Warning: Creating default object from empty value in /home/ict-forward/www-apps/wp-svn/wp-includes/ms-load.php on line 138
November « 2009 « The FORWARD project blog

Archive for November, 2009

Call for Papers: EuroSec 2010

Thursday, November 26th, 2009

The next edition of the European Workshop on System Security (EuroSec 2010) will take place on the 13th of April, 2010, in Paris, France. Please find below the call for papers.

About EuroSec

EuroSec is a new workshop associated with the Annual ACM SIGOPS EuroSys conference. The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work.

EuroSec is a new workshop associated with the Annual ACM SIGOPS EuroSys conference. The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work.

Topics of Interest

EuroSec seeks contributions on all aspects of systems security. Topics of interest include (but are not limited to):

  • Operating systems security
  • Web/network/distributed systems security
  • New attacks and evasion techniques
  • Hardware architectures
  • Trusted computing and its applications
  • Identity management, anonymity
  • Small trusted computing bases
  • Mobile systems security
  • Measuring security
  • Malicious code analysis and detection
  • Systems-based forensics
  • Systems work on fighting spam/phishing

(more…)

TLS protocol renegotiation vulnerability

Monday, November 23rd, 2009

A serious flaw in Transport Layer Security (TLS) protocol was recently brought to light via the Internet Engineering Task Force (IETF) mailing list (archive).

TLS is the most common data security protocol on the Internet primarily used to encrypt online HTTP nagotiations, such us online banking and commercial transactions, and to secure online services, such us email and database access. The vulnerability was identified by the researchers at Phonefactor as ‘SSL/TLS Authentication Gap‘. The vulnerability allows an attacker to inject himself, in a number of serious Man-In-The-Middle (MITM) attacks, into the authenticated SSL communication path. This could be done without either parts of the negotiation (client-server) being able to detect the attack.

(more…)

Google Cloud and Botnets’ CnC Channels

Monday, November 23rd, 2009

Arbor Networks recently reported that Google’s AppEngine was tapped to act as the master control channel that feeds commands to large networks of infected computers. More precisely, the custom application was used to feed URLs to the already infected computers so as to download PCClient backdoor from a third-party server. Google shut down the rogue application shortly after being notified of it. (more…)

FORWARD at the ICT Days 2009 in Sofia

Thursday, November 5th, 2009

From 28th to 31st of October 2009 at Inter Expo Center ā€“ Sofia, Bulgaria, the Days of Information and Communication Technologies 2009 were held. The event combined specialised exhibition ICT Expo and an interesting seminar program.
ICT Expo offers a platform for comparing the current industrial trends and product presentations. The aim of ICT Expo is to acquaint visitors with the latest innovations in all fields of information and communication technologies ā€“ server solutions, PC assembly components, personal and mobile computers, peripherals and network solutions, card technology, business process management, learning & knowledge solutions, telecommunication equipment, financial solutions, multimedia products, business management software and information safety, innovations from Bulgarian software developers.
The seminar programme included a forum where the business representatives had the opportunity to get acquainted with the new state administration, to discuss the state of the branch in crisis conditions.

As part of the seminar programme the FP7 EU project FORWARD was presented along with another EU funded project PSIRP. In a half-hour presentation Edita Djambazova from IPP-BAS described FORWARDā€™s goal, objectives, and results. Some of the emerging security threats identified during the project were discussed. The established security community around ICT-FORWARD was outlined as one of its important achievements.