APSIRC 2005

1. Date

February 22-23, 2005

2. Place

At the Kyoto International Conference Hall (KICH) (Co-organized with the APRICOT 2005 Conference)

3. Sponsors

• Microsoft Corporation

Host

• Japan Computer Emergency Response Team / Coordination Center (JPCERT/CC)

4. About APSIRC

APSIRC stands for Asia Pacific Security Incident Response Coordination Conference, and is the annual conference held by the Asia Pacific Computer Emergency Response Team (APCERT).
APCERT members meet together at this annual conference to report their annual activities, as well as to share and discuss recent incident security issues and future strategies.
APSIRC is a place to foster collaborations among CERTs and CSIRTs in the Asia Pacific.

5. Program

The Conference will bring together the participants in Kyoto for three days, to discuss collaborations among CERTs and CSIRTs in the Asia and Pacific region.
The first two days are closed meeting for the AP region CERTs and CSIRTs. The third day is open to everyone who is interested in incident response activities.

• February 22 (Day 1): APCERT Steering Committee Meeting (Closed)


• February 23 (Day 2): APCERT Member Meeting (Closed)


• February 24 : APSIRC Security Incident Handling (Open)
• Session 1: APSIRC - "Incident Trend & Analysis"

  Session Description:
  The main topic of this session is "computer crime."  Presentations include statistics and analysis on computer network attacks (i.e. phishing)
  and trends of professional cyber security crimes from some economies in the Asia Pacific region.
  
  09:00-9:30  "Where is the way out for stop phishing"
               Speaker: Dr. Du Yuejin, Division Chief of CNCERT/CC
               Outline: This presentation talks about the various phishing techniques; the phishing incidents that CNCERT/CC handled;
                       trend analysis about phishing; proposals on handling phishing incidents.
  
  09:30-10:00 "Trends in Japan"
               Speaker: Yurie Ito, JPCERT/CC
  
  10:00-10:30 "Online Identity Theft"
               Speaker: Graham Ingram, General Manager AusCERT
               Outline: A presentation on the current trojan activity related to Internet Banking - the use of spam, trojans and spyware.  The impact and the response.
           

• Session 2: APSIRC - "Early Warning"

  Session Description:
  Presentations about early warning.
  
  11:00-11:30 "Vulnerability Handling"
               Speaker: Meng-Chow Kang, CISSP, CISA
                        Chief Security & Privacy Advisor, Microsoft Asia Pacific
               Outline: A presentation on the activities of the Microsoft Security Team.
  
  11:30-11:50  Traffic Monitoring 1: "A Worldwide Distributed Platform to Study Internet Threats"
               Speaker: Marc Dacier, Eurecom
               Outline: The talk introduces Eurecom's Project.
  
  11:50-12:30  Traffic Monitoring 2:
              "Traffic Monitoring - MyCERT Experience"
               Speaker: Solahuddin Shamsuddin, MyCERT
               Outline: The presentation will focus on sharing MyCERT's experience in traffic monitoring which will address among others the architecture of the system,
                        the technology and method used and types of information monitored which could be the basis of data sharing among the APCERT members.
                        i.e. Traffic profiling based on the aggregation on certain traffic characteristics such as protocols, ports, 'success and failures' and traffic volumes.
                        Lessons learned and future research will also be discussed.
  
              "The Portal Site of the Traffic Monitoring"
               Speaker: Jungu Kang, KrCERT
               Outline: Every economies in the world are looking for a reasonable methodology to predict incidents and estimate the impact the incidents will affect within their own constituency.
                        Moreover, they want to know if the incidents are happening in other countries or provinces having similar computer environment, which is to give a proper alerts to the public
                        timely.  A portal site that gathers information of traffic monitoring from various economies is a good idea to satisfy those requirements.  At the first stage, sending data
                        with ssh protocol and IODEF format and recording the data into the database are essential to get the statistics we want.
                        For this portal site project, the initiatives should think about not only the way of gathering traffic data of domestic, but also what kind of data they will collect.
                        Is sending traffic data to other CERT a critical problem?  Open mind and have a look at the contents of the data to send, then you will think in a different way.
  
           

6. Program Committee

• AusCERT
• CNCERT/CCT
• HKCERT
• JPCERT/CC
• KrCERT/CC
• MyCERT
• SingCERT