The FORWARD project blog

13-17 September 2010, Heraklion, Crete, Greece

Call for Participation

The European Network and Information Security Agency (ENISA) and the Institute of Computer Science (ICS) of the Foundation for Research and Technology – Hellas (FORTH) invite you to the jointly organised 3rd ENISA-FORTH Summer School on Network and Information Security (NIS’10).

The “Future Internet” promises an exciting new world of services and capabilities: Devices that will  automatically exchange information to facilitate users, services that transparently and seamlessly combine information from different and multiple sources, protocols and systems that are able to handle complex interactions. At the same time, however, concerns about privacy and security increase for individuals, organizations, and the society in general. This gives rise to a number of question such as where should responsibility be placed and how should solutions be enforced and verified in a world of complex infrastructures and services?

Following the success of NIS’08 and NIS’09, the 3rd edition of the Summer School on Network and Information Security (NIS’10) will cover topics that address legal, technical, and policy issues in this emerging world. The Summer School aims to provide a forum for experts in Information Security, policy makers from EU Member States and EU Institutions, decision makers from the industry, as well as members of the research and academic community, for interacting on cuttingedge and interesting topics in NIS.

Keynote Speakers

• Dr. Jorgo Chatzimarkakis, Member of the European Parliament, EU
• Dr. Silvia Adriana Ticau, Member of the European Parliament, EU
• Mr. Mario Campolargo, Director of the Emerging Technologies and Infrastructures, DG INFSO, European Commission, EU
• Mr. Bruce Schneier, Chief Security Technology Officer of BT, UK
• Mr. Mikko Hypponen, Chief Research Officer, F-Secure, FI
• Mr. Peter Hustinx, Supervisor, European Data Protection Supervisor, EU

Steering Committee

• Dr. Udo Helmbrecht, Executive Director of ENISA, EU
• Prof. Constantine Stephanidis, Director of FORTH-ICS, GR, Member of ENISA Management Board

Venue

NIS’10 will take place in Hersonissos, Crete, Greece. Hersonissos is a small town approximately 30km from Heraklion and its airport. For instructions of how to get to the conference venue, please visit the travel information section on the NIS web page. The venue of the Summer School is Aldemar Knossos Royal Village. Aldemar Knossos Royal Village hotel is a magnificent resort located on the north coast of the island of Crete in Hersonissos.

Online resources

• Website
• Full Program
• Committees
• Registration

News link:Click me

Adobe’s popular PDF viewer, Adobe Reader, always attracts large amount of hackers who try to exploit its vulnerabilities. Some reports found that Adobe Reader is at the top list for having the most exploits for web-based attacks. Now, the company wants to “turning to sandboxing technology designed to isolate code from other parts of the computer.” A “protected mode” will be added to the Adobe Reader for Windows which will be enabled by default and release later this year. Because of minor attack against Macintosh system, there is no plan to implement this feature to Mac OS yet.

Several changes will be made due to sandbox mechanism. The PDF processing will be confined, such as executing JavaScript, parsing JPEG image etc. Application running in the Adobe Reader will not be able to communicate with the operating system any more. “This is an additional layer of defense that will help protect users in case they encounter a malicious or corrupted PDF.” said Brad Arkin, the director of product security and privacy of Adobe. The new feature could limit the number of exploits, but not all of them. Some attacks like phishing and weak cryptography still exist.

Some experts believe that Sandbox can not prevent code execution vulnerability, but it makes attacks much hard to success. With Sandbox, the attackers need to find vulnerability in both programs, Reader and Sandbox.

In a paper presented at the Usenix Workshop on Large-Scale Exploits and Emergent Threats researchers devised a way to monitor BitTorrent users. By monitoring the users they accomplished to create a list of ip-addresses of individuals and track the content they are sending and receiving.

In that paper the researchers demonstrated the technique to continuously spy on BitTorrent users for 103 days. They collected 148 million IP addresses and identified 2 billion copies of downloads, many of them copyrighted.

From this research most important is that identified the IP addresses where much of the content originated. This means that the individuals that creating the torrent files are few. Therefore, the question is why the anti-piracy groups try to stop millions of downloaders instead of a few content providers.

Google announced 3 days ago it had accidentally picked up on Wi-Fi data while taking photos for Google Maps’ Street View feature.

It used the cars to capture videos through the panoramic cameras and on the move it caught the SSIDs and MAC addresses that identified networks and devices. It didn’t know that as it was taking pictures, the camera system collected ‘useful’ data from Local WiFi Networks. This information which are collected are used to improve the location based services.

(more…)

A recent security update for McAfee Antivirus made systems reboot abnormally or loose network access for extended periods of time, causing a lot of damage to hospitals, companies and schools that used this particular anti-virus. The bugged update only affected computers running Windows XP Service Pack 3 and caused them running in a reboot loop or loosing network access. The problem was caused by a virus definition file, which misinterpreted a vital system file (svchost.exe) as a virus and quarantined it, causing the system not to work properly and eventually rebooting. McAfee immediately removed the faulty update file from their servers preventing any further impact.

(more…)

After 24 hours of the iPad’s official release, the “usual suspects” already gained root access to iPad.  Jailbreak is a method of hacking an iPhone, iPod, iPad to install non-Apple-approved programs and run system hacks.

(more…)

According to Symantec, China’s hacking scene is growing rapidly, having become second in the world, after the US. Chinese Internet users appear interested in criminal hacking and government spying. “China’s hacking scene is clearly an active one”, “These individuals and groups are known for discovering vulnerabilities, writing exploit code and developing sophisticated hacking techniques” as the report states.

(more…)

Mozilla has released Firefox 3.6.2 almost a week ahead of schedule, after security issues were found in earlier versions. Firefox 3.6.2 was scheduled to launch at 30 of March, but is now available for download. The latest Firefox version fixes a vulnerability that could allow remote code execution attacks. Firefox is the second most popular browser in the web and its usage is between 20% and 32%.

(more…)

Albert Gonzalez is a hacker mastermind who has committed a lot of crimes by stealing credit and debit cards by major US retailers. He has been described as a greed personality motivated by his ego and his thirst for acknowledgment by the public for his computer intrusions. Among his criminal activities he used to exploit a government agency through his cooperation with the U.S. Secret Service providing classified information to his co-conspirators in the credit-card theft cases. (more…)