I have just come back from Amsterdam where I was a speaker at the Hack In The Box conference. HITB held its annual conference here in Europe for the first time. The event was hosted in the beautiful 'Venice of the North', Amsterdam (Netherlands), the home of canals, windmills, tulips, and probably the best cheese in the world. One of the most beautiful hotels in the heart of Amsterdam, the Krasnapolsky, offered a welcoming environment for this occasion.
This year at the HITB conference, we had the option to hear many very interesting talks from various security experts from all over the world, including deep analysis of shellcode, hardware hacking, and traveling to the Russian cyber underground.
I attended the following talks:
- Keynote 1: Security Chasm - Dr Anton Chuvakin
Anton is a well-known security expert and the author of many books about this subject. In his talk he emphasized the importance of focusing on real security issues rather than conceptual theories. He was wondering why people are more afraid of getting a fine by not wearing a seatbelt rather than worrying about the risk to their life. He also took a nice overview of the history of information security and a prediction on how it will be changed in the following 5 or 10 years.
- Breaking Virtualization by Switching to Virtual 8086 Mode - Jonathan Brossard
Jonathan had a nice talk about the security issues of virtual machines, especially escaping code from virtualized servers. Server virtualization is very important nowadays, mostly used in Web hosting environments. As he pointed out, an attacker might take over the host computer breaking out of the virtualized hardware using an almost forgotten CPU mode, the virtual 8086 mode.
- From Russia With Love 2.0 - Fyodor Yarochkin
Fyodor is an independent network security researcher who digs deep down into the world of the Russian cyber underground, revealing many of their secrets and myths. He explained how they are organized and why they do what they do - unsurprisingly it is all about the money. Fyodor also pointed out that many people do not even realize they are involved in a cyber crime. They get a temporary job offer over the Internet and once they finish their assignment they receive the money online. Sounds like a legitimate business; however, in the end the work is related to illegal activity.
- Keynote 2: Ten Crazy Ideas That Might Actually Change the State of Information Security - Mark Curphey
Mark is the director of the MSDN Subscription Engineering team at Microsoft. He had some very interesting ideas about the fundamental issues of information security, and laid down 10 ideas that could change the security industry. He compared this work to how WHO stopped one of the deadliest diseases in the history of human kind, smallpox. Mark also highlighted that maybe security experts should work in the same way as a Chinese doctor: paid only if healthy, not when sick.
- Maltego 3: Start Your Engines - Reolf Temmingh
Reolf is the founder of Paterva Ltd, the creator of Maltego. Maltego is an open source intelligence and forensics application. It can be used to connect information and their sources together revealing many interesting details about a subject or even about people. Fyodor was actually using Maltego for his findings about the Russian cyber underground. Reolf presented the capability of the new version 3 to the audience.
- Abusing Microsoft's PostMark Validation Protocol - Dimitru Codreanu
Dimitru is a Senior Researcher at BitDefender. He did research on a GPU and FPGA-assisted application that can break Microsoft's PostMark Validation Protocol. This protocol helps with fighting against spam, and it was claimed that to break this system, the spammer needs to invest hundreds of thousands of dollars in hardware. Dimitru showed the weakness of the protocol and that using a GPU (graphical card like nVidia GeForce) or an FPGA card inserted into an ordinary PC could lead to signing 3-8 million mails per day with PostMark Validation, with an investment of only around a few hundred dollars.
- Subverting Windows 7 x64 Kernel with DMA Attacks - Cristophe Devine & Damien Aumaitre
Cristophe and Damien are Security Researchers at Sogeti/ESEC and they made a very interesting showcase of how vulnerable our computing systems are to hardware-based attacks. They have inserted a PCMCIA card into a laptop running Windows 7 for a couple of seconds, which then accepted any random string entered to the Windows Logon screen as a valid password. They have pointed out that hardware that can use DMA (such as FireWire / IEEE1394, PCMCIA, ExpressCard and PCI card) is bypassing any security protocol in the operating system, leaving our computers open to attacks.
- Top 10 Web 2.0 Attacks and Exploits - Sheeraj Shah
Sheeraj is the founder of Blueinfy and the author of many books on Web 2.0 Security. In his talk we got an overview of the top 10 Web 2.0 attacks, exploits, and hacking techniques. He also explained new tools and methodologies to prevent attacks like these.
- The Traveling Hackersmith 2009-2010 - Saumi Shah
Saumi is the founder of Net-Square and the author of many books and tools. He was talking off the record this time about discovering security issues in online flight bookings and hotel room reservations during many of his travels. As it was off the record it would not be ethical to write down his subject in detail. He emphasized that he does not want to prove a point; however, overall my conclusion was that he was worrying about Web shops in general, how highly insecure they are, simply because either the developer does not know much about information security or because they just do not think a cyber criminal would target their site at any time.
The conference material can be downloaded from the HITB Web site.