Monday, September 10th, 2007

HITB 2007!

I’m back from HITB in Malaysia!  HITB was held in Kuala Lumpur, Malaysia from September 3rd – 6th.  The conference was AWESOME.  Dhillon really out did himself this year.  The talks were awesome and the company was second to none.  You can find the slides for all the talks (including our slides on DNS rebinding with Java Applets) here.  Dhillon will be posting links to the VIDEOS in December!


It was a truly amazing experience to sit down and have a beer (or two) with the likes of Phiber Optik, Emmanuel Goldstein, Window Snyder, Andrew Cushman, Mikko, Lance Spitzner, fx and many many others.   

All the talks I attended were great, but I particularly enjoyed:

  • Rise and Fall of Info Sec in the Western World – Phiber Optik – Listening to Phiber Optik talk about pwning a major corporation live for the audience during conference he was speaking at was sweet. 
  • The Evolution of Hacking – Emmanuel Goldstein – Listening to some old skool hacks is always fun and brings back memories of 300 baud modems and wildcat bbses…
  • SCADA (in)Security – Raoul and Alessio – I’m EXTEMELY interested in SCADA systems and the security surrounding them.  There are basically a handful of SCADA security experts around the world and Raoul and Alessio are two of the best.
  • Exploiting the Intranet with a Webpage – Martin Johns – It was nice to hear about DNS rebinding from the guy who basically brought DNS rebinding back from dead!
  • Locks, Lies, and Liability – Mark Tobias and the TOOOL USA – Watching these guys pick apart “high security” locks was pretty scary… especially when I saw a few locks we used in the Marine Corps in the speaker slides!
  • Online Crime and Crime online – Mikko Hypponen – It seems that Mikko is VERY well connected to the underground.  Not only did he describe (in crystal clear detail) how the general Internet population is getting pwnd, he showed exactly where all the action is taking place!

During our talk, we mentioned that we would post the details of a recent Picasa URI vulnerability (which will be patched in next version of Picasa).  We’ll have the details, screenshots, and a dedicated POST up in a few days.


In closing, I would like to thank Dhillon for inviting me out to HITB 2007 and the wonderful country of Malaysia.  It was an amazing experience and everyone (including the street vendors in China Town) were such gracious hosts!

Posted by xssniper | Filed in Security

3 Responses to “HITB 2007!”

  1. September 10th, 2007 at 9:26 am

    Nate McFeters (McNasty) said:

    Man, you forgot to mention the sweet Tag Deuer watches we bought for 110 ringots! Of course, mine no longer works… shady bastards!

  2. September 10th, 2007 at 8:07 pm

    RuFI0 said:

    You forgot to mention about the pretty Scanit girls too.

  3. November 13th, 2007 at 4:04 am

    Mark Abene said:

    It was a riot. “From thought to finish.” heheheh

Please leave a Comment