Thursday, September 29, 2005

The Second Day of HITB

Today is the second day aka the last day as well, everything is cool, I have bought the HITB T-Shirt and now I have 3 in my collections[2003-2005].

I get to talk to Joanna about covert channel and from her point of view, as she is more in stealth tech stuffs, I can see that the way she defines covert channel is about making "things" invisible on the system itself, and tools like loki which tunneling through icmp is making sense because normally it won't show the port openned or closed since it is not based on that. If hacker want to use tcp or udp, he or she may modify the system kernel call to make it hiding the ports that been used for malicious purpose. However if you have IDS deployed in somewhere monitoring all the connections, you might still be able to locate the covert channel since your IDS is CLEAN :). So don't get your box to be DIRTY or NASTY.

The talk regarding Mobile device viruses is cool, it seems that nowaday people are so depends on the mobile device and this will be the next generation Main Target of virus and worms writers. Turn off your bluetooth :P

One of the presentation caught my eyes, Analyzing all that data by Dr. Jose Nazario. For me it is pretty cool, I'm not talking about fancy here. Cool in the ways that it makes analyzing process much more easier and bypassing the tricks of those spammer and phisher, at the same time you have FOCUS on the data you are looking for instead of defeated by those bad guys. Having Jose Nazario telling me that he will integrate the libdistance into flowgrep even makes me happy as I'm long time flowgrep user. I have talked to Dr. Jose Nazario, he is nice guy, and I learn a lot.

That's one sarcastic scenario of which when Red Cliff Director giving speech, he mispells the internet explorer as internet exploiter, everybody is laughing. Zone-H people are kind of funny as well as they make a lot of jokes over the conference, thumbs up for them.

Kudos to all the HITB crews to make this happen! See you guys next year.

Hopefully all the presentation slides will be available on the internet soon.

1 comment:

jose nazario said...

new libdistance (0.2.1, with improved python bindings) and flowgrep (0.9) have been married ... they're up on my site, http://monkey.org/~jose/software/{libdistance,flowgrep} ... enjoy!