Infigo IS is participating at the conference as one of the sponsors. Hrvoje Šegudović will give a lecture entitled "Managing information security risks in outsourcing". The lecture will present the most significant risks related to outsourcing, business partners and their employees.

Furthermore, Bojan Ždrnja will give a lecture entitled "Spear phishing - high profile attacks", which will introduce methods and techniques used in spear phishing. As part of the lecture, a live demonstration of a spear phishing attack will be given.

More information about this event can be found at the official Security days 2008 web page.

Ivana Marijanović and Hrvoje Šegudović will give "Security management/Risk management (HNB's Decision on adequate information system management)"seminar. The seminar focuses on establishing and managing an information security management system in accordance with Croatian National Banks (HNB) Decision on adequate information system management. In the practical part of the seminar the attendants will conduct risk assessment and risk management on a given business scenario. The scenario is customized to the financial industry.

Hrvoje Šegudović will give the presentation „Managing the IT risk in the context of outsourcing“.

The 19th Eurosec Forum, European information security conference is taking place in Paris on September the 18th. The conference will cover different information security topics such as management, human resources, technical measures etc.

Infigo IS will be represented by Hrvoje Šegudović, one of Croatian leading information security experts. Hrvoje will give the presentation „Managing the IT risk in the context of outsourcing“.

A well known security researcher, Dan Kaminsky, found a critical vulnerability in DNS. Although Kaminsky decided to publish details about the vulnerability on the upcoming BlackHat conference, other security researchers analyzed published information and managed to reconstruct the vulnerability.

Considering that almost all implementations of DNS are susceptible to the published vulnerability, Kaminsky, with CERT's help, contacted a majority of vendors who released patches for their products.  

As functional exploits for the vulnerability are freely available now, and considering that attacks have been detected in the wild, INFIGO IS is recommending to all clients that they immediately patch their DNS servers. In order to verify if the DNS servers have been properly patched, you can visit the web page at https://www.dns-oarc.net/oarc/services/porttest, where detailed information on testing DNS servers with the dig command is available.

On the pre-conference day, Kevin Mitnick, a well known security expert, will give a presentation "The art of deception", in which he will share his perspective on the threat of social engineering.

Our information security expert Bojan Ždrnja will give a presentation "Web based threats: drive-by attacks". This presentation will cover web based threats history. Attack methodologies and tools, such as MPack, IcePack, WebAttacker and Nuclear Malware Kit will be described, as well as protection mechanisms and methodologies.

The presentation will also include a live demonstration of a drive-by attack with the MPack attack package.

More information about the Infosek 2008 conference, and the conference program, can be found at the official conference web pages.