Programme

Throughout the history of computing programmers have made mistakes in their code. Certain mistakes introduce vulnerabilities into the system which may be exploited by attackers to gain some form of unauthorised access. Even today, and even with major vendors, this happens often. Current security thinking suggests that hosts and servers should always be installed with the latest patches and service releases to ensure that they are not vulnerable to such exploits. But what if the exploit is unknown to the security industry?

Rationally software manufacturers, security vendors and consultants have learned about new exploits from the hacker underground through an intricate set of relationships that were grounded in the early days of Internet Utopianism. However, as the Internet develops into a powerful medium for commerce, these relationships are being strained and the Blackhat and Whitehat worlds are slowly but surely drifting apart, leaving the security industry increasingly distanced from frightening realities of the underworld.

Known as "Zero-Day", powerful exploits and tools may circle the underworld for for months or even years before being released to the general community. Perhaps, even now, there is a hacker somewhere with the knowledge and technology to render your security systems completely helpless. This talk explores the myths and realities of 0-Day exploits and discussed what can be done to combat this terrifying threat.