KUALA LUMPUR, Oct 7 — Security conference Hack In The Box returns to Kuala Lumpur this October 10-13. Besides the usual state-of-security talks, there will also be discussions about social networking and — surprise, surprise — airline reservations.

On social networking, conference speaker Marco “embyte” Balduzzi has a controversial-sounding track titled: “Attacking the privacy of social network users.”

“With my presentation, I hope to raise the awareness against the use of social networks,” said Balduzzi. He outlined various ways social networks are used by criminals — to the detriment of their users.

He noted specific trends when it came to attacking social networks: Worms that propagate across social networks, malware that used networks as vectors, data leaks through automated crawling, targeted spam and advanced botnets that would harness social networks as “command and control” servers are among them.

Other growing trends involve misappropriation or attacks on social network identities. These included attackers impersonating identities as well as “de-anonymysing” — revealing identities of users behind profiles such as those created by companies in their recruitment processes.

When it came to what the real problem was where social networking security is concerned, Balduzzi said part of it had to do with the providers’ priorities: “Social networking providers lack attention to security, while preferring to provide more functionalities than implement strict control mechanisms.”

Though only a tiny fraction of a per cent of users had their accounts compromised, it’s still a significant number if you take into account Facebook alone has over 650 million users, said the security expert.

Balduzzi said, “The amount of personal information stored on social networking sites calls for appropriate security precautions to protect this data. Users too often tend to reveal a bit too much information.”

Part of Balduzzi’s presentation will also touch on Safebook, a decentralised social network that would preserve privacy, developed by EURECOM’s Antonio Cutillo. It would offer better user profile protection as well as obscuring communication between users so observers could not deduce who a user is communicating with inside the network.

In contrast, VOIP expert Hendrik Scholz will be speaking on an entire economy centred around fare searching. With the Internet, news of great deals travels fast. Great deals here meaning not the typical discount fares but occasions when airline online ticketing systems have errors that are easily exploited for cheaper tickets.

This has led to people exploiting these fares by essentially selling the information and earning money via “cash back” or affiliate sites. Of course, airlines will lose money and, thus, move to either remove the fares in question or create rules to prevent abuse, said Scholz.

In response, the fare searching community has gone somewhat underground. Instead of public forums, they resort to smaller hidden groups or email lists, using keywords for common tricks. Scholz said, “It’s (become) a game on who is the quickest to find bugs, issue tickets or sell the information to third parties.”

He says his presentation will be less about exploiting bugs but more about showing people how global reservation systems work and how to start “hacking” fares.

“Hopefully by the end of the session people are not only hooked but understand how to work the system and contribute to the community.”

For more information on the conference, please click on this link.