H D Moore, a well known security expert, published a brute forced list of all 1024, 2048 and 4096-bit SSH keys that were generated on vulnerable Debian or Ubuntu systems.

Infigo IS is issuing a warning to all clients about criticality of this security vulnerability. Besides installation of the patch, all keys and certificates that have been generated on vulnerable systems must be regenerated. More information is available at the SANS Internet Storm Center.

The 8th business and technology conference Windays, organized by Microsoft, will take place in Opatija from the 22nd to 25th of April.

Our information security experts will give two presentations. Saša Jušić and Leon Juranić will give a presentation titled "Internet banking web application security". They will talk about challenges and vulnerabilities of web applications that are used in Internet banking. An overview of advanced attack and defense methods will also be given.

Bojan Ždrnja will give a presentation about Internet browser vulnerabilities and attacks, titled "Web malicious code – drive-by attacks". The presentation will include a live demonstration of the MPack attack tool, which is the most commonly used attack tool today.

More information about the Windays 2008 conference, and the conference program, can be found at the official conference web pages.

This week INFIGO IS became a member of the ITIC group. Members of the ITIC group (International network of Telecommunications and IT Consultants) are independent consulting companies. The main goal of the ITIC group is to offer top services to their clients, which are unbiased and free from hardware and software vendors.

The ITIC group is present in 19 European countries, with offices in Saudi Arabia, Jordan and the United Arab Emirates. More than 700 consultants, capable of solving the most complex problems, are available to the clients of the ITIC group.

The 7th e-biz conference took place in Opatija from 31st March to 2nd April 2008. Conference covered three topics in 3 days:

• regulations, recommendations, trends, processes, expenses,
• standards, tools, security,
• solutions.

Infigo IS appeared as a sponsor of the second conference day, dedicated to standards and security.
Hrvoje Šegudović and Saša Ilić also gave "ISO 27001 Security Management / Risk Management" seminar. The seminar covered ISO 27001 information security management system (ISMS) implementation process, as well as the risk assessment and risk management processes. In practical session attendees carried out risk assessment and risk management process on the given business process. Moreover, Hrvoje Šegudović held a lecture which covered the topic "Prerequisites for secure E-business".

In cooperation with Qubis, Infigo IS is organizing a seminar titled "Web hell". The seminar will be held on the 26th of March 2008 in Hotel Antunović in Zagreb. The main topic of the seminar will be web threats, which became the main malware spreading vector in last couple of years.

Infigo IS's expert Bojan Ždrnja will give a presentation titled "The hell of web" where he will discuss various web threats and sophisticated attacks as well as their connection to organized Internet criminals.

Saša Jušić and Leon Juranić will give a presentation titled "Welcome to Wild Wild West". They will discuss malicious web sites and will demonstrate web application security assessment methodologies.

More information about the seminar (in Croatian) can be found at http://qubis.hr/web1/content/view/199/27. Registrations are open at http://www.sophos.hr/smnr02/prijavnica.htm. The number of attendees is limited.