Malcon

Malcon
Rajshekhar Murthy, Founder of MalCon
Rajshekhar Murthy, Founder of MalCon

MALCON is an annual information security conference focusing exclusively on malware. It aims in bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. Unlike most hacker conventions, MALCON is opposed to the much debated ‘zero day’ and ‘full disclosure’. The first MalCon conference took place in December 2010 at Mumbai and Pune, India.

Many of the attendees at MALCON include security professionals, Government employees, lawyers, researchers, journalists and hackers with interest in malwares and its global impact on economy. The event promotes “proactive” research in malware coding and openly invites malcoders to come forward and demonstrate their creation.

Contents

History

MalCon was founded in 2010 by Rajshekhar Murthy,[1][2][3] known as thebluegenius,[4][5] is a science graduate and an ex-employee of Microsoft Corporation. Since the inception of MalCon, it has been widely backed by numerous government organizations such as NTRO.[6]

Philosophy

The event organizers have issued a FAQ[7] that outlines their philosophy for MalCon, where they explain their objective as “Our Aim is to help the Security Industry as well as Software Industry, understand this fine ‘art’ of Malware Development (Which covers even exploits) so that they can build better and secure code, as well as work towards mitigating potential new attack vectors.”

In an interview to kerbsonsecurity,[8] he quoted "While a conference can be done by inviting the best / well known security experts who can share statistics, slides and ‘analysis’ of malwares, it is not of any benefit to the community today except that of awareness. The need of MalCon conference is bridge that ignored gap between security companies and malcoders. They have to get on a common platform and talk to each other. Just like the concept of ‘ethical hacking’ has helped organizations to see that hackers are not all that bad, it is time to accept that ‘ethical malcoding’ is required to research, identify and mitigate newer malwares in a ‘proactive’ way".

Rajshekhar Murthy coined new security term “ethical malcoding” to differentiate between malcoders who work in the background independently or with various security firms for research and those who do it for financial gain; and another term "GuuWare"[9] to describe software’s that may have similar attributes of a malware but are used for defensive purposes.

Controversies

MalCon approach of openly inviting "ethical malcoders" gained a lot of International attention[10] and faced criticism[11] from notable security sites[12][13] and bloggers.[14] On its part, MalCon on its FAQ[7] maintains that “It is not about rapid analysis but about detection. Technology or not, MalCon conference or not, there are new malwares out there constantly being created. Even if the available handful of security vendors have their own team of researchers for analysis, this is not enough. Active and open participation by ‘ethical malcoders’ will help advance the research and containment capability of our existing methods”

Event format

The MalCon convention has the following format:

  • Technical briefings: The main content of the submitted CFP, the 2010 MalCon revolved around "Malware creation in under two minutes" theme.[15]
  • Workshops: Technical workshops related to Malwares.
  • The Big Talk (panel discussion): A subject for debate by experts, the Big talk in MalCon 2010 focused on 'Hiring hackers for National security', where both hackers and representatives of the Indian Government participated.[16]
  • Capture the Mal: Announced for MalCon 2011, 'Capture the Mal' is proposed to be a variant of the popular Capture the Flag contest, where security professionals will try to capture and analyze an unknown malware in a limited time.

Notable events

At MalCon 2010:

  • Indian government officials reportedly asked Indian hackers to learn Chinese to beat the red attacks.[17][18]
  • Indian hacker, and MalCon's Technical Director, Atul Alex released an updated and modified firmware for the Symbian OS with a backdoor.[19][20]

Notes

  1. ^ Paul Roberts (August 25, 2010). "New Conference Wants to Bring Malware Writers Out of the Shadows". Kaspersky Lab Security News Service. http://threatpost.com/en_us/blogs/new-conference-wants-bring-malware-writers-out-shadows-082510. Retrieved December 26, 2010. 
  2. ^ Pulkit Sharma (August 25, 2008). "Terrorists exploit Mumbai net security". Techgoss. http://www.techgoss.com/Story/141S11-Terrorists-exploit-Mumbai-net-security.aspx. Retrieved December 26, 2010. 
  3. ^ Vinod Kumar Menon (March 10, 2009). "India's youngest ethical hacker". MiD DAY. http://www.mid-day.com/news/2009/mar/100309-News-Mumbai-youngest-ethical-hacker-computer-programmer-Wiz-kid-IT-firm-Hackers.htm. Retrieved December 26, 2010. 
  4. ^ Rajshekhar Murthy (February 2010). "Files from thebluegenius". Packet Storm. http://packetstormsecurity.org/files/author/7857/. Retrieved December 26, 2010. 
  5. ^ "Rajshekhar Murthy's Official Blog". The Blue Genius. http://www.thebluegenius.com. Retrieved M D, Y. 
  6. ^ Sameer and DJ (December 14, 2010). "What went into making of Malcon?". Techgoss. http://www.techgoss.com/Story/422S11-What-went-into-making-of-MalCon-.aspx. Retrieved December 26, 2010. 
  7. ^ a b MalCon. "FAQ". malcon.org. http://malcon.org/about/. Retrieved December 26, 2010. 
  8. ^ Brian Krebs (August 24, 2010). "MalCon: A Call for ‘Ethical Malcoding’". Krebs On Security. http://krebsonsecurity.com/2010/08/malcon-a-call-for-ethical-malcoding/. Retrieved December 26, 2010. 
  9. ^ "GuuWare". malcon.org. December 1, 2010. http://malcon.org/web/2010/guuware/. Retrieved December 26, 2010. 
  10. ^ Sameer (August 30, 2010). "Mumbai MalCon gets media". Techgoss. http://www.techgoss.com/Story/2640S14-Mumbai-MalCon-gets-media.aspx. Retrieved December 26, 2010. 
  11. ^ Ted Samson (August 30, 2010). "Malware Convention -- Not a Good Idea". PC World. http://www.pcworld.com/article/204411/malware_convention_not_a_good_idea.html?tk=hp_new. Retrieved December 26, 2010. 
  12. ^ Ed Moyle (September 2, 2010). "Introducing the "Malware Conference for Global Evil (and Mass Effect 2)"". SecurityCurve. http://www.securitycurve.com/wordpress/archives/2650. Retrieved December 26, 2010. 
  13. ^ Kurt Wismer (September 1, 2010). "Of logic and malware". anti-virus rants. http://anti-virus-rants.blogspot.com/2010/09/of-logic-and-malware.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Anti-virusRants+%28anti-virus+rants%29. Retrieved December 26, 2010. 
  14. ^ Security News (August 30, 2010). "Bloggers voice concerns about new malware convention". Sunbelt Software. http://www.sunbeltsoftware.com/About/Security-News/?title=Bloggers-voice-concerns-about-new-malware-convention-19933070. Retrieved December 26, 2010. 
  15. ^ "MalCon 2010 Technical Briefings". malcon.org. November 12, 2010. http://malcon.org/web/events/technical-briefings/. Retrieved December 26, 2010. 
  16. ^ "Panel Discussion: Hiring Hackers for National Security". malcon.org. November 12, 2010. http://malcon.org/web/thebigtalk/panel-discussion-hiring-hackers-for-national-security/. Retrieved December 26, 2010. 
  17. ^ J Dey (December 5, 2010). "Ethical hackers asked to learn Chinese to beat red attacks". MiD DAY. http://www.mid-day.com/news/2010/dec/051210-ethical-hackers-chinese-lessons-red-attacks-mumbai.htm. Retrieved December 26, 2010. 
  18. ^ Kohi10 (December 5, 2010). "Got Mad Hacking Skillz? Speak Chinese?". MadMark's Blog. http://kohi10.wordpress.com/2010/12/05/got-mad-hacking-skillz-speak-chinese/. Retrieved December 26, 2010. 
  19. ^ Uli Ries (December 8, 2010). "Hacker plants back door in Symbian firmware". The H Security. Heise Media Group. http://www.h-online.com/security/news/item/Hacker-plants-back-door-in-Symbian-firmware-1149926.html. Retrieved December 26, 2010. 
  20. ^ Norman's Security Blog (December 10, 2010). "Updated Firmware Available... Oh yes, forgot to mention this: with a build in back door!". Computer Security Articles. http://www.computersecurityarticles.info/antivirus/updated-firmware-available%E2%80%A6-oh-yes-forgot-to-mention-this-with-a-build-in-backdoor/. Retrieved December 26, 2010. 

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • PASKAL — Pasukan Khas Laut The Navy PASKAL or Panglima Hitam insignia. Active October 1, 1980 Present …   Wikipedia

  • PASKAU — Pasukan Khas Udara Official PASKAU logo Active 1 April 1980 – known as HANDAU 1 June 1993 – PASKAU Country …   Wikipedia

  • Royal Malay Regiment — Rejimen Askar Melayu DiRaja Royal Malay Regiment Cap Badge of the Rejimen Askar Melayu DiRaja Active 23 November 1932– Country Malay …   Wikipedia

  • Grup Gerak Khas — Infobox Military Unit unit name=Grup Gerak Khas caption=GGK Insignia dates=1960s Present country=flagcountry|Malaysia branch=Malaysian Army command structure=Malaysian Armed Forces / Malaysian Special Forces type= Special forces role= 11th RGK… …   Wikipedia

  • Military of Malaysia — The military of Malaysia is known officially as the Malaysian Armed Forces (MAF, Malay: Angkatan Tentera Malaysia ATM). It consists of three branches; the Royal Malaysian Navy (RMN, Malay: Tentera Laut Diraja Malaysia TLDM), the Malaysian Army… …   Wikipedia

  • Royal Malaysian Air Force PASKAU — Infobox Military Unit unit name=Pasukan Khas Udara caption= Official PASKAU logo dates=1 April 1980 known as HANDAU1 June 1993 PASKAU country=flagcountry|Malaysia branch=Royal Malaysian Air Force command structure=Malaysian Armed Forces type=Air… …   Wikipedia

  • Fuerza Aérea de Honduras — Saltar a navegación, búsqueda Fuerza Aérea de Honduras (FAH) Roundel de la Fuerza Aérea de Honduras Activa 1931 …   Wikipedia Español

  • Computer security conference — A computer security conference is a term that describes a convention for individuals involved in computer security. They generally serve as a meeting place for system and network administrators, hackers, and computer security experts. Contents 1… …   Wikipedia

  • Malaysian Armed Forces — Angkatan Tentera Malaysia Flag Malaysian Armed Forces Founded September 16, 1963 Service branches …   Wikipedia

  • National Security Database — is an official program jointly developed in support with the Government of India by Information Sharing an Analysis Center (ISAC), to identify and maintain a verified list of credible and trustworthy Information security experts who work to… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”