Hello, this is Osamu Sasaki. I belong to the Global Coordination Division in JPCERT/CC, responsible for overseas CSIRT trainings. Today I would like to introduce you two of our CSIRT trainings conducted recently - in September/Tokyo and October/Vientiane. I think it turned out to be a good model of CSIRT collaboration by sharing the knowledge and capability that each team have. Training in September/Tokyo In late September, two engineers from...

Read more

Hello again, this is Taki and I would like to tell you about training sessions that were conducted in Myanmar. Sparky and I went to Myanmar to visit mmCERT (Myanmar Computer Emergency Response Team) in Yangon as the Japan Overseas Development Center (JODC) experts to conduct training sessions, mainly consisting of Network Forensics. Other sessions included cryptography basics and CSIRT tools. mmCERT is the national CSIRT of Myanmar, hosted the...

Read more

Bula every one!! You will probably find it easy to assume from the context that this word means “Hello”, but can you guess what language it is? It is Fijian. Mr. Koichiro (Sparky) Komiyama and I (Kaori Umemura), as the Japan International Cooperation Agency (JICA) experts, were given the opportunity to visit Suva, the capital city of Fiji, to support the preparation to kickoff the Pacific Islands Computer Emergency Response...

Read more

In June, along with some colleagues, I attended the FIRST Conference 2011 in Vienna. FIRST Conference 2011 in Viennahttp://conference.first.org/ On the second day of the conference (June 14th), I moderated a panel session titled: SPECIAL Panel Session: The day disaster struck the northeastern part of Japan This panel session was designed to talk about what CSIRTs in Japan did in the wake of the March 11th earthquake. The panelists were...

Read more

In May, JPCERT/CC sent our technical specialists to the Secure Coding Seminar in C/C++ held in 3 cities: Bangkok, Nakhon Pathom and Surabaya. The seminar provided the explanation of common programming errors in C/C++ that could lead to software vulnerabilities, how these errors can be exploited, and effective mitigation measures for preventing such errors. Seminar in Bangkok (Thailand)Date: May 9th-10th, 2011Venue: Siam City HotelOrganizer: ThaiCERTNumber of Participants: 30 Seminar in...

Read more

After our last report of phishing apparently exploiting the tragedy of the earthquake and tsunami here in Japan, we have another example today: This is quite a well-designed site. Notably, this one uses the logo of the Red Cross. It's registered to an individual with a European-sounding name, Japanese street address and Gmail account. This one even ups the ante by posting photos and news gathered from other sites: One...

Read more

The tragedy in Japan has been immense, and everyone rightly wants to help as much as possible. However, be careful who you give your donations to. We've received word of a site called Japan Donation, which asks you to sign up for an account, and then, who knows: The domain was registered on Friday by an individual in the UK with a Hotmail address. Part of the email address listed...

Read more

We can report that everyone at JPCERT/CC is fine following the terrible earthquake and tsunami that hit near Miyagi Prefecture on 11 March 2011. The situation in Tokyo, to the south of the main island of Honshu, is comparatively stable at this point. By far, the worst of the damage is to the north of Japan, and our thoughts are with everyone affected at this time. JPCERT/CC is operating at...

Read more

Some weeks ago, JPCERT/CC and various news sites in Japan observed an interesting domain apparently targeting a Japanese government site (do not visit, potentially malicious): www. e-kokusei. go. jp. netNote the ".net" at the end. So, what is the presumed target, e-kokusei.go.jp? It's the site of the first national census conducted electronically in Japan. As well as a traditional paper form, each census information package also contained a sealed, unique...

Read more

For anyone doing incident response in the mid-2000s, you'd no doubt be familiar with the massive upswing in phishing attacks around then. Working in the AusCERT incident response team at the time, we were swamped with scams chiefly targeting Australian banks and financial institutions. Handling a large volume of phishing attacks quickly became a part of our daily routine, and they continue to be part of the landscape. In early...

Read more