We've returned from HITB 2005, Westin KL, Malaysia. It was a fruitful and informative trip, certainly well worth the 4 hour drive up from Singapore, and here are some of the highlights of the conference.
The Hack In the Box conference was held at Westin, KL. This year, some of the key highlights were the Open Hack contest, and various other live demonstrations by the speakers. Microsoft was the main sponsor for the event, and naturally, launched the event with a preview of Windows Vista. We really enjoyed the event and here are the best snippets.
A counter example of good physical security practice. This one was at the hotel we stayed at. In fact, the hotel wasn't the only culprit. We've seen this setup often enough. The power supply was in fact within reach of an outstretched arm. Certainly easy to disarm this camera.Windows Vista
Microsoft's new line of Operating System, which should replace the Windows XP line when it launches. During the keynote address, the date touted was mid 2006. We look eagerly forward to having our own copy next Christmas then. That makes a pretty interesting year ahead, with Visual Studio 2005 and SQL Server 2005 this Christmas season.
Vista is also supposed to incorparate many new security features, including the ability to surf in protected mode. In this mode, Internet Explorer will operate in a manner that will refuse to execute the usual security breach suspects - ActiveX and BHO. Anti-Phishing was also the call of the new OS, which connects to a Microsoft databased that identifies known phishing sites. Users who encounter suspicious sites can also choose to report them to Microsoft. According to the Microsoft representatives, Microsoft will have their human investigators in action to verify if the reported site is indeed malicious. Once verified malicious, the site will be added to the online database, thereby helping other users.With many other security oriented features and a wonderfully beautiful GUI, we were truly salivating all over our conference seats.
Social Engineering
The best hacks often occur before hackers even reach your computers. Social engineering encompasses a wide range of deceptive moves, including impersonating somebody else, and even seduction. This was probably one of the best talks in the entire conference and it really showed us how the best hackers probably don't even need a computer to get you.
Wireless Security
This is still problematic issue. In Singapore, we're collecting statistics and our current data shows that as much as 50% of home networks are running unsecured wireless components. We are in the midst of collating our data and will be publishing it soon. The speaker did give us a few ideas, as well as corroborate ideas we already had about how wireless networks could be abused. We'll bring you more on this shortly.Bluetooth viruses
F-Secure had a great demonstration of the current BT Virus technology. Although not many such viruses are known at the moment, there is certainly cause for concern at the potential explosion of such viruses. In a certain way, BT viruses are now in the days similar to the advent of the first widespread PC viruses such as (c) Brain. They could well become something more powerful and with better capability to spread. Thumbs up F-Secure!VoIP
Many telcos are going into VoIP big time. You telco might be one of them. However, current protocols for VoIP are still immature and not very highly geared on security aspects. This presents the potential problem that businesses which are currently using reliable PSTN networks, and new businesses, who decide to jump onto the VoIP bandwagon, may very well expose themselves to a variety of security problems, including eavesdropping, unauthorized phone calls at company expense, and identity theft.
All in all, it was a very remarkable and good conference and we look forward to being there next year.
No comments:
Post a Comment