Past Events |

November 1, 2012

| by

Registrations opened for ClubHack 2012

Carrying reputation of being India’s first and hacking & network security event, Team ClubHack proudly bringing the 6th edition of ClubHack Hacking and Security Conference with more exciting activities. Registrations for technical briefings, hacknight & workshops have been opened on 1st November 2012 & also announced the early bird discount for registrations upto November 8th, 2012. ClubHack 2012 will be featuring secure development thought 12 technical briefings & 5 workshops. Event will start from November 30th till December 3rd, 2012.

Click here to get registration details http://www.clubhack.com/2012/registrations/

News, Past Events |

June 30, 2012

| by

ClubHack2012

Visit http://clubhack.com/2012 for more details

ClubHack 2012

ClubHack 2012 onwards, we will concentrate our energies in empowering innovation & leadership development. Having loved
our domain so much, we’d continue to do this in the domain of information security only. And that coins our new motto
line
““Empowering Innovation & Leadership in Information Security””

News |

November 10, 2011

| by

National Security Database

ClubHack is part of the National Security Database which is being launched on 26th November, 10am at JW Marriott, Mumbai.
 
Jointly developed by the Government of India and ISAC, a non-profit scientific foundation, the National Security Database (NSD) was conceived after the horrific 2008 Mumbai attacks as a proactive action to Identify the most credible and valuable Information Security professionals in India who work to protect the National Critical Infrastructure and cyber space of the country.
The keynote for NSD will be tentatively addressed by Shri. Sachin Pilot, Hon.Minister of State in the Ministry of Communications and Information Technology. The Inaugural note will be addressed by Shri. Alok Vijayant, Director, NTRO (National Technical Research Organization), Government of India. The NTRO is India’s sole Technical Intelligence (TECHINT) agency. The organization develops technology capabilities in data gathering and processing, cyber security, cryptology systems, strategic hardware and software development and strategic monitoring.
WHAT IS NSD?

National Security Database is a verified list of credible and trustworthy Information security experts who work to protect the National Critical Infrastructure and cyber space of the country. The database also acts as a security clearance credit for accessing and operating on information for higher positions in the industry.A non-profit project of ISAC, supported by the Government of India, NSD empaneling for an Information Security Professional not only helps in gaining higher credibility but also makes it easier to both the Industry and the Government to identify professionals who can be trusted with protecting sensitive data.

Checkout http://nsd.org.in for more details
Enhanced by Zemanta
Event, Past Events |

October 13, 2011

| by

ClubHack2011

Waking up from the hangover of Bruce Schneier, team ClubHack is ready to rock the security world again

 

Visit http://clubhack.com/2011 for more details

In this 5th edition of ClubHack, we have Richard Stiennon as our invited guest & keynote speaker

Richard Stiennon @ ClubHack

 

Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He is the author of Surviving Cyberwar (Government Institutes, 2010) and is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was Chief Marketing Officer for Fortinet, Inc. the leading UTM vendor. Prior to that he was VP Threat Research at Webroot Software.

 

 

 

Attacks, News |

October 2, 2011

| by

Hacks in last few days

It seems that hacking activity is on continuous rise. It appears that the guys in the wild do not take any break or rather there is no specific season for hacking; its 24×7 on all 365 days…..

Amongst others, following are some of the recent hacking activities:

  • Harvard University website hacked by Syria protesters
  • 75 Indian Govt and University Sites hacked including Patiala Police
  • The Council on Governmental Ethics Laws (COGEL) hacked and complete database dumped
  • Anonymous Austria post via the official Twitter account about 25,000 records Austrian police officers
  • Mysql.com website hacked
  • USA Today Twitter account hacked
  • 700,000 sites on Inmotion Hosting Server hacked
  • Core Security Technologies website defaced

Phew… there are many more and still counting

 

 

Related articles
Enhanced by Zemanta
Attacks, News |

September 26, 2011

| by

IGI airport shutdown was due to cyber attack

Around 3 months back we heard a news of “technical snag” which caused chaos in T3 of IGI airpot delhi. The internal team was doing invetigation since then and now they have concluded that the “technical snag” was a cyber attack. Its is believed that its was a malicous script sent from remote

As per Indian Express, CBI registering a case under the IT Act in June and started investigation. Investigators of CBI says that “malicious code” was in the form of “attack scripts”, which means a programme was written by an expert to exploit the system’s security weakness.

The check-in counters, transfers counters and boarding gates at the IGI are operated using the Common Use Passengers Processing System (CUPPS), maintained by Aeronautical Radio Incorporated (ARINC). The CUPPS operates on a common software-and-hardware platform that integrates all information such as an airline’s reservation system, the expected time of departure and the capacity at waiting lounges. The problem in CUPPS started at 2.30 am on June 29 due to which check-in counters of all airlines at T3 became non-operational.

“This forced the airlines to opt for manual check-in and as a result passengers had to wait. There are around 172 CUPPS counters and only a third were functioning online,” said an official. The investigation revealed that someone had hacked into the main server of the CUPPS and introduced a virus.

It took nearly 12 hours for the experts — from ARINC, Wipro and DIAL — to restore the system. The CBI was also called in as officials suspected it was a security breach. “We found that there were serious security lapses,” said a CBI official.

 

Enhanced by Zemanta
General, News |

September 22, 2011

| by

Keylogger for Android

Computer scientists from UC Davis university have developed an Android app named TouchLogger that logs keystrokes using a smartphone’s sensors to measure the locations a user taps on the touch screen.

Researchers have demonstrated that it is possible to log individual keystrokes entered on a smartphone’s on-screen keyboard using device’s built-in accelerometer (also known as the gyroscope). The researches were able to correlate the movements of the phone with individual keystrokes on an all-numeric keypad with an accuracy of about 70%. With minor refinements, the researchers believe they can expand the effectiveness of TouchLogger.

Applications like these can be potentially dangerous as an application does not require special privileges to access the device’s accelerometer. Major smartphones, like Apple’s iPhone, RIM‘s Blackberry, etc. give a user the freedom to define special permissions for applications to define their level of access. Usually within these  permissions not much importance is given to those pertaining to the device’s movements.

The developers of TouchLogger created this application for a PoC to be presented at HotSec’11, San Francisco. Presentation video available here (mp4) and the paper can be downloaded from here. A preliminary evaluation of the tool was done using HTC Evo 4G smartphone.

Following table shows the distribution of inference results which are evident for the app being correct 70% of the time.

The scientists noted that the W3C recently published a specification for web applications to access accelerometer and gyroscope sensors using JavaScript. They are in the process of extending their work into a full research project.

A less original, but rather more effective approach is taken by Android malware called GingerMaster. It uses a root exploit called GingerBreak to permanently compromise the smartphone. According to security researcher Xuxian Jiang, GingerMaster is the first piece of malware to deploy a root exploit for Android 2.3.3 “Gingerbread”. It is concealed in repackaged legitimate apps and registers a receiver which will be
notified when the smartphone has finished booting. Once installed, it then launches a background service.

Enhanced by Zemanta
Attacks, News, Vulnerabilities |

September 18, 2011

| by

Oracle released out of cycle patch for Apache “HTTP Killer” bug

Denial of Service Attack

Image by kryptyk via Flickr

Oracle issued an emergency patch to fix a denial of service(DoS) vulnerability in Oracle HTTP server products that are based on the Apache Web server 2.0 and 2.2.

Attack Details
—————–
With this attack any exploiter can remotely send large chunk of data in the header without any authentication or requiring  any username and password. When the server tries to process the data, memory and CPU resources are exhausted, resulting in a DoS attack. This bug is known since long but a  security researcher [kingscope] posted an “Apache Killer” Perl script on Full Disclosure mailing list in August; which made it easier to launch such attacks.

National Vulnerability Database (NVD) has assigned a Common Vulnerability Scoring System (CVSS) score of 7.8 to this vulnerability – Common Vulnerability and Exposures -2011-3192.

Oracle strongly recommended customers to apply Security patch as soon as possible since this patch is released out of the regular quarterly cycle of updates.

General, News |

September 13, 2011

| by

Book Release – BackTrack 5 Wireless Penetration Testing Beginner’s Guide

We are proud to announce the release of the First book by our friend Vivek Ramachandran, founder of http://securitytube.net

The book is titled “BackTrack 5 Wireless Penetration Testing Beginner’s Guide” and is available @ amazon.

The book is written with a lot of care and keeping beginners in mind and the writing style will help anyone to jump start and learn fast on this topic. We all have been loving the videos created by Vivek and we are thankful to him for creating this nice book for all.

Link to book: BackTrack 5 Wireless Penetration Testing Beginner’s Guide

Enjoy

 

UPDATE: India shipping is available from http://www.packtpub.com/backtrack-5-wireless-penetration-testing-beginners-guide/book
UPDATE: BackTrack 5 Wireless Penetration Testing Beginner’s Guide is now available @ Flipkart.com too
 

News |

September 3, 2011

| by

SecurityByte 2011

ClubHack is proud to announce partnership with SecurityByte2011

Securitybyte conference offers an exciting series of events that are highly relevant to today’s information security issues & concerns. Attending this event is one of the most cost-effective and time-efficient ways to stay on top of what’s current, enhance your information security skills and accelerate your success

• Largest Information Security conference in India with 2 days of conference talks & 2 days of hands-on trainings for over 1000 delegates.

• 25 world renowned information security experts & leaders from across the globe to deliver talks & trainings.

• Specialized talks, trainings, boot camps for Security teams, Developers, Architects, DBAs, Network administrators, QA auditors, Government Agencies, Compliance & Risk professionals and leaders.

• Highly discounted training prices from renowned Training providers.