Wednesday, 10 July 2013

Alba13 Securcast episode 1 show notes.

Alba13 Securcast episode 1 show notes.

The first episode of Alba13's podcast featuring Arron Finnon and Gavin Ewan.

In the first part of the show Arron and Gavin discuss how they both ended up in the wrong queue and ended up working in security.

This part of the show was followed by two items of news from within infosec, rough notes for which are shown below.

Ubisoft Database Hacked

Beginning of the month, gaming giant Ubisoft hacked through one of their MANY websites.

Customer data (58 million of them) accessed ranging from name, user name to password.  Apparently credit card data was not accessed (not held by Ubisoft).

Recommendation to change password if it is the same on any other site as well.  Good advice, but how confident are they in their encryption.

This is yet another high profile casualty after Sony in 2011 and Blizzard in 2012.

Also follows on after a Russian piracy group getting hold of Ubisoft's IP and releasing a load of new games to the pirate market months before release.

Advice to companies, test and re-test.  Statement after the event stated that 'credentials were stolen' in order to make this hack successful.  Doesn't suggest a zero day, this is something that could have been averted.  Hack originated in their UPlay service, the same way the IP was leaked, also following on from a vulnerability in the browser extension for UPlay last July.

Britain faces 70 advanced cyber attacks per month

Targeting government and industry networks.

Conservative figure?

Looking to harvest intellectual property.

Britain has been penetrated for a number of years.

Advice to companies

It could happen to you.  Don't think you are too small, or too unimportant to attack, attackers have both a range of skills and a range of motives as well.  Don't be the next victim.

In the last part of the show Gavin asks Arron about the new IDS training course that he has written.

The course will be open to all and will give attendees the chance to benefit from a day's training with Arron, who has a number of years behind him in the IDS field and has gained worldwide respect in the same said field.

The course will be offered twice, once at the weekend and once during the week.

A seat on the course will be priced at just £100.

Further details about either the course, this show, or Alba13 itself can be gained at

info (at)

Arron and Gavin can be contacted, respectively, at

arron (at)

gavin (at)

Download Episode 1 here 

Effective IDS/IPS Auditing and Testing Online Training

Hi Guys,

So, some of you that do the social networking thing with me will be aware that we've been considering offering a one day online training course for effectively testing and auditing IDS/IPS. The idea behind the online course is pretty simple; a one day course mixed with both theory and practical; that's aimed at anyone interested in testing IDS/IPS's security posture.

We've decided to offer seats at a £100 a head.  The idea behind that is, we simply didn't want the cost to be a barrier for anyone that is interested.  Personally, I think that's a fair and reasonable price (if the price is still a barrier please have a chat with me and let's see what we can work out).

I intend to offer two dates towards the end of the month (July); one during the weekend (a Saturday(27th) or Sunday(28th)), for those that might have to pay for it themselves or are too busy at work to get the time off; and one during the week (a Monday(29th) or a Tuesday (30th)) for those doing it through their work or are busy on the weekend.  I also intend to give attendees a copy of all the teaching material and the Virtual Machines we'll use as well.

By the end of the day, attendees should have a pretty good idea about what makes a good IDS/IPS test and what makes a bad one; what things to look out for on an assessment of these devices; and what tools are available.  Although this won't be The Open Source Network Intrusion Framework 'OSNIF' training, it will cover the OSNIF top 5 and how to test for them as well as a number of other things.

If any of you are interested then feel free to either hit me up on here (using the contact form on the right hand side), or drop us a message via email (training(at) for more detailed information.



Eventbrite - Effective IDS/IPS Auditing & Testing Online Training