Wednesday, 10 July 2013

Alba13 Securcast episode 1 show notes.

Alba13 Securcast episode 1 show notes.

The first episode of Alba13's podcast featuring Arron Finnon and Gavin Ewan.

In the first part of the show Arron and Gavin discuss how they both ended up in the wrong queue and ended up working in security.

This part of the show was followed by two items of news from within infosec, rough notes for which are shown below.

Ubisoft Database Hacked

Beginning of the month, gaming giant Ubisoft hacked through one of their MANY websites.

Customer data (58 million of them) accessed ranging from name, user name to password.  Apparently credit card data was not accessed (not held by Ubisoft).

Recommendation to change password if it is the same on any other site as well.  Good advice, but how confident are they in their encryption.

This is yet another high profile casualty after Sony in 2011 and Blizzard in 2012.

Also follows on after a Russian piracy group getting hold of Ubisoft's IP and releasing a load of new games to the pirate market months before release.

Advice to companies, test and re-test.  Statement after the event stated that 'credentials were stolen' in order to make this hack successful.  Doesn't suggest a zero day, this is something that could have been averted.  Hack originated in their UPlay service, the same way the IP was leaked, also following on from a vulnerability in the browser extension for UPlay last July.

Britain faces 70 advanced cyber attacks per month

Targeting government and industry networks.

Conservative figure?

Looking to harvest intellectual property.

Britain has been penetrated for a number of years.

Advice to companies

It could happen to you.  Don't think you are too small, or too unimportant to attack, attackers have both a range of skills and a range of motives as well.  Don't be the next victim.

In the last part of the show Gavin asks Arron about the new IDS training course that he has written.

The course will be open to all and will give attendees the chance to benefit from a day's training with Arron, who has a number of years behind him in the IDS field and has gained worldwide respect in the same said field.

The course will be offered twice, once at the weekend and once during the week.

A seat on the course will be priced at just £100.

Further details about either the course, this show, or Alba13 itself can be gained at

info (at) alba13.com

Arron and Gavin can be contacted, respectively, at

arron (at) alba13.com

gavin (at) alba13.com

Download Episode 1 here