VB2014: more of the same, plus something a little different
Posted by Virus Bulletin on Dec 9, 2013
Hackers, network security researchers encouraged to submit abstracts for the conference.
The issuing of the call for papers for a VB conference is always an important event for us, but some changes to the conference format for VB2014 mean we are even more excited this year than usual.
As the threat landscape has evolved over the years (and the IT security industry with it), we have seen some of those changes reflected in the papers submitted for the VB conference.
The VB conference started in 1991 as a forum for the brains of the anti-virus industry to share their knowledge, and while its objectives remain the same today - to present factual information, demonstrate defensive procedures and discuss future developments and countermeasures - the topics covered have broadened over the years. Recently, VB conference delegates have heard talks on cyber terrorism, social engineering, network-level attacks and pentesting.
Virus Bulletin has always been about sharing knowledge and ideas and we feel that now is the time to broaden the scope of the VB conference a little further.
As usual, VB2014 will be a three-day conference with presentations running in two parallel streams. But whereas in previous years the streams were labelled as 'technical' and 'corporate', this time they will be split into themed sessions covering both traditional AV issues and some slightly broader aspects of IT security:
'Malware & botnets'
Those with an interest in the more traditional anti-malware topics will find plenty to interest them on the programme. In the stream dedicated to 'malware & botnets', presentations will analyse individual malware families and botnets, whether they target a single organization or anyone with a vulnerable device. Talks that take a more broader view and look, for instance, at malware infection rates or the threat landscape, will also fit into this stream.
'Anti-malware tools & methods'
We are proud to be part of an industry in which the sharing of defensive tools and methods among competitors has long been standard. Discussions of such tools and methods will fit within the 'anti-malware tools & methods' stream. Again, papers that take a broader view, for instance those on testing anti-malware solutions, will also be placed here.
The rise of mobile malware in recent years has led to an increase in interest in this topic. The 'mobile devices' stream is for papers on mobile malware and any other aspect of mobile security.
Spam & social networks'
Ten years after VB started to focus on spam, the majority of emails sent continue to be unsolicited, while the rise of social media has also made social networks a prime target for attackers. Papers on both subjects will fit in the 'spam & social networks' stream.
One of the new areas of focus for the conference is 'network security'. Whether you're worried about the NSA tapping your communications, or about large numbers of DNS responses being sent to DDoS your network, the security of Internet and intranet connections cannot be ignored. Among the topics that will fit into this stream are the security of IPv6, the use and abuse of privacy networks like Tor, network encryption, DNS security, DDoS attacks and more.
'Hacking & vulnerabilities'
Finally, we invite hackers and vulnerability researchers to submit papers for the 'hacking & vulnerabilities' stream. Have you been awarded a bug bounty? Have you done research into the vulnerability of medical devices or industrial control systems? Do you have an exciting pentesting story to tell, or one about how your responsible disclosure was received by the affected vendor? Have you hacked your way into an attacker's network to find out how it operates? Or can you demonstrate how vulnerable we all are to your hacking skills? This stream is for these topics.
Of course, we are aware that many presentations won't be 'boxed' so easily, and in the interest of accepting the most interesting and relevant papers we will always be flexible when it comes to assigning papers to the various streams. (So don't be discouraged from submitting an abstract if you don't feel that your paper fits into the streams listed.)
Finally, as in previous years, a section of the program will be set aside for last-minute papers - which will not be categorised in the same way, and which will not be selected until much closer to the conference, with the aim of being able to include much more up-to-the-minute material.
The full call for papers can be found here, and proposals for the conference can now be submitted. You have until 7 March 2014 to do so.
We are looking forward to receiving your abstracts - and to seeing you in Seattle.
Posted on 09 December 2013 by Martijn Grooten
Mydoom turns 15 this month, and is still being seen in email attachments. This Throwback Thursday we look back to March 2004, when Gabor Szappanos tracked the rise of W32/Mydoom.
Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2019 is now open and we want to hear from you!
Today, we publish a VB2018 paper by Google researcher Maddie Stone in which she looks at one of the most interesting anti-analysis native libraries in the Android ecosystem. We also release the recording of Maddie's presentation.
Today, we publish the VB2018 paper by Chronicle researcher Juan Andres Guerrero-Saade, who argues we should change the way we talk about APT actors.
VB Editor Martijn Grooten reviews Charles Arthur's Cyber Wars, which looks at seven prominent hacks and attacks, and the lessons we can learn from them.