Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

The Rise of Hacktivism and Insiders 2: Targeted Attacks Breakdown

Symantec’s Andrew Horbury provides detailed website security statistics globally and elaborates on targeted attacks by company size, industry and job function. So, let’s take a quick look at BlackHole which works in the following way: it is an exploit kit used to inject malware when a potential victim is...

The Rise of Hacktivism and Insiders: New Tactics, New Motives

Andrew Horbury, Senior Product Marketing Manager at Symantec, provides a comprehensive overview of hacktivists’ and insiders’ activities and the related risks. Hi and thank you, wherever you may be today. I’d like to welcome you all to this webinar which is part of BrightTALK’s Next Generation...

How to Disclose or Sell an Exploit without Getting in Trouble 4: Selling Tips

At the end of his presentation Jim Denaro highlights the aspects, including the respective legislation, to take into account when selling an exploit. We should now turn to selling very quickly. Right now there is no law in the U.S. that prohibits the selling of an exploit, and that is a situation that is...

How to Disclose or Sell an Exploit without Getting in Trouble 3: Minimizing Disclosure Problems

Providing a deeper insight into risk mitigations, James Denaro lists and explains a few options for staying on the safe side when making exploit disclosure. Another thing you want to do is be aware of pre-existing contractual relationships that you as a security researcher might have with the target of...

How to Disclose or Sell an Exploit without Getting in Trouble 2: CFAA and TRO Risk Mitigations

Elaborating on the Computer Fraud and Abuse Act as well as temporary restraining orders, James Denaro now advises on ways of mitigating the respective risks. We’ve got some examples here (see right-hand image) where CFAA has been applied. I think it’s helpful to look at some examples because that’s...

How to Disclose or Sell an Exploit without Getting in Trouble

James Denaro, patent attorney at CipherLaw, delivers a presentation at Defcon highlighting the legal risks InfoSec researchers might run into in their activity. The topic for today is how to disclose or sell an exploit without getting in trouble. I’m Jim Denaro. I’m an intellectual property attorney...

Prowling Peer-to-Peer Botnets after Dark 4: Methodology for Analysis Accuracy

Dwelling on the ways to ensure accurate botnet evaluation, Tillmann Werner focuses on distinguishing peers and introduces the especially tailored Prowler tool. What you see here is analysis of the convergence for the P2P botnets we crawled (see right-hand image). On the left-hand side, you see a curve...

Prowling Peer-to-Peer Botnets after Dark 3: Crawling Strategies

Entirely focusing on the subject of crawling P2P botnets here, Tillmann Werner explicates the motivations for this process as well as applicable strategies. Let’s talk about crawling. Crawling is nothing else but recursively enumerating peers. You start with one peer, you request its peerlist, you take a...

Prowling Peer-to-Peer Botnets after Dark 2: Architecture and Protocols

Tillmann Werner delves into the details of peer-to-peer botnet architecture and describes protocols used in the Miner and different versions of ZeroAccess. Interestingly, for all botnets that you’ve seen on the previous list the architecture is not purely peer-to-peer. It’s hybrid architecture. That’s...

Prowling Peer-to-Peer Botnets after Dark: Ins and Outs of the P2P Underworld

CrowdStrike’s researcher Tillmann Werner provides an extensive overview of peer-to-peer botnets, covering the essentials and architecture details thereof. Welcome to my presentation! I’m Tillmann Werner; I work for a company called CrowdStrike which is an American startup that deals with targeted...