InfoSec 2015, BSides London 2015 and 2600

My first time at InfoSec was something like ten years ago, or more. It was interesting to see how the event has evolved over the years. Once again, it was really exciting to be among so many colleges in information security during InfoSec and Security BSides London. 

As always, I enjoyed my rounds at InfoSec and that I had the chance to chat and catch up with a number of people from the Information Security community and to a number of vendors about their products and their cybersecurity strategies for the next year. 

Understanding the significance of Operations Security (OPSEC) in a fast evolving threat landscape

It is not the first time a military term is being used by the Information Security community in order to describe an Information Assurance process. Operations Security (OPSEC) is a military term referring to the protection of different types of unclassified information which could end up exposing the security of an entity if put together and combined. In other words, in information security OPSEC describes the process by which publicly available information (unclassified) can be used against us if taken advantage by cyber criminals and/or adversaries with malicious intent.

BSides London 2015 - Virtual Terminals, POS Security and Becoming a Billionaire Overnight!

Yes, it is true. The talk was short-listed and it was voted for the BSides London 2015 conference! Thank you all for voting for my talk. 

I am looking forward to fantastic line-up of talks at the conference. As you probably noticed at the schedule page, the session is not to be recorded due to the sensitive content, so please, do respect this request. 

This means that if you want to find out more about the talk, you will have to be there and attend the session. 

Tripwire (@TripwireInc) posted a short article about my forthcoming Security BSides London 2015 talk, which you can find at this link.

 

As far as I know Track 2 is quite big and I really hope there are going to be enough spaces for everyone. For those attending the talk, mark it down on your schedule, tweet about it and follow me @drgfragkos to find out more! :) 

I have only one thing to say to you for now: Great things do come, to those who attend ;)

If you want to tweet about the talk dont forget to use the BSides London 2015 handler: #BSidesLDN2015

Copy-Past Tweet for sharing: 

Virtual Terminals, #POS Security and Becoming a Billionaire Overnight! via @drgfragkos at @BSidesLondon #BSidesLDN2015

I am looking forward to the event, hoping to have a chance to speak to all of you at the conference and potentially share a drink or two. I really appreciate your interest in this field and I can only hope my talk will keep you all excited once more. I really believe that anyone who has the opportunity to be at this conference should not miss the chance. We are all going to be there and if you have like five minutes to spare, come and say hi.

NitlovePOS - POS terminals being targeted through phishing emails

Cyber-criminals and fraudsters have started targeting employees working on Point-of-Sales terminals in order to get their hands on card details. 

There is now evidence that social engineering and spear phishing emails are actively being used and have become the next attack method against employees who have access to payment applications, virtual terminals and electronic cash registries. 

The new malware is named NitlovePOS [Virus Total Detection Rate] and it targets track one and track two data by scanning the processes running. In other words, it is yet another memory-scraping malware that sends the captured data to a remote server over SSL.

Personal Greeting for your mobile phone, using a bash script, Kali Linux and the Raspberry Pi

First of all, this is a quick way for making your Kali Linux speak. I am going to tell about a couple of ways to do text-to-speech on your Linux box. I used this for fun, for having audio alerts embedded to my applications and finally for recording a personal greeting for my phone. 

I started playing with espeak, and experimented with the different voices. The espeak application is fantastic but the different voices/languages it has, are too computerised. They do not sound as natural as you would have expected. However, for some quick tasks like listening to your LAN and/or WAN IP address, it can be useful, and cool.