Hacking & Stealing Money From Online Banks

Internet Banking and other financial applications have become a commodity: corporate banking applications, personal banking applications, trading applications and more. If you thought they were secure, think again.

This presentation will detail the various attacks that always work on your "bank-next-door" financial application. We will steal money from other customers, buy shares for free, and spy on other customers bank records among many other frauds. Scared? We will showcase real life statistics along with very specific ways of stoping online frauds. This presentation will be an eye opener for any manager wishing to purchase a 3rd party web application.

Fabrice Marie is a senior security consultant working for FMA-RMS, a small dedicated security firm based in Singapore. Developer by trade for many years, he has been involved in the information security fields for over 7 years. His interests are in cryptography, trusted operating systems, secure programming, open source and firewalling techniques. For the last three years he has been breaking mostly bank and telco web applications in the region, as well as performing penetration tests for them. Fabrice conducted a series of comprehensive Application Security Assessment of more than 18 projects for Singapore banks. Conducted a series of comprehensive security assessments covering external and internal penetration tests, application security assessments and host assessments for the Corporate Internet Banking Application and Consumer Internet Banking Application for a local Singapore bank. Conducted detail Penetration Testing and Host Security Assessment for a local Telco. Conducted detail Penetration Testing of the Internet Infrastructure of a local bank in various countries.

Implementing an ISMS using ISO/IEC 17799:2005 and ISO/IEC 27001:2005

This session will introduce the attendee to the two most relevant standards that can be used to implement an Information Security Management System, one which can be measured and accredited. Practical advice will be provided which can be used by enterprises regardless of whether they have begun an implementation, or are about to begin one. It will discuss changes in the standards from earlier versions, and from BS 7799 Part 2, as well as provide a roadmap for future alignment of standards of importance.

John Howie is director of Microsoft's WW Security Services and IT Technical Community in Redmond, United States. He leads a team of consultants world-wide that assist customers with implementing and maintaining effective information security. Mr. Howie has had an extensive career in Information Security. Prior to joining Microsoft Mr. Howie ran a consulting company based in the US, was a Manager with Deloitte & Touche's eCenter practice, was a Security Architect and a VP of Product Development and Security in two dot-coms, and co-authored a course on Windows Security before joining Learning Tree International as a Product Manager for their Windows Systems, Security, and Networking training courses.

Building an Information Security Framework for Emerging Economies

TBA

Fetri Miftach is a Principal Consultant at M-Sistems. Fetri has a deep understanding of security methodology for the banking and telecommunication industry in Indonesia since 1999 and provided services to Ministry of Finance, Bank of Indonesia, Bank Mandiri, Telkomsel, Ratelindo, Merpati Airlines and many others.

Expert in business process analysis from an information security perspective, risk assessment analysis, analysis and policy development that fit to specific industry need, educational and socialization, forensic analysis, including making technical report used to support an intrusion case in a court of law. Fetri has an extensive background in Real Time System technology, especially in the aerospace, banking and telecommunication industry.

Fetri Miftach is a resident speaker at Bank of Indonesia where he provides regular workshops and seminars on Basel II, Risk Management, Information Security awareness, BS7799/ISO17799, etc.

Fetri's also the first IRCA registered ISO 27001 ISMS Provisional Auditor in Indonesia.

3G Telecommunication Network Security & Hacking

TBA

Emmanuel Gadaix leads Telecom Security Task Force in Thailand.

Emmanuel has been involved in the information security and telecommunications fields for over 12 years. Originally from Western Europe, Emmanuel has been living in Southeast-Asia since 1993. After few years spent at Nokia commissioning mobile networks' NMS and IN systems, he started his own security consulting company in 1997, which eventually got acquired by Trusecure in 2001.

Emmanuel focuses on the emerging threats facing the telecommunications industry today. He founded the Telecom security Task Force (TSTF) to provide clients with specialized security services for their GSM/GPRS/UMTS/SS7/VoIP/IMS networks.

He is a CISSP, a Certified ISO-8583 Financial Transaction Protocol Engineer and a Certified Oracle DBA.

e-Passport (in)Security & Privacy Issues

Since 911, the face of the world has been changing, and so did the policy of governments especially in threaten their own citizens. Governments strongly feel the need for a reliable authentication to differentiate people as accurate as possible.

Governments pursue a policy to keep biometric data of every person in their database. One example of this policy is in the form of e-passport. International Civil Aviation Organization (ICAO), an international organization related to aviation regulation, has required every government to use biometric passport as a tool for authenticate travelers.

Although biometric authentication is powerful, it is also bring along an inherent weakness on its own, especially related to privacy if you made mistreatment.

In this presentation, I will explain the privacy issue, with the centerpiece in e-passport. As proof of concept, I will explain how to break (in progress) the protection of the brand new biometric passport of Indonesia Government, which just has been launched this year, and correlate it with breach of bearer's privacy.

Achmad Rully interests in security since young, ever since Junior High School in 1988 when he encountered and hacked boot viruses on 8086 platform. After came in Japan, he studied in university, participated in an open source online game project and Debian Linux, and also has been doing network and security consulting for Japan and multinational corporation. In 2000, helped Linux Professional Institute (LPI) establish LPI certification in Japan by preparing LPI's Japanese version. Since 2004, he has been working as Research Associate (RA) in Waseda University Media Network Center, which oversees Waseda University Network. As an RA, he participated in Network Management and Security Team and since 2005 as team leader of network abuse team.

ISO27001, Cobit & ITIL

TBA

Phil Leifermann is the President Director of Insight Consulting in Indonesia. Insight Consulting was established 5 years ago, and specializes in providing enterprise security management tools and consulting services. In relation to enterprise security management tools, Insight Consulting represents NetIQ in Indonesia, a US-listed company that delivers business-critical solutions to analyze and optimize the performance, availability and security of IT infrastructures. Prior to establishing Insight Consulting, Phil was a Director in the technology risk management solutions group of PricewaterhouseCoopers for nearly 15 years in Australia and Indonesia. In addition, Phil is the President of Information Systems Security Association (ISSA) Indonesia Chapter and a board member of Information Systems Audit and Control Association (ISACA) Indonesia Chapter.

Visualising Security Threats using the Zachman Enterprise Architecture Framework

Today's business environment is becoming very complex, and to manage security in that environment is also becoming tough. Just to gain visibility into all of the areas of risk in an organisation is a challenge in itself, and understanding what are all of the vulnerabilities adds another layer of complexity. This session is designed to show how the use of a framework such as the Zachman enterprise architecture framework can be effectively used to guide you through the compexity maze. The speaker will show how, through the use of the framework, you can visualise the interdependencies between people, technologies and environment and assess and identify the correct points for mitigation. Plus how those interdependencies may change over time as new technologies are addopted. The speaker will then show a case study on how a live deploymen would work so the audience can see how to make use of the framework in their own environments.

John Grygorcewicz (Bispro Consulting) has over 25 years of process and systems consulting experience. 13 years of which was with Ernst & Young, 9 of those years in Indonesia. There he was a Principal with the Indonesia Ernst & Young practice heading up their systems and process group within the Business Risk Services area.

He has extensive experience in assisting clients to develop processes and how to align those processes the systems that in many cases now enable those processes, particularly if the organization is looking to deploy a Business Process Management System (BPMS) or Service Oriented Architecture (SOA) based infrastructure to support its business processes.

Recently he has been researching and helping clients make use of robust frameworks, such as the Zachman Enterprise Architecture framework, to give organizations visibility to potential security fail over points across the enterprise.

He has provided advice to some of Australia's and Indonesia's largest and most respected organizations.

News From the Front, a User Perspective on Managing Information Security

Managing security of our own notebook or desktop PC is definitely a fun activity. The experience becoming a totally different story when the security that need to be managed is the security of a corporation. The complication that needs to be managed is raised exponentially in managing corporate information security.

The key success factor for the success of implementing a good Corporate Information Security Management is a proper blend of security standard, organization, and continuous improvement. The presentation will cover the concept of the implementation by implementing those three parameters.

To illustrate the concept of implementation, the speaker will use the experience of developing from the scratch of the Corporate Information Security Management in one of major telecommunication company in South East Asia region.

Dev Yusmananda is the General Manager Risk Management of PT Excelcomindo Pratama, a leading GSM cellular and fiber optic leased line service provider in Indonesia, headquartered in Jakarta, Indonesia.

He has 15 years experience in technology industry with the last nine years focusing in business process improvement and corporate information security management.

He previously worked for the world leading strategic management consulting firm, McKinsey & Company, Amsterdam Office, and for the Indonesia National representative of Sun Microsystems, PT Metrodata Electronics.

He is a certified Information Management System Auditor (CISA) from ISACA, USA and a holder of BS7799 ISMS Auditor certification.

TBA

TBA

TBA

Preparing for, and Surviving and Audit of your Business Continuity Plan

TBA

Philip Victor is the head the Training & Outreach Unit at NISER, the National ICT Security and Emergency Response Centre in Malaysia.

He is actively involved in promoting ICT Security Awareness to organizations and the general public. He has presented and conducted various ICT Security Awareness programs for many organizations and also for the general public at the PIKOM (Association of the Computer & Multimedia Industry of Malaysia) Computer Fairs. Some of his presentations include topics on Security Policy, Incident Response & Handling, Spam and Security Best Practices. He has presented papers locally and internationally and also has published a paper in an IT Journal. He has also worked with International agencies and bodies to conduct ICT Security related courses for Malaysian organizations. His accomplishment includes working with the US State Dept to successfully organize and conduct a 2-day Executive Seminar on Cyber Terrorism and a 10-day course on Protecting Digital Infrastructure.

Information Warfare and Economic Intelligence

TBA

TBA

The Subtleties of Exploit Mitigation Techniques

OpenBSD has been auditing software for nearly 10 years, and while we have had significant success, it is clearly not enough. In the last 3 years a new view on preventing attacks has surfaced in the mindset of our group. A software exploit author starts by finding an interesting bug. Writing an exploit is easy because he can rely on a variety of system behaviours which are very deterministic. Many of these behaviours are not required for proper operation. Recently we have developed many new techiques which combine to thwart the attacker, without affecting regular software. We make the Unix process environment difficult to attack much like filling a house full of a variety of burglar traps.

Theo de Raadt, pronounced "de rot", (born May 19, 1968 in Pretoria, South Africa) is a software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects. Before this, he was a founding member of the NetBSD project. Theo de Raadt began developing OpenBSD in October of 1995. The project has continued to offer regular releases of their "free, functional & secure" operating system every six months, with OpenBSD 3.9 made available yesterday, May 1, 2006.

Internet Explorer 7 in Windows Vista - The Security Development Lifecycle in Practice

Tony Chor (Group Program Manager for IE7) will discuss Microsoft's security engineering methodology and how it is being applied to the development of Internet Explorer 7. He will detail key vulnerabilities and attacks this methodology revealed as well as how the new version of IE will mitigate those threats with unique features such as the Phishing Filter and Protected Mode.

Tony Chor is the Group Program Manager of the Microsoft's Internet Explorer team. He is responsible for leading the IE team's security response as well as for driving the design, development, and release of new versions of IE including IE 6 in XP SP2 and IE 7 for XP and Windows Vista.

Tony is a fifteen year veteran of Microsoft and has worked on a variety of projects including digital imaging in Windows Vista, MSN Explorer, Works, Encarta Online, Bookshelf, Picture It!, and Golf. He holds a B.S. in Computer Science from Stanford University.

Hacking a Bird in The Sky: Hijacking VSAT Connection

Since mid 1950s, satellite communication systems have made enormous advances in capability and performance. Internet access over satellite, digital content distribution, wide area network (WAN) connectivity, video teleconferencing, distance learning, and telephony services sent over satellites have become integral to our society. Unfortunately, security has not kept pace and the current satelitte systems are vulnerable to a variety of attacks.

This presentation will discuss about satellite technologies for providing broadband data communications using Very Small Aperture Terminal (VSAT) network system, how they work, and what is possible and not possible for determined attackers to achieve.

Jim Geovedi works as an Information Security consultant at PT Bellua Asia Pacific in Indonesia. He has over seven years of experience performing professional security assessment and penetration testing, ISMS Audit & Implementation and computer forensics.

Jim prefers to approach security from an attacker's perspective in order to readily pinpoint weaknesses. He was an invited speaker at IT-Underground Prague 2006, Hack In The Box Kuala Lumpur 2005, Cisco Security Summit 2005 and Bellua Cyber Security Asia 2005 as well university and government symposia.

Hacking a Bird in The Sky: Hijacking VSAT Connection

Since mid 1950s, satellite communication systems have made enormous advances in capability and performance. Internet access over satellite, digital content distribution, wide area network (WAN) connectivity, video teleconferencing, distance learning, and telephony services sent over satellites have become integral to our society. Unfortunately, security has not kept pace and the current satelitte systems are vulnerable to a variety of attacks.

Raditya Iryandi recently joined Bellua Asia Pacific's red cell penetration testing team. He has been involved in security and hacking for more than eight years. He has a passion for telecommunication systems such as satellite, wireless networks, VOIP, GSM, CDMA. Prior to joining Bellua, he was the Technical Director of C2PRO Consulting.

Web Application Security: Beyond input validation. IDS for web applications

Fyodor and Meder will present techniques that can be used to build custom intrusion detection mechanisms for web applications. These techniques could be adopted by a web application developer on a number of web application frameworks to improve application resistance to intrusion attempts. Authors will focus on application/business logic type of vulnerabilities and present a proof of concept tool to demonstrate some of the techniques live.

Fyodor Yarochkin is a security hobbyist and happy programmer with a few years spent in business objectives and the "security" service delivery field. These years, however, weren't completely wasted - Fyodor has been contributing his spare time to a few open and closed source projects, that attracted limited use among non-business oriented computer society. He has a background of system administration and programming and holds Engineering degree in Software Engineering.

Web Application Security: Beyond input validation. IDS for web applications

Fyodor and Meder will present techniques that can be used to build custom intrusion detection mechanisms for web applications. These techniques could be adopted by a web application developer on a number of web application frameworks to improve application resistance to intrusion attempts. Authors will focus on application/business logic type of vulnerabilities and present a proof of concept tool to demonstrate some of the techniques live.

Meder Kydyraliev is a security researcher interested in network security and applications of AI techniques in ethical hacking. Lately, together with Fyodor, he has been researching to find an intelligent way to automate security assessment processes to free up some time for creative stuff. Meder has obtained his B.S. in software engineering from AUCA/Kyrgyzstan and is currenlty working as an associate for KPMG Singapore doing infosec assessments.

VoIPhreaking: SIPhallis unveiled

The continued explosive growth of VoIP technology deployment has not been matched by security assessment technology. This talk will present a suite of new tools for VoIP security analysis: the VoIPy toolkit. With the release of the VoIPy tool kit, in particular, SIPhallis, a major barrier to comprehensive effective VoIP penetration testing has been removed. Examining vulnerabilities within the VoIP protocol suite, as well as common deployment problems exploited, this presentation will demonstate the VoIPy tool suite as framework for exploiting these vulnerabilities -- ranging from free phone calls, to spoofing caller-id.

This presentation will focus on the new SIPhallis VoIP centric penetration tool, designed specifically to foster new and innovative VoIP security attacks. The talk will examine core VoIP vulnerabilities, and how SIPhallis can be used as the primary security assessment tool for a VoIP penetration test.

The Grugq is a domain expert consultant on VoIP security, digital forensic analysis and reverse engineering. The Grugq has spent 7 years working with all aspects of information security, from penetration testing to solutions and product development. The Grugq's career has seen him working for financials, security consulting companies, start-ups and, most recently, founding his own information security company.

The Grugq's information security expertise ranges from penetration testing and source code auditting, through to rootkit technologies and advanced digital forensic analysis and investigation. Since 2001 the Grugq has been involved in active Voice over IP security research, recently completing successful audits for major European and Asian telcos.

The Grugq's domain expertise in VoIP security has seen him present at conferences, release advisories and complete assessments for national European and major Asian telcos. Additionally, he has developed strategic whitepapers for enterprise VoIP deployments. Based on his experiences with numerous audits, the Grugq has developed a VoIP security assessment tool suite to facilitate more accurate, effective and rapid VoIP centric penetration testing.

SCTP: Hacking SS7 Networks over the Internet

We will outline the security aspects of SCTP (strong handshake, anti-DoS features, secure "session" cookies...) and explain how the low level attack is performed. Philippe will demonstrate the discrepancies of the various implementations and the trouble of normalization at IETF. We'll also examine the application layer, showing the details of various interesting applications built on top of SCTP: telecom call signal processing, billing, reliable messaging, cluster-oriented fast-throughput connection. Philippe will release his SCTP attack tool for the first time during BCS2006.

Philippe Langlois is an entrepreneur and security researcher. He is currently advisor to Netvibes and Global partner at Telecom Security Task Force. In 1999, he founded Qualys, world-leading vulnerability-assessment service delivered as an application service provider. He founded computer and network security company Intrinsec in 1995 and founded Worldnet, France's first public Internet service provider, in 1993. He was also lead designer for Payline, the first French e-commerce payment gateway. He wrote and translated security books and has been giving speeches on network security since 1995.

Attacking Applications by Fuzzing Win32 IPC

Attacking applications is important both to protect yourself from software vendors who are careless and for ensuring your products protect your customers correctly. With Windows Vista's new focus on allowing enterprise users to run with limited access rights (less than Administrator) the importance of protecting against privilege escalation vulnerabilities on this popular platform is increasing. This increased relevance means that IPC mechanism attacks will become much more important and that security experts will need to understand how to better protect their applications. An important practical aspect of finding these bugs is fuzzing. This talk will demonstrate attacks against Windows Named Pipes, Shared Memory Sections, Named Events and Semaphores.

Jesse Burns is a Founding Partner at Information Security Partners LLC (iSEC) where he works as an application penetration tester. Previous to iSEC Jesse was a Managing Security Architect with @Stake and a software developer. He is a Canadian citizen, living in San Francisco, California. Jesse has developed these tools and techniques in collaboration with Scott Stender, also of iSEC in support of penetration testing and research conducted at iSEC.

Jesse presented in December of 2004, at the SyScan conference in Singapore on exploiting weakness in the NTLM authentication protocol. He has also presented at Microsoft, OWASP, Directory Management World and in other venues (mostly for clients) on issues ranging from cryptographic attacks to emerging web application threats. He is currently working on a book with Scott Stender and Alex Stamos on attacking modern web applications for publication with Addison Wesley.

Taming Bugs: The Art and Science of writing Secure Code

Writing secure code isn't just about avoiding bugs. If you give a thousand programmers the same task and the same tools, chances are a lot of the resulting programs will break on the same input. Programming is as much about People, as it is about Code and Techniques. This talk will look deeper, beyond the common bug classes, and provide explanations for why programmers are prone to making certain mistakes. Finally strategies for taming common bug sources will be presented. Among these are TypedStrings for dealing with Injection Bugs (XSS, SQL, ...), and Path Normalization to deal with Path Traversal.

Paul Boehm was a founding member of TESO Security in 1998, and has spent a lot of time breaking code. In 2003 he has worked on quantum cryptography at the University of Vienna where he has developed and implemented an improved efficiency qc protocol. His current interest is in Vulnerabilty Defense and Secure Software. He works as a Security Consultant for SEC Consult.

Visualization of Security Data

In the network security world, visual approaches are evolving to be a more and more frequently used analysis tool, providing a powerful alternative to reading raw log data. I will be showing a myriad of visualizations of log files, generated based on data from various sources. The graphs will be used to show a certain property of the dataset analyzed. They'll show anomalous behavior, misconfigurations and simply help document activities in a network.

The audience will learn that visualizing log files or event data is a powerful means to detect problems, trends, anomalies, or even intrusions. As part of the presentation I will suggest a workflow for visual security event analysis that allows for efficient handling of security event data in an operational environment. The talk will also introduce a tool called AfterGlow, which can be used to generate graphs based on log files or security events.

Raffael Marty, GCIA, CISSP works in ArcSight's Strategic Application Solution Team, where he is responsible for delivering industry solutions that address the security needs of Fortune 500 companies, ranging from regulatory compliance to insider threat. Raffael initiated ArcSight's Content Team, which holds responsibility over all the product's content, ranging from correlation rules, dashboards and visualizations to vulnerability mappings and categorization of security events. Before joining ArcSight, Raffael used to work as an IT security consultant for PriceWaterhouse Coopers and previously was a member of the Global Security Analysis Lab at IBM Research, where he participated in various intrusion detection related projects. His main project, Thor, was the first approach to testing intrusion detection systems by means of correlation tables. Raffael also serves on the MITRE OVAL (Open Vulnerability and Assessment Language) advisory board, is involved in the Common Vulnerability Scoring System (CVSS) standard and has been presenting at various occasions.

Messing Up WiFi Public Networks: Where ninjas are, there's nothing left to trust

Every day, new public WiFi networks are set up. Would they be commercial or free of charge, driven by individuals, community or companies, infrastrutured of meshed, they seamlessly allow Internet access from about anywhere in town. If one can access them, about anyone can abuse both network itself and, directly or indirectly attack its clients.

This paper aims at showing how one can mess with open wireless networks, being infrastructure based or mesh networks. We'll see practical examples of network abuse (captive portal bypass, mesh routing abuse) and clients traffic hijacking (traffic injection, redirection, tampering) bypassing traditionnaly deployed security means, thus making open WiFi network a wonderful playground for "nasty" people.

The idea of this talk is to practicaly desmonstrate the inherent weakness of WiFi public networks the way they're commonly deployed nowadays. Many users indeed understand the need of privacy for sensible data such as emails. However, they keep using cleartext browsing, local DNS requests, etc. On the other side, network admins offer infrastructure they often think to be enough to ensure users security and their goals achievement. I want to show to what extent they're wrong by demonstrating some ways available for an attacker to compromise a client and its network flaw and to bypass infrastructures security restrictions and services.

Conferences WLAN accesses are typical example to rely on through audience partticipation: how many are browsing cleartext, are using VPN, do actually tunnel DNS stuff, etc.

Cedric Blancher has spent the last 5 years working in network security field, performing audits and penetration tests. In 2004, he joined EADS Corporate Research Center in France to work at IT Security Reseach lab, focusing on networking and wireless links security. He is an active member of Rstack team and French Honeynet Project with studies on honeynet containment, honeypot farms and network traffic analysis.

He's been delivering technical talks worldwide (Cansecwest/core06, Recon, Ruxcon, Pacsec/core05, etc.), published research papers, magazine articles (MISC) and trainings (Eusecwest/core06, Cansecwest/core06, etc.) on network and wireless security. He also authored Wifitap, a 802.11 communication tool based on trafic injection.

TBA

TBA

Most people in the Internet community will know Onno Purbo. He has achieved many milestones from the moment he started using Data Packet Radio in the 1980's up to todays broadband wireless network. His work has always been the referenced of many writings about the development of the Internet, globally and locally. Often being called as the "Internet Minister" because of his large unselfish contributions to the Internet. The Computer Network Research Group he founded in ITB is his commitment to pair academic research with implemental technology for the masses.

Mr. Onno annual paper on the Indonesian Internet can be found in many foreign publications, and he is constantly traveling around the world giving out workshops on wireless data infrastructure and his well-known "internet for everyone" concept.

The Evolution of Exploitation: from client to kernel and back

TBA

Don Bailey has researched operating system and architecture theory with a focus on security for the past 6 years.