Hack in the Box kicks off jam-packed security conference

Hack in the Box will host its 10th security conference this week in Kuala Lumpur featuring an all-star cast of hacking luminaries and a cutting-edge program.

The lengthy speakers list includes John Draper aka “Captain Crunch,” who famously used a whistle from a cereal box to access long-distance switching networks in the early 1970s, as well as Peter Sunde and Fredrik Neij, two founders of the torrent search engine The Pirate Bay.

Google will reprise its “Pwnium” competition, which it debuted at the CanSecWest security conference in March in Vancouver, British Columbia.

The company, which holds the competition to allow researchers to compete for prize money to find security problems within its Chromium browser, will give away up to $2 million in rewards. It has allocated a $60,000 reward for a full Chrome exploit, $50,000 for a partial Chrome exploit and $40,000 for other non-Chrome exploits, which it has detailed on its blog.

One of the major events will be a 32-hour “Capture the Flag” hacking competition. This year, teams of three people each will compete in a scenario that is centered around the defense of SCADA (Supervisory Control and Data Acquisition) systems.

Teams this year will “manage” their own nuclear power plants, with services and daemons — which represent seven reactor cores — running on their machines. Opposing teams try to penetrate their computers, with poor defense penalized by a loss of fake money.

Similar to previous Hack in the Box conferences, this year’s show will also have a Lock Picking Area, where participants can get away from their computers and learn the delicate art of lock picking.

Hack in the Box doesn’t have keynotes but instead runs many technical sessions featuring the latest work from some of the more famous white hat hackers and security experts.

Charlie Miller, principal research consultant at Accuvant Labs, will present his NFC (near field communications) work of late, which has focused on how software used to build the NFC protocol stack can be manipulated for unintended consequences.

For example, Miller’s work shows how NFC data transmitted using Android Beam could force a mobile device to open up videos, office documents or web pages within a browser without user interaction.

The Pirate Bay’s Sunde and Neij are on the agenda, but their talk hasn’t been described yet. Despite years of legal wrangling and short prison sentences for Sunde, Neij and Carl LA1/4ndstrom in Sweden, the search engine is still alive to the chagrin and ire of the entertainment industry.

Other events include a panel talk with “Musclenerd,” Stefan Esser and David Wang, whom all have been involved in figuring out ways to “jailbreak” iOS, the term for breaking Apple’s iOS software to allow the installation of applications not authorized by the company.

Technical training sessions begin on Monday and run through Tuesday, with speakers on Wednesday and Thursday.

Send news tips and comments to jeremy_kirk@idg.com