[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

Yen Ming Chen (Senior Managing Consultant, Foundstone - A division of McAfee Inc.)

Filed under: Main Page — Administrator @ 10:41 am

May 19, 2006

Presentation Title: Triple Play; Triple Threat? — IPTV Security
Presentation Details:

The “Triple-play” strategy (Data, Voice and Video) is set to enable Telecoms to increase their Average Revenue per Unit (ARPU) and revolutionize current home entertainment. IPTV generated revenue is expected to have 102% CAGR from year 2004 – 2010. While security issues in Data and Voice of the “Triple-Play” strategy have been examined in details, not much has been done in the IPTV field. In this presentation, we will look at IPTV’s advantages in business, architecture, threats and some of the vulnerabilities that have been seen on the field. The IPTV architecture comprise of the Content Source, Head-End, Delivery and Management network and Consumer Home network. Current security threats (malicious attackers, worms or disasters) could stop the Telecoms from making profit or even losing money. The presentation will present some real-life weaknesses and vulnerabilities and provide countermeasures for Telecoms.

Triple Play Strategy
Known Security Problems
New Addition: IPTV
		Content Source
		Delivery and Management network
		Home network
IPTV Risk Analysis
IPTV Vulnerabilities
	Home network
		Set-Top Box
			How to steal your neighbor’s subscription
		Home gateway
	Delivery and Management network
		Access Control List
		Infrastructure Weakness
		Buffer Overflow
		Other Issues
	Content Source
		Unencrypted content storage
Q & A

About Yen Ming

Yen-Ming leads Foundstone consultants to provide strategic security consulting services to Global 2000 clients. With almost a decade of experience in business development, IT and security, Yen-Ming brings extensive knowledge in both business and technology to his clients. Yen-Ming established the Asian Pacific branch in Singapore for Foundstone and has been instrumental in growing business for Foundstone in APAC. He has performed security assessments for security technologies (ISA server, firewall, and other security products), business applications (financial applications, CRM, and Tax software) and other technologies (multi-functional office equipments and IPTV). He contributed to Four books and numerous articles published on SecurityFocus and other magazines. He’s frequent speaker for conferences like CSI, MISTI and others. He served as a Lead Instructor for Foundstone’s Ultimate Hacking series classes. Before joining Foundstone, Yen-Ming worked at Carnegie Mellon University and he created the first intrusion detection system appliance prototype using PicoBSD and Snort. He also wrote the first intrusion detection log correlation and analysis program, snort-stat, for Snort. Yen-Ming held a MS in Information Networking from Carnegie Mellon University and a BS in Mathematics from National Central University.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner

Internet Bandwidth Sponsor

AIMS - Malaysia's Telecommunications Hub

Official Hotel

Westin Kuala Lumpur

CTF Sponsor


CTF Prize Sponsor

Scan Associates Berhad.

Our Speakers Are Supported By:

Bellua Asia Pacific

Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

IT Underground

Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore