ISSA's Hack Off! event was held at the Singapore History Museum Auditorium. It was very well attended and the audience ranged from CIOs and representatives from various government bodies, to the middle management and the technical staff.
The talk was very well balanced, with the speaker, Pure Hacking CEO Robert MacAdam delivering content ranging from the importance of Penetration Testing to how to select a Penetration Testing company. This catered to the wide ranging audience that included CIOs down to technical department representatives. The introduction to how to select a penetration testing company for individual organizations was also a great eye-opener.
What we really liked in particular, was Rob's reply to a question from the audience, that roughly went like "So whats the best defence for our organization?" Rob's answer in one word - Education. Cerberus Network firmly believes that Education of users is the best way to create a safe computing environment for everyone.
It was a pity though that the much touted "Live Hack" demonstration was only a pre recorded video replay of a classic SQL attack on a badly misconfigured SQL server. It would have been a lot more interesting if the hack was indeed done live.
The material used during the talk can be directly downloaded by from this link http://www.issa.org.sg/papers/20050921_ISSA-HackOff.pdf. The ISSA website contains other relevant information about the talk, as well as information about the ISSA and the events they organize.
On an ending note, one very interesting event did happen at the seminar which set us thinking at Cerberus Network. The organizers asked for business cards to be used in the lucky draw, in which a free iPod Shuffle would be given away. The catch was - you had to write your NRIC (Singapore's equivalent of a Social Security Number) on the back of your card or you would be disqualified. With Singaporeans' NRIC being used in so many situations, would this represent a potential security loophole leading to identity theft and would Singaporeans bite the hook?
We'll tell you more about the NRIC in future updates. Till then.
No comments:
Post a Comment