I recently did a radio interview with Richard Davies at ABC Radio. Richard commented that I was in a much better mood this holiday season.  I do feel lighter this season–after a couple of years of being worried about the safety of toys being marketed and sold to children.  The government is continuing to phase in the stricter testing requirements.  We are also really pleased that companies across the board are complying with our safety standards (we have taken the end point of the federal regulations and made them a prerequisite for companies submitting toys to us). So yes, I am a whole bunch happier this year.  Are there still safety issues?  Yes.  We still take issue with small pieces that “just” pass the choke tube test…or pull toys that no longer have a safety break-away  feature…or wooden toys with splinters…or smelly and excessively noisy toys…you get the idea.

But it is important that we have safety groups that are still spot checking. The CEH (Center for Environmental Health) have recently released some testing that found unsafe levels of lead in children’s products.  The non-profit is offering free toy testing in its Oakland office during the holiday season. For more info, visit www.ceh.org/dropintoytesting.

While we do not independently test each toy we review, we do require companies to submit and sign a safety verification form.  We looking forward to the day when we  no longer need such a form.

หลังจากที่ได้ทำการอบรมมาเป็นเวลาหนึ่ง ความประทับใจของคราวนี้คือ ได้ผู้บรรยายที่ดี อย่างพี่เคน พี่เคนเป็นบุคคลที่สามารถดึงดูดความสนใจในการเรียนได้เป็นอันมาก มีอะไรให้หวือหวา น่าเรียนรู้ได้ตลอดเวลา ได้เพื่อนๆใหม่มาจำนวนหนึ่ง มีการปฏิสัมพันธ์กันในการที่จะพยายามสอบเซอร์ใบนี้ให้ผ่าน โดยการนัดกันไปติว ซึ่งตามความคิดแล้วได้อะไรมากกว่าอ่านเองเยอะเลย หลังจากที่นั่งตรากตรำอ่านหนังสือกันเป็นเวลานานเพื่อให้สอบผ่าน 70% ในการแบ่งการสอบเป็นสองรอบ รอบแรกมีผู้สอบผ่านแค่คนเดียว (แอบกรี๊ด) มาถึงวันเฉือดรอบสอง มีผู้ร่วมชะตากรรม 12 คน หลังจากทำข้อสอบจนเสร็จ ตรวจเลยละกัน คะแนนออกมา แทบกรี๊ด ได้แค่ 65% ไม่น๊าาาา ไม่ถึง เห่อแอบเสียใจ แต่ไม่เป็นไรนะถือว่าทำเต็มที่แล้ว ผู้ที่ผ่านรอบนี้ไปได้มี 6 คนจาก 20 คน อื้ม ก็ 30% ห้าห้า อย่างน้อยเราก็เป็นเสียงส่วนมาก (น่าดีใจไหมเนี้ย)

ปล.แต่อย่างไรก็ดีใจที่ได้มีประสบการณ์ดีๆๆ แบบนี้

ClubHack 2009

ClubHack is back! India’s own International Hacker’s Convention is back with its 3rd version with the aim to enable the dissemination, discussion and sharing of deep knowledge in the field of information security and cyber crime investigation.

What: ClubHack 2009, a meeting place for hackers, security professionals, law enforcement agencies, students and all other security enthusiats.
When: Saturday 5th and Sunday 6th December, 2009
Where: ICC or Estique
Registration: Opens in October, 2009. http://clubhack.com/2009/Registration

Rohit Srivastwa

Founder: Rohit Srivastwa
Rohit Srivastwa is a well known security evangelist. He has an expertise in cyber crime investigation and IT infrastructure management. Rohit is actively involved advising several military agencies, law enforcement personnel, media, corporate and Government bodies in these fields. Along with assisting these organizations solving there cases, Rohit is also involved in teaching the related subjects to them. Rohit has trained the police departments of Pune, Mauritius and Malaysia. Rohit Srivastwa is also the founder of ClubHack, a member driven community to spread the security awareness. As his last assignment Rohit was Director Technology at Commonwealth Games Pune (2008) where he delivered the complete technology of games and managed everything which comes under the umbrella of technology.
Currently he is Director Technology and Network Operations for Commonwealth Games to be held in Delhi in year 2010.

ClubHack, India’s Own Hacker’s Convention enters its 3rd version on the 5th and 6th of December, 2009. Previously, it was held successfully in December 2007 and 2008.

ClubHack 2009: Call for Papers
SUBMISSION: ClubHack2009 is expecting a good deep knowledge technical presentations/demonstrations on topics from the world of Information Security. These presentations are expected to be of 40 minutes each. The schedule time for each presenter would be 50 minutes out of which 40 minutes are for the presentation & 10 for the question-answer sessions. We’d request you to submit the papers keeping the time constraint in mind.

TOPICS: The following list is made keeping in mind the most interesting topics in hacking & security. This is more of an indicative list, the papers submission can be on other topics also but have to be close to this & the theme of the event.

• Protocol / Application based vulnerability in networks and computers
• Firewall Evasion techniques
• Intrusion detection/prevention
• SPAM fighting
• Data Recovery and Incident Response
• Mobile Security (cellular technologies)
• Virus and Worms
• WLAN and Bluetooth Security
• Analysis of malicious code
• Cryptography and Cryptanalysis
• Computer forensics
• File system security
• Secure coding & code analysis
• Hardware modification
• Patch writing for vulnerabilities
• Open source hacking toolkit
• Cyber Crime & law

Dates:
Opening: 15th August 2009
Closing: 15th October 2009

For more information, check out http://www.clubhack.com/2009

Me in ClubHack Workshop

ClubHack session in progress

Somewhere in CIP’s busy IT department lurk four hackers, dedicated men who know how to infiltrate the Center’s IT security protocols and bring the department to its knees. But these are no ordinary hackers; they are hackers with ethics.

“Hackers with ethics?” you might be thinking right about now. “Isn’t that an oxymoron?”

Not if you’re a Certified Ethical Hacker (CEH). Just ask CIP IT experts Dante Palacios, Peter Valdivieso, Roberto Del Villar Prado and Rolando Navarro Jara. These four men were recently certified by the EC-Council (The International Council of E-Commerce Consultants) and are now armed with the same tools that a malicious hacker would use. But with one huge difference: they use those tools to protect their Center’s information assets. After all, to catch a hacker, you need to think like a hacker.

From left: Rolando Navarro Jara, Roberto Del Villar Prado, Anthony Collins, Peter Valdivieso, Dante Palacios

Although the Americas chapter of the Enterprise Security and Business Continuity (ESBC) project of the ICT-KM Program supported these specialists in their certification bid, it was their determination and hard work that led to the quartet’s success.

Like his three colleagues, Dante Palacios, a Systems & Server Administrator with eight years’ experience at CIP, decided to take advantage of the CEH introductory course offered by the Project. He took about six months to cover the necessary course work, juggling his studies with his duties at the Center. It was only in the run up to the exam that he took time off to study.

“Personally, the certification brings me great satisfaction and, of course, it improves my professional career,” says Dante of his achievement. “It will also help CIP to increase its level of professionalism and enable the Center to address CGIAR ICT security issues.”

Peter Valdivieso, CIP’s Helpdesk Administrator, feels that the certification gives an added dimension to his five years’ experience at the Center and allows him to work with his three colleagues to “monitor CIP’s networks and systems more intensively.”

Peter also mentions CIP’s IT Manager, Anthony Collins, who spearheaded the recently completed ESA Project, for his invaluable support during his studies.

CIP’s Systems & Server Manager, Roberto Del Villar Prado, became interested in the certification while participating in the ESA Project last year.

“I can now evaluate and establish security controls in CIP’s ICT infrastructure,” he says of the result. “I also devote more time to review, analyze and evaluate security risks. We are working on strengthening controls in perimeter security, antivirus alerts, and USB security threats with USB flash drives.”

Rolando Navarro Jara, Network & Systems Administrator, has been with CIP for three years and works with his colleagues on IT security assessments.

“My role involves maintaining information confidentiality, reducing risks, and preventing attacks,” he says. “Because CIP is a member of the CGIAR, I think there is a good opportunity for us to share the knowledge with other Centers.”

Rolando feels that he has benefited tremendously from the topics covered during the studies, such as: gathering information, vulnerability analysis, viruses/worms, Web and Linux analysis.

The Americas chapter

The Americas chapter of the larger ESBC was designed to assist the CGIAR in achieving its end goal of protecting valuable information assets developed, maintained and owned by all the Centers, and managing information security risks across CGIAR by implementing secure information architecture. One of the broad objectives of the Project was to promote the training of ICT systems security administrators with international qualifications such as the CEH.

The Program would like to extend its heartfelt congratulations to Dante, Peter, Roberto and Rolando on their success.

Certified Ethical Hacker (C|EH) is a certification for those individuals who have skills to penetrate network or computer systems. Using these same skills these individuals can identify and fix computer security weaknesses. C|EH is a professional certification provided by International Council of E-Commerce Consultants (EC-Council).

Ethical Hackers are computer or network experts who strike a security system on behalf of its owners, in the quest of vulnerabilities that a malicious hacker could utilize. To test a security system, ethical hackers use the same methods and tools as malicious hackers use, but report problems instead of taking advantage of them.

Ethical Hackers are also known as penetration testers and red teaming. The main objective of ethical hacker is to help the organization and take preventive measures against malicious attacks by attacking the system himself; while continuing their work within legal limits.

EC-Council Certifications are designed to provide the base required by every Electronic Commerce and Security Professional. EC-Council program provides broad range of skills and knowledge, required to build and administer an organization’s networking and security operations.

Currently, C|EH is in 6^th version from August 2008. C|EH certification is obtained after attended training at ATC (Accredited Training Center). Applicant can also prepare for Ethical hacking and Countermeasures Course through self-study, but he has to file an application and submits proof of relevant work experience in information security (min 2 years). After the training, applicant has to give one exam i.e. exam code 312-50. EC-Council Certification exams are available at authorized Prometric and Pearson Vue Test Centers and the exam costs USD$250.