Download - Hitcon2013 overview
![Page 1: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/1.jpg)
HITCON 2013Overview
Spin Lai
2013年8月30日星期五
![Page 2: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/2.jpg)
HITCON
2013年8月30日星期五
![Page 3: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/3.jpg)
2013年8月30日星期五
![Page 4: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/4.jpg)
‣ CHROOT‣ IRC ‣ Wall of Sheep‣ Wargame
2013年8月30日星期五
![Page 5: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/5.jpg)
Wall of Sheep
2013年8月30日星期五
![Page 6: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/6.jpg)
2013年8月30日星期五
![Page 7: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/7.jpg)
2013年8月30日星期五
![Page 8: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/8.jpg)
2013年8月30日星期五
![Page 9: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/9.jpg)
Source : http://dougsdevotions.com/2013/07/who-is-going-after-the-lost-sheep-vol-52/
2013年8月30日星期五
![Page 10: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/10.jpg)
Source : http://www.restkultur.net/gray-wolves-norway.html
2013年8月30日星期五
![Page 11: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/11.jpg)
2013年8月30日星期五
![Page 12: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/12.jpg)
2013年8月30日星期五
![Page 13: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/13.jpg)
‣ July 19 ~ July 20‣ 3 tracks‣ 36 speakers‣ 14 countries
2013年8月30日星期五
![Page 14: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/14.jpg)
Highlights
2013年8月30日星期五
![Page 15: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/15.jpg)
‣ Cyberwars‣ APT‣ Vulnerability & Exploit‣ Mobile
2013年8月30日星期五
![Page 16: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/16.jpg)
Cyberwars
2013年8月30日星期五
![Page 17: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/17.jpg)
People’s Republic of Cyber Warfare :Comparing China, Iran & Russia Militarization of
Cyberspace
駭客人民共和國 : 中國伊朗跟俄羅斯網軍的分析與比較
2013年8月30日星期五
![Page 18: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/18.jpg)
Global Cyber Espionage and Chinese Hacker Threats, Internet Surveillance and PRISM
全球間諜 : 互聯網監控全球趨勢, 稜鏡門與中國駭客威脅論
2013年8月30日星期五
![Page 19: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/19.jpg)
2013年8月30日星期五
![Page 20: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/20.jpg)
Edward Snowden
2013年8月30日星期五
![Page 21: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/21.jpg)
2013年8月30日星期五
![Page 22: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/22.jpg)
2013年8月30日星期五
![Page 23: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/23.jpg)
2013年8月30日星期五
![Page 24: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/24.jpg)
2013年8月30日星期五
![Page 25: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/25.jpg)
2013年8月30日星期五
![Page 26: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/26.jpg)
How South Korea Makes White-hat Hackers 2013 edition
南韓如何培養白帽駭客?
2013年8月30日星期五
![Page 27: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/27.jpg)
‣ Government‣ Industry‣ The Community
Motivation
2013年8月30日星期五
![Page 28: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/28.jpg)
• North Korea
• Need good hackers
• Support the community (secret)
• Push industry
Government
2013年8月30日星期五
![Page 29: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/29.jpg)
• Money talks
• Cyber attacks is real
• Strict law
• Result in over 200 security companies
Industry
2013年8月30日星期五
![Page 30: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/30.jpg)
• Hacking competitions from 1999
• Passionated on Defcon CTF
• Inspired by world class hackers
• Try to make something themselves
The community
2013年8月30日星期五
![Page 31: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/31.jpg)
‣ The Community‣ Industry‣ Academy‣ Government
Actions
2013年8月30日星期五
![Page 32: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/32.jpg)
• Over 10 hacking contests/conferences per year
• http://hackerschool.org
• KOSEC (Korea Security)
• Nurturing for next generation
The community
2013年8月30日星期五
![Page 33: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/33.jpg)
• Support conferences and hacker’s activity
• Give back to the community
• Work for security company instead of military service
Industry
2013年8月30日星期五
![Page 34: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/34.jpg)
• Universities have infosec related majors
• Universities have MOU with Cyber command
• Full scholarship for cyber warfare students
• Go to Army after graduation (for 5 years)
Academy
2013年8月30日星期五
![Page 35: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/35.jpg)
• Eager to hire skilled hackers
• KISA (Korea Internet & Security Agency)
• NCSC (National Cyber Security Center)
• Cyber command
• BoB (Best of the Best)
Government
2013年8月30日星期五
![Page 36: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/36.jpg)
APT
2013年8月30日星期五
![Page 37: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/37.jpg)
Advanced Persistent Threat
2013年8月30日星期五
![Page 38: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/38.jpg)
2013年8月30日星期五
![Page 39: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/39.jpg)
‣ Targeted‣ Long-term‣ Planned‣ Organized
APT
2013年8月30日星期五
![Page 40: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/40.jpg)
‣ Dark Seoul (2013/03/20)‣ Sony PSN (2011/04)‣ RSA (2011/03/17)‣ Google (2010/01/12)
Case study
2013年8月30日星期五
![Page 41: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/41.jpg)
Dark Seoul (2013/03/20)
2013年8月30日星期五
![Page 42: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/42.jpg)
2013年8月30日星期五
![Page 43: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/43.jpg)
Sony PSN (2011/04)
2013年8月30日星期五
![Page 44: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/44.jpg)
2013年8月30日星期五
![Page 45: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/45.jpg)
RSA (2011/03/17)
2013年8月30日星期五
![Page 46: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/46.jpg)
2013年8月30日星期五
![Page 47: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/47.jpg)
Google (2010/01/12)
2013年8月30日星期五
![Page 48: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/48.jpg)
2013年8月30日星期五
![Page 49: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/49.jpg)
APT Defense From the View of Security Architecture
從系統設計建置面談 APT 防禦
2013年8月30日星期五
![Page 50: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/50.jpg)
Visual Data Analytics - Graphing your indicators
APT 特徵的視覺資料分析法
2013年8月30日星期五
![Page 51: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/51.jpg)
‣ Huge amount of data‣ The old way‣ Data visualization
Overview
2013年8月30日星期五
![Page 52: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/52.jpg)
• Domains
• IP addresses
• Malware strings
• Assembly codes
• Net flows ...
Huge amount of data
2013年8月30日星期五
![Page 53: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/53.jpg)
The old way
2013年8月30日星期五
![Page 54: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/54.jpg)
2013年8月30日星期五
![Page 55: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/55.jpg)
Data visualization
2013年8月30日星期五
![Page 56: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/56.jpg)
2013年8月30日星期五
![Page 57: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/57.jpg)
2013年8月30日星期五
![Page 58: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/58.jpg)
2013年8月30日星期五
![Page 59: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/59.jpg)
Digital Eagle Eye System : Use Cyber Intelligence against APT Attacks
數位鷹眼系統 : 以網路數位情資對抗 APT 攻擊
2013年8月30日星期五
![Page 60: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/60.jpg)
APT Cyber Shuttle : From Automated Analysis to TTP Observation
APT 網際飛梭 : 從自動化分析到拆解 APT 後台駭客活動
2013年8月30日星期五
![Page 61: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/61.jpg)
APT1 : Technical Backstage
APT1 : 反攻網軍後台
2013年8月30日星期五
![Page 62: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/62.jpg)
Light & Shadow about Banking Security@Japan
光與影 : 日本銀行業的資訊安全
2013年8月30日星期五
![Page 63: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/63.jpg)
‣ Net-banking security practices‣ Business strategies‣ The result of a Power Balance‣ Study and solutions
Overview
2013年8月30日星期五
![Page 64: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/64.jpg)
• Screen keyboards
• Eliminating popup windows
• Password Reminder
• One Time Password (Bingo Card)
• One Time Password (Send by e-mail)
Net-banking security practices
2013年8月30日星期五
![Page 65: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/65.jpg)
• Net-banking service enabled by default
• Prefer to do what others are doing
• Customer expectation
Business strategies
2013年8月30日星期五
![Page 66: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/66.jpg)
• Money talks
• Banks became customer of ‘self-consequence’
• Systems Integrators become ‘ingratiating’
• Solutions for delighting banks
• No risk analysis !
The result of a Power Balance
2013年8月30日星期五
![Page 67: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/67.jpg)
• Convenience is the enemy of security
• Less differentiation, less confusion
• Enable the service when needed
• Use credit card instead of wire transfer
Study and solutions
2013年8月30日星期五
![Page 68: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/68.jpg)
Vulnerability&
Exploit
2013年8月30日星期五
![Page 69: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/69.jpg)
Life of Coder: The adventure through the landscape of bugs
程序員的蟲洞漂流
2013年8月30日星期五
![Page 70: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/70.jpg)
Killing AV in x64
戳戳防毒軟體死穴
2013年8月30日星期五
![Page 71: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/71.jpg)
0-Day Easy Talk - Happy Fuzzing Internet Explorer
0-Day 輕鬆談 - Happy Fuzzing Internet Explorer
2013年8月30日星期五
![Page 72: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/72.jpg)
How Can I Have 100 0-day for Just 1 Day
超級秘訣 - 一天擁有100個0-day
2013年8月30日星期五
![Page 73: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/73.jpg)
‣ Fuzzy testing‣ Why ActiveX?‣ Steps
Overview
2013年8月30日星期五
![Page 74: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/74.jpg)
• Black-box testing
• Random (Malformed) input data
• Monitoring the exceptions
• Find a exploitable vulnerability
Fuzzy testing
2013年8月30日星期五
![Page 75: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/75.jpg)
• Each module’s size is small
• Easy to collect ActiveX
• So many vulnerabilities existed
• Damage is huge
Why ActiveX?
2013年8月30日星期五
![Page 76: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/76.jpg)
Steps
2013年8月30日星期五
![Page 77: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/77.jpg)
2013年8月30日星期五
![Page 78: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/78.jpg)
2013年8月30日星期五
![Page 79: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/79.jpg)
Exploting JRE
JRE安全机制与漏洞挖掘研究
2013年8月30日星期五
![Page 80: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/80.jpg)
Mobile
2013年8月30日星期五
![Page 81: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/81.jpg)
Review of Security Vulnerabilities on the Android Platform
Android 平台安全性漏洞回顧
2013年8月30日星期五
![Page 82: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/82.jpg)
Escaping Android Dynamic Analysis; Chinese New Year Train Ticket Ordering Day
逃離安卓動態檢測 & 訂票助手一日談
2013年8月30日星期五
![Page 83: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/83.jpg)
Android Hooking Attack
2013年8月30日星期五
![Page 84: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/84.jpg)
GSM Security Research using Open Soruce Tools
以開源軟體進行GSM安全研究
2013年8月30日星期五
![Page 85: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/85.jpg)
Others
2013年8月30日星期五
![Page 86: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/86.jpg)
Breaking image CAPTCHA for fun
CAPTCHA 好好玩
2013年8月30日星期五
![Page 87: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/87.jpg)
‣ Bypass‣ Skill‣ Brute force
CAPTCHA Breaking
2013年8月30日星期五
![Page 88: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/88.jpg)
• Alternative form
Bypass
2013年8月30日星期五
![Page 89: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/89.jpg)
• OCR
• Statistic
• Curve-fitting (FFT)
• Analytic
Skill
2013年8月30日星期五
![Page 90: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/90.jpg)
• Database matching
• Effective brute force
Brute force
2013年8月30日星期五
![Page 91: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/91.jpg)
‣ FFT‣ Histogram‣ Longest path finding
And more ...
2013年8月30日星期五
![Page 92: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/92.jpg)
Browser and Local Zone
瀏覽器與本地域
2013年8月30日星期五
![Page 93: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/93.jpg)
‣ What is zone?‣ Zones in IE‣ Attack types
Overview
2013年8月30日星期五
![Page 94: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/94.jpg)
• Data separation
• Privilege separation
What is zone?
2013年8月30日星期五
![Page 95: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/95.jpg)
• Internet
• Local Intranet
• Trusted Sites
• Restricted sites
• Local Computer (hidden)
Zone in IE
2013年8月30日星期五
![Page 96: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/96.jpg)
2013年8月30日星期五
![Page 97: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/97.jpg)
• Probe local path/file from the Internet Zone
• Access local file from the Internet Zone
• Access local file from the Local Computer Zone
Attack types
2013年8月30日星期五
![Page 98: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/98.jpg)
2013年8月30日星期五
![Page 99: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/99.jpg)
Conclusion
2013年8月30日星期五
![Page 100: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/100.jpg)
‣ Government‣ Organization‣ Developer‣ User
What should we do?
2013年8月30日星期五
![Page 101: Hitcon2013 overview](https://reader033.vdocuments.us/reader033/viewer/2022042714/554f6d86b4c905c8088b5353/html5/thumbnails/101.jpg)
Don't be an ostrich
2013年8月30日星期五