Quantcast

Archive: Jun 2013

A Study of Clickjacking 4: Summary and Q&A

Adding finishing strokes to his USENIX Security presentation, Lin-Shung Huang provides conclusions drawn from the study and answers questions from the audience. So, to sum up, we demonstrated new clickjacking variants that can evade current defenses. Our user studies show that our attacks are highly...

A Study of Clickjacking 3: Ensuring Visual and Temporal Integrity

This part of Lin-Shung Huang’s presentation covers new techniques that are effective for ensuring better defenses against different variants of clickjacking. Now, we know that current defenses are insufficient in one way or another. The question is: can we design a better defense? We set a few design...

A Study of Clickjacking 2: Existing Defenses and New Attack Variants

Lin-Shung Huang now describes the current clickjacking defenses and outlines the new attack variants that were evaluated using the Amazon Mechanical Turk. Existing Defences So, I talked about the existing attacks. Now, what are the current defenses to protect visual integrity? One method is user...

Clickjacking: Attacks and Defenses

Lin-Shung Huang from Carnegie Mellon presents a study at USENIX Security about clickjacking attack vectors and the defenses to deploy for evading this issue. Hello, I am David Lin-Shung Huang from Carnegie Mellon. Today I will be talking about clickjacking attacks and defenses and will introduce three new...

Building a Higher Order of Security Intelligence 4: Moving Forward

The RSA Conference keynote by Francis deSouza ends with a listing of actions to implement for the security industry to advance in the right direction. So, what’s the answer? As we look forward, one part of the answer is absolutely making sure that organizations, that individuals, that countries have all...

Building a Higher Order of Security Intelligence 3: The Role of Situational Awareness

Francis deSouza now talks about issues associated with big intelligence and how those affect situational awareness that’s critical to enterprise cybersecrity. So, how do we deal with all those trends? Well, in this conference you’re going to hear a lot about big data and about security analytics, so...

Building a Higher Order of Security Intelligence 2: Cybercrime Trends

Francis deSouza enumerates here the new trends affecting the entire cyber threat landscape, including multi-flank attacks, “bulletproof” hosting providers, etc. So, what are the new trends we’re seeing across those stages? Multi-Flank Attacks Well, in the last year we’ve seen a growth in the...

Symantec’s Francis deSouza on Building a Higher Order of Security Intelligence

Francis deSouza, President of Products and Services at Symantec, gives a keynote at RSA Conference US 2013 about the role of big data and security intelligence for protection against advanced persistent threats, breaches and sophisticated cyber attacks. Good morning! A major international brand was recently...

An Analysis of the Online Identity Battleground 7: Dissecting the Legislation

Completing his Shmoocon presentation, aestetix singles out specific country-based legislation regarding name policies, and takes questions from the audience. Our last myth from Adam here: we are currently fixing this through legislation. South Korea did this back in 2003 (see image below). So, South Korea,...

An Analysis of the Online Identity Battleground 6: Names Policies of Google and Facebook

This section outlines the way services like Google and Facebook currently go about handling user names and pseudonyms. There’ve been some updates and changes to this policy of Google. The new policy: “You can change your name, but it’s limited to 3 times every two years,” I’m not sure why....

An Analysis of the Online Identity Battleground 5: Can We Trust “Identity Providers”?

Subjects covered in this part of aestetix’s presentation include trust in terms of online names specificity, and “identity providers” like Facebook and Google. Myth #3: we cannot trust anyone who does not use their legal name online. Trust – that’s such a tricky word, isn’t it? Here’s...

An Analysis of the Online Identity Battleground 4: Legal Names and Cyberbullying

aestetix makes herein an emphasis on the correlation between the use of real names and pseudonyms online with people’s behavior on the Internet. Number two for the myths, thanks Adam: “We can stop cyberbullying by forcing people to use their legal names. People who do not use their legal names do...

An Analysis of the Online Identity Battleground 3: The Essence of Identity

What aestetix highlights in this part of the presentation is the different aspects of one’s identity and its relation to nyms, nicknames, hacker handles, etc. Moving on a little bit and getting into some psychology here, the question: “Is identity internal or external?” And if you’ve...

An Analysis of the Online Identity Battleground 2: Defining a “Nym”

aestetix dwells herein on the essence of name, nym, identity, and social network, and provides non-trivial examples thereof as well as their interrelations. So, myth #1, and there are 5 of these myths, just so you know. Only pedophiles, criminals and cyber-bullies do not want to use their legal names...

An Analysis of the Online Identity Battleground by aestetix

aestetix, a researcher of online identity issues and one of the enthusiasts that created the Nym Rights group, gave a great talk at Shmoocon 2013 event entitled “Beyond Nymwars” highlighting the various facets of online names use within the identity-related context. Before I start I just want to...

Questions and Answers with Dave Kennedy. Part 3

We get our final set of questions answered in the interview with Dave Kennedy, addressing DerbyCon, today’s infosec, and more security-related matters. – DerbyCon community and the number of speakers grow. What new are you planning for DerbyCon 3.0? – Speaker lineup is going to be epic this...

Questions and Answers with Dave Kennedy. Part 2

In this part of our interview we asked David Kennedy about prospects of the Social-Engineer Toolkit, breakdown of attack vectors, and his plans for the...

IObit Advanced Mobile Care 3.2 review

Free IObit Advanced Mobile Care 3.2 is a user-friendly and dependable app for maintaining security and smooth performance of an Android device. Usability:  Features:  Efficiency:  Support:  Overall:  Download The recent launch of the upgraded IObit Advanced Mobile Care app...

An Interview with Dave Kennedy on Artillery, SET, DerbyCon and pentesting

David Kennedy is the founder and CEO of TrustedSec, former CSO for Fortune 1000, former Marine Corps. He is the author of The Social-Engineer Toolkit, Fast-Track and Artillery and other open source tools. He was previously on the BackTrack development team and Exploit-Database development team. David is...

Why is Cyber Conflicts Amnesia Dangerous? Interview with Jason Healey from the Atlantic Council

Jason Healey is the director of the Cyber Statecraft Initiative of the Atlantic Council, focusing on international cooperation, competition and conflict in cyberspace. He also is a board member of the Cyber Conflict Studies Association and lecturer in cyber policy at Georgetown University. He co-authored...