VB2014: more of the same, plus something a little different
Posted by Virus Bulletin on Dec 9, 2013
Hackers, network security researchers encouraged to submit abstracts for the conference.
The issuing of the call for papers for a VB conference is always an important event for us, but some changes to the conference format for VB2014 mean we are even more excited this year than usual.
As the threat landscape has evolved over the years (and the IT security industry with it), we have seen some of those changes reflected in the papers submitted for the VB conference.
The VB conference started in 1991 as a forum for the brains of the anti-virus industry to share their knowledge, and while its objectives remain the same today - to present factual information, demonstrate defensive procedures and discuss future developments and countermeasures - the topics covered have broadened over the years. Recently, VB conference delegates have heard talks on cyber terrorism, social engineering, network-level attacks and pentesting.
Virus Bulletin has always been about sharing knowledge and ideas and we feel that now is the time to broaden the scope of the VB conference a little further.
As usual, VB2014 will be a three-day conference with presentations running in two parallel streams. But whereas in previous years the streams were labelled as 'technical' and 'corporate', this time they will be split into themed sessions covering both traditional AV issues and some slightly broader aspects of IT security:
'Malware & botnets'
Those with an interest in the more traditional anti-malware topics will find plenty to interest them on the programme. In the stream dedicated to 'malware & botnets', presentations will analyse individual malware families and botnets, whether they target a single organization or anyone with a vulnerable device. Talks that take a more broader view and look, for instance, at malware infection rates or the threat landscape, will also fit into this stream.
'Anti-malware tools & methods'
We are proud to be part of an industry in which the sharing of defensive tools and methods among competitors has long been standard. Discussions of such tools and methods will fit within the 'anti-malware tools & methods' stream. Again, papers that take a broader view, for instance those on testing anti-malware solutions, will also be placed here.
The rise of mobile malware in recent years has led to an increase in interest in this topic. The 'mobile devices' stream is for papers on mobile malware and any other aspect of mobile security.
Spam & social networks'
Ten years after VB started to focus on spam, the majority of emails sent continue to be unsolicited, while the rise of social media has also made social networks a prime target for attackers. Papers on both subjects will fit in the 'spam & social networks' stream.
One of the new areas of focus for the conference is 'network security'. Whether you're worried about the NSA tapping your communications, or about large numbers of DNS responses being sent to DDoS your network, the security of Internet and intranet connections cannot be ignored. Among the topics that will fit into this stream are the security of IPv6, the use and abuse of privacy networks like Tor, network encryption, DNS security, DDoS attacks and more.
'Hacking & vulnerabilities'
Finally, we invite hackers and vulnerability researchers to submit papers for the 'hacking & vulnerabilities' stream. Have you been awarded a bug bounty? Have you done research into the vulnerability of medical devices or industrial control systems? Do you have an exciting pentesting story to tell, or one about how your responsible disclosure was received by the affected vendor? Have you hacked your way into an attacker's network to find out how it operates? Or can you demonstrate how vulnerable we all are to your hacking skills? This stream is for these topics.
Of course, we are aware that many presentations won't be 'boxed' so easily, and in the interest of accepting the most interesting and relevant papers we will always be flexible when it comes to assigning papers to the various streams. (So don't be discouraged from submitting an abstract if you don't feel that your paper fits into the streams listed.)
Finally, as in previous years, a section of the program will be set aside for last-minute papers - which will not be categorised in the same way, and which will not be selected until much closer to the conference, with the aim of being able to include much more up-to-the-minute material.
The full call for papers can be found here, and proposals for the conference can now be submitted. You have until 7 March 2014 to do so.
We are looking forward to receiving your abstracts - and to seeing you in Seattle.
Posted on 09 December 2013 by Martijn Grooten
A report on the number of cyber attacks faced by UK local authorities is a good example of how the large numbers seen in many reports on security are rather meaningless.
The UK's National Cyber Security Centre (NCSC) has provided helpful and practical advice on preventing and detecting lateral movement by an attacker within a network.
If you are considering submitting a proposal for a talk to VB2018 and you're not familiar with the event, you may find it useful to know what kind of people attend the conference.
An unattributed malware attack has disrupted some computer systems of the 2018 Winter Olympics. In 1994, a computer virus also targeted the Winter Olympics.
Thousands of websites, including many sites of government organisations in the UK, the US and Sweden, were recently found to have been serving a cryptocurrency miner. More interesting than the incident itself, though, are the lessons that can be…