By Ali Akhterzada
July 27, 2007
KARACHI: PakCon III, the third conference on IT-based security, with the
slogan, Where security matters was held Thursday at a local hotel and
its organizers said that attendance has gone from 70 attendees in the
first year to a turnout of around 170.
Faiz Ahmad Shuja, president of PakCon and CEO of Rewterz, said that more
and more information is going online in the country and its important to
make people aware of the risks that come with the likes of online
banking and computerized IDs among others. Its especially important for
the companies themselves to protect its own information and the
information entrusted to it by its customers.
There were 10 presentations on the first day, including a round-table
discussion panel on various information security topics. And training
sessions on hacking are supposed to take place today and tomorrow. This
is the first time this convention has introduced training workshops, and
the response has been very good, said Shuja.
During the days events, Faiz Ahmad Shuja talked about enterprise
security monitoring. His presentation addressed the problem of excessive
noise within the logs that are kept on your systems and how you
generally cannot count on the logs that are maintained by various
applications, servers and firewalls.
Ahmad Elkhatib, a security consultant from Pointsec in the UAE, gave a
presentation on data leaks. Increasing worker mobility and the abundance
of unstructured data has introduced new risks to your information.
Another speaker from the UAE, Dr Fadi Aloul, a computer security
professor from the American University of Sharjah, gave a presentation
on how you can secure your wireless networks. Its not like Pakistan has
an abundance of wireless networks in the first place, but tackling this
issue preemptively is a wise decision. Because when Pakistan does go
wireless, it will at least have some idea on what can be done to stay
Aloul presented the results of some research work that was carried out
in the UAE by his students. According to the research, about 50 percent
of the wireless networks in the UAE are wide open for attacks - and not
only the WiFi systems in residential areas but in corporations as well.
He addressed simple methods that you can follow to make your wireless
Alouls presentation was followed by Jawad Sarwanas on prosecuting
hackers. Sarwana is an advocate of the High Court of Sindh and has
advised several international clients in the banking and IT sector on
electronic commerce and cyber crime laws in Pakistan. His presentation
was on hackers and how the law deals with them. His main focus was the
Electronic Transaction Ordinance of 2002 that says that any entry into a
system, for any reason what so ever, is punishable by jail time and a
fine. This poses a problem even for the hackers that want to help.
He gave an example of someone that called him up and told him about
vulnerabilities in a certain banks network that they broke through. They
told him that they wanted to go to the bank and tell them where their
issues were. But he had to advise against it because they couldve been
put in jail for doing so. He said that the only court case that has come
up using that ordinance was one of his.
Tan Tiek Guan, from Data Security Systems based in Singapore, talked
about two-factor authentication with greater emphasis on financial
institutions. Pakistan-based researchers, Muhammad Omer Khan and
Muhammad Ahmed Siddiqui, spoke about web application worms and 32-bit
Windows exploitation respectively. And then members from Pakistans
Honeynet project, Syed Jahanzaib Sarfraz and Ayaz Ahmad Khan, talked
about botnets and how attackers go undetected.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com