As somebody once said: "the amount of clue on the Internet is a fixed constant". Indeed, the percentage of people on the Internet that are really hacking is decreasing. The bad thing however is that we now have a new phenomenon: the script kiddies. Using standard exploit scripts and detailed descriptions they can easily attack thousands of systems with only minimal effort.
This Black Hats Session will highlight the problems that exist in present operating systems, application software and how administrators set up and work with those. Not only will these problems be discussed on a high level (buffer overflows, denial of service attacks, privileges, sniffing, security through obscurity, etc.) but also on a tangible level (ypx, insecure default settings, portmapper, sendmail, etc.).
Of course, not only the problems will be discussed, also hints will be given on how to prevent your systems from being vulnerable. A large part of the lecture will therefore be about tools to discover and prevent break-in attempts (such as SATAN, Cops, tcp wrappers, firewalls, encryption, etc.).
After the lecture, attendees will have an insight of methods that are being used to break in to computer systems, and common examples of these methods. Also, the attendees will have a set of tools and methods that can help prevent, detect and limit the effects of break-ins.
Ir. Walter Belgers (28), on the left on the picture, lives in Eindhoven, the technological centre of the Netherlands. His interest for the Internet and UNIX started in 1988. During his study he wrote his first article "UNIX Password Security". In 1994, he got his degree in Computing Science and started working as Internet Specialist for Philips Communications and Processing Services. In 1995 Philips C&P merged with BSO to form Origin, the largest Dutch IT company. Walter now mainly works on secure access (firewalls, VPN) and scalable remote management. His interests include security in its broadest sense, music and swimming.
Hans van de Looy (36) lives in Utrecht, the geographical centre of the Netherlands. He has been hacking the C language and the UNIX Operating System since 1979 and has not stopped since. His private home-based network still contains several computers running different flavors of this operating system (besides NT and a small plan9 play station). In the middle of the 80s he finally got some intermittent access to the Internet. Since his graduation in 1984 he has worked for several companies in various functions. Ranging from senior software developer at a nuclear science development site, development manager for a telecommunications company and product manager for a high-end computer manufacturer. Recently he joined Roccade Finance as a senior consultant, working in the field he could never completely set free: "Computer and Network Security". His interests include but are not limited to security in its broadest sense, music and sailing.