IISP East Midlands – Cyber Attacks & Live Hacks

September 2013

The evening started with a slight delay while people fought with the local traffic, but the delay enabled delegates to visit the Cryptographic exhibition at De Montfort – an unexpected but excellent opportunity. The meeting proper started with an introduction from Colin Powers handing over to Jay.

Cyber Attacks & Live Hacks

Jay’s presentation explored how the key difference between good and bad guys was motivation, then went on to demonstrate a tool called Easy Creds showing how easy it was to set up a fake wireless access point, and use this to capture username / password and authentication cookies from unsuspecting mobile device users. Jay concluded with a perspective on how to defend systems against the easy-to-deploy threat.

Watch the presentation on YouTube.

A discussion then followed (not on the video), which largely focused on how do we as security professionals, in the light of such easy-to-deploy tools, get the attention of our respective companies, and ultimately boards, to accept the threat is real and investment needs to be in protecting the business from the effects of such threat.

What next for the IISP in the East Midlands

Following the discussion, the evening concluded with me leading a discussion on how to take the IISP East Midlands branch forward. My take away from the discussion was there is a real need and desire for a regular forum in the region, and some excellent ideas of topics were put forward with offers of venues. Encouraged by this we will certainly look to move forward.

Follow @IISPEastMids to keep informed of the plans as they evolve.

Credits

To get to this point with the IISP East Midlands has required the support and encouragement of a lot of people, dating back two years.
The key players have been Clinton Walker who allowed me to use the Talk*infosec event as a launch pad and sounding board. Tim Watson at De Montfort, who acted as the main catalyst – I briefly mentioned the concept to Tim earlier this year, and before I could take a second breath found myself in planning phone conferences with the IISP. Finally Colin Powers and Irene Dovey from Nexor who responded admirably to my call for help with sorting out the details, and I’m pleased to say they have agreed to be at the forefront of driving us forward.

Please keep your feedback coming, via the comments box below, as to what you would like to see from the East Midlands IISP branch, and how we should take it forward.

Author Bio – Colin Robbins

Colin Robbins is Nexor’s Managing Security Consultant. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP) and Security Auditor (Senior CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.

• LinkedIn profile
• View all of Colin's posts