An experimental method for two-factor authentication to websites employs mobile phones in a new way to ensure that users’ online accounts don’t get hijacked.
Called password less authentication (PLA), the scheme gathers authentication data over the Internet as well as carrier cellular networks and ties them together to positively identify the person trying to log in to an account, according to the author of PAL, Srikar Sagi, a security researcher.
PLA gets around some shortcomings of other scenarios in which cellphones are used in two-factor authentication. Some of these other methods have secure websites send SMS messages containing one-time passwords to cellphones for users to copy into the authentication page for the site they are logging into. Read more…
In the rush to create mobile apps that work across the leading smartphones and tablets, many developers have leaned heavily on web development tools and use embedded browsers as part of their packaged applications. But security researchers have shown that relying on browser technology in mobile apps—and even some desktop apps—can result in hidden vulnerabilities in those applications that can give an attacker access to local data and device features through cross-site scripting.
As mobile and wireless devices and technology slowly become ubiquitous to our daily lives, their security is an area we cannot afford to ignore. TakeDownCon Las Vegas will be the platform where critical issues surrounding mobile and wireless security, are discussed and debated.
December 1, 2011 – Top ethical hackers from across the US will unveil the latest threats to mobile devices at next week’s TakeDownCon security conference in Las Vegas. TakeDownCon is the highly technical IT Security conference series designed by EC-Council that first launched this May in Dallas.
“The focus of TakeDownCon Las Vegas is on mobile and wireless security and we have assembled an all-star cast of leading cybersecurity minds who will be presenting cutting-edge vulnerabilities from mobile cross-site scripting to smartphone botnets, mobile application exploits and Android viruses,” said Leonard Chin, Conference Director for TakeDownCon. “Mobile devices pose one of the most significant and growing threats to corporate IT security and our speakers will be addressing a number of critical security management issues that are highly relevant for today’s businesses.” Read more…
Today’s cyber threats are not limited to a specific industry or country, but are infiltrating industries across the world on a grand scale. Leaders of information security must come together and set a course to discover ways to overcome these challenges.
November 30, 2011 Albuquerque, NM- EC-Council has announced a new Global CISO Executive Summit Series. The CISO Executive Summit 2011 is 1st of the series and will be held from December 5-6, 2011 at The M Resort in Las Vegas, NV. The mission of the CISO Executive Summit is to unite the top information security leaders across the world in the fight against cyber crime and information security threats.
Jay Bavisi, President of EC-Council, states the reason behind the Global CISO Executive Summit Series is that, “Knowledge transfer and exchange has always been a challenge for organizations. Our intent for this exclusive and high-level event is distinctly clear- it is to create a platform to facilitate effective knowledge exchange, where the information security threats and landscape evolution are being discussed and debated.”
The need for a platform designed specifically for top information security executives to gather and share information has never been more needed as industry professionals have called 2011 the “Year of Security Breaches.” According to Shawn Davis, FBI Executive Assistant Director, a company that recently became a victim of a security breach lost over $1 billion and 10 years worth of research and development virtually overnight. The surge in security breaches has heightened awareness across industries and lead to increased involvement of information security executive management. EC-Council’s Global CISO Executive Summit Series will connect top industry professionals across the world and create an arena for knowledge sharing and discussion.
EC-Council has designed the CISO Executive Summit 2011 as a panel-based event to encourage dialogue of the industry’s most recent topics, trends, and best practices. The event will feature over 40 prominent speakers from the private, public, and government sectors. To view a complete list of speakers, please visit http://www.eccouncil.org/cisosummit. Due to the nature of the discussions that will take place; this will be a closed-door event open only to senior information security executives (C-levels, VPs, Senior Directors, etc.).
The CISO Executive Summit will provide a platform for:
Knowledge Sharing: Sharing best practices and knowledge to overcome the challenges that the industry presents today so that leaders are prepared to defend tomorrow.
Networking: Networking with the industry’s leading security professionals and developing the support that will help design, develop and manage the most effective information security strategy for organizations.
Shaping the Future: Sharing knowledge and experience with colleagues to develop a global Summit format with a focus on international information security concerns.
The EC-Council CISO Executive Summit will be a forum to explore IT Security, privacy and risk and compliance issues such as:
For more information or to register, visit http://www.eccouncil.org/cisosummit.
Marissa Easter – Marketing Communications Specialist (marissa. firstname.lastname@example.org)
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), as well as many other programs that are offered in over 60 countries through a global training network of more than 450 training partners. For more information, visit http://www.eccouncil.org
|Summit will be a forum to exploreIT security, privacy|
As mobile and wireless devices and technology slowly become ubiquitous to our daily lives, its security is an area we cannot afford to ignore. TakeDownCon Las Vegas will be the platform where critical issues surrounding mobile and wireless security, are discussed and debated.
To be held at the magnificent M Resort Spa Casino from December 2 – 7, TakeDownCon Las Vegas will focus purely on mobile and wireless security. This highly technical conference will feature cutting edge presentations and demonstrations revolving around mobile and wireless security, from leading information security professionals and subject matter experts.
“The world is witnessing the evolution of mobile and wireless devices turning into a general-purpose computing platform. These devices and technology has become ubiquitous to our daily lives,” said Jay Bavisi, president of EC-Council. He adds, “As mobile devices grow in popularity, it has become more prominent targets for criminals. We hope to create a platform where critical issues surrounding the integrity of mobile and wireless security are discussed and debated.”
The world’s first ethical hacking championship ever organize in the country is supported by CyberSecurity Malaysia and its CEO, Lt Col (R) Prof Dato’ Husin Jazri, is also appointed as the Chairman of the Technical Advisory Board for the Asia Pacific Championships. The mission behind the Global CyberLympics (http://cyberlympics.org), is to foster better cooperation and communication on cybersecurity issues among countries
Kuala Lumpur, Malaysia – CyberSecurity Malaysia, the national cyber security specialist center, and an agency under the Ministry of Science, Technology and Innovation (MOSTI) Malaysia, is supporting the Global CyberLympics, a new initiative by the EC-Council to foster stronger international cooperation on information security issues and to improve cybersecurity training and awareness in developing nations and third world countries.
Created by EC-Council, the Global CyberLympics is a series of ethical hacking games comprised of both offensive and defensive security challenges that will take place starting from September across six continents. Teams will vie for regional championships, followed by a global championship round to determine the world’s best cybersecurity team. EC-Council is sponsoring over $400,000 worth of prizes at the CyberLympics.
“We support the mission of Global CyberLympics in fostering a greater sense of partnership and cooperation between countries on issues pertaining to cybersecurity,” said Lt Col (R) Prof Dato’ Husin Bin Jazri, CEO of CyberSecurity Malaysia. “By sharing knowledge, training and resources, we can help to improve the level of cybersecurity among individuals, organizations and companies around the world.”
“Our purpose with the Global CyberLympics initiative is to help establish true cybersecurity partnerships across borders,” said Jay Bavisi, Chairman of the Global CyberLympics Organizing Committee and president of EC-Council. “We are very proud and honored for this initiative to be supported by key players in the information security community, including CyberSecurity Malaysia, as well as some of the most reputable events such as GITEX, one of the third largest IT tradeshow globally, and Hacktivity, the largest IT security conference in central and eastern Europe.”
He adds, “We are also pleased that the CEO of CyberSecurity Malaysia has accepted the appointment as Chair of the Technical Advisory Board for the Asia Pacific Championships. This role will be instrumental in charting the technical directions of the Games for the Asia Pacific region.”
The EC-Council’s mission with the Global CyberLympics is to unify global cyber defense through the games, along with the following objectives:
The upcoming Asia Pacific Regional championships will be held at Hacker Halted Asia Pacific, hosted in Kuala Lumpur from Nov 15-17.
For media and partnership enquiries, please contact: Leonard Chin, Vice Chair, Global CyberLympics Organizing Committee: leonard [at] cyberlympics.org.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) certification. EC-Council has trained over 90,000 security professionals and certified more than 45,000 members.
EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at www.eccouncil.org.
ABOUT CYBERSECURITY MALAYSIA:
CyberSecurity Malaysia is the national cyber security specialist centre. The Government has gazetted the role of CyberSecurity Malaysia as an agency under the Ministry of Science, Technology and Innovation (MOSTI) that provides ICT security specialist services and continuously monitors threats to national security.
Among the services by CyberSecurity Malaysia:
More information at www.cybersecurity.my