第三屆台灣駭客年會第三屆台灣駭客年會Third Hacks in Taiwan Third Hacks in Taiwan

ConferenceConference

Wayne HuangWayne Huang黃耀文黃耀文

wayne@armorize.comwayne@armorize.com

台灣駭客年會台灣駭客年會 一個國家的資安產業成熟度指標一個國家的資安產業成熟度指標——

underground hacking conferencesunderground hacking conferences

Hacks in Taiwan, brought to you by Hacks in Taiwan, brought to you by Tim Hsu and chro0tTim Hsu and chro0t

Welcome to HITCon 2007Welcome to HITCon 2007

HIT 2005HIT 2005

四百年來第一會四百年來第一會——台灣終於有台灣終於有自己的駭客年會！自己的駭客年會！

"" 地下網管地下網管 2020 年年 " -- gasgas " -- gasgas

"Evil netpipe" -- timhsu "Evil netpipe" -- timhsu

"Windows Kernel "Windows Kernel Shellcode Exploit" -- Shellcode Exploit" -- NanikaNanika

HIT 2005HIT 2005 "The Evolution of Windows Spyware Techniques" "The Evolution of Windows Spyware Techniques"

-- Birdman-- Birdman "Anti-Forensic with Anti-Reversing" -- Kuon "Anti-Forensic with Anti-Reversing" -- Kuon sscan, newbug, unohope, alan, Charmisscan, newbug, unohope, alan, Charmi

HIT 2006HIT 2006 場地爆滿，場地爆滿， MS MS 總部電話留位！總部電話留位！ 來自世界各地的聽眾！來自世界各地的聽眾！

HIT 2006HIT 2006

Tony Lee, Lead Anti-Virus Researcher, MicrosoftTony Lee, Lead Anti-Virus Researcher, Microsoft Sarah Blankinship, Security Program Manager, Sarah Blankinship, Security Program Manager,

MicrosoftMicrosoft

Y.M. ChenY.M. Chen Director of Consulting, McAfeeDirector of Consulting, McAfee PACSEC.JP, HITB, HACK.LU, HIT, CSI, PACSEC.JP, HITB, HACK.LU, HIT, CSI,

MISTIMISTI

WayneWayne

WWW, PHP, RSA, …WWW, PHP, RSA, … OWASP OWASP 台灣分會會長台灣分會會長 阿碼科技執行長阿碼科技執行長 台大電機博士班候選人台大電機博士班候選人

FyodorFyodor SNORT founderSNORT founder Usenix, BlackHat, Ruxcon, HITB, Syscan, Usenix, BlackHat, Ruxcon, HITB, Syscan,

Bellua…Bellua… 台大電機博士班台大電機博士班

BirdmanBirdman

Wargame!Wargame!

第一名：劉昆豪 技服中心工程師。第一名：劉昆豪 技服中心工程師。 第二名：吳光哲第二名：吳光哲 任職訊連科技任職訊連科技 第三名：翁浩正 輔大資工系。第三名：翁浩正 輔大資工系。

HIT 2007HIT 2007 TWISC@NTUST TWISC@NTUST 協辦協辦 HIT 2005: 120HIT 2005: 120 人人 HIT 2006: 160HIT 2006: 160 人人 HIT 2007: 270HIT 2007: 270 人人……爆！！爆！！

HIT 2007HIT 2007 講師橫跨產駭學界講師橫跨產駭學界 參加者來自世界各地參加者來自世界各地 更精彩的內容，給更厲害的聽眾更精彩的內容，給更厲害的聽眾 拭目以待！拭目以待！

Source: Google Online Security Bloghttp://googleonlinesecurity.blogspot.com/

Hacked websites

Malware origin

HIT 200HIT 20088 台灣資安之能量，有其背後之政治與歷史意義台灣資安之能量，有其背後之政治與歷史意義 台灣資安界，其實臥虎藏龍台灣資安界，其實臥虎藏龍 龍虎只在每年 龍虎只在每年 HIT HIT 公開出現！公開出現！ Hacks in Taiwan Hacks in Taiwan 是台灣所有對資安有興趣是台灣所有對資安有興趣的朋友的會的朋友的會• 交流技術交流技術• 分享經驗分享經驗• 談論趨勢談論趨勢

Wall Street Wall Street 看 看 SecuritySecurity

Security index had consistently outperformed NASDAQSource: Cowen and Company , RSA 2007

Security 3.0 in Web 2.0—Security 3.0 in Web 2.0—What’s Next?What’s Next?

Date Major Security Events within Past Two Months

2007.5.11

Google published "The Ghost in the Browser" research in Hotbots ’07 (with Usenix) which states that more than 10% of all on Google indexed wetbsites have been hacked and contain malware, spyware, or malicious code

2007.5.15 OWASP published the OWASP Top 10 2007 (the first time since 2004);

Cross-site Scripting vulnerability climbed to #1

2007.5.29 Google announced acquistion of GreenBorder (a browser-based security

solution) to jumpstart into web application security space

2007.6.1. Google starts flagging malicious website warning users not to enter

2007.6.6. IBM acquired penetration testing company Watchfire to step into Web

security space

2007.6.18. Penetration testing company Cenzic approved U.S. patent on fault-

injection technology, starting a new wave of hot debate in Web security

2007.6.19. HP acquired penetration testing company SPI Dynamics to enter into

web security space, competing with IBM

2007. 6.30. PCI includes code review for PCI compliance v1.1, mandatory in 2008

2007.7.9. Google acquired online email security Postini for US$625 million in

cash, aggressively entering into online enterprise security space

HIT 200HIT 20088 更新更黑的內容，更恐怖的講師陣容！更新更黑的內容，更恐怖的講師陣容！ 不必出國，不必去不必出國，不必去 BlackHat / DefConBlackHat / DefCon ！！ 明年場地預定：台大醫院國際會議廳明年場地預定：台大醫院國際會議廳（徵求贊助單位）（徵求贊助單位）

感謝各界的支持，我們明年見！感謝各界的支持，我們明年見！