Post Conference Coverage - Mainstream Media

WabiSabi Labi aims to be more than an eBay for zero-days - Washington Post
http://www.washingtonpost.com/wp-dyn/content/article/2007/09/25/AR2007092500783.html

Hackers reveal day-to-day dangers - BBC
http://news.bbc.co.uk/2/hi/technology/7004750.stm

Marketplace for vulnerabilities - The Star (Malaysia)
http://star-techcentral.com/tech/story.asp?file=/2007/9/11/itfeature/18797592&sec=itfeature

2007年HITBSecConf圓滿舉辦 - SC Cyberworld
http://sccyberworld.blogspot.com/2007/09/2007hitbsecconf.html

Banking trojans set to pose bigger threat - The Star (Malaysia)
http://star-techcentral.com/tech/story.asp?file=/2007/9/11/itfeature/18795579&sec=itfeature

‘Stupid’ Holes Reported in Oracle 11g - PC World
http://www.pcworld.com/article/id,136699-c,applicationbugs/article.html

Why bug hunt should be for sale - ZDNet (Asia)
http://www.zdnetasia.com/news/security/0,39044215,62031943,00.htm

Oracle 11g найдены серьезные уязвимости - OSP (Russian)
http://www.osp.ru/news/2007/0905/4334533/?rss_feed=news

Đội Sao Vàng vô địch cuộc thi Game tấn công và phòng thủ tại Malaysia - Vietbao (Vietnam)
http://mobi.vietbao.vn/The-gioi-tre/Doi-Sao-Vang-vo-dich-cuoc-thi-Game-tan-cong-va-phong-thu-tai-Malaysia/40218990/275/

Researchers: Cyberattacks outstripping defences - ZDNet (UK)
http://news.zdnet.co.uk/security/0,1000000189,39289141,00.htm

Hack in the Box：甲骨文出现愚蠢漏洞 - 3800hk
http://www.3800hk.com/news/w21/133409.html

Post Conference Coverage - Blogs / Online

Hack In The Box 2007 - Malaysia - Raffael Marty
http://raffy.ch/blog/2007/09/24/hack-in-the-box-2007-malaysia/

A good presentation by FX - EM_386
http://em386.blogspot.com/2007/09/good-presentation-by-fx.html

Hack In The Box Malaysia 2007 - Francois Ropert
http://www.rezalfr.org/francois.ropert/index.php/2007/09/23/56-hack-in-the-box-malaysia-2007

Exploiting HITB 2007 KL CTF Daemon 01 - VNSECURITY
http://www.vnsecurity.net/Members/lamer/archive/2007/09/11/hitb07kl-ctf-daemon01

HITB 2007 - CTF Daemon 03 writeup - WabiSabiLabi
http://wabisabilabi.blogspot.com/2007/09/hitb-2007-ctf-daemon-03-writeup.html

Exploiting HITB 2007 KL CTF Daemon 05 - VNSECURITY
http://www.vnsecurity.net/Members/lamer/archive/2007/09/14/hitb07kl-ctf-daemon05

Exploiting HITB 2007 KL CTF Daemon 07 - VNSECURITY
http://www.vnsecurity.net/Members/lamer/archive/2007/09/16/hitb07kl-ctf-daemon07

Hack In The Box 2007 - Day 1 - Literatecode
http://www.literatecode.com/2007/09/05/hitb/

Hack In The Box 2007 - Day 2 - Literatecode
http://www.literatecode.com/2007/09/16/hitb2/

HITB 2007 CTF report - LongBlog
http://longld.blogspot.com/2007/09/hitb-2007-ctf-report.html

WSLabi @ HITB Malaysia 2007 - WSLabi Blog
http://wabisabilabi.blogspot.com/2007/09/wslabi-hitb-malaysia-2007.html

Impressions from HackInTheBox 2007 Malaysia - Alexander Kornbrust about Oracle Security (Red Database Blog)
http://blog.red-database-security.com/2007/09/09/impressions-from-hackinthebox-2007-malaysia/

HITBSecConf2007 in Malaysia - F-Secure Weblog
http://www.f-secure.com/weblog/#00001270

HITB2007! - Billy Rios
http://xs-sniper.com/blog/2007/09/10/21/

HITBSecConf2007 Over - Niresh
http://0rga.wordpress.com/2007/09/08/hitbsecconf-2007-over/

Hitb 2007 KL 3-6 September : Ret Null - y0nd13
http://y0nd13.blogspot.com/2007/09/hitb-2007-kl-3-6-september-ret-null.html

HITB SecConf 2007 - MALAYSIA Day1 - Tessy (Japan)
http://d.hatena.ne.jp/tessy/20070905

HITB SecConf 2007 - MALAYSIA Day2 - Tessy (Japan)
http://d.hatena.ne.jp/tessy/20070906

HITB SecConf 2007 - MALAYSIA 資料公開 - Tessy (Japan)
http://d.hatena.ne.jp/tessy/20070909

Hack in the box Seminar on Telecom Fraud - Skype-Watch
http://webtown.typepad.com/webtown/2007/09/hack-in-the-box.html

WabiSabiLabi - blueshifters (US Army)
http://freecursor.blogspot.com/2007/09/wabisabilabi.html

Web Hacking Challenge - blueshifters (US Army)
http://freecursor.blogspot.com/2007/09/web-hacking-challenge.html

day 1 at hackers’ fest - sansurfer
http://www.sansurfer.com/2007/09/03/day-1-at-hackers-fest/

day 2 at hackers’ fest | facilitating interviews - sansurfer
http://www.sansurfer.com/2007/09/04/day-2-at-hackers-fest-facilitating-interviews/

day 3 at hackers’ fest - sansurfer
http://www.sansurfer.com/2007/09/06/day-3-at-hackers-fest/

day 4 (FINAL) at hackers’ fest - sansurfer
http://www.sansurfer.com/2007/09/08/day-4-at-hackers-fest/

HITBSecConf 2007 - MALAYSIA - NTDLL.com (Arabic)
http://www.ntdll.com/?p=120

HITB Aftermath: Why you don’t know you are having virus in your pocket? - geek00l
http://geek00l.blogspot.com/2007/09/hitb-aftermath-why-you-dont-know-you.html

Brief breakthrough of HITB lmao - dism0106
http://dism0106.blogspot.com/2007/09/brief-breakthrough-of-hitb-lmao.html

HITB 2007 log report - y3d1ps
http://y3d1ps.blogspot.com/2007/09/hitb-2007-log-report.html

Đội Sao Vàng vô địch cuộc thi Game tấn công và phòng thủ tại Malaysia - cdav7 (Vietnam)
http://cdav7.mylivepage.com/blog/23/10907/

HITBSecConf2007 Capture the Flag Game Considered Fun - security.org.my
http://www.security.org.my/index.php?/archives/HITBSecConf2007-Capture-the-Flag-Game-Considered-Fun.html

HITBSecConf2007 Kuala Lumpur Capture the Flag is over! - Longblog (Vietnam)
http://longld.blogspot.com/2007/09/hitbsecconf2007-kuala-lumpur-capture.html

HITB SEC CONF 2007: The WriteUp - geek00l
http://geek00l.blogspot.com/2007/09/hitb-sec-conf-2007-writeup.html

HITBSecConf2007 Considered 1337 - Malaysia Honeynet Project
http://my-honeynet.org/index.php?/archives/HITBSecConf2007-Considered-1337.html

Hecker Zeal?? - zealich
http://zealich.blogspot.com/2007/09/hecker-zeal.html

hitbsecconf2007 is over - spoonfork
http://mel.icious.net/blog/2007/09/07/hitbsecconf2007-is-over/

===

If you’ve written a blog post or spotted an article that we’ve missed, please send an email to dhillon -at- hackinthebox.org
For the list of pre conference media coverage, please click here

The presentations materials from the dual-track security conference is now available for download. We’ll also be placing the materials on Packetstorm in the coming weeks. In addition, the photos from the setup, training days, conference days and the post conference party have also been uploaded so do check them out!

Materials: http://conference.hitb.org/hitbsecconf2007kl/materials/
Photos: http://photos.hitb.org

The conference agenda and speaker line up for HITBSecConf2007 - Malaysia has been finalized. Below are the list of confirmed presentations:

Day 1 Keynote - 5th September 2007

Honeynet Project: Latest Research - Lance Spitzner (Founder, Honeynet Project)

Online Crime and Crime Online - Mikko Hypponen (Chief Research Officer, F-Secure Corp)

Day 2 Keynote - 6th September 2007

The Rise and Fall of Information Security in the Western World - Mark ‘Phiber Optik’ Abene (Former Member of LOD / MOD)

The Evolution of Hacking - Emmanuel Goldstein (Founder, 2600)

Conference Day 1 - 5th September 2007

Injecting RDS-TMC Traffic Information Signals - How to Freak Out Your Sat Nav System - Andrea Barisani (Chief Security Engineer, Inverse Path Ltd) and Daniele Bianco (Hardware Hacker, Inverse Path Ltd)

State of Security - Andrew Cushman (Senior Director, Microsoft Security Response and Community, Microsoft Corp)

Attacking Cisco Network Admission Control – NAC@ACK - Michael Thumann (Chief Security Officer, ERNW GmbH) and Dror-John Roecher (Senior Security Consultant, ERNW GmbH)

Hacking SCADA – How to 0wn Critical National Infrastructure - Raoul Chiesa (Board of Directors member @Mediaservice.net, ISECOM Group and TSTF) and Alessio L.R. Pennasilico aka Mayhem (Security Evangelist, Alba S.T. s.r.l.)

Exploiting the Intranet With a Webpage - Is JavaScript the New Shellcode? - Martin Johns (University of Hamburg, Faculty of Informatics)

WabiSabiLabi - The Exploit Marketplace - Roberto Preatoni (Director of Strategy, WabiSabiLabi & Founder, Zone-H Defacement Mirror)

Meta Anti Forensics: The HASH Hacking Harness - The Grugq (Independent Network Security Specialist)

Advanced Web Application and Database Threat Analysis with MatriXay - Frank Yuan Fan (Founder and Chief Technology Officer, DBAPPSecurity)

Physical Security: Past, Present and Future - Deviant Olam, Eric Michaud & Q (Members of TOOL USA)

360° Anomaly Based Intrusion Detection - Dr. Stefano Zanero (Politecnico di Milano T.U.

High Security Locks - Illusion or Reality? - Marc Weber Tobias (Investigative Attorney and Security Specialist)

Insider Threat Visualization - Raffael Marty (Manager, Strategic Application Solutions @ ArcSight Inc.)

Conference Day 2 - 6th September 2007

Hacking the Bluetooth Stack for Fun, Fame and Profit - Dino Covotsos (Managing Director, Telespace Systems)

Tools and Strategies for Securing a Large Development Project - Window Snyder (Chief Security Something or Other, Mozilla Corporation)

Hacking Biometric Systems - Starbug (Independent Security Researcher)

Protocol Fuzzing - Luiz Eduardo (Senior Systems & Security Engineer, Mu Security)

Hacking Hardened and Secured Oracle Servers - Alexander Kornbrust (Founder, Red Database Security GmbH)

Enterprise Hacking: Who Needs Exploit Codes? - Fetri Miftach (Principal Consultant, PT Bellua Asia Pacific) and Jim Geovedi (Security Consultant, PT Bellua Asia Pacific)

Slipping Past The Firewall - Billy K. Rios (Senior Researcher, VeriSign) and Nathan McFeters (Senior Security Advisor, Ernst & Young Advanced Security Center)

An End-to-End Analysis of Securing Networked CCTV Systems - Sarb Sembhi (Chief Technology Officer, Securityw0rk5)

Attack Surface of Modern Applications - Felix ‘fx’ Lindner (Founder, Recurity Labs GmbH)

Googling for Malware and Bugs - Dr. Jose Nazario (Senior Security Engineer, Arbor Networks)

The Computer Forensics Challenge and Anti-Forensics Techniques - Domingo Montanaro (Information Security Specialist and Computer Forensics Expert) and Rodrigo Rubira Branco (IBM, Brazil)

Hacking Ajax and Web Services – Next Generation Web Attacks on the Rise - Shreeraj Shah (Director, BlueInfy)

---

Mark ‘Phiber Optik’ Abene has announced the details for his keynote, “The Rise and Fall of Information Security in the Western World” on Day 2. In addition, the Conference Agenda has been updated and the following speakers have been added to our line up:

Nathan McFeters (Senior Security Advisor, Ernst & Young Advanced Security Center) will be presenting with Billy K. Rios (Senior Researcher, Verisign) on Slipping Past the Firewall in which Billy and Nathan will demonstrate some new techniques used by attackers to establish a “staging point” on your internal network to conduct NON-HTTP based client side attacks.

Alessio L.R. Pennasilico aka Mayhem (Security Evangelist, Alba S.T. s.r.l.) has spent the last couple of months working with Raoul Chiesa (Board of Directors Member @Mediaservice.net, ISECOM Group & TSTF) on pen testing various SCADA implementations. In their presentation Hacking SCADA and how to 0wn critical national infrastructure, Raoul and Mayhem have promised to share some insightful demos

The final round of updates and announcements is scheduled for next week. If you have not registered for your seat yet, there are still a couple of days to do so or you could also register on-site however, rates increase after 31st August.

We are excited to announce an exclusive talk on the new exploit marketplace project, WabiSabiLabi. Presented by their Strategic Director, Mr Roberto Preatoni, attendees will be the first in Asia to hear directly from the guys behind the project on the purpose of it’s set up, the project’s direction and to address the controversies surrounding it.

Presentation Title: WABISABILABI: The Exploit Marketplace Project
Presentation Details:

Three days after its launch, the Wabisabilabi project attracted the world’s attention. For the good and for the bad, the press covered the project in all its aspects, generating and endless round of comment threads on specialized forums. The project got the attention of the financial press, hitting the Economist and Forbes. The speech will let you hear directly from WABISABILABI’s Strategy Director the project philosophy, business model and milestones as well as the challenges the project has to overcome in the future.

- history of the research in the security field
- WABISABILABI: a name, a philosophy
- current status of the security market: exploiting the security researcher’s work for free
- the black security market: a myth? A reality?
- the traditional security vendor business model VS Wabisabilabi’s one
- is it ethical? Major criticisms do have ground?
- legal aspects of a security marketplace: the results of one year of legal investigations
- the economical models: auction, dutch auction, exclusive sale
- the big dilemma: to disclose or not to disclose?

For further details please click here. Do note that prices for the dual track conference increases after 31st August…

Below are the discounted room rates for attendees of HITBSecConf2007 - Malaysia. Attendees have the choice of staying at either Le Merdien or Hilton KL Sentral - both hotels are located in the same building. Attendees are requested to quote “HITB2007″ when making your reservation and those wishing to stay at Le Meridien will need to fill in this form.

Hilton KL per day room rate:

RM435++ for Hilton Innovation Room without breakfast
RM515++ for Hilton Grand Room without breakfast
RM700++ for Hilton Innovation Suite without breakfast
Breakfast at RM59++ per person

Le Meridien per day room rate:

RM385++ for Deluxe Room Single occupancy with breakfast
RM460++ for Deluxe Room Double occupancy with breakfast
RM415++ for Premier Room single occupancy with breakfast
RM515++ for Premier Room double occupancy with breakfast

The draft agenda for HITBSecConf2007 - Malaysia is now online! The final listing of speakers will be announced in the first week of August. In total there will be over 30 hours of deep knowledge network security presentations and we have extended the timing of the event to accommodate for this. In addition, the details for the Capture The Flag competition have also been announced and version 1.0 of the conference kit is also available. The kit includes everything you’d need to know about the event and what we have planned. You can download the conference kit here.

The Call for Papers for HITBSecConf2007 - Malaysia has ended. Thank you to everyone who took the time to put together a submission. The team will be making the final selection of speakers by the end of this week and we will announce the final listing and release a draft of the conference agenda on Wednesday, 9th of May. We have received over 30 submissions for the event with several super interesting papers… Needless to say it looks like it’s going to be a really terrific event and you definitely don’t want to miss this

Registration for HITBSecConf2007 - Malaysia is now open! We have moved our conference to the bigger and better Hilton KL Sentral; Kuala Lumpur’s newest 5-star hotel centrally located in the heart of Kuala Lumpur and a mere 28 minutes from the airport via the KLIA Express.

We’re expecting over 800 attendees to join us from around the world for this year’s Malaysian leg and we promise they will not be disappointed! HITBSecConf2007 - Malaysia will be the largest network security event in Asia with 4 keynote speakers and over 40 of the world’s leading researchers and security experts under one roof. Some of the highlights:

7 Tracks of Hands-On Technical Trainings

Day 1 Keynote Speakers: Lance Spitzner and Mikko Hypponen
Day 2 Keynote Speakers: Mark ‘Phiber Optik’ Abene and Emmanuel Goldstein

HITB Cinema: As part of our yearly charity initiative, we are organizing screenings of Freedom Downtime and Urchin. Freedom Downtime, directed and produced by Emmanuel Goldstein is the story of computer hacker Kevin Mitnick, imprisoned without bail for nearly five years while Urchin is an independent production written and directed by John Harlacher and stars Mark Abene as ‘The Inside Man’ and Emmanuel Goldstein as ‘The Outside Man’. Shot illegally in the subways, sewers, and streets of New York City “Urchin” is a prime example of guerrilla cinema made possible by new technology. This will be the first time in Asia Pacific that these movies are being shown to the public and all proceeds from these screenings will go to the Malaysian National Cancer Council - MAKNA.

Capture The Flag: With cash prizes worth USD6,000 this years’ Capture The Flag game has already received confirmation of participation from Padocon from Korea (last year’s champions), NDMTeam from Bulgaria, Army Strong comprising members of the US Army and Zone-H from Italy.

Zone-H/HITB Hacking Challenge: Zone-H in colaboration with the Hack in The Box crew will organize a 6-level web-based hackgame in which individual participants will be challenged to try to beat the hackgame in the shortest possible time. Based on the original game developed by Zone-H in 2005, there will be no need to bring your own exploits or your own laptop.

Lock Picking Village (LPV): Deviant Olam, Eric Michaud and Q who are members from the The Open Organization of Lockpickers (TOOOL USA) will be running a Lock Picking Village at the conference in which attendees will be invited to try their hands at bumping and other physical security bypass methods! If you think your home locks are secure, you’re more than welcome to bring them along and see for yourself how easily they can be bypassed.

BZFlag Competition: Organized by members of the US Army, attendees to HITBSecConf2007 will be able to blow off some steam in a BZFlag arena. BZFlag is an online multiplayer cross-platform open source 3D tank battle!

The CFP for HITBSecConf2007 - Malaysia is now open. HITBSecConf - Malaysia is the premier network security event for the region and the largest gathering of hackers in Asia. Our 2007 event is expected to attract over 700 attendees from around the world and will see 4 keynote speakers in addition to 40 deep-knowledge technical researchers presenting over two-days.

Being a deep-knowledge technical conference, talks that are more technical or that discuss new and never before seen attack methods are of more interest than a subject that has been covered several times before. Summaries not exceeding 250 words should be submitted (in plain text format) to cfp -at- hackinthebox.org for review and possible inclusion in the programme.

Submissions are due no later than 1st May 2007. For further details, please take a look at the CFP page.