AIDO & Manaka | TAKESAKO | @Security4all | wakatono | Yosuke HASEGAWA | Chak Yi&Externalist | Toshio NAWA
Countermeasure against Information Leakage
by AIDO & Manaka :p
Let's look anew at how to prevent the personal information leakage in the active viewpoint and the passive viewpoint.
no-alnum x86 programming
How to makes obfuscated program without any alphanumerics.
For example, this is a valid no-alnum python program:
And that is an another valid Erlang program:
Can we make a x86 32bit executable code in ascii string?
Yes, we can! have fun.
Security fails of 2010
-Those who cannot remember the past are condemned to repeat it-
This presentation is not intented to make fun of the failures of others, but to learn from their mistakes so we won't make them ourselves. We will go through some of the biggest security mistakes of 2010 as a warning to ourselves not to make them again.
Fixed-point observation of "Drive by Download attacks"
I had a chance to research on the web site which had been tampered caused by Drive-by-Download Attack, so called "Gumbler". This presentation will cover the trend of the attack, and consideration after all from that experience.
Internet Explorer exSpoilt Milk codes
by Yosuke HASEGAWA
Internet Explorer 6 (IE6) is, as Microsoft themselves admit, already an outdated 'spoiled milk' web browser. Actually IE6 has loads of vulnerabilities and security flaws left untouched for years. It is, however, true of a little newer Internet Explorer 7 as well. In this session, I would explain such 'spoiled milk' browsers' vulnerabilities related to Web Applications and improper implementations which were spotted ages ago and still have not been effectively addressed. It will also include demonstrations of some exploits.
In today's web-oriented world where web browsers are released and updated one after another, users tend to leap at their novel features. Yet on the other hand, there are considerable number of users loyal to classic browsers. For those old browsers, even ones still within vender maintenance period, relatively 'minor' flaws are often left unfixed for a long time. Why is it so dangerous to continue using such old browsers? To find a specific answer to this question, we must dig out the issues
which are currently buried deep under ignorance.
Code Injection for Nintendo Wii
by ChakYi & Externalist
A large portion of people who possess a Gaming Console or a Smartphone are downloading paid software illegally from the web or p2p. Most of those people do not even give a second thought before installing the downloaded software, and merely just check that the application works. The sense of security here comes from the application's popularity and the fact that the application is working as advertised with no noticeable problems.
The reason why people have this kind of false sense of security for Console Gaming systems or Mobile Devices is because they are not fully aware that malware can potentially bring the same devastating effects as that of a PC malware, and no one has published a reliable way to inject a malware to a legit software.
However, the boundry of these devices and the PC is getting very thin due to the evolution of hardware, which makes these devices capable of bringing the same negative effects of PC malware.
In this presentation, we will show how to inject code into binary for Nintendo Wii, and show a demo live action.
"Attack side Story" in Cyber Spacee
by Toshio NAWA
I would like to talk about the fact of massive attacks with an "attacker's eye view" or based on observing the behavior of suspect malwares.
Call For Paper | Registration | Access | TimeTable | Speakers