Hack in The Box Security Conference 2011 Amsterdam / NL

Since yesterday I’ve been attending the annual Hack-in-the-Box Quad-Track Security Conference in Amsterdam/NL. There’s a very nice and open atmosphere here at the conference, besides the beautiful city of Amsterdam.

First, Joe Sullivan (CSO at facebook), held a very interesting keynote about the development of security innovations at facebook. For him innovation is “these hacking culture, we think about each day at facebook”. After explaining some of the newer security innovations (https-only, login notifications, login approvals [if e.g. geo-location of a user is suspicious], recognized devices, recent activity) he talked about the recent fb-scams with malicious scripts. “No one would do that, copying and pasting a script into the browser! – Yes, they do…”, he said.

Also a remarkable talk I attended was about binary planting, given by Mitja Kolsek (CTO at ACROS Security). In “Binary Planting: First Overlooked, Then Downplayed, Now Ignored” Mitja also showed a new method he called “advanced binary planting”, which uses a feature from Windows’ special folders (like control panel, printers, etc.) and clickjacking to make it possible to own the users’ computer.

In the winter garden of the conference hotel there’s a technology showcase area. Hackerspaces from all over Europe and the Netherlands are showcasing their projects here. There also is a capture-the-flag competition happening, a lock-picking and (sponsor) companies-showcase.

For more informations please see the conference website.