« March 2011 | Main | August 2011 »

2 posts from June 2011

Jun 29, 2011

What CSIRTs in Japan Did in the Aftermath of the Earthquake - Special Panel Session -

In June, along with some colleagues, I attended the FIRST Conference 2011 in Vienna.

FIRST Conference 2011 in Vienna
http://conference.first.org/

On the second day of the conference (June 14th), I moderated a panel session titled: "SPECIAL Panel Session: The day disaster struck the northeastern part of Japan" This panel session was designed to talk about what CSIRTs in Japan did in the wake of the March 11th earthquake. The panelists were Mr. Itaru Kamiya from NTT-CERT, Mr. Yoshinobu Matsuzaki from IIJ-SECT, Mr. Teruo Fujikawa from NCSIRT and Mr. Yusuke Gunji from Rakuten-CERT. Each panelist represented tele-communication infrastructure, ISP, security consulting and an internet services firms.

The original idea for holding this discussion at the FIRST conference came from Mr. Gunji. So a gathering among the CSIRTs in the Tokyo area of Japan was held to discuss what we would be able to discuss at the conference.

Among the topics discussed were, where each panelist was when the disaster struck and what they personally did immediately following. Included in the discussion were attempts to get home using a bicycle. March 11th was most likely the day where the most bicycles were sold!

Dsc00071
Me at the podium

After that, each panelist would go on to explain what their respective organizations did in the aftermath. For example, any organizational changes that were made, systems and measures that were implemented to improve communication channels, any outreach to the communities affected by the disaster were discussed as well.

Conclusions drawn from the session were:

  • Social media such as Twitter, Facebook were key elements in confirming safety of family, friends and co-workers.
  • From a CSIRT perspective, being prepared for any attacks is critical even while business contingency plans are being followed. Attacks are being prepared at all times by hackers trying to take advantage of the situation.
  • While not everybody can draw from an experience such as this one, any previous experiences that can be drawn from are important in times such as these.
  • While preparing for such emergencies is critical, all individuals and organizations need to realize that not everything can be prepared for. Unexpected things are bound to happen.

There was a fairly large audience present to listen to our session. I sincerely hope that not only they enjoyed it, but were able to get something out of it as well.

This was not the only presentation that JPCERT/CC took a part in. Mr. Koichiro Komiyama, Manager of the Global Coordination Group and Mr. You Nakatsuru from the Analysis Center also presented during the conference. Also during the Annual General Meeting of FIRST, Dr. Suguru Yamaguchi, Board Member of JPCERT/CC was elected to be part of the Steering Committee for FIRST!

Dsc00057
Mr. Nakatsuru during his presentation

JPCERT/CC was able to contribute to this year's conference more so than in year's past. We hope to continue our work in the FIRST community.

- Takayuki (Taki) Uchiyama

Jun 03, 2011

Secure Coding Seminar in C/C++ Successfully Completed!

In May, JPCERT/CC sent our technical specialists to the Secure Coding Seminar in C/C++ held in 3 cities: Bangkok, Nakhon Pathom and Surabaya.

The seminar provided the explanation of common programming errors in C/C++ that could lead to software vulnerabilities, how these errors can be exploited, and effective mitigation measures for preventing such errors.

Seminar in Bangkok (Thailand)
Date: May 9th-10th, 2011
Venue: Siam City Hotel
Organizer: ThaiCERT
Number of Participants: 30

Image002_2

 

Seminar in Nakhon Pathom (Thailand) as part of JCSSE 2011 Tutorial
Date: May 11th, 2011
Venue: Mahidol University
Organizer: ThaiCERT / Mahidol University
Number of Participants: 15

Image004_2

 

Seminar in Surabaya (Indonesia) as part of Workshop Seminar Keamanan Informasi
Date: May 25th-26th, 2011
Venue: Institut Teknologi Sepuluh Nopember (ITS)
Organizer: Id-SIRTII
Number of Participants: 70

Image006_2

 

Special thanks to Mr. Kitisak Jirawannakool (ThaiCERT), Dr. Vasaka Visoottiviseth (Mahidol University) and Mr. IGN Mantra (Id-SIRTII) for helping make the seminars a success.

JPCERT/CC provides a variety of information security training courses for newly established CSIRT staff, potential workforce in CSIRTs and software developers across Asia and beyond. If you are interested, please contact the Global Coordination Division at JPCERT/CC.