ROOTCON 2012 Information Security Conference Recap: Part Two
Virtualization, a New Risk
The speaker, Tikbalang, discussed the vulnerabilities and risks of virtualization as it relates to the current move towards cloud computing. Cloud computing is HOT and new cloud-based storage, security, software and other products are emerging at a fast pace. As such, risks and vulnerabilities will only grow in number. For instance, virtualization can result in significant downtime during software patches or hardware upgrades since many of these patches require physical reboots of machines in order to take effect. This risk of virtualization and cloud computing could result in loss of data or revenue. Malware can also bypass security perimeters placed on weakly secured and designed infrastructures. It was stressed that information security personnel or resources should be heavily involved early in the design phase of any infrastructure project to help mitigate such risks and vulnerabilities.
This crash course discussed what malware code looks like and what it’s capable of backed with real malware examples. The two presenters, Berman Enconado & Reginald Wong, discussed malware from an in-depth, analytical perspective and the talk was divided into two parts. The first part covered the varying types of malware seen in the wild, such as the differences between a virus and a worm. The virus, for example, propagates by infecting files in a machine. Worms, on the other hand, propagate via email. The second part focused on the process of cleaning infected machines. A number of tools were presented for this task, like Process Explorer, Installrite, AutoRuns and GMER. During the Q&A, zveloLABS asked if routing worms exists that could circumvent the large IP addresses of IPv6. No known malware was referenced, yet will likely change as the transition from IPv4 to the new protocol grows in popularity and adoption.
A Brief Overview of Prioritizing Website Security
The prioritization of web security discussion, by N1tr0b, was focused on disciplines and best practices of web application development. Two of the best practices included rechecking and optimizing source code and conducting penetration testing before deployment. He also cited that Chrome is much more secure than other web browsers because Google invites hacker and other outside entities to exploit it, typically through paid competitions. Current events were showcased in which poorly designed web applications were defaced using a variety of tools that are typically only attainable by malware authors and hackers. Some examples included the defacement of the Office of the Vice President’s websites, the hacking of the Professional Regulation Commission (PRC), Philippine Nuclear Research Institute (PNRI), Food and Drug Administration (FDA) and the National Disaster Risk Reduction and Management Council (NDRRMC). The speaker also disclosed some of the groups responsible for the defacement of such popular websites, like a group by the name of Philker.
zveloLABS is very much looking forward to ROOTCON in 2013.