ROOTCON Blog

Hackers For Charity didn't just appear out of the blue. It's been a many-year process that began with Johnny and Jen Long's various trips to Africa in 2006 through 2008. Over time, their passion for the plight of the vulnerable in East Africa demanded that they either back away from the work or embrace it fully. The decision was obvious: they would take the next step in the path laid before them. That's why, starting on June 15, 2009, Johnny, his wife and four children are relocating to Jinja, Uganda for one year to partner with AOET. Their goals are to:

Clarify the vision of HFC and discover how to best leverage the talents and gifts of the hacker community for lasting, life-saving change Learn the culture and listen to the needs of vulnerable East Africans to learn how to best serve them long-term Build HFC-funded computer classrooms in Uganda and Western Kenya to help give job skills to vulnerable children and adults. Scout and screen new locations for corporately-funded classrooms Maintain and repair existing classrooms and computer systems Train computer repair and maintenance technicians in-country Host four quarterly HFC "field-trips" to connect hackers and technologists to the life-changing work on the ground in East Africa

ROOTCON like any other hacker conference will be contributing to Hackers For Charity. There will be a Hackers For Charity booth during the CON, that has loads of goodies. All proceeds will go to Hackers For Charity "donate and get linked" (via HackersForCharity.org).

Our friend SuperPaul from CebuDirectories will be helping us to find a charity that will benefit for this activity. All our proceeds will be divided to our chosen charity as well as Johnny Long's Journey to Africa.
  
The ROOTCON way to contribute


1. Bring those old hardware, books and tech gadgets.(will be sent to our local charity here in the country.)
2. Buy the Node Zero Linux PenTest CD(specially crafted for ROOTCON 5). (proceeds will go to local charity)
3. Limited Hackers For Charity t-shirt.
4. Contact us if you want to host a Hackers For Charity swags.
5. Support the Long Journey to Africa (via HackersForCharity.org)

We encourage everyone to sincerely participate this activity.

Hackers are not bad guys, they have heart inside those black, white and gray hats.

To know more about this activity visit ROOTCON Hackers For Charity Activity

By Jim Finkle

BOSTON (Reuters) - Children as young as eight years old are invited to Las Vegas this summer to learn that it's cool to be a hacker -- provided they don't cheat, steal or commit other crimes.

The first-ever Defcon Kids conference in August is a chance for children between eight and 16 to learn the skills of computer hackers, as well as protect themselves against cyber attacks.

It will also be an opportunity for U.S. federal agents to size up tech-savvy youngsters who could form the next generation of digital crime-fighters.

Police, intelligence agents, military officers and the consultants working for them have long attended as well as recruited from Defcon, the world's biggest gathering of hackers held in Las Vegas every summer.

This year, against a backdrop of high-profile cyber attacks on targets ranging from Google Inc to the International Monetary Fund, Defcon organizers are holding Defcon Kids on Aug. 6 and 7 alongside the main conference. Kids need to register in advance at www.defconkids.org to be able to participate in some conference activities.

One goal of Defcon Kids is to convince children from age 8 to 16 that it is cool to be a "white hat," or benevolent hacker who uses computer skills to fight crime.

"Black hats," in contrast, work on the dark side of the Internet, using their skills to steal money, identities and other perform nefarious deeds.

"Hacking isn't just fun and games. It isn't about breaking into systems," said a 16-year-old who goes by the hacker handle "FS." He will teach Defcon Kids how to protect against Internet spies who sniff wireless networks for private data. (www.defconkids.org).

"It's about securing yourself and the people around you," said FS, who gets paid by companies to conduct penetration testing, which is breaking into computer networks to uncover vulnerabilities.

Like many hackers, FS uses a handle rather than his real name to protect himself from being targeted by black hats.

Such names have special meaning for hackers, who often keep their significance secret. FS stands for forty seven, which is code for the initials of his real name, which FS declined to disclose.

HACKING TOOLS

Law enforcement around the world is scrambling to combat cyber crime, and each week seems to brings a new attack -- from activists promoting a cause, to more serious security breaches and data thefts at Sony Corp or Citigroup.

Some of the world's most elite hackers have volunteered to teach at Defcon Kids, running sessions on basic computer programming, lock picking and puzzle solving. A course in hardware hacking, for example, will show children how to modify a circuit board so it plays the game "Simon."

"CyFi," a 10-year-old Girl Scout whose identity has been stolen twice, is helping to organize the conference. Her personal agenda is to network with other young hackers, advance her lock-picking skills and meet real federal agents while she's there.

"Most of the time when people think of hacking, they think 'Oh that's a bad thing,'" she said. "I want to get more people to become good hackers and to have fun doing it."

While she has few friends who share her passion for hacking, CyFi is a fan of a website called CryptoKids (www.nsa.gov/kids) managed by the National Security Agency.

The highly secretive NSA, which runs spying operations for the U.S. government, tries to make hacking cool on the website by offering for download coloring books for the young, video games, and tips on breaking codes for older hackers.

Cartoon characters on the website include the code-breaking team of Crypto Cat and Decipher Dog, as well as Cyndi, a fictional hardware hacker who loves to figure out how gadgets work.

Defcon Kids will learn how white hats use Google's search engine to find confidential information that is exposed over the public Internet. But they won't cross the line into illegal activity by forcing their way into private sites.

"It will give the kids an avenue to practice certain skills without the fear of getting into trouble," said Chris Hadnagy, one of the Defcon Kids instructors.

That doesn't mean they won't have fun.

"We want to expose kids at an earlier age to the wonders of taking things apart and making them do things that they weren't intended to do," said Jeff Moss, Defcon's founder.

(Reporting by Jim Finkle; Editing by Tiffany Wu, Steve Orlofsky and Bernard Orr)

Source: Yahoo News

Finally. We were able to publish our first advertisement on “The Freeman” Newspaper, dated June 19, 2011.

Thanks to our sponsors and partners:

- Mozcom Inc.
- Infosec Philippines
- Trend Micro
- InfoWeapons
- Parklane International Hotel
- Global Interactive Solutions, Inc.
- Third Team Media
- NodeZero
- DitoNa.com

In every newspaper ad on "The Freeman" (Cebu newspaper) we will TRY to come up with different design concepts for "ROOTCON: 5th Philippine Hacker Conference and Information Security Gathering" which will be held on September 9 and 10, 2011, Parklane International Hotel, Cebu City, Philippines.

Newspaper Ad #1 (June 19, 2011 - page 5)
"Let's Talk About Security"

Newspaper Ad #2 (June 2011)
Hackers love technology, but crackers love to break it. Which one is he?"

Newspaper Ad #3 (July 2011)
"Hackers Coming to a Website Near You"

Newspaper Ad #4 (July 2011)
"If only I have the source code, I could change the world!"

Newspaper Ad #5 (August 2011)
"P495,740,890.00 money transferred and counting..."

Newspaper Ad #6 (August 2011)
"Pinoy Hackers: They Do Exist!"

Newspaper Ad #7 (September 2011)
"Warning: You've been hacked!"

If you have whacky yet funny tag lines, post it here or email us at info@rootcon.org. What we posted above from newspaper ad #3 - 7 are not yet final. So you still have a chance to contribute or suggest a funny yet a bit serious tag line. :)

You want to volunteer for ROOTCON? Email us at info@rootcon.org. We love to hear you!

Don''t forget, early bird discount is until June 30, 2011.

About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking, social media campaigns and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.

Amid a looming review of the security of Philippine government websites, another government website fell victim to a hacker who defaced its news section.
























Visitors to the Bureau of Customs website's news section as of 7 a.m. were greeted with several lines of text in an unfamiliar font.























The lines of text were superimposed on the news section of the Customs Bureau website. The links on the news section also appeared to be disabled.

On the other hand, the hacker left behind a web address that led to an "anonymous text hosting service."

In the hacker's page, the hacker claimed to be "inactive" starting June 15 onwards.

However, the supposed hacker's page also contained what appeared to be usernames and passwords taken from websites of several Philippine government agencies and private firms.

"I will not decrypt the hash for you, unless you make contract with me," the hacker said.

Among the government sites listed in the hacker's page were:

- www.bsp.gov.ph (Bangko Sentral ng Pilipinas)
- www.bas.gov.ph (Bureau of Agricultural Statistics)
- www.customs.gov.ph (Bureau of Customs)
- www.pbs.gov.ph (Philippine Broadcasting Service)

Review of govt websites' security looms

On Tuesday, Malacañang said the security of government website may be reviewed soon, a day after a "Filipino" hacker group hinted at more attacks on Philippine government websites.

Presidential spokesman Edwin Lacierda indicated National Security Adviser Cesar Garcia is studying creating a task force to do the review.

Among the most recent attacks on government websites was the defacing last May 31 of the Department of Interior and Local Government's site.

Last Monday, a more "serious" group managed to hijack the site of the Philippine Nuclear Research Institute (PNRI).

The group, calling itself "Philker," redirecting visitors to the PNRI site to a separate website that bore a "warning" from the "Philker" group.

"We are not trying to damage you. We only want to help protect our country's cyberspace by doing what seems to be the most efficient way to get everyone's attention. May this deface serve as a reminder that you always have to look out for intruders. No matter how intelligent and competent your computer personnel are, there will be unethical hackers that are constantly working on breaking in your security," the hackers said in their message in the redirected site.

Philker said that while it and online "thieves and terrorists" are "cut from the same cloth," its difference is that "we have good intentions."

It added it aims to elevate the Philippines' cyber culture and to "point out and correct the vulnerabilities of Philippine websites," to "protect them from unethical hackers, fraud, false propaganda and other people with malicious intent."

It also hinted at future break-ins of other sites, leaving behind a note similar to the international hacktivist group Anonymous. — LBG, GMA News

Source: GMA News

Related News:
PHL gov't to assess website security in response to hacking
PHL hackers deface PNRI website, hint at more attacks


Talk Back
Please comment on this news article at our ROOTCON Forum. We all learn from each other when your views and opinions are shared.

A day after a "Filipino" hacker group hinted at more attacks on Philippine government websites, a review of the security of government websites may get underway soon.

Presidential spokesman Edwin Lacierda indicated that National Security Adviser Cesar Garcia is studying creating a task force to do the review.

"The National Security Adviser is studying the creation of a task force to undertake a security review of government websites," he said in a statement posted on the government portal.

Among the most recent attacks on government websites was the defacing last May 31 of the Department of Interior and Local Government's site (www.dilg.gov.ph).

In that incident, a hacker managed to gain access to the website and display the logo of a porn site as one of the agency's "news items."

The "What's New in DILG" section of the DILG's home page contained a link boasting that the website had been "Hacked."

Clicking on the link would take the visitor to a page supposedly containing a news item. But instead of a news item, the visitor would see a logo of porn site YouJizz.

The DILG website was promptly taken offline for days before it returned to normal.

The hacker identified himself or herself as "BatangMahiligMagbatibot" in the compromised page.

But on Monday, a more "serious" group managed to hijack the site of the Philippine Nuclear Research Institute.

The group, calling itself "Philker," redirecting visitors to the PNRI site to a separate website that bore a "warning" from the "Philker" group.

"We are not trying to damage you. We only want to help protect our country's cyberspace by doing what seems to be the most efficient way to get everyone's attention. May this deface serve as a reminder that you always have to look out for intruders. No matter how intelligent and competent your computer personnel are, there will be unethical hackers that are constantly working on breaking in your security," the hackers said in their message in the redirected site.

It added that it was "fortunate" that Philker was the one that broke into the site and not other groups.

The site was inaccessible Monday afternoon and was briefly back up later in the day.

But as of Tuesday noon, visitors to the site were greeted with a "Test page."

Philker said that while it and online "thieves and terrorists" are "cut from the same cloth," its difference is that "we have good intentions."

It added it aims to elevate the Philippines' cyber culture and to "point out and correct the vulnerabilities of Philippine websites," to "protect them from unethical hackers, fraud, false propaganda and other people with malicious intent."

It also hinted at future break-ins of other sites, leaving behind a note similar to the international hacktivist group Anonymous.

"Expect more from us. We are Philker," it said - a nod to Anonymous' "Expect us" warning. - TJD, GMA News

Source: GMA News

Related News:
PHL hackers deface PNRI website, hint at more attacks


Talk Back
Please comment on this news article at our ROOTCON Forum. We all learn from each other when your views and opinions are shared.

Hackers claiming to be from the Philippines attacked the website of the Philippine Nuclear Research Institute on Monday, redirecting visitors to a separate website.

Visitors who logged to the PNRI website at 11 a.m. were redirected to a site that bore a "warning" from the "Philker" group.

"We are not trying to damage you. We only want to help protect our country's cyberspace by doing what seems to be the most efficient way to get everyone's attention. May this deface serve as a reminder that you always have to look out for intruders. No matter how intelligent and competent your computer personnel are, there will be unethical hackers that are constantly working on breaking in your security," the hackers said in their message in the redirected site.

It added it was "fortunate" that Philker was the one that broke into the site and not other groups.

The site was inaccessible as of 1 p.m., with some visitors getting an error message that the "server could not direct your request," although it no longer redirected visitors to Philker's site. It was back online at around 1:30 p.m.

In its message, the group said that while it and online "thieves and terrorists" are "cut from the same cloth," its difference is that "we have good intentions."

Philker said it aims to elevate the Philippines' cyber culture and to "point out and correct the vulnerabilities of Philippine websites," to "protect them from unethical hackers, fraud, false propaganda and other people with malicious intent."

It also hinted at future break-ins of other sites, leaving behind a note similar to the international hacktivist group Anonymous.

"Expect more from us. We are Philker," it said - a nod to Anonymous' "Expect us" warning. — KBK, GMA News

Source: GMA News

Related News:
Catholic Bishop’s Conference of the Philippines (CBCP) website defaced anew


Talk Back
Please comment on this news article at our ROOTCON Forum. We all learn from each other when your views and opinions are shared.

I’ve been receiving a lot of inquiries on what to expect during this 2 days security convention on September 9 – 10, 2011, Parklane International Hotel, Cebu City, Philippines.

So here it goes:

1) Carefully selected and approved topics from our experts who submitted their entries for our “Call for Papers”.

2) Things you want to know about the latest security concepts and tools for hacking (tools of the trade). This is to help you better equipped and up to date. After all, you hack to learn how to defend your own network. You will witness hacking at its finest by a group of security enthusiasts or IT security professionals.

3) These talks will cover demonstrations, examples and overviews of attacks, technologies used or trends. These are technical issues all security practitioners (and business owners / managers) should be aware of.

4) This event will help management decide what to do about all the technical issues surrounding security.

5) Other topics will bring to light the security and mis-configuration problems confronting organizations, network administrations, system admin and web developers to name a few who are mostly pre-occupied where security gets put off due to constant network growth and workloads.

6) ROOTCON is not a marketing event or another "That's Entertainment" security gathering. This is unique from other conferences you attended in the past.

7) Fun and interesting event that you will always remember.

8) A chance to socialize and connect with other professionals. Foster camaraderie among the attendees.

9) Affordable – high quality without the high price. Keep in mind that space is limited.

10) Offers an interesting atmosphere for demonstrating technology exploitation, software / hardware solutions and with open discussions of critical information security issues.

...and more to expect during the CON!

Join us and register now! Early bird discount is until June 30, 2011.

ROOTCON security convention only happens once a year.


About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking, social media campaigns and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.

Reuters reported that Citibank’s systems were hacked resulting a data breached on the bank’s network and accessed about 200,000 credit-card holders in North America.

This U.S. bank is under severe public criticism for waiting a month before informing the public about this incident.

The bank said its attackers viewed the names of customers, account numbers, contact information including email addresses. The way I see it, this is the first step a hacker would do - “data gathering”.

Considering that the attackers have your basic information and other sensitive data you should never accept incoming communications pretending they are from the financial institution to do business with you, whether by email or phone call. Call them back using only the phone numbers published on your cards or billing statements. When you log to perform online transactions, always enter their website address not any links emailed to you. Be wary if you receive unknown text message with the option to reply “STOP” to stop receiving messages as this will confirm that your mobile number is active. Always check and monitor your billing statements for any suspicious transactions. If you’re a victim of fraud, call their hotline number and ask for assistance.

The banking industry or any financial institutions should overhaul and improve their security measures, strengthen their authentication, update their customers and conduct periodic risk assessments.

Talk Back
Please comment on this blog at our ROOTCON Forum. We all learn from each other when your views and opinions are shared.

Related Blogs:
Outsourced Security on the Rise?
Pinoy Hacker’s Confession 2004

About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking, social media campaigns and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.

ROOTCON Company Tour

Target Company:
- Providers of Managed Security Services

With the recent wave of cyber attacks, providers of managed security services are beefing up firewall, intrusion-detection, and risk-assessment offerings.

With limited IT resources, companies prompted to outsource security tasks such as firewalls and heightened the need for around-the-clock monitoring and analysis.

As the bad guys get more sophisticated, so do tools such as intrusion detection devices and other resources required to combat attacks will increase.

Just because an IT administrator can configure a firewall, it doesn’t mean he can do diagnosis of IDS (Intrusion Detection Systems) data.

This company tour will also interview your company’s representative if you have a range of services to offer to the public such as customized intrusion detection, incident responses, server hardening, system configuration, firewall reviews, vulnerability scanning to name a few.

If you know of any companies who offer these kinds of services, do contact us at info[at]rootcon[dot]org and we’ll be glad to feature them here.

Humbly speaking, the Banking sector / industry should also take this into consideration. Imagine if somebody is transferring your money electronically to undisclosed bank account? (Movie sequence starts….)

Standing by….

Related Blog:
Pinoy Hacker’s Confession 2004

About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking, social media campaigns and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.

Since the start of our campaign for ROOTCON 5, we’ve met several people whom I believe supports ROOTCON as the Philippine’s Leading Information Security Conference that is not a marketing event but a unique technical gathering for professionals. Meet ups here in Cebu and another meet ups in Manila – yeah!

So who is Ms. T?

Ms. T is originally from Cebu and obtained her BSECE from USC-TC. She moved to the US shortly thereafter, obtained her MBA there and has worked abroad for many years mainly in the US and Japan.

Currently she’s based in San Francisco, CA and she’s here in the Philippines for a short vacation and at the same time share what she know and give back – “Pay It Forward”.

She spearheaded and co-founded “Tech Talks”. She’s glad to see our talented folks and she hopes that we can all work together to foster start-ups and do what’s necessary to become globally competitive in our industry.

She’s an independent consultant doing business development and international recruitment for clients in the tech industry – in the areas of business continuity, disaster recovery, data storage, information security and related fields.

Ms. T is one of our sponsors and she’ll be in Manila on June 13 onwards to attend another event and meet up with other InfoSec professionals .

Thank you!

Related Blog:
Networking is essential to your career advancement and professional success

About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking, social media campaigns and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.