Day two of the 2011 Hack in the Box Security Conference closed as quickly as it started. zveloLABS™ has absorbed invaluable information about web threats that parallel the ongoing innovations of today’s Internet. The previous day’s discussions into traditional attacks against Web 1.0 applications have provided a foundation for today’s discussions on the gravity and severity of similar threats executed in the context of the Web 2.0 paradigm.
zveloLABS™ is reporting live from the 2011 Hack in the Box Security Conference, now in its 9th year and arguably Asia’s largest and most popular network security conference, and here is our day one report. HITBSecConf has managed to attract a wide range of participants from many IT industry sectors, including a healthy share of government representatives, hailing from the Asia-Pacific region.
On September 17th of 2011, boxing fans worldwide tuned into what was expected to be one of the more exciting matches of the year. The highly revered and undefeated Floyd Mayweather, Jr. returned to the ring after a 16-month break to face Victor Ortiz, who entered the MGM Grand in Las Vegas as the World Boxing Council welterweight champion.
My first year at the world’s largest hacker convention, DEF CON, resulted in mixed first impressions. I was amazed and overwhelmed with how large the crowds were. This event seemingly grows in popularity each year and the overly-stuffed conference rooms were proof. With that single point aside, I was able to sit-through some valuable lectures across a wide range of security topics.
Black Hat – Las Vegas 2011: Report #4 – DARPA’s “Cyber Fast Track” Program Excites the Private Security Sector
Day one at Black Hat was a hit; so naturally, I looked forward to day two. I sat through a keynote given by Peiter Zatko, better known as “Mudge,” who is a Program Manager at DARPA. Mudge announced a new DARPA initiative called “Cyber Fast Track.”
After Cofer’s talk, I settled into the “Next-Gen Web” track, which was smaller than the “threat intel” and “bit flow” tracks that drew big crowds. The first topic was on a new web protocol being developed by Google called SPDY (pronounced “speedy”). While interesting, the talk had little to do with security. The speaker was a young German who is heavily involved in the security sector, but his talk simply explained the protocol. I honestly could have gathered most of what he spoke about by reading the documentation and playing with some examples. I was not terribly impressed.
It’s hard to imagine unsolicited spam getting any more annoying. One way would be to receive it from three different sources and at the same time, which is precisely the type of hybrid spam campaign zveloLABS™ recently unearthed.
An Interview with Jeff Finn, CEO of zvelo
You have the firewall that blocks incoming viruses, worms and spyware. However, if you are not utilizing web filtering, your IT security solution is not complete. Jeff Finn, CEO of zvelo, recently interviewed with Kerio, a zvelo OEM Partner, about zvelo’s web categorization services used in the Kerio Web Filter.
Viagra’s days may be numbered, at least when it comes to being the drug-of-choice on fraudulent pharmacy websites. Recently, zveloLABS™ noticed a strong shift to another lifestyle drug named Adipex–a brand name alternative to the weight-loss drug phentermine.
Online advertising spending in the U.S. is on the rise. In the first quarter of 2011 alone, companies that sold online advertising reportedly surpassed $7 billion in revenue.1 Unfortunately, social engineering scams on Facebook also continue to thrive.2 How are the two related? Unsolicited Facebook spam in the form of status updates is actively infiltrating the social networking giant and aimed at tricking users into visiting websites ridden with survey scams and pop-up advertising, as is the case in the following analysis of a real-world example. This trend will continue to degrade the credibility of the online advertising industry and could possibly taint the images of the brands that these spam campaigns are targeting.