Jeff Moss Welcomes Attendess of the Black Hat Conference, October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker.

"To know various fraud schemes is important when implementing counter measures against it. During this session, the presenter will show the latest online fraud schemes. Vulnerable Internet users could easily be captured in the traps of which set up by criminals who take increasingly sophisticated online fraud schemes such as Phising and One Click Fraud. In this session, we will show the latest online fraud schemes. Mr. Hoshizawa joined Symantec in 1998, took a position in charge of security research, correspondence to new viruses, and collection and analysis of vulnerability information as the Asia Pacific regional manager of the Symantec Security Response. He has established himself as a top class virus researcher in Japan, and has been contributing to many IT related publications about computer security. Moreover, he gave talks at the various international conference such as Virus Bulletin, EICAR, and AVAR, on the subject of security issues. After leaving Symantec in September 2004, he joined Secure Brain Corporation and took a charge of the present position since October 2004."

"Botnets pose a severe threat to the today?s Internet community. We show a solution to automatically, find, observe and shut down botnets with existing opensource tools, partially developed by us. We start with a discussion of a technique to automatically collect bots with the help of the tool nepenthes.We present the architecture and give technical details of the implementation. After some more words on the effectiveness of this approach we present an automated way to analyze the collected binaries. All these steps can be automated to a high degree, allowing us to build a system that autonomously collects information about existing botnets. This information can then be aggregated and correlated to learn even more. As a result, we obtain information that can be used to mitigate the threat, e.g., as a warning-system within networks or as an information ressource for CERTs. We conclude the talk with an overview of lessons learned and point out further research topics in the area of botnet tracking. Attentands are expected to have a basic knowledge of honeypots and how honeynets work. All necessary information about bots/botnets will be introduced during the talk and the live demonstrations."

Jeff Moss Welcomes Attendess of the Black Hat Conference, October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker.

"Every application, from a small blog written in PHP to an enterprise-class database, receives raw bytes, interprets these bytes as data, and uses the information to drive the behavior of the system. Internationalization support, which stretches from character representation to units of measurement, affects the middle stage: interpretation. Some software developers understand that interpreting data is an incredibly difficult task and implement their systems appropriately. The rest write, at best, poorly internationalized software. At worst, they write insecure software. Regardless of whether this fact is understood or acknowledged, each developer is reliant on operating systems, communication mechanisms, data formats, and applications that provide support for internationalization. This represents a large and poorly understood, attack surface. f we go back to the ""three stages model"" above, many attacks have focused on simply sending bad data and using perceived failures to influence the behavior of the system. Most defenses have evolved to prevent malicious data from entering the system. This talk will cover advanced techniques that use the interpretation stage to manipulate the data actually consumed by the myriad components of typical software systems. Attack and defense methodologies based on years studying core technologies and real software systems will be presented."

"There have been a series of information leak incidents being happening in Japan regarding to the use of P2P file sharing softwares. But those incidents are just a tip of iceberg. There were expected to be tens of thousands of incidents that even not reported in the news. P2P file sharing softwares usually designed to enhance user anonymity therefore users of such software can enjoy act of violating the copyright law. However, contrary to such users assumption, the nature of P2P networks are nearly publicly open networks for either the files that being uploaded or downloaded. This talk will explain about the reason of how the encryption deployed by Winny and Share could be defeated, what will be the change by such encryption becoming disarmed, and what could be the evidence of the information been made public, with the details based on the characteristic of public openness resides in P2P and how the characteristics affect the content of communicaton exposed on the P2P networks that no longer have anonymity."

"As the Internet becomes a social framework, attacks and incidents with various intents have been actualized. As a result, previously unrelated organizations and groups have become actively engaged in discussions regarding threats and technology. In addition, they have begun to approach and actively engage in creating and implementing information security policies. This session will cover the information security revolution in Japan, as seen from analzyed attack models which have been actualized and on the changed meaning of threats and the influences. Mitsugu Okatani became a battleplane pilot after joining the Japan Air Self-Defense Force joined in April 1980, then he worked on the design development and management of the weapon systems as a development engineer. He was engaged in IT system development and information security related projects in the Air Self-Defense Force as a project executive from October 1993. He served in the Communications and Electronics Division in Air Staff Office Defense Division, the Director of Defense Agency Communication Division, and the Office of the Information Security at Cabinet from April 2002. He worked for the Network Information Security Center at Cabinet as a full time staff since Aug 2005, and became a Joint Staff Office at Japan Defense Agency since April 2006."

If you give a thousand programmers the same task and the same tools, chances are a lot of the resulting programs will break on the same input. Writing secure code isn't just about avoiding bugs. Programming is as much about People as it is about Code and Techniques. This talk will look deeper, beyond the common bug classes, and provide explanations for why programmers are prone to making certain mistakes. New strategies for taming common bug sources will be presented. Among these are TypedStrings for dealing with Injection Bugs (XSS, SQL, ...), and Path Normalization to deal with Path Traversal.

"The presentation will first present how to generically (i.e. not relaying on any implementation bug) insert arbitrary code into the latest Vista Beta 2 kernel (x64 edition), thus effectively bypassing the (in)famous Vista policy for allowing only digitally singed code to be loaded into kernel. The presented attack does not requite system reboot. Next, the new technology for creating stealth malware, code-named Blue Pill, will be presented. Blue Pill utilizes the latest virtualization technology from AMD - Pacifica - to achieve unprecedented stealth. The ultimate goal is to demonstrate that is possible (or soon will be) to create an undetectable malware which is not based on a concept, but, similarly to modern cryptography, on the strength of the 'algorithm'."

"The U.S. Government has mandated that its organizations be IPv6-compliant by June 30, 2008. The Japanese government has already missed more than one IPv6 deadline. But while we can argue about specific dates for compliance and deployment, there is no question but that your organization must begin to prepare for the next generation Internet, and it should start today. This presentation is based on wide-ranging, in-depth research, including interviews with the top thinkers on the most crucial issues surrounding the sleeping giant known as IPv6. It will give you the facts you need in order to plan for what may be difficult times ahead. The tactical, down-in-the-weeds take on IPv6 will be examined in detail. This presentation will provide the Black Hat Japan audience with a myriad of technical details to inform them of the challenges that await their organizations as they attempt to keep pace not only with their government mandates, but also with economic competitors from around the world. The Black Hat audience will also learn how hackers will exploit this new technology, and how to stop black hats from taking advantage of the necessarily long-lasting, heterogeneous environment that will be required during the transition to IPv6. Believe it or not, many nation-states view IPv6 as crucial to their national security plans for the future. This presentation will make stops at the White House, Tokyo, Beijing, and Red Square, and cover in detail the most current v6 research and deployment events in East Asia. It will discuss how, if some governments get their way, most members of the Black Hat audience could well lose their last byte of anonymity on the Internet. The corporate side of Internet addressing will also be addressed: what do the Xbox, IPTV, and the number of beers I have left in my fridge at home have in common? Answer: IPv6!"

"Imagine you?re visiting a popular website and invisible JavaScript Malware steals your cookies, captures your keystrokes, and monitors every web page that you visit. Then, without your knowledge or consent, your web browser is silently hijacked to transfer out bank funds, hack other websites, or post derogatory comments in a public forum. No traces, no tracks, no warning sirens. In 2005?s ""Phishing with Superbait"" presentation we demonstrated that all these things were in fact possible using nothing more than some clever JavaScript. And as bad as things are already, further web application security research is revealing that outsiders can also use these hijacked browsers to exploit intranet websites. Most of us assume while surfing the Web that we are protected by firewalls and isolated through private NAT'ed IP addresses. We assume the soft security of intranet websites and that the Web-based interfaces of routers, firewalls, printers, IP phones, payroll systems, etc. even if left unpatched, remain safe inside the protected zone. We believe nothing is capable of directly connecting in from the outside world. Right? Well, not quite.Web browsers can be completely controlled by any web page, enabling them to become launching points to attack internal network resources. The web browser of every user on an enterprise network becomes a stepping stone for intruders. Now, imagine visiting a web page that contains JavaScript Malware that automatically reconfigures your company?s routers or firewalls, from the inside, opening the internal network up to the whole world. Even worse, common Cross-Site Scripting vulnerabilities make it possible for these attacks to be launched from just about any website we visit and especially those we trust. The age of web application security malware has begun and it?s critical that understand what it is and how to defend against it. During this presentation we'll demonstrate a wide variety of cutting-edge web application security attack techniques and describe bestpractices for securing websites and users against these threats. You?ll see: * Port scanning and attacking intranet devices using JavaScript Malware * Blind web server fingerprinting using unique URLs * Discovery NAT'ed IP addresses with Java Applets * Stealing web browser history with Cascading Style Sheets * Best-practice defense measures for securing websites * Essential habits for safe web surfing"