Security

Net Security, Windows 7 and Conficker Under Scrutiny

Cross-domain security on the Internet, Windows 7 vulnerabilities and the Conficker worm will be among the topics under scrutiny at the Hack In The Box Security Conference (HITB) held in Dubai this week.

"A lot of time and energy is spent looking at cross-domain issues in web applications. However, there's little point having a secure web application if the underlying platforms, such as Web browsers and common Web plugins, have cross-domain issues themselves," said Chris Evans, security lead at Google, in an e-mail.

On Thursday, Evans will present a paper on cross-domain vulnerabilities with Billy Rios, a security engineer at Microsoft.

"We'll be demonstrating some cross-domain bugs in browsers. We'll also be recapping and presenting some advances in areas where the underlying web model unfortunately permits some cross-domain leaks," Evans said.

HITB Dubai is an offshoot of the annual HITB conference held each year in Kuala Lumpur, Malaysia. While smaller than other conferences, HITB Dubai still pulls in high-profile speakers from the security industry.

This year, keynote speeches will be given by Mark Curphey, director of Microsoft's Security Tools Team, and Philippe Langlois, a founder partner at Telecom Security Task Force, a security consulting firm.

Other presentations scheduled for the conference include the release of Vbootkit 2.0, a tool capable of bypassing Windows 7 security, and a discussion of how the Conficker worm affected computers in members of the Cooperation Council for the Arab States in the Gulf (GCC), a group of countries that includes Saudi Arabia, Bahrain, Qatar, Kuwait, Oman and the United Arab Emirates.

Like the RSA Security Conference, which gave away US$50,000 worth of passes to its San Francisco conference this week, attendance at HITB Dubai is expected to suffer because of the economic downturn.

"About 90 percent of the people we've talked to said they have no budget to travel," said Dhillon Andrew Kannabhiran, founder and CEO of Hack In The Box, the conference organizer.

In 2008, the conference had 150 attendees but has so far registered just 85 attendees this year, he said.

HITB will be held on Wednesday and Thursday.

Subscribe to the Security Watch Newsletter

Comments