SlideShare a Scribd company logo

第三屆 台灣駭客年會 Hacks in Taiwan HIT 2007 開場演講 by 黃耀文 Wayne

Wayne Huang
Wayne Huang

第三屆 台灣駭客年會 Hacks in Taiwan HIT 2007 開場演講 by 黃耀文 Wayne

Technology
1 of 18
Download to read offline
第三屆台灣駭客年會 Third Hacks in Taiwan Conference Wayne Huang 黃耀文 wayne@armorize.com
台灣駭客年會 u 一個國家的資安產業成熟度指標— underground hacking conferences u Hacks in Taiwan, brought to you by Tim Hsu and chro0t u Welcome to HITCon 2007
HIT 2005 u 四百年來第一會—台灣終於有 自己的駭客年會! u "地下網管20年" -- gasgas u "Evil netpipe" -- timhsu u "Windows Kernel Shellcode Exploit" -- Nanika
HIT 2005 u "The Evolution of Windows Spyware Techniques" -- Birdman u "Anti-Forensic with Anti-Reversing" -- Kuon u sscan, newbug, unohope, alan, Charmi
HIT 2006 u 場地爆滿,MS 總部電話留位! u 來自世界各地的聽眾!
HIT 2006 u Tony Lee, Lead Anti-Virus Researcher, Microsoft u Sarah Blankinship, Security Program Manager, Microsoft
Y.M. Chen u Director of Consulting, McAfee u PACSEC.JP, HITB, HACK.LU, HIT, CSI, MISTI
Wayne u WWW, PHP, RSA, … u OWASP 台灣分會會長 u 阿碼科技執行長 u 台大電機博士班候選人
Fyodor u SNORT founder u Usenix, BlackHat, Ruxcon, HITB, Syscan, Bellua… u 台大電機博士班
Birdman
Wargame! u 第一名:劉昆豪 技服中心工程師。 u 第二名:吳光哲 任職訊連科技 u 第三名:翁浩正 輔大資工系。
HIT 2007 u TWISC@NTUST 協辦 u HIT 2005: 120人 u HIT 2006: 160人 u HIT 2007: 270人…爆!!
HIT 2007 u 講師橫跨產駭學界 u 參加者來自世界各地 u 更精彩的內容,給更厲害的聽眾 u 拭目以待!
Source: Google Online Security Blog http://googleonlinesecurity.blogspot.com/ Hacked websites Malware origin
HIT 2008 u 台灣資安之能量,有其背後之政治與歷史意義 u 台灣資安界,其實臥虎藏龍 u 龍虎只在每年 HIT 公開出現! u Hacks in Taiwan 是台灣所有對資安有興趣 的朋友的會 • 交流技術 • 分享經驗 • 談論趨勢
Wall Street 看 Security Security index had consistently outperformed NASDAQ Source: Cowen and Company , RSA 2007
Security 3.0 in Web 2.0— What’s Next? Date Major Security Events within Past Two Months 2007.5.11 n Google published "The Ghost in the Browser" research in Hotbots ’07 (with Usenix) which states that more than 10% of all on Google indexed wetbsites have been hacked and contain malware, spyware, or malicious code 2007.5.15 n OWASP published the OWASP Top 10 2007 (the first time since 2004); Cross-site Scripting vulnerability climbed to #1 2007.5.29 n Google announced acquistion of GreenBorder (a browser-based security solution) to jumpstart into web application security space 2007.6.1. n Google starts flagging malicious website warning users not to enter 2007.6.6. n IBM acquired penetration testing company Watchfire to step into Web security space 2007.6.18. n Penetration testing company Cenzic approved U.S. patent on fault-injection technology, starting a new wave of hot debate in Web security 2007.6.19. n HP acquired penetration testing company SPI Dynamics to enter into web security space, competing with IBM 2007. 6.30. n PCI includes code review for PCI compliance v1.1, mandatory in 2008 2007.7.9. n Google acquired online email security Postini for US$625 million in cash, aggressively entering into online enterprise security space
HIT 2008 u 更新更黑的內容,更恐怖的講師陣容! u 不必出國,不必去BlackHat / DefCon! u 明年場地預定:台大醫院國際會議廳 (徵求贊助單位) u 感謝各界的支持,我們明年見!

Recommended

Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
 
Hacking 09 2010
Hacking 09 2010Hacking 09 2010
Hacking 09 2010Felipe Prado
 
Slides from IPv6 Threats
Slides from IPv6 ThreatsSlides from IPv6 Threats
Slides from IPv6 ThreatsCyren, Inc
 
CV | Michele Spagnuolo
CV | Michele SpagnuoloCV | Michele Spagnuolo
CV | Michele SpagnuoloMichele Spagnuolo
 
Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth Mamoon Ismail Khalid
 
Red Hat Summit, World IP Day, and the new OWASP Top 10
Red Hat Summit, World IP Day, and the new OWASP Top 10Red Hat Summit, World IP Day, and the new OWASP Top 10
Red Hat Summit, World IP Day, and the new OWASP Top 10Black Duck by Synopsys
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 

Recommended

Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
 
Hacking 09 2010
Hacking 09 2010Hacking 09 2010
Hacking 09 2010Felipe Prado
 
Slides from IPv6 Threats
Slides from IPv6 ThreatsSlides from IPv6 Threats
Slides from IPv6 ThreatsCyren, Inc
 
CV | Michele Spagnuolo
CV | Michele SpagnuoloCV | Michele Spagnuolo
CV | Michele SpagnuoloMichele Spagnuolo
 
Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth Case study cybersecurity industry birth and growth
Case study cybersecurity industry birth and growth Mamoon Ismail Khalid
 
Red Hat Summit, World IP Day, and the new OWASP Top 10
Red Hat Summit, World IP Day, and the new OWASP Top 10Red Hat Summit, World IP Day, and the new OWASP Top 10
Red Hat Summit, World IP Day, and the new OWASP Top 10Black Duck by Synopsys
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT SecurityLondon School of Cyber Security
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Open vs Closed - Which is more secure?
Open vs Closed - Which is more secure? Open vs Closed - Which is more secure?
Open vs Closed - Which is more secure? SYNAQ
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitPR Americas
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network securityBev Robb
 
Video & AI: capabilities and limitations of AI in detecting video manipulations
Video & AI: capabilities and limitations of AI in detecting video manipulationsVideo & AI: capabilities and limitations of AI in detecting video manipulations
Video & AI: capabilities and limitations of AI in detecting video manipulationsVasileiosMezaris
 
SecurifyLabs & Tiki @ Countermeasure 2014
SecurifyLabs & Tiki @ Countermeasure 2014SecurifyLabs & Tiki @ Countermeasure 2014
SecurifyLabs & Tiki @ Countermeasure 2014securifylabs
 
Webinar: "Il software: la strategia vincente sta nella qualità"
Webinar: "Il software: la strategia vincente sta nella qualità"Webinar: "Il software: la strategia vincente sta nella qualità"
Webinar: "Il software: la strategia vincente sta nella qualità"Emerasoft, solutions to collaborate
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 
Resume
ResumeResume
ResumeNick Bilogorskiy
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trendsYi-Lang Tsai
 
The History of Cybersecurity - Servnet.pdf
The History of Cybersecurity - Servnet.pdfThe History of Cybersecurity - Servnet.pdf
The History of Cybersecurity - Servnet.pdfonline Marketing
 
15 years through Infosec
15 years through Infosec15 years through Infosec
15 years through InfosecSaumil Shah
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxDISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxmahendrarm2112
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
The Intersection Between Open Source and Cybersecurity
The Intersection Between Open Source and CybersecurityThe Intersection Between Open Source and Cybersecurity
The Intersection Between Open Source and CybersecurityBlack Duck by Synopsys
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bugvwchu
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeMalware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeStephen Cobb
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 

More Related Content

Similar to 第三屆 台灣駭客年會 Hacks in Taiwan HIT 2007 開場演講 by 黃耀文 Wayne

Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Open vs Closed - Which is more secure?
Open vs Closed - Which is more secure? Open vs Closed - Which is more secure?
Open vs Closed - Which is more secure? SYNAQ
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitPR Americas
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network securityBev Robb
 
Video & AI: capabilities and limitations of AI in detecting video manipulations
Video & AI: capabilities and limitations of AI in detecting video manipulationsVideo & AI: capabilities and limitations of AI in detecting video manipulations
Video & AI: capabilities and limitations of AI in detecting video manipulationsVasileiosMezaris
 
SecurifyLabs & Tiki @ Countermeasure 2014
SecurifyLabs & Tiki @ Countermeasure 2014SecurifyLabs & Tiki @ Countermeasure 2014
SecurifyLabs & Tiki @ Countermeasure 2014securifylabs
 
Webinar: "Il software: la strategia vincente sta nella qualità"
Webinar: "Il software: la strategia vincente sta nella qualità"Webinar: "Il software: la strategia vincente sta nella qualità"
Webinar: "Il software: la strategia vincente sta nella qualità"Emerasoft, solutions to collaborate
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trendsYi-Lang Tsai
 
The History of Cybersecurity - Servnet.pdf
The History of Cybersecurity - Servnet.pdfThe History of Cybersecurity - Servnet.pdf
The History of Cybersecurity - Servnet.pdfonline Marketing
 
15 years through Infosec
15 years through Infosec15 years through Infosec
15 years through InfosecSaumil Shah
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxDISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxmahendrarm2112
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
The Intersection Between Open Source and Cybersecurity
The Intersection Between Open Source and CybersecurityThe Intersection Between Open Source and Cybersecurity
The Intersection Between Open Source and CybersecurityBlack Duck by Synopsys
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bugvwchu
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeMalware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeStephen Cobb
 

Similar to 第三屆 台灣駭客年會 Hacks in Taiwan HIT 2007 開場演講 by 黃耀文 Wayne (20)

Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
Open vs Closed - Which is more secure?
Open vs Closed - Which is more secure? Open vs Closed - Which is more secure?
Open vs Closed - Which is more secure?
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst Summit
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network security
 
Video & AI: capabilities and limitations of AI in detecting video manipulations
Video & AI: capabilities and limitations of AI in detecting video manipulationsVideo & AI: capabilities and limitations of AI in detecting video manipulations
Video & AI: capabilities and limitations of AI in detecting video manipulations
 
SecurifyLabs & Tiki @ Countermeasure 2014
SecurifyLabs & Tiki @ Countermeasure 2014SecurifyLabs & Tiki @ Countermeasure 2014
SecurifyLabs & Tiki @ Countermeasure 2014
 
Webinar: "Il software: la strategia vincente sta nella qualità"
Webinar: "Il software: la strategia vincente sta nella qualità"Webinar: "Il software: la strategia vincente sta nella qualità"
Webinar: "Il software: la strategia vincente sta nella qualità"
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentation
 
Resume
ResumeResume
Resume
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
 
The History of Cybersecurity - Servnet.pdf
The History of Cybersecurity - Servnet.pdfThe History of Cybersecurity - Servnet.pdf
The History of Cybersecurity - Servnet.pdf
 
15 years through Infosec
15 years through Infosec15 years through Infosec
15 years through Infosec
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxDISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
The Intersection Between Open Source and Cybersecurity
The Intersection Between Open Source and CybersecurityThe Intersection Between Open Source and Cybersecurity
The Intersection Between Open Source and Cybersecurity
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bug
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeMalware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
 

Recently uploaded

Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

第三屆 台灣駭客年會 Hacks in Taiwan HIT 2007 開場演講 by 黃耀文 Wayne

  • 1. 第三屆台灣駭客年會 Third Hacks in Taiwan Conference Wayne Huang 黃耀文 wayne@armorize.com
  • 2. 台灣駭客年會 u 一個國家的資安產業成熟度指標— underground hacking conferences u Hacks in Taiwan, brought to you by Tim Hsu and chro0t u Welcome to HITCon 2007
  • 3. HIT 2005 u 四百年來第一會—台灣終於有 自己的駭客年會! u "地下網管20年" -- gasgas u "Evil netpipe" -- timhsu u "Windows Kernel Shellcode Exploit" -- Nanika
  • 4. HIT 2005 u "The Evolution of Windows Spyware Techniques" -- Birdman u "Anti-Forensic with Anti-Reversing" -- Kuon u sscan, newbug, unohope, alan, Charmi
  • 5. HIT 2006 u 場地爆滿,MS 總部電話留位! u 來自世界各地的聽眾!
  • 6. HIT 2006 u Tony Lee, Lead Anti-Virus Researcher, Microsoft u Sarah Blankinship, Security Program Manager, Microsoft
  • 7. Y.M. Chen u Director of Consulting, McAfee u PACSEC.JP, HITB, HACK.LU, HIT, CSI, MISTI
  • 8. Wayne u WWW, PHP, RSA, … u OWASP 台灣分會會長 u 阿碼科技執行長 u 台大電機博士班候選人
  • 9. Fyodor u SNORT founder u Usenix, BlackHat, Ruxcon, HITB, Syscan, Bellua… u 台大電機博士班
  • 11. Wargame! u 第一名:劉昆豪 技服中心工程師。 u 第二名:吳光哲 任職訊連科技 u 第三名:翁浩正 輔大資工系。
  • 12. HIT 2007 u TWISC@NTUST 協辦 u HIT 2005: 120人 u HIT 2006: 160人 u HIT 2007: 270人…爆!!
  • 13. HIT 2007 u 講師橫跨產駭學界 u 參加者來自世界各地 u 更精彩的內容,給更厲害的聽眾 u 拭目以待!
  • 14. Source: Google Online Security Blog http://googleonlinesecurity.blogspot.com/ Hacked websites Malware origin
  • 15. HIT 2008 u 台灣資安之能量,有其背後之政治與歷史意義 u 台灣資安界,其實臥虎藏龍 u 龍虎只在每年 HIT 公開出現! u Hacks in Taiwan 是台灣所有對資安有興趣 的朋友的會 • 交流技術 • 分享經驗 • 談論趨勢
  • 16. Wall Street 看 Security Security index had consistently outperformed NASDAQ Source: Cowen and Company , RSA 2007
  • 17. Security 3.0 in Web 2.0— What’s Next? Date Major Security Events within Past Two Months 2007.5.11 n Google published "The Ghost in the Browser" research in Hotbots ’07 (with Usenix) which states that more than 10% of all on Google indexed wetbsites have been hacked and contain malware, spyware, or malicious code 2007.5.15 n OWASP published the OWASP Top 10 2007 (the first time since 2004); Cross-site Scripting vulnerability climbed to #1 2007.5.29 n Google announced acquistion of GreenBorder (a browser-based security solution) to jumpstart into web application security space 2007.6.1. n Google starts flagging malicious website warning users not to enter 2007.6.6. n IBM acquired penetration testing company Watchfire to step into Web security space 2007.6.18. n Penetration testing company Cenzic approved U.S. patent on fault-injection technology, starting a new wave of hot debate in Web security 2007.6.19. n HP acquired penetration testing company SPI Dynamics to enter into web security space, competing with IBM 2007. 6.30. n PCI includes code review for PCI compliance v1.1, mandatory in 2008 2007.7.9. n Google acquired online email security Postini for US$625 million in cash, aggressively entering into online enterprise security space
  • 18. HIT 2008 u 更新更黑的內容,更恐怖的講師陣容! u 不必出國,不必去BlackHat / DefCon! u 明年場地預定:台大醫院國際會議廳 (徵求贊助單位) u 感謝各界的支持,我們明年見!