ICT Security forum 2009 summary
On the previous two days 27-28 July, I attended the 5th ICT Security forum that was at Dedeman Hotel, Damascus, Syria.
This conference hosted speakers from counties around the world: Germany, Russia, Singapore, Lebanon, UAE, Romania, Tunisia, Malaysia and of course the host country Syria, but this post will summaries the lectures and activities that I found interesting and important to IT professionals as well as any technology user.
Live Hacking- The15-minute Network Penetration test by Alexander Hagenah, AGT:
Mr. Alex, presented the tools and methods needed for finding out the network vulnerabilities, getting into the victim host, creating a new administrator account and having access to the host command shell, this entire process was hidden from the victim its self. In his case he the victim host was a Windows XP box.
Digital Watermarking by Iyad Al Houshi, SCAN Syria:
This talk or lecture as I prefer to call was more scientific than others, Eng. Iyad discussed the limitations of standard encryption algorithms, then he started a detailed explanation about hiding data within multimedia files, using the LSB of each byte in an image was a simple example, he also mentioned more advanced ways of using keys and making use of the entire image data not only the least significant bits.
ICT For Security & Public Safety by Fadi Moubarak, Cisco:
Mr. Fadi started his talk with a video that draws attention to the great and rapid evolution of information technology and the importance of computer based networks in real life. One of the keys he focused on was Risk management rather than components security, he also presented the Cisco IPICS Intelligent Platform that controls media and information.
Emerging threats in the WEB 2.0 world by Stefan Tanase, Kaspersky Lab:
This talk was my favorite because it discussed one of the technologies that I personally and a lot of people around the world use every day. He started be defining the WEB 2.0 concept “User Driven Content” -I realized that not too many of the audience are familiar with that concept- then he goes throw the general structure of WEB 2.0 attacks, he blamed the wide spread of those attacks to technical vulnerability as well as to humans, because they may unintentionally help spreading those kind of attacks. He also pointed that Web 2.0 threats went beyond the malware because it lead to break your our privacy. Finally he showed some of the common threats like koobface for facebook and myspace and xss worm for twitter. Stefan actually drove me to ask him the following question: “I use Facebook and Twitter every day, so if I followed only the people that I physically know, and used only Facebook verified applications then, am I safe?” his answer was exactly what I’m looking for, he said ”The bad guys are trying to use the trust between friends and people, so If we were friends on facebook and my account was infected you may receive messages from my account but not from me and you may respond to the message because you trust me and your account will be infected, then my answer to your question will be no you are not safe”.
At the end, the forum was not as I had in my head, because no all the talks or lectures were at the same level and may were not received well by audience, I wish it gets better next year.