The magazine specialized in security "Red Seguridad" has published in its November issue number 7 an article written together with Pete Herzog, Managing Director of the ISECOM.

This article is born as result of the worries that raises the appearance of new companies that offer security services, or more concretly audits, and they say to use the methodology OSSTMM. In this article some of the aspects treat in the "Rules of Engagement" of this methodology, which precisely try to be an ethical code for everything that tries to use the technical part of this manual. Pete Herzog and Internet Security Auditors, plead for the global use of this methodology, and the adoption, together with the methodology properly, of the ethical code raised also in it, been indivisible the one of other one. Probably, these "rules" are the first step for a deontological code for the companies that offer security to their clients.

You can download the article in PDF in our zone of Articles or from the ISECOM web page.

After the publication in August of the version 2.1 of recognized manual OSSTMM (Open Source Security Testing Methodology Manual), it has published the translation in spanish. As participants in the development and promotion of this methodology, a member of the technical team of Internet Security Auditors also has taken part in the translation of the manual, with the aim that the major quantity of people can accede to this and possible linguistic barriers can be eliminated in the access to this complete document.

Download the spanish version of the OSSTMM from the web of the ISECOM.

Tertulia Digital and CIDEM invited us to take part in the first seminar organized by both after the seminars of Tertulia21 and the COPCA (in one of which we took part last year). In this seminar, offered in the headquarters of the CIDEM in the Paseo de Gracia of Barcelona, to which we had the pleasure being invited, due our expertise in security and its implantation in SMEs Orientated as a course, more than as a commercial presentation, we tried to devote a few directives of the most important aspects that must be had in bill in a company that tries to minimize the risks produced by the insecurity in its Systems of Information. Also they took part Francisco de Quinto, of Piqué Abogados, treating aspects of the LOPD and the LSSICE, and Roman Martin, of Interbel Software, presenting a mail/antispam/antivirus server solution.

Download the presentation from of our downloads zone of presentations.

Between the 24th and 26th of October there was celebrated the Hackmeeting of this year. After intense deliberations in the list of discussion of the Hackmeeting in Sindominio, the chosen place this year was the Gaztetxe of Pamplona/Iruña. Since could not be of another form we could not be absent to this appointment, trying to learn new things and trying to contribute our grain of sand to the free diffusion of knowledges for all those that take the computer as as one of their worries.

In this case we gave a presentation on the security problematics that is given in these moments with the domains registered in Internet, who are the implied ones in to guarantee the security of these and the responsibilities of all these implied ones.

Download the presentation from our download zone of presentations.

During past On October 16 and 17 there were celebrated in Orense the International Conferences APTE2003 which Internet Security Auditors attended as guest. In this meeting organized to three bands, for the "Ministerio de Ciencia y Tecnología" of Spain (project Red Infobusiness), the Association of Scientific and Technological Parks of Spain (APTE) and the National Association of Spanish CEEI (ANCES), Internet Security Auditors took part in the debate with SMES Galician and had occasion to know the worries in safeties questions that have these.

During the notification, in September 19-21st, of the first Fractal Games in "Les Naus" HackLab in the Gràcia in Barcelona, where we cannot miss, we will have the pleassure to speak with Pete Herzog, the ISECOM (organization that manages with other projects, the OSSTMM publish), where we will present the Hacker High School for this course. This project pretends to offer classes in a very elemental level to all those college students that want to learn about Ethical Hacking, so they have a place where to focus their curiosity in a constructive way, learning the dangers of destructive acts.

The 1st F.G. pretend, following allways the philosophy of the Hackmeetings of information and ideas free sharing, protest against the dislodge of the first Hacklab in Spain headed by the Kernel Panic hacktivist group, that have used this ocupied and automanaged space to give to all that wants open and free courses and talks during more than three years.

More information here.

El próximo 20 de Mayo a las 19:00 horas en la Sala Paraninf de LaSalle (c/ Cuatre Camins, 30. Edificio Sant Jaume) y el 25 de Mayo a las 19:00 en la Sala de Actos del Fòrum Nord de la Tecnologia (c/ Marie Curie, s/n), presentaremos los cursos de certificación OPST (OSSTMM Professional Security Tester) y OPSA (OSSTMM Professional Security Analyst), ambas, certificaciones oficiales del ISECOM (Institute for Security and Open Methodologies) avaladas por LaSalle.

Para presentar el ISECOM y sus certificaciones para testers y analistas en seguridad contaremos con la presencia de Pete Herzog, Managing Director del ISECOM y coordinador del manual de la metodología OSSTMM (Open Source Security Testing Mehodology Manual), en la cual colaboran miembros de Internet Security Auditors desde sus inicios, además de ser la metodología empleada en nuestras Auditorías de Seguridad.

En estas jornadas de presentación hablaremos de todos los aspectos (beneficios, requisitos, objetivos, etc.) relacionados con estas certificaciones, únicas en España sobre Hacking Ético, y las técnicas y metodologías empleadas para llevar a cabo Auditorías de Seguridad y el análisis y comprensión de los resultados obtenidos, siguiendo las pautas de la OSSTMM.

Si quieres asistir a estas jornadas gratuitas el 20 o 25 Mayo ponte en contacto con nosotros en el 93-305-13-18 o mediante correo electrónico a .

At least the new version of the Open Source Security Testing Methodology Manual (OSSTMM) 2.1, has seen the light. The canhes from the last version are a lot, following the philosophy of lasr releases, it goes deeper in the most demanded aspects nowadays, like security in mobile technologies (WiFi, Bluetooth, etc.). The ISECOM (Institute for Security and Open Methodologies) offers with this new version the middle step since the new comming version 3.0 of the manual that have stablished, after more than 3 years of efforts from PEte Herzog and all the people that have collaborated in its development, to be the standard #1 in security testing methodologies.

Download and read more about it in the ISECOM website.

During the National Security Congress "No cON Name 2003" cellebrated in Palma de Mallorca during the July 14-27th, we presented the projects that coordinates OWASP (Open Web Application Security Project), like WebGoat, a controlled environment where practise and kno the most common web attacks, also the Secure Web Application Development OWASP, and CodeSeeker, an OpenSource project of an Application Firewall that pretends to offer the same results that do commercial ones.

During this presentation were done some demostrations about its present functionalities and its easy of use, also its behavior in front of most common web attacks. Visit our Presentations section in Downloads.

More information in the OWASP website.

In the last number of "SIC: Security in Computer science and Communications" has been published an article written from the investigation and worries generated by the security problems which nowadays we meet in the registration of domain names in Internet. Who are the implied parts, which are the responsibilities of each one of these parts and what must be done to prevent that our presence in Internet be attacked across a route, till now almost unknown, it is what is presented in this article. Visit our section of Press in Downloads.

INTERNET SECURITY AUDITORS will take part in " Course of operative practice in investigation" organized by the Detectives' official College of Catalonia teaching "Investigation and Security Tools in Internet". More information here.

INTERNET SECURITY AUDITORS will present during the course under the title of " Wi-Fi Networks. 802.11 Protocol" the security problems of the wireless networks. This course organized by Vilanova i la Geltrú town hall together with the UPC and the European Institute of the Mediterranean in the Campus of Mediterranean in Vilanova i la Geltrú, will analyze the different aspects involved in the implantation of the wireless networks, with experts' vision of different companies and public organisms and will rely on INTERNET SECURITY AUDITORS as experts in new technologies security. More information here.

INTERNET SECURITY AUDITORS will present the paper "Codeseeker, an open-source application level firewall" in the congress NoConName 2003 (NcN 2003), that will be celebrated in Palma de Mallorca between the 24th and 27th of July (both inclusive). "Codeseeker" is a project coordinated by OWASP (The Open Web Application Security Project) and developed thanks to the effort of the whole open-source community. Codeseeker is an application level firewall and IDS developed in Java and C/C ++. More information here.

Next 21th June at 17:00 we will offer the presentation "Security services for SME" in CETEMMSA's headquarters, the Center of technological innovation and Mataró-Maresme's managerial development. This presentation is included in the frame of the day on computer security in SME, organized by CETEMMSA and CIDEM. More information here.

INTERNET SECURITY AUDITORS chooses as finalist to the prize to the best managerial initiative that grants the Diputació of Barcelona. The ceremony of delivery of prizes will be realized on April 28, 2003.

Next Sunday, the 23rd of March, 2003, in the supplement "Más que bytes" of the newspaper "El Mundo" you will be able to read the interview that fulfilled Pilar Morate to two of the founding associates of INTERNET SECURITY AUDITORS.

The Spanish legislation regulates, now more than never, how the companies must manage the personal information as well as the procedure that must expire on having been present in Internet. INTERNET SECURITY AUDITORS offers services of LOPD and LSSICE's adjustment and audit. More information shortly.

IGC (Global Internet Congress) is the congress of reference in Internet and new technologies that are celebrated in Barcelona. INTERNET SECURITY AUDITORS will realize the presentation(paper) " m - dreams (Bluetooh, Wifi, J2ME) " in the fifth edition of the IGC on May 12, 2003 from 11 to 12:30 AM. More information here