« September 2014 | Main | November 2014 »

3 posts from October 2014

Oct 30, 2014

TSUBAME Training and Annual National Conference on Cyber Security in Sri Lanka

Hello, this is Taki and today I would like to write about my trip to Colombo, Sri Lanka from September 30th through October 2nd.

I went with Tetsuya to conduct TSUBAME trainings at Sri Lanka CERT|CC and TechCERT, and to give a presentation at Cyber Security Week 2014 - 7th Annual National Conference on Cyber Security.

TSUBAME Training for Sri Lanka CERT|CC and TechCERT

Unlike our previous TSUBAME trainings in Jakarta and Vientiane, this time the trainees were only from the respective organizations.

The number of trainees for both sessions were relatively small, which allowed us to facilitate more discussions during the sessions. However, unlike the previous trainings we only had about a day of training for each, so focused mainly on the analysis of TSUBAME data, while incorporating how to access data through the portal, etc.


Tetsuya at the training at Sri Lanka CERT|CC


Training at TechCERT

It is our hope at JPCERT/CC that the trainings helped in enhancing the trainees’ data analysis skills. Discussions on how to collect data and how to analyze large amounts of data were very fruitful and gave us a lot to think about as we move forward as well. We hope to continue dialog with our colleagues in Sri Lanka about these topics.

7th Annual National Conference on Cyber Security in Sri Lanka

Also, Tetsuya and I attended 7th Annual National Conference on Cyber Security, which was a part of Cyber Security Week 2014 on October 1st. There were a little over 200 people in attendance for the event of which about 20 or so from outside of Sri Lanka. From what I gathered, most of the people in attendance were IT professionals, IT managers, CEOs, Lawyers etc from vendors and  service providers in Sri Lanka.

The conference started with a celebration with music and a ceremonial oil lamp lighting followed by the national anthem of Sri Lanka. The traditional oil lamp lighting ceremony was something I had never seen before.


Traditional oil lamp lighting

I also presented during the conference and spoke about JPCERT/CC activities focusing on activities where we collaborate globally, including the TSUBAME project, overseas CSIRT development, vulnerability handling among others.

I had some people come up to me with some questions during the social event, held directly after the conference. Some of the questions included TSUBAME and network monitoring / data analysis and others related to vulnerabilities, but more on the disclosure side.


Taki talking at the Conference

All in all, my first trip to Colombo was very nice, but all too short. I do hope that I get to visit in the future and spend some time taking in the sites as well as the history of Sri Lanka.

Lastly I would like to thank our colleagues from Sri Lanka CERT|CC and TechCERT for their wonderful hospitality. I can definitely say that I would not have enjoyed this trip as much as I did without them taking such good care of us.

That is it for today. I hope to write again sometime soon.

- Taki Uchiyama

Oct 16, 2014

Android Secure Coding Seminars in India

Hello. This is Masaki from Vulnerability Analysis Team. JPCERT/CC has been active in doing research, developing coding standards and conducting seminars in secure coding since 2007. In the course of our activities, we've collaborated with CSIRTs in Asia-Pacific region such as ThaiCERT, PHCERT, ID-SIRTII/CC, Academic-CERT in Indonesia, VNCERT and CERT-In in providing secure coding training to software developers in each region.

Last month, Hiroshi (my teammate and senior vulnerability analyst), Osamu (of Global Coordination Division) and I traveled to India to hold secure coding training for local developers.

The events were joint efforts of CERT-In, Data Security Council of India (DSCI) and JPCERT/CC. We delivered 1-day Android Secure Coding Seminar both in Delhi and Bangalore.

This was not my first trip to India. In 2010, my colleague Yozo and I visited there for 2-day C/C++ secure coding training.

The seminar in Delhi was opened up by the warm welcome speech by DSCI Director Mr. Vinayak Godse and CERT-In Senior Director Dr. A.S. Kamble, both we've known each other since 2010. After the speech, we jumped into the series of lectures and hands-on: security landscape of Android platform, case studies of real world vulnerable android applications, hands-on exercise on vulnerability analysis, security code review and secure coding of Android application.


  Hiroshi at the lecture, Delhi

The background of 28 participants in Delhi and 18 in Bangalore were diverse a security researcher, software developers, senior managers of software development division and of course Android app developers. All from different sectors: U.S-based bank, retail company and fortune 500 IT giants, global consulting firms, Indian financial IT solution companies and banks, etc.

I have experience in teaching over 4000 developers in Japan and the AP region so far, and to be honest, the attendees we've met in Delhi and Bangalore were the most attentive and enthusiastic. They were able to squeeze all the lessons out of the seminar, even pointed out our incomplete solutions and found another vulnerability we were not aware of. We also learned a lot from the dialogue with such attendees and would like to thank them again here.


Participants analyzing vulnerable Android apps using their own device

The course material is available from the slideshare, so if you’re interested, please take a look:

 Android Secure Coding


Oh, and finally, for our Japanese readers, we recently translated “Secure Coding in C and C++ (2nd Edition) “, written by our friend Robert Seacord and his fellows at CMU/SEI. The book was published just last month. Please check it out!

Photo3_5Thanks for reading all.

- Masaki Kubo

Oct 06, 2014

JPCERT/CC attends MNSEC-2014 in Ulaanbaatar

Sain baina uu? This is “hello” in Mongolian language. It’s Yuka again from Global Coordination Division. Today, I would like to share our experience in a conference and training in Mongolia which we participated in early September.


Mongolia is one of our neighbouring countries in Asia region, and there are direct flights between Tokyo-Narita and Ulaanbaatar a couple of times a week. Their network environment has been developing rapidly, and its Internet penetration rate is estimated to be 16.40% in 2012 according to International Telecommunication Union (ITU)[i]. We were informed that bank phishing has been one of the continuous cyber threats in Mongolia. To take initiative on Cybersecurity issues in the country, a National CSIRT, MNCERT/CC has been just established lately.


On 5th and 6th September, my colleague Osamu and I were invited to Ulaanbaatar, Mongolia to attend “MNSEC-2014” (Conference Website: Mongolian language only), a local information security conference and training as a speaker/trainer.


During the information security conference on 5th, we were given a 2-hour slot to deliver a talk about the following topics.


<Organisational updates: Yuka>

-Latest cybersecurity trends in Japan

-JPCERT/CC organisation overview

-CSIRT collaboration within Japan (Nippon CSIRT Association)

-Global collaboration framework as APCERT


<Technical updates: Osamu>

- Recent incident trends in Japan

- JPCERT/CC’s recent projects: Protecting critical infrastructure, IT inoculation, Open DNS Resolver Check Site



Yuka at the talk


It was the second time for JPCERT/CC to participate this event in Mongolia, following the one last year (by Osamu and Sparky). There were more than 140 people attending the conference, mainly those who are engaged in cybersecurity in government sector and public companies including banks and energy. After our presentation, we received some positive feedback from some of the attendees. We could see that they were very much motivated to learn from what is happening in Japan and that cybersecurity has been drawing much attention in Mongolia.


The next day, Osamu, as a main instructor, conducted a hands-on training on network forensics using Wireshark. About 40 participants gathered from both private/public sectors. The trainees were well-skilled, and we could see some active discussions.



Osamu at the training


JPCERT/CC is happy to be given such opportunities outside of Japan to share our activities and technical knowledge with CSIRT colleagues and other cybersecurity experts.


One of the things I loved during the trip is their traditional dumplings called “buuz”, which is filled with mutton or beef. We also had an opportunity to try some “horse milk” at one of local farmer’s place. Unlike cow milk that we drink every day, this was incredibly sour, but it seems to be a very special drink for many Mongolian people. Indeed that was a very Mongolian local experience.


Bayarlalaa! (Thank you in Mongolian)


- Yukako Uchida

[i] Source: “Percentage of Individuals using the Internet 2000 – 2012” http://www.itu.int/en/ITU-D/Statistics/Documents/statistics/2013/Individuals_Internet_2000-2012.xls