
  • – Mobile networks GSM/CDMA/3G.
  • – Wireless.
  • – Cryptography.
  • – OS/Kernel and Virtualization security/hacking.
  • Bluetooth.
  • – Hardware based security/hacking.
  • – Cyber Forensics.
  • – Cyber Warfare.
  • – Social Engineering.

4. Research work in Progress will also be accepted.
5. The submissions can be in the form of:

  • White papers.
  • – Advisories/Disclosures.
  • – Best Practices.
  • – Video/Audio Demos.
  • – Tutorials.
  • – Hacks, tricks & tweaks.
  • – PoCs.
  • – Source code/Tools.

6. The submission should be original work of the author/submitter.
7. Your submissions* should be emailed to (submit _at_ null.co.in).
8. It is ok to submit your work already published on the net like advisories already posted on FD/Bugtraq, paper presented at a conference etc.
9. Submissions will be judged by core group members of null. Criteria for judgement:

  • – More technical the submission, more chances it has for winning.
  • – Innovation/Some thing new and never heard of before.
  • – Age of the work. Newer work will get more preference.

10. NULL will be giving away atleast 10 T-shirts.
11. For any further queries/details please write to (dhiraj _at_ null.co.in).

*Disclaimer: By submitting your work to null you are giving null the right to publish and redistrubute it in any form.

See the contest website for more details.

Reblog this post [with Zemanta]

PMI Monthly Meet: “Overview of Banking & Financial Domain” & “Importance of Security in Global Delivery Projects”

PMI Pune LogoWhat: Monthly meeting of PMI Pune, featuring two talks: one on the importance of security in global delivery projects, and another an introduction to Banking and Financial Domain
When: Saturday, 9 May, 10am to 12:30pm
Where: Pune Shramik Patrakar Sangh, Cummins Auditorium, 193 Navi Peth, Ganjwe Chowk, Near Alka Talkies, Garware bridge
Registration and Fees: This talk is free for all to attend. No registration required

Session 1: Importance of Security in Global Delivery Project by Nina Godbole

The session will bring out the key role of information security in global delivery project. Data privacy is another aspect which will get discussed. Both these areas will be covered from organizational, project management and technical perspective.

Session 1: About the Speaker Nina Godbole

Nina Godbole, a postgraduate from IIT, Mumbai with MS in computer science from California, has more than 12 years experience in the area of ERP, Quality audits, Information security and data privacy in various capacities. She is a member of professional bodies like SPIN, PMA, CSI, ISACA and has several certifications to her credit. She has authored book on “Information Security Management” for Wiley India and on Quality Assurance. She was also one of the contributing team member for Maharashtra Government’s unique agro-IT project on IT-Enablement. She also carries with her rich experience of working in various countries. She has published several papers & participated in presentations. She was appointed by University of western Sydney as co-supervisor to guide a Ph.D. candidate in the areas of Software Testing.

Session 2: Overview of Banking & Financial domain by Amrish Sharma and Abhijit Bhate

Amrish Sharma, PMP has over 18 years of experience in various sectors with extensive exposure in Business and technology. He has played significant roles in Program Management, Project management, Account management, Business analysis (process mapping and process re-engineering), designing of architecture for various Microsoft based solutions, requirement analysis and design, proposal management and estimations. In his current role of Senior Project Manager in Cognizant Technology Solutions, he is managing complex application development project for a Bank in Europe. In the past he managed Consumer lending portfolio as an independent delivery unit with 400+ people spread across California in USA and three locations in India. In IBM Global Services as Program Manager, he was responsible for overall account management for multiple accounts in Energy and Utility sector.

Abhijit Bhate, BE (E & TC) from University of Pune with a PGDBA from University of Massachusetts has more than 11 years of experience in BFS. He has worked with Global banks such as CitiGroup and with Morgan Stanley. At Citigroup he has worked on the online banking implementations and was instrumental in delivering the global framework for their FX options platform. At Morgan Stanley he has worked on their trading systems for listed and OTC products. He has also worked with Arthur Andersen in their BFS consulting practice advising some of the largest banks on their IT strategy. He has extensive experience in investment banking with a good exposure to retail banking. Currently he works with Cognizant Business Consulting – BFS as a Senior Manager providing consultancy to Cognizant BFS clients and specializes in Investment Banking and Brokerage.

Together they will be covering BFS overview, basic concepts, Service offerings, best practices and challenges faced.

Reblog this post [with Zemanta]

India/China better markets today for tech startups – Ajit Shelat, SVP, Nevis Networks

Ajit Shelat Nevis Networks
Ajit Shelat, Senior Vice President of Engineering, Nevis Networks

Nevis Networks, a mostly-Pune-based-company (with “official” headquarters in the US, and an additional center in China), builds network switches and other network hardware that allows a company to secure it’s internal network from attacks and to enforce identity-based security policies. The company’s LANenforcer product family transparently protects the network from external malicious attacks, and also allows restricting access to different network resources based on users’ identities according to policies set by the system administrators. This can be customized to ensure different levels of access to different classes of users, employees, contractors, guests and other third parties. In addition, the product allows detailed reporting, auditing, employee activity reports that make it possible to analyze security breaches in very granular detail. And because it is hardware based, all of this is delivered in realtime with very low latency.

Nevis Networks’ customers range from financial services, healthcare, education and defense contractors and they deploy Nevis LANenforcers to protect sensitive network resources and assets, with an intention of reducing the overall costs and time to resolve security breaches and conduct network audits. The company is headquartered in Mountain View, CA, with additional R&D centers in Pune, India and Beijing, China.

The ongoing recession has hit Nevis Networks hard, and it downsized a very large fraction of its workforce late last year. On top of that, on Monday, in a report title “LSI Acquires Manpower Team of Navis Networking”, CXOToday implied that the company (which they alternately identified as Navis Networks or Nevis Networks in the article) had shutdown and the team taken over by LSI. Specifically, this is what CXOToday said:

With recession being an opportunity to invest for big MNCs, LSI Technologies, a provider of innovative silicon, systems and software technologies has acquired the team of Navis Networking based at Pune. With the R&D unit based out of Mountain View, California shutting down, LSI has acquired the manpower of the captive R&D centre in India.

After hearing from PuneTech readers that this report is misleading, we caught up with Ajit Shelat, Senior Vice President of Engineering for Nevis Networks, to learn that the reports of Nevis’ demise have been greatly exaggerated. Here is a quick report of the conversation we had with Ajit:

On the news that LSI has “acquired” the “manpower” of Nevis but not the company.

The report by CXOToday is misleading. What actually happened is much simpler. Due to the economic downturn last year, Nevis Networks was looking to downsize some of its workforce. A friendly interaction between the respective managements of Nevis and LSI led to movement of some of Nevis manpower to LSI. This was a simple case of Nevis ex-employees being hired by LSI en masse. It does not represent any sort of acquisition or even agreement between Nevis and LSI. And these are certainly not the entire team of Nevis Networks India, as implied by the CXOToday article.

In any case, Nevis networks is not shutting down. It continues to execute on a with strategy and focus.

On the current status of Nevis Networks

Nevis networks core team is still there and it is going strong. In fact, the last quarter was quite good and has been the best quarter for Nevis since the inception of the company.

What has happened is that due to the downturn, Nevis shifted its focus away from the US market to the India and China markets, reduced its workforce in the US and in India, and this new strategy appears to be working for them.

On the surprising fact that India/China are better markets than the US market

Since Nevis Networks is selling cutting edge technology, one would have expected US to be the logical market for these products. However, people really underestimate the extent of the effect the economic recession is having on the market there. While the markets really melted around September 2008, the signs have been obvious for at least an year before that, and starting Nov/Dec 2007, Nevis had started planning its strategy of shifting focus away from the US market to the India/China markets.

In tune with their new strategy, Nevis substantially reduced its India workforce. They continue to support existing customers in the US, but new customers are coming mainly from India – which is apparently not affected by the recession as much. In general, it is easier for a company with mainly Indian promoters to sell in India than in other countries.

China is another country where sales are expected to grow – Nevis is in the process of stengthening its sales presence in China. The Chinese market, having a significantly different character, takes a longer ramp up time to achieve its full potential – though a very good start has been made in terms of immediate sales. Like other markets, achieving full potential is really a function of getting the right people on the ground, and building the right relationships and customer confidence. All this effort is justified by the fact that the Chinese market has the potential to scale up dramatically.

More about Nevis Networks

Nevis Networks was founded in 2002 with the intention of building a network security solution with high speed and low latency, using its proprietary ASIC-based technology. As of last year, Nevis had raised a total of US$40 million in three rounds of funding from premier venture capital firms New Enterprise Associates, BlueRun Ventures (formerly Nokia Venture Partners) and New Path Ventures LLC. We are told that their funding situation has recently changed and an announcement to this effect is expected in the next couple of weeks.

Reblog this post [with Zemanta]

Microsoft Community Days: “Safeguarding your Applications” – 28 Feb

Pune (Microsoft Technologies) User GroupWhat: A half-day event by the Pune (Microsoft Technologies) User Group (PUG) on security issues in safeguarding your applications
When: Saturday, 28th February, 9:45am-3:30pm
Where: Kalpa Banquet and Party Hall, E-101, Kumar Business Court, near SKC Mall, Mukundnagar, Pune
Registration and Fees: This event is free for all. Register here.

Details – Safeguarding your applications

Information security
Image via Wikipedia

Fundamentals of Security: 40 Minutes
Common attack patterns, data classification, and security data in storage/in transit

Authentication: 40 Minutes
HTTP Basic/Digest/Kerberos, forms authentication, and .NET framework identities and principles

Authorization: 40 minutes
Common authorization techniques, principles of least privilege net role based security, and code access security

Input Handling: 120 Minutes
Cross-site scripting (XSS), persistent XSS, non-persistent XSS, SQL injection, one-click attacks, XML and XPATH injection, canonicalization issues, file upload/creation, and exception management

Logging & Auditing: 20 minutes

Q&A: 30 Minutes

About the Speaker – Sachin Rawat

Sachin Rawat is the co-founder of Crypsis, which offers consulting and training in the field of Information Security, Hi-Performance Computing (CUDA) and Software Development. Crypsis has offerings built around Microsoft’s Security Development Lifecycle which includes Threat Modeling, Design Review, Code Review, Deployment Review and Pen-testing. Crypsis offers Vulnerability Assessment and Security Audit Services for the IT infrastructure of organizations and is developing a product addressing visual media piracy detection.

Sachin has earlier worked as a Security Engineer with the Microsoft ACE
Team, where he worked on application security assessment for LOB applications.

He holds a B.Tech. (CSE) from IIIT-Hyderabad and has cleared ISC2’s CISSP certification exam. He was the only student among the top 10 winners of Security Shootout Competition organized by Microsoft, which had over 30,000 participants across India.

About Pune (Microsoft Technologies) User Group

”’Pune User Group”’ is a local user group of developers interested in Microsoft technologies and platforms. It has an informational portal with very active forums, it holds monthly user group meetings, an annual developers conference, and it also has a number of special interest groups.

For more details see the PuneTech wiki profile of PUG.

For other tech events coming up in Pune, see the PuneTech calendar. See also other PuneTech articles tagged: PUG, and Microsoft.

Reblog this post [with Zemanta]

CSI Pune Lecture: Security Testing Using Models – 16 Jan 6:30pm

csipune_logo

What: CSI Pune Lecture on Security Testing Using Models with Prof. Padmanabhan Krishnan, Bond University, Australia.
When: Friday, 16th Jan, 6:30pm-8:30pm
Where: Dewang Mehta Auditorium, Persistent, S.B. Road
Registration and Fees: Free for CSI/ISACA members; Rs. 50 for students & Persistent employees; others Rs. 100. Register at http://csi-pune.org

Details:
In this, we present a framework based on model based testing for security vulnerabilities testing. Security vulnerabilities are not only related to security functionalities at the application level but are sensitive to implementation details. Thus traditional model based approaches which remove implementation details are by themselves inadequate for testing security vulnerabilities. We demonstrate a framework that retains the advantages of model based testing that exposes only the necessary details relevant for vulnerability testing.

Our framework has three sub-models: a model or specification of the key aspects of the application, a model about the relevant aspects of the implementation and a model of the attacker. These three models are them combined to generate test cases. The same approach can also be used to test if a system meets a privacy policy.

Who Should Attend: Professionals interested in Test Automation and students.

About the Speaker – Padmanabhan Krishnan

Prof. Krishnan is a Professor at the Centre for Software Assurance, School of IT, Bond University, Australia. He also holds a research associate position at the United Nations University, International Institute for Software Technology. He got his BTech from IIT-Kanpur and MS and PhD from the University of Michigan, Ann Arbor. His interests are in model based testing, verification techniques and practical formal methods for software assurance. He has held positions in the USA, Denmark, New Zealand, Germany and Australia.

Update: The slides of the talk are now available. Click here if you can not see the slides below.

Security Testing Using Models

View SlideShare presentation or Upload your own. (tags: security bond)

Related Articles

Seminar on Understanding Wi-Fi Cyber attacks

AirTight Logo

What: Free Seminar on Wi-Fi security and understanding wi-fi cyber attacks conducted by AirTight Networks and MCCI
When: Tuesday, Jan 13, 6pm-8:30pm
Where: Hall No. 6 & 7, B Wing, 5th Floor MCCIA Trade Tower, ICC Complex Senapati Bapat Road
Registration and Fees: This seminar is free for all. Register at: http://www.airtightnetworks.com/seminar/mccia.

Details:
WiFi is fast becoming popular in India – among home users, business travelers, and corporates. While WiFi provides the benefits of wireless and mobile access, unsecured WiFi provides an easy target for hit-and-run style attacks allowing hackers to cause severe damage while remaining invisible and undetected. The crimes range from cyber extortion, downloading illegal content, to theft of credit card numbers and other private corporate information. Most importantly, the recent incidents of cyber terrorism in India showed that an unsecured WiFi connection poses danger to national security.

WiFi cyber-attacks can be used to hack into your network to steal confidential data, steal usernames and passwords, steal user identities or to plan terror attacks. Your WiFi network can become a huge liability if not secured properly.

To create public awareness, MCCIA in association with AirTight Networks Pvt. Ltd., the global leader in wireless security, is conducting a free introductory seminar titled “Understanding WiFi Cyber-attacks”.

This seminar will be followed by a panel discussion titled “Legal and Financial Exposure from WiFi Cyber-attacks”. Panel members include top experts such as Deepak Shikarpur, Chairman, IT Committee, MCCIA, Vaishali Bhagwat, Top Cyber-crime Lawyer and Pravin Bhagwat, Wireless Networking Pioneer.

This seminar is free for all. Register at: http://www.airtightnetworks.com/seminar/mccia

Reblog this post [with Zemanta]

NULL.co.in Monthly Meeting on Computer Security: Saturday Jan 10

What: Monthly meeting on Network Security by security awareness group “Null
When: Saturday, 10st January, 6pm
Where: IMED, More Vidyalaya, Paud Road, Pune
Registration and Fees: This event is free for all. No registration required.

Details:
Agenda of the meet:
1. Discuss the AntiPhishing Project.
2. Discuss the Clubhack IAS project.
3. Presentation on Stack Smashing/Shellcoding.
4. Planning for our next Event.
5. What to and how to of our meets.

For the other 4 tech events happening this weekend, check the PuneTech calendar.

Reblog this post [with Zemanta]

PUG Community Day: NAP with Windows Server 2008

What: Pune (Microsoft Technologies) User Group Community Day featuring a presentation on NAP with Windows Server 2008
When: Saturday 10 January, 6pm onwards
Where: SEED Infotech Ltd., Nalanda, S No – 39, Hissa No – 2/2, CTS 943, Opp Gandhi Lawns, Erandwana, Pune 411 004,
Registration and Fees: This event is free for all. No registration required.

(For a list of “competing” tech activities in Pune this weekend, see the PuneTech calendar)

About the speaker – Abhishek Pradhan

Abhishek is in Information Security (SIR Specialist). He is currenly working with Symantec India, and has around 5 yrs of expertise on various Server Technologies and on Microsoft domain.

Reblog this post [with Zemanta]

A perspective on The Indian Information Technology (Amendment) Bill, 2006

Government of India - Lion Capital of IndiaOne of our favorite Pune Bloggers, Dhananjay Nene, has written a blog post analysing the the Information Technology (Amendment) Bill, 2006, that was passed by the Indian Parliament last month. He has described the important points of the bill like:

  • Wireless networks are now added to the defintion of computer networks
  • The “hacking a computer system” offense is expanded to include sending and forwarding of material that is offensive, intimidating, etc.
  • Definition of pornography is slightly expanded. (And transmission and publication is an offense, but as far as Dhananjay can make out, consumption of pornography is not an offense.)

But Dhananjay’s main reason for writing the post is the fact that this law is being widely misconstrued and/or misunderstood, and he wants to provide a contrarian view. He points out:

I wasn’t quite sure how to react to blog posts like “India Sleepwalks To Total Surveillance“. However I really can’t respect the way the bill has been represented. Some of the bold statements in the post say, “Thou shall not author a joke. Not even forward one”, “Thou shall not surf Bollywood news” and ” Thou shall not watch porn”. I really could not find any evidence to support such views whatsoever. The sad part is that such posts get picked up in articles like Blogger Writes from Inside the Newest Police State on the Planet, discussions such as slashdot – India Sleepwalks Into a Surveillance Society and tweets such as these. I have spent about 6 years in US, and the remainder in India. I have always been very happy with the freedoms I have received in India, even though I do know that very unfortunately a small proportion of the population does get victimised or harassed due to the stringent laws from time to time. I won’t be surprised if a substantial proportion of Indian Citizens actually support the clauses against pornography. And finally the draft bill has been under discussion since 2006 so I couldn’t understand how the world’s largest democracy sleepwalked into something (though I am certain this and another bill got completely fast tracked after the Mumbai Terrorist Attacks). The fact of the matter is that this has always been a state of stringent laws, with laws which don’t always agree fully with the western world. I think we should rate our laws based on our aspirations and desires. While I shudder at the privileges the government has in terms of eavesdropping, I am quite ambivalent on the strictures against pornography and greatly welcome the enhancements related to electronic signatures and increased accountability in terms of online communication and network security maintenance. Its really a mixed bag in my opinion. If at all India is to be considered a police state as in some opinions, in my opinion it is certainly not because of this bill.

Read his whole article to understand this important development in detail.

Reblog this post [with Zemanta]