Quantcast

Archive: Apr 2014

The Rise of Hacktivism and Insiders 3: Profile of a Culprit

Andrew Horbury outlines the typical insider activities and the related threats to businesses, and dwells on the profile for the average insider and hacktivist. Did you know that insider theft makes up between 8-14% of confirmed data breaches, compared to the 88-92% attributed to external actors? Those...

The Rise of Hacktivism and Insiders 2: Targeted Attacks Breakdown

Symantec’s Andrew Horbury provides detailed website security statistics globally and elaborates on targeted attacks by company size, industry and job function. So, let’s take a quick look at BlackHole which works in the following way: it is an exploit kit used to inject malware when a potential victim is...

The Rise of Hacktivism and Insiders: New Tactics, New Motives

Andrew Horbury, Senior Product Marketing Manager at Symantec, provides a comprehensive overview of hacktivists’ and insiders’ activities and the related risks. Hi and thank you, wherever you may be today. I’d like to welcome you all to this webinar which is part of BrightTALK’s Next Generation...

How to Disclose or Sell an Exploit without Getting in Trouble 4: Selling Tips

At the end of his presentation Jim Denaro highlights the aspects, including the respective legislation, to take into account when selling an exploit. We should now turn to selling very quickly. Right now there is no law in the U.S. that prohibits the selling of an exploit, and that is a situation that is...

How to Disclose or Sell an Exploit without Getting in Trouble 3: Minimizing Disclosure Problems

Providing a deeper insight into risk mitigations, James Denaro lists and explains a few options for staying on the safe side when making exploit disclosure. Another thing you want to do is be aware of pre-existing contractual relationships that you as a security researcher might have with the target of...

How to Disclose or Sell an Exploit without Getting in Trouble 2: CFAA and TRO Risk Mitigations

Elaborating on the Computer Fraud and Abuse Act as well as temporary restraining orders, James Denaro now advises on ways of mitigating the respective risks. We’ve got some examples here (see right-hand image) where CFAA has been applied. I think it’s helpful to look at some examples because that’s...

How to Disclose or Sell an Exploit without Getting in Trouble

James Denaro, patent attorney at CipherLaw, delivers a presentation at Defcon highlighting the legal risks InfoSec researchers might run into in their activity. The topic for today is how to disclose or sell an exploit without getting in trouble. I’m Jim Denaro. I’m an intellectual property attorney...

Prowling Peer-to-Peer Botnets after Dark 4: Methodology for Analysis Accuracy

Dwelling on the ways to ensure accurate botnet evaluation, Tillmann Werner focuses on distinguishing peers and introduces the especially tailored Prowler tool. What you see here is analysis of the convergence for the P2P botnets we crawled (see right-hand image). On the left-hand side, you see a curve...

Prowling Peer-to-Peer Botnets after Dark 3: Crawling Strategies

Entirely focusing on the subject of crawling P2P botnets here, Tillmann Werner explicates the motivations for this process as well as applicable strategies. Let’s talk about crawling. Crawling is nothing else but recursively enumerating peers. You start with one peer, you request its peerlist, you take a...