Events and conferences – 2007
Smau 2007, Milan
- 17-20 October 2007
"Buzzwords Security" by Luca Carettoni. "Anti-Forensics" by Stefano Zanero. "Mach security" by Vincenzo Iozzo.
Secure Network is present at SMAU2007 (pad.24 stand K17), the 44th International Exhibition of Information&Communications Technology, with three sparkling technical talks.
- Conference website: http://www.smau.it
ISSE/SECURE 2007, Warsaw
- 25-27 September 2007
"String Analysis for the Detection of Web Application Flaws" Luca Carettoni, Security Consultant
Today, web applications are the most powerful way to provide services and informations to customers and suppliers.Finding security flaws into web applications is becoming very difficult due to the growing complexity of these systems and no silver bullet, able to solve the automatic detection, exists. Although we think that there is no general solution, for some particular use cases it is possible to adopt useful techniques: source code static analysis is one of these approaches. Combining well know theoretical methodologies with string analysis, we propose a new way to automatically detect vulnerabilities. All informations to and from web applications can be modelled as the exchange of textual objects in which the string variables/functions are the simplest entities. We track each potential unsafe method or function, trying to generate a static approximation of the runtime invocation; comparing this approximation with a knowledge base of safe parameters our technique is able to identify input validation flaws. We developed a plugin for the Eclipse IDE which is able to analyze and find vulnerabilities into J2EE applications, implementing our methodology. In this talk we present an overview of the input validation flaws, we show the theoretical aspects and our tool, evaluating the effectiveness of that solution during the development of safe web applications.
- Conference website: http://www.isse.eu.com
ISSE/SECURE 2007, Warsaw
- 25-27 September 2007
"Observing the Tidal Waves of Malware" S.Zanero
In this talk we will address the main challenges to be solved in order to build an automatic, global network which can perform early warning, automatic classification and analysis of malware and exploits as they propagate, or are used, worldwide. We all know of honeypots, early warning systems, and the Internet Storm Center: what are the missing pieces before we can really observe the tidal waves of malware and exploit the knowledge gained?
- Conference website: http://www.isse.eu.com
OWASP Day: Privacy in the 21st Century, Rome
- 10th September 2007
"Buzzwords Security" Luca Carettoni, Security Consultant
At the Italian edition of the OWASP Day Worldwide, Luca Carettoni, Security Consultant of Secure Network, presented a new talk on web application security: How to exploit a WiFi Access Point using XSS and other attack techniques.
- Presentation: /chisiamo/eventiecon...P_Day1_Carettoni.pdf
- Conference website: http://www.owasp.org/index.php/OWASP_Day
Hack In The Box, Malaysia
- 05th September 2007
"360° Anomaly Based Intrusion Detection" S.Zanero
In this talk, after briefly reviewing why we should build a good anomaly-based intrusion detection system, we will present two IDS prototypes developed at the Politecnico di Milano for network and host based intrusion detection through unsupervised algorithms. We will then use them as a case study for presenting the difficulties in integrating anomaly based IDS systems (as if integrating usual misuse based IDS system was not complex enough?). We will then present our ideas, based on fuzzy aggregation and causality analysis, for extracting meaningful attack scenarios from alert streams, building the core of the first 360° anomaly based IDS.
- Conference website: http://conference.ha...f2007kl/?page_id=132
Black Hat, Las Vegas
- 01-02 August 2007
"Observing the Tidal Waves of Malware" S.Zanero, Partner and CTO, Secure Network
In this talk we will address the main challenges to be solved in order to build an automatic, global network which can perform early warning, automatic classification and analysis of malware and exploits as they propagate, or are used, worldwide. We all know of honeypots, early warning systems, and the Internet Storm Center: what are the missing pieces before we can really observe the tidal waves of malware and exploit the knowledge gained?
- Conference website: http://www.blackhat.com
FIRST 2007, Seville
- 17-22 June 2007
"Flaws and frauds in the evaluation of IDS/IPS technologies" S.Zanero
One of the things that amazes me on mailing lists and in conferences regarding intrusion detection is the symmetric presence of two concurrent issues: (a) customers asking "what is the better IDS for my architecture, or for this specific requirement?" (b) vendors and scientists claiming "my IDS is better than that", all the time. Both are very reasonable stances, per se. Trouble is, we don't have answers for those customers, and we don't have benchmarks to actually measure if one IDS is better than another. Since a key issue in developing technologies is measuring how well they compare with earlier attempts, it is an unsurprising result that we don't have really good IDS yet, just a very wide bunch of (often unconvincing) suggestions on how an IDS should be made. So, I'd like to help fellow practitioners and researchers by debunking claimed "performances" of current IDS systems, by demolishing current "testing methodologies" and by showing how practical testing architectures can be created to compare systems.
- Conference website: http://www.first.org/conference/2007/
CONFidence 2007, Krakow
- 12-13 May 2007
"String Analysis for the Detection of Web Application Flaws" L.Carettoni, C.Merloni
Today, web applications are the most powerful way to provide services and informations to customers and suppliers.Finding security flaws into web applications is becoming very difficult due to the growing complexity of these systems and no silver bullet, able to solve the automatic detection, exists. Although we think that there is no general solution, for some particular use cases it is possible to adopt useful techniques: source code static analysis is one of these approaches. Combining well know theoretical methodologies with string analysis, we propose a new way to automatically detect vulnerabilities. All informations to and from web applications can be modelled as the exchange of textual objects in which the string variables/functions are the simplest entities. We track each potential unsafe method or function, trying to generate a static approximation of the runtime invocation; comparing this approximation with a knowledge base of safe parameters our technique is able to identify input validation flaws. We developed a plugin for the Eclipse IDE which is able to analyze and find vulnerabilities into J2EE applications, implementing our methodology. In this talk we present an overview of the input validation flaws, we show the theoretical aspects and our tool, evaluating the effectiveness of that solution during the development of safe web applications.
- Presentation: /chisiamo/eventiecon...ce2007_webappsec.pdf
- Conference website: http://2007.confiden...ncji?lp_lang_view=en
CONFidence 2007, Krakow
- 12-13 May 2007
"The BlueBag Project: from August 2006 to May 2007" L.Carettoni, C.Merloni
In this talk we present our researches about Bluetooth security: from August 2006 to May 2007. During this time we developed a set of projects that can be combined to exploit Bluetooth devices weaknesses building a distributed network of agents spreading via Bluetooth which can seek given targets and exploit the devices to log keystrokes, steal data, record audio data, take pictures and then send the collected data back to the attacker, either through the agents network or directly to the attacker. We show the different elements that compose the whole project, giving an estimate, through real data and mathematical models, of the effectiveness of that kind of attack.
- Presentation: /chisiamo/eventiecon...ence2007_bluebag.pdf
- Conference website: http://2007.confiden...ncji?lp_lang_view=en
CONFidence 2007, Krakow
- 12-13 May 2007
"My IDS is better than yours? or is it ?!" S.Zanero
What do we, as customers or researcher, need to know about testing methodologies for IDSs? What about the currently "standard" industry test methodologies? How to make sense (or disperse the FUD) in the cloud of statistics vendors use for concealing their flaws. And should we draft tests for evaluation of technology in our environment, how should we deal with the various performance indexes of IDS systems?
- Conference website: http://2007.confiden...ncji?lp_lang_view=en
World Summit on Intrusion Prevention, Baltimora (Maryland)
- 9th May 2007
"Of IDS evaluation, and why you should handle it with care" S.Zanero
What do we, as customers or researcher, need to know about testing methodologies for IDSs? What about the currently "standard" industry test methodologies? How to make sense (or disperse the FUD) in the cloud of statistics vendors use for concealing their flaws. And should we draft tests for evaluation of technology in our environment, how should we deal with the various performance indexes of IDS systems?
- Conference website: http://www.unatekcon...omeIntrusion2007.php
SecurityOpus, San Francisco
- 19-23 March 2007
"Of IDS evaluation, and why you should handle it with care" S.Zanero
What do we, as customers or researcher, need to know about testing methodologies for IDSs? What about the currently "standard" industry test methodologies? How to make sense (or disperse the FUD) in the cloud of statistics vendors use for concealing their flaws. And should we draft tests for evaluation of technology in our environment, how should we deal with the various performance indexes of IDS systems?
- Conference website: http://www.securityopus.com/
IT Underground 2007, Prague
- 8-9 March 2007
"Unsupervised Intrusion Detection - Latest Updates" S.Zanero
Stefano Zanero, CTO of Secure Network, explained the latest updates of the research about the technology used in the Unsupervised Intrusion Detection Systems.
- Presentation: /chisiamo/eventiecon...S-unsup-prague07.pdf
BlackHat DC 2007, Washington
- 1st March 2007
"360° Anomaly Based Unsupervised Intrusion Detection"
In this talk, after briefly reviewing why we should build a good anomaly-based intrusion detection system, we will briefly present two IDS prototypes developed at the Politecnico di Milano for network and host based intrusion detection through unsupervised algorithms. We will then use them as a case study for presenting the difficulties in integrating anomaly based IDS systems (as if integrating usual misuse based IDS system was not complex enough...). We will then present our ideas, based on fuzzy aggregation and causality analysis, for extracting meaningful attack scenarios from alert streams, building the core of the first 360° anomaly based IDS.
- Presentation: https://www.blackhat.../bh-dc-07-Zanero.pdf
- Whitepaper: https://www.blackhat...-dc-07-Zanero-WP.pdf