Opportunities to Present at OWASP AppSec Europe, by AppSec EU 2016

AppSec Europe seeks to bring together developers and security professionals at all points in their careers to be the thriving global community that drives visibility and evolution in the safety and security of the world’s software. We understand that robust security requires diversity of thought and practitioners. We also know that a conference that meets the needs of our community must provide a buffet of learning and teaching experiences. We are currently seeking submissions for the following in conference events:

How to create basic Snort IDS rules, by Mattia Campagnano

This post follows up to Install Snort in Kali Linux, the easy way.

I am going to create some basic rules to use Snort as an IDS.

The first thing to do is defining what Snort has to protect as the Home network.

You need to edit its configuration file (/etc/snort/snort.conf) as follows:

Why Is It Important to Automate Compliance Activities?, by Dave Millier, CRISC

Compliance is an essential part of any company’s information security strategies. It governs businesses’ best practices and ensures that they keep their customers’ information safe. Hackers and other cyber criminals only need to exploit one weak point to take down an entire system, so ensuring Network Security is essential to any organization that handles valuable data.

Guessing full VISA card details in seconds is doable if you guess across 1000 sites, by NewsWatcher

Researchers have now shown an a practical attack that they can guess a VISA card's card number‍, expiry date‍ and CVV code‍ in less than 6 seconds by guessing distributedly across around 1000 sites.

The attack requires a name of a VISA card holder - which you can acquire rather easily in the millions on the Internet or the dark web, and then the rest of the details are guessable by applying the distributed method of trying to confirm the varying details on different sites - sites will reply back when you get it right.

Can hackers be emotionally resilient? by Violet Blue

When I gave a talk at CCC about harm reduction for hackers, I included information from the only study on hackers and Aspergers that has ever been performed. The report is fascinating and I highly recommend giving it a read. What it found was surprising: Contrary to popular perceptions of hackers as unfeeling, detached, un-empathetic (Aspie or on the autism spectrum), it turns out that the hacker character is the opposite of the overly-analytical Sherlock who can't have relationships or friendships.

The Irish PM, Cabinet Ministers & Head of Police Force use Gmail for Official Business, by Graham Penrose

The leader of the country whose government presides over the data protection compliance of a host of global social media sites uses Gmail for government business.

Let’s just think about that for a second. The guy uses a service who in a2013 filing, while defending a data-mining lawsuit, said that people have “no legitimate expectation of Privacy in information” voluntarily turned over to third parties.

State-owned Russian Bank VTB Says Sites Hit by Cyberattack

State-controlled Russian bank VTB said Monday that its websites had been hit by a cyberattack but insisted its systems were still working "as normal".
"A DDoS (distributed denial of service) attack was carried out against VTB Group internet sites," Russia's second largest bank said in a statement carried by Russian news agencies.
read more