To read first part of this report click here

Firefox squashes IE

Manager of Mozilla Company, Window Snider, delivered one of the remarkable speeches during the conference. However, Microsoft had dispatched some ordinary and mid-rank programmers of the company to the conference. Mozilla Company also sent one of its prominent security managers to Dubai to defend the credibility of Firefox browser.
Snider’s speech led to the audiences’ praise for the Firefox and its security equipment as well as lambasting the Microsoft and its “faulty browser”, as she was properly aware of programming and security issues.
Representatives of the Microsoft, who could not stand hearing insulting comments on their beloved browser, raised intriguing questions during her speech at a couple of occasions, trying to question the allegations brought up by Snider, however, her responds were often convincing for the audience.
According to Snider, Firefox II identifies the “Phishing” sites and has better performance than the IE7 in different security experiments.
She went on to add that Microsoft should spend 135 days to remove every existing security gap on its IE7, but Mozilla can resolve the problems of the Firefox within 21 days.
“Mozilla makes efforts to resolve the entire problems of Firefox, given the fact that constant problems will, of course, not be seriously dangerous for our users,” she added.
“We are initially supposed to analyze the problem not to solve it blank-mindedly, and also to adopt a transparent process in dealing with the problems as well, in a bid to reduce the complexity of Firefox and to pay attention to eliminating its remaining security gaps,” she noted.
The debate on the browsers of Mozilla and Microsoft continued after her speech during the lunchtime.

Mobile Security

“Providing Security for Electronic Atmospheres” was the title of an address by Ahmad Khativ, from Pointsec Company.
He said that the viruses, the worms, and the hacking of networks are old threats for wireless telecommunication services, adding, “The online laptops and wandering information on the web, too, are serious new threats, that are still mainly ignored.”
He said that usage of laptops, due to their down-falling prices, the rapid expansion of wireless networks, and the web-based applications is rapidly increasing. Meanwhile, getting access to emails taking advantage of PDA’s and intelligent mobile sets, and the increased data processing capacity of the mobile electronic devices have hand in hand led to the increased tendency to conduct business transactions through such medias.
The speaker in that part of his address pointed out that the average value of the information stored on a laptop is around US $972,000, adding, the value of such information on laptops of VIP’s would amount to some US $8.8 million.
According to him, some 80% of the information stored on laptops are lost, or stolen, and in 20% of the cased such robbery takes place online. Of course some 50% of such robberies have taken place using the stolen laptops.
According to the speaker, there are no appropriate obligatory legal measures against information theft in most parts of the world.
He continued presenting a number of effective methods for countering information theft, including usage of codes for dispatching information, identifying the user before booting the computer, storage of various types of information in those parts of the computer drive that are merely accessible for the user that is authenticated for manipulating them, and using independent software.”
He meanwhile offered an introduction to capabilities of Windows Vista, pointing out the Microsoft new operating system’s points of strength and weakness.
Khativ at the end considered coding the information from the very initial stages of a program, and at most eight hours after production, in order to remain intact in the face of the rapidly increasing online information theft.

Iran ranks 3rd on security threats in ME

Two experts of HP and Cemiantech Companies delivered another interesting speech, in which they stated: “Fame leads to fragility.”
What they meant was that only a fully isolated system can maintain perfect security measures, and that simultaneous with the increase of a platform’s vastness, its fragility would increase respectively.
According to statistics presented in the speech, the countries of the United Arab Emirates (UAE), Saudi Arabia, Kuwait, Bahrain, Qatar and Oman have respectively been the hubs of planning most of the internet attacks.
The increase of such attacks has directly linked to internet penetration increase and the increasing of the population of the network users, particularly those of the high-speed internet.
At the end of that part of the conference, I tried to attain more information on the nature of internet attacks rooted from Iran, but speakers claimed their data was classified and refused from offering more details on this matter.
The only point worth mentioning that I found out from the awhile is spent debating with them was that the increase or decline of internet attacks originated form Iran is directly linked with the fluctuations of tensions between Iran and the West, particularly with the US. The speakers also claimed at the time when UK marines were detained by Iran, the number of such attacks increased significantly.
However, they introduced Kuwait, Jordan, the UAE, Saudi Arabia, Bahrain and Qatar respectively as the most active countries in the field of writing destroyer codes aimed at stealing identity data of users 25%, 20% and 14 percent of the aforementioned destructive codes have been written aimed at attacking the public organs, the educational institutes, and the health care institutions respectively.
It is interesting that according to statistics, 86 percent of the attacks from the Middle East are targeting the US-based sites, followed by the UK and Canada with seven and one percent respectively.
The speakers also classified common vulnerability in virtual space, adding that the number of ‘Phishing attacks’ are increasing in the Middle Eeast day by day.
According to them, the UAE, Saudi Arabia and Bahrain are the hub of most Phishing attacks in the region.

A man to unlock all security devices

At the end of this report it might be interesting for our readers to hear a brief account on the attractive address given by Mark Webber Tobias from the United States. Mark’s activities during the past ten years have been focused on studying the security level of mechanical locks, and according to him, no lock could resist longer than 10 minutes in confrontation with his expertise!
He believes in accordance with the famous Newton Law that says any action has a reaction that is equal, but in opposite direction with it, breaking any lock is possible.
During his address be unlocked several models of locks, merely by hitting hart at the end of a small rod, after placing the rod at certain points of the lock, raising the amazement of the audience.
He claimed the majority of mechanical padlocks can be unlocked if they are hit on their certain points hard enough. At the end of the lecture a large number of the audience had questions from Mr. Tobias on security level of their homes, their cars, their safe boxes, etc.

Miscellaneous subjects

During the course of the two day gathering there were also dozens of lectures on other attractive related issues, on which we unfortunately cannot focus in this article, although we could not even find time to attend some of the interesting ones.
Among them we can refer to the HITB2007 Security Conference, in which reference was made to methods applied in penetrating into banks’ networks, open text software’s security, Windows Vista security, VOIP security, the Honeypots and their future, the 21str Century coding, the obscene websites, the perspective of malevolent software in the Middle East, security of intelligent and NGN (new generation) networks, telecom frauds, Web2 hacking, how to safeguard AJAX, and the various web-based X.25 services in the Arab world.
We hope an IT conference at such a level would one day be sponsored in our own country. For further information on the gathering you can refer to its website:
http://conference.hackinthebox.org/hitbsecconf2007dubai