Today marks the beginning of HITBSecConf2009–the Hack in the Box Security Conference–being held in Malaysia. The topics sound threatening (“Clobbering the Cloud,” “Attacking Interoperability,” “Bugs and Kisses: Spying on BlackBerry Users for Fun,” and “Defeating Software Protection with Metasm“) but the conference is geared toward education and enhancement of security: “The main aim of our conference is to enable the dissemination, discussion and sharing of deep knowledge network security information.” And while a large part of the conference is devoted to attacking interconnected data, whether it is stored in “the Cloud,” or on seemingly more-secure local servers, there’s even a “lock picking village” that aims to show that even physical storage of data isn’t 100% secure.
It’s not like this is some sort of ultra-secret cabal (though some attendees are no doubt black hat); the conference has a plethora of big-name sponsors, including IBM, Microsoft, Mozilla, and Google. And the lessons learned from conferences like Hack in the Box and DefCon do have the tendency to create innovations which lead to greater security. At the same time, however, it is rather like trying to plug a dam, because once one security hole is fixed, another is discovered.