HITBSecConf is known as the best computer security conference in Asia. Past and future speakers in the conference include Captain Crunch, Bruce Schneier, Tony Chor (Microsoft), Marius Eriksen (Google), Joanna Rutkowska, The Grugq, Paul Mcnabb, Adam Gowdiak, Job De Haas, LSD, HD Moore, San (X-Focus), Roberto Preatoni and Theo De Raadt.

“I’m honoured to be invited as the keynote speaker for HITBSecConf 2005″, says Mikko Hypponen. “And I can’t recommend this conference highly enough for anybody who wants the latest deep-down technical knowledge on computer security issues”.

Mr. Hypponen’s presentation, titled “Mobile Malware” will discuss the current situation with mobile phone viruses. The first real viruses infecting mobile phones were found during late 2004. Since then, dozens of different viruses and Trojans - including cases like Commwarrior, Lasco and Skulls - have been found. Mobile phone viruses use totally new spreading vectors such as Multimedia messages and Bluetooth. How exactly do these mobile viruses work?

Virus writers have always been trying to attack new platforms - what draws them now towards the mobile phone? Are phones as a platform simply widespread enough, or is the possibility of making easy money via phone billing systems driving this development? Where are we now and what can we expect to see in the Mobile Malware of the future?

Mikko Hypponen is the Chief Research Officer at F-Secure Corp. He has been analysing viruses since 1991. He has consulted several high-profile organizations on computer security issues, including IBM, Microsoft, FBI, US Secret Service, Interpol and the Scotland Yard. Mr. Hypponen (35) led the team that infiltrated the Slapper worm attack network in 2002, took down the world-wide network used by the Sobig.F worm in 2003 and was the first to warn the world about the Sasser outbreak in 2004.

About F-Secure Corporation

F-Secure Corporation is the fastest growing publicly listed company globally in the antivirus and intrusion prevention industry with more than 50% revenue growth in 2004. F-Secure services and software protect individuals and businesses against computer viruses and other threats coming through the Internet or mobile networks. Our award-winning solutions include antivirus and desktop firewall with intrusion prevention, antispam and antispyware solutions. Our key strength is our proven speed of response to new threats.

For businesses our solutions feature a centrally managed and well integrated suite of solutions for workstations and servers alike. Focused partners offer security as a service for those companies that do not wish to build security expertise in-house. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since 1999. We have our headquarters in Helsinki, Finland, and offices in USA, France, Germany, Italy, Sweden, the United Kingdom and Japan.F-Secure is supported by a global ecosystem of service partners, value added resellers and distributors in over 50 countries. F-Secure protection is also available through mobile handset manufacturers such as Nokia and as a service through major Internet Service Providers, such as Deutsche Telekom, France Telecom and Charter Communications. The latest real-time virus threat scenario news are available at the F-Secure Antivirus Research Team weblog at http://www.f-secure.com/weblog/

About HITBSecConf2005 - Malaysia

HITBSecConf2005 - Malaysia is the 5th conference in the HITBSecConf conference series and is supported and endorsed by the Malaysian Communications and Multimedia Commission (MCMC) and Malaysia Administrative Modernisation & Management Planning Unit (MAMPU). Malaysia Airlines is the Official Airline Partner for the event.

For further details and to register http://conference.hackinthebox.org/ or call Hack In The Box (M) Sdn. Bhd. at +603-20394724.

Press inquiries:

F-Secure Corporation
Jaana Sirkia, Communications Manager
PL 24
FIN-00181 Helsinki
Tel +358 9 2520 5290
Fax. +358 9 2520 5018

The following papers have been announced:

Corp. vs. Corp: Profiling Modern Espionage - Roberto Preatoni & Fabio Ghioni

STIF-ware Evolution - Fyodor Yarochkin & Meder Kydyraliev

Web hacking Kung-Fu and Art of Defense - Shreeraj Shah

VoIPhreaking: How to make free phone calls and influence people - The Grugq

Trends in Real World Attacks: A Compilation of Case Studies - Rohyt Belani

Analyzing Code for Security Defects - Nish Bhalla

Hide-And-Seek: Defining the Roadmap for Malware Detection on Windows - Joanna Rutkowska

Exploiting Microsoft Services For Unix - Swaraj

Java & Secure Programming - Marc Shoenefeld

Wi-Fi Hotspot Security - Jim Geovedi

Social Engineering Fundamentals - Anthony Zboralski & Dave Mckay

Analyzing all that data: Techniques for sifting haystacks and finding needles - Jose Nazario

Hacking Windows CE - San (XFocus)

Hacking Internet Banking Applications - Fabrice Marie

Phishing Attacks: A guide to self assessment - Aaron Higbee

Project Blinkenlights & Arcade - Tim Pritlove

Nematodes - Beneficial Worms - Dave Aitel

Assessing Server Security - State of the Art - Christoff Breytenbach

As part of its continued commitment to ‘keeping knowledge free’, Hack in the Box is pleased to announce its Open Source Security Software Award.

This award is to encourage the participation of software developers in Open Source development work in general and in security software development in particular as well as to promote quality Open Source software projects in the security arena.

The Hack in the Box Open Source Security Software Award (HITB-OSS Award2005) will be given to an outstanding security software which has been released under at least one of the Open Source Licenses recognized by the Open Source Initiative. This is an ideal opportunity and platform for up and coming security researchers to showcase their works and to highlight new technologies.

The Top 4 submissions (as judged by our selection committee) will be awarded with a chance to present their software and project at the Hack in the Box Security Conference 2005 (HITBSecConf2005) to be held in Kuala Lumpur, Malaysia on the 28th and 29th September. Each of the 4 project groups will be allocated the following:

- The use of a prime booth for presentation at the HITBSecConf2005 exhibition area
- A 15-minute slot for presentation / demo during the tea breaks (there are 2 breaks per day, as such presentations will be spread across the 2-days.)
- A computer, projector and screen will be provided for the teams use (The team members are expected to furnish all software, additional hardware for example hubs, switches etc that may be necessary for the demo.)
- HITB will arrange with both the international as well as local media to be present during these presentation slots.

Eligibility

To be eligible, applicants should ensure that their security software is at least released under one of the Open Source licenses to be found at the Open Source Initiative website and that it is in working order:

http://www.opensource.org/licenses/index.php.

Beta versions can be submitted but preference will be given to a stable release version. The software should also be available for downloading for evaluation by the judges over the Internet (though not necessarily for public downloading).

Judging Criteria

Judging will be done by a committee selected by Hack in the Box and the decision of the judges is final. The software will be judged based on the following criteria:

1.) Software architecture, design and coding with respect to:

- innovation and creativity
- security considerations

2.) Functionalities of the software with respect to its intended use

3.) Preference will be given to a software project that is not in widespread use currently i.e. It should be a new or relatively new project.

4.) The judges decision is final. No late entries will be entertained

5.) Participation is also open to students at all levels in local or foreign institutes of higher education. Students are strongly encouraged to submit.

6.) Participants must be able to demonstrate working and functional software. This means that no conceptual design work or ideas will be accepted. Pre-release, and beta software are accepted as long as it can demonstrate more than 70% of its intended functionalities.

Details of Submission

Interested applicants are requested to fill out the details in the form below and email it to following address: hitb-ossps -at- hackinthebox.org

The closing date for submission is Friday 9th September 2005. The 4 short listed teams will be contacted by Monday 12th September 2005.

The submission form can be downloaded from here.

According to Adelina Iskandar, MCMC’s Head of Corporate Comunications, “MCMC is very much concerned with issues related to internet security and we welcome efforts to address these concerns. The list of speakers at this conference is a Who’s Who when it comes to this subject matter. They are the best around and it certainly pays to listen to what they have to say.”

In issues of information and network security, the Malaysian communications and multimedia industry is guided by the 10th National Policy Objective of the Communications and Multimedia Act 1998 (Act 588), and that is, to ensure information security and network reliability and integrity. In the liberalized industry, network infrastructure in Malaysia is privately owned, and it is thus imperative for network owners to ensure the security and reliability and integrity of the network so that consumers feel safe and have full confidence in its delivery.

HITBSecConf2005 – Malaysia will see over 30 of the world’s leading computer and network security experts speak and present their latest research and findings. The highlight of the conference will be the keynote speakers, who will be none other than Mr. Mikko Hypponen, Chief Research Officer at F-Secure Corp and Mr. Tony Chor, Group Program Manager, Microsoft Internet Explorer, Microsoft Corporation.

Mr. Hypponen has been analysing viruses since 1991. He has consulted several high-profile organizations on computer security issues, including IBM, Microsoft, FBI, US Secret Service, Interpol and the Scotland Yard. Mr. Hypponen (35) led the team that infiltrated the Slapper worm attack network in 2002, took down the world-wide network used by the Sobig.F worm in 2003 and was the first to warn the world about the Sasser outbreak in 2004. Mr. Hypponen and his team have been profiled by Wall Street Journal, Vanity Fair, New York Times and Newsweek. He has been an invited member of CARO (the Computer Anti-Virus Researchers Organization) since 1995. At the conference, Mr. Hypponen, will be presenting a paper entitled “Mobile Malware”.

“We are very proud indeed to have MCMC come on board once again to help HITB in its efforts of sharing and spreading network security information and knowledge. We hope through their continued support and endorsement, we will be able to continue to educate the Malaysian public for many years to come”, said Dhillon Andrew Kannabhiran, Founder and Chief Executive Officer of Hack In The Box (M). Sdn. Bhd. “The HITBSecConf series is an ideal opportunity and platform for all IT decision makers and technical personnel to come forth and learn the latest attack methods and how to adequately protect against them.” he said.

-END-

Contact:

Belinda Chong
Events Manager
Hack In The Box (M) Sdn. Bhd.
Tel: 03-20394724
Fax: 03-20318359
cbelinda@hackinthebox.org

We are also happy to announce that the following speakers are also lined up for the event:

Dave Aitel, CEO Immunity Inc
Tim Pritlove, Chaos Computer Club
Christoff Breytenbach, Senior IT Security Consultant, Sensepost
Marc Shoenefeld, Freelance Network Security Consultant
Aaron Higbee, Principal Consultant, Foundstone, a division of McAfee.

We are very pleased to announce that Malaysia Airlines has agreed to come on board as the Official Airline Partner for the HITBSecConf series… With this partnership in place we hope that more of you from around the world will consider visiting sunny Malaysia to experience a HITB Security Conference first hand…

We strongly recommend that all attendees make their flight bookings on Malaysia Airlines to enjoy the savings offered. In order to enjoy these special rates, attendees and accompanying persons should contact the nearest Malaysia Airlines ticketing office or Global Sales Agents (GSA) and quote “G HITBSecConf” for further assistance.

Do note that these special fares are applicable across ALL SECTORS, EXCLUDING Singapore and internal domestic flights.

We look forward to seeing you in September! Should you have any difficulties with your flight booking, kindly contact us.

Zone-H in colaboration with the Hack in The Box crew will organize a web-based hackgame at HITBSecConf2005 in which participants will be challenged to try to beat the hackgame in the shortest possible time. The hackgame rules are fairly simple. There is a central server offering an online hackgame which is developed along three different levels. The three levels are of increasing difficulty, all of them can be beaten just using a simple web browser so there will be no need to bring your own exploits or your own laptop. Each participant has a limited amount of time to beat all three levels; upon completion of each level a separate scoring mechanism will assign to the participant some points based on a time-mission scheme.

All the participants will be rewarded with some gifts. Beating the first level will grant the participant a Zone-H keystrap, beating the second level will win you an exclusive Zone-H Exploit Repository CD, beating the third level will grant you the beautilful Zone-H t-shirt. Finally, the best three hackers (fastest time) will win a free Hands on Hacking seminar seat (to be held in Kuala Lumpur in cooperation with Hack in The Box in 2006). Are you ready for the challenge?

.

HITBSecConf2005 - Keynote Speakers

1.) Tony Chor, Group Program Manager, Microsoft Internet Explorer, Microsoft Corporation
2.) Mikko Hypponen Chief Research Officer, F-Secure Corp.

HITBSecConf2005 - Conference Speakers

(Listed in alphabetical order)

1. Aaron Higbee, Principal Consultant, Foundstone, a division of McAfee,Inc.
2. Anthony Zboralski (Gaius), Founder, Hackers Emergency Response Team (HERT)
3. Christoff Breytenbach, Senior IT Security Consultant, Sensepost
4. Dave Aitel , CEO, Immunity Inc.
5. Dave Mckay, Independent Security Consultant
6. Emmanuel Gadaix, Founder, Telecom Security Task Force (TSTF)
7. Fabio Ghioni
8. Fabrice Marie, Manager, FMA-RMS
9. Fyodor Yarochkin, Co-Author, X-Probe
10. Jim Geovedi, Information Security Consultant, PT Bellua Asia Pacific
11. Joanna Rutkowska Founder, Invisiblethings.org
12. Jose Nazario, Senior Software Engineer, Arbor Networks
13. Nish Bhalla, VP Consulting Solutions, Security Compass
14. Marc Shoenefeld,Freelance Network Security Consultant
15. Marius Eriksen, Google
16. Meder Kydyraliev, Co-Author, X-Probe
17. Roberto Preatoni, Founder, Zone-H Defacement Mirror
18. Rohyt Belani, Director, Red Cliff Consulting
19. San, Member, X-Focus China
20. Shreeraj Shah, Director, Net-Square Solutions
21. Swaraj, Suresec UK
22. The grugq, Independent Anti-forensics Researcher
23. Tim Pritlove, Chaos Computer Club
24. Zubair Khan, Freelance Network Security Consultant