4. HIT 2005
u "The Evolution of Windows Spyware Techniques"
-- Birdman
u "Anti-Forensic with Anti-Reversing" -- Kuon
u sscan, newbug, unohope, alan, Charmi
16. Wall Street 看 Security
Security index had consistently outperformed NASDAQ
Source: Cowen and Company , RSA 2007
17. Security 3.0 in Web 2.0—
What’s Next?
Date Major Security Events within Past Two Months
2007.5.11
n Google published "The Ghost in the Browser" research in Hotbots ’07 (with Usenix)
which states that more than 10% of all on Google indexed wetbsites have been
hacked and contain malware, spyware, or malicious code
2007.5.15
n OWASP published the OWASP Top 10 2007 (the first time since 2004); Cross-site
Scripting vulnerability climbed to #1
2007.5.29
n Google announced acquistion of GreenBorder (a browser-based security solution)
to jumpstart into web application security space
2007.6.1. n Google starts flagging malicious website warning users not to enter
2007.6.6.
n IBM acquired penetration testing company Watchfire to step into Web security
space
2007.6.18.
n Penetration testing company Cenzic approved U.S. patent on fault-injection
technology, starting a new wave of hot debate in Web security
2007.6.19.
n HP acquired penetration testing company SPI Dynamics to enter into web security
space, competing with IBM
2007. 6.30. n PCI includes code review for PCI compliance v1.1, mandatory in 2008
2007.7.9.
n Google acquired online email security Postini for US$625 million in cash,
aggressively entering into online enterprise security space