第三屆台灣駭客年會 third hacks in taiwan conference
DESCRIPTION
第三屆台灣駭客年會 Third Hacks in Taiwan Conference. Wayne Huang 黃耀文 [email protected]. 台灣駭客年會. 一個國家的資安產業成熟度指標 — underground hacking conferences Hacks in Taiwan, brought to you by Tim Hsu and chro0t Welcome to HITCon 2007. HIT 2005. 四百年來第一會 — 台灣終於有自己的駭客年會! " 地下網管 20 年 " -- gasgas - PowerPoint PPT PresentationTRANSCRIPT
第三屆台灣駭客年會第三屆台灣駭客年會Third Hacks in Taiwan Third Hacks in Taiwan
ConferenceConference
Wayne HuangWayne Huang黃耀文黃耀文
[email protected]@armorize.com
台灣駭客年會台灣駭客年會 一個國家的資安產業成熟度指標一個國家的資安產業成熟度指標——
underground hacking conferencesunderground hacking conferences
Hacks in Taiwan, brought to you by Hacks in Taiwan, brought to you by Tim Hsu and chro0tTim Hsu and chro0t
Welcome to HITCon 2007Welcome to HITCon 2007
HIT 2005HIT 2005
四百年來第一會四百年來第一會——台灣終於有台灣終於有自己的駭客年會!自己的駭客年會!
"" 地下網管地下網管 2020 年年 " -- gasgas " -- gasgas
"Evil netpipe" -- timhsu "Evil netpipe" -- timhsu
"Windows Kernel "Windows Kernel Shellcode Exploit" -- Shellcode Exploit" -- NanikaNanika
HIT 2005HIT 2005 "The Evolution of Windows Spyware Techniques" "The Evolution of Windows Spyware Techniques"
-- Birdman-- Birdman "Anti-Forensic with Anti-Reversing" -- Kuon "Anti-Forensic with Anti-Reversing" -- Kuon sscan, newbug, unohope, alan, Charmisscan, newbug, unohope, alan, Charmi
HIT 2006HIT 2006 場地爆滿,場地爆滿, MS MS 總部電話留位!總部電話留位! 來自世界各地的聽眾!來自世界各地的聽眾!
HIT 2006HIT 2006
Tony Lee, Lead Anti-Virus Researcher, MicrosoftTony Lee, Lead Anti-Virus Researcher, Microsoft Sarah Blankinship, Security Program Manager, Sarah Blankinship, Security Program Manager,
MicrosoftMicrosoft
Y.M. ChenY.M. Chen Director of Consulting, McAfeeDirector of Consulting, McAfee PACSEC.JP, HITB, HACK.LU, HIT, CSI, PACSEC.JP, HITB, HACK.LU, HIT, CSI,
MISTIMISTI
WayneWayne
WWW, PHP, RSA, …WWW, PHP, RSA, … OWASP OWASP 台灣分會會長台灣分會會長 阿碼科技執行長阿碼科技執行長 台大電機博士班候選人台大電機博士班候選人
FyodorFyodor SNORT founderSNORT founder Usenix, BlackHat, Ruxcon, HITB, Syscan, Usenix, BlackHat, Ruxcon, HITB, Syscan,
Bellua…Bellua… 台大電機博士班台大電機博士班
BirdmanBirdman
Wargame!Wargame!
第一名:劉昆豪 技服中心工程師。第一名:劉昆豪 技服中心工程師。 第二名:吳光哲第二名:吳光哲 任職訊連科技任職訊連科技 第三名:翁浩正 輔大資工系。第三名:翁浩正 輔大資工系。
HIT 2007HIT 2007 TWISC@NTUST TWISC@NTUST 協辦協辦 HIT 2005: 120HIT 2005: 120 人人 HIT 2006: 160HIT 2006: 160 人人 HIT 2007: 270HIT 2007: 270 人人……爆!!爆!!
HIT 2007HIT 2007 講師橫跨產駭學界講師橫跨產駭學界 參加者來自世界各地參加者來自世界各地 更精彩的內容,給更厲害的聽眾更精彩的內容,給更厲害的聽眾 拭目以待!拭目以待!
Source: Google Online Security Bloghttp://googleonlinesecurity.blogspot.com/
Hacked websites
Malware origin
HIT 200HIT 20088 台灣資安之能量,有其背後之政治與歷史意義台灣資安之能量,有其背後之政治與歷史意義 台灣資安界,其實臥虎藏龍台灣資安界,其實臥虎藏龍 龍虎只在每年 龍虎只在每年 HIT HIT 公開出現!公開出現! Hacks in Taiwan Hacks in Taiwan 是台灣所有對資安有興趣是台灣所有對資安有興趣的朋友的會的朋友的會• 交流技術交流技術• 分享經驗分享經驗• 談論趨勢談論趨勢
Wall Street Wall Street 看 看 SecuritySecurity
Security index had consistently outperformed NASDAQSource: Cowen and Company , RSA 2007
Security 3.0 in Web 2.0—Security 3.0 in Web 2.0—What’s Next?What’s Next?
Date Major Security Events within Past Two Months
2007.5.11
Google published "The Ghost in the Browser" research in Hotbots ’07 (with Usenix) which states that more than 10% of all on Google indexed wetbsites have been hacked and contain malware, spyware, or malicious code
2007.5.15 OWASP published the OWASP Top 10 2007 (the first time since 2004);
Cross-site Scripting vulnerability climbed to #1
2007.5.29 Google announced acquistion of GreenBorder (a browser-based security
solution) to jumpstart into web application security space
2007.6.1. Google starts flagging malicious website warning users not to enter
2007.6.6. IBM acquired penetration testing company Watchfire to step into Web
security space
2007.6.18. Penetration testing company Cenzic approved U.S. patent on fault-
injection technology, starting a new wave of hot debate in Web security
2007.6.19. HP acquired penetration testing company SPI Dynamics to enter into
web security space, competing with IBM
2007. 6.30. PCI includes code review for PCI compliance v1.1, mandatory in 2008
2007.7.9. Google acquired online email security Postini for US$625 million in
cash, aggressively entering into online enterprise security space
HIT 200HIT 20088 更新更黑的內容,更恐怖的講師陣容!更新更黑的內容,更恐怖的講師陣容! 不必出國,不必去不必出國,不必去 BlackHat / DefConBlackHat / DefCon !! 明年場地預定:台大醫院國際會議廳明年場地預定:台大醫院國際會議廳(徵求贊助單位)(徵求贊助單位)
感謝各界的支持,我們明年見!感謝各界的支持,我們明年見!