Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Owning Bad Guys and Mafia with JavaScript Botnets 3: Scammers Exposed

Chema Alonso demonstrates several hilarious findings retrieved during his research, dissecting the Nigerian, dating, and other popular scams out there. So, the question is: who the hell uses proxy services on the Internet? How many of you are using this kind of services on the Internet? If you read related...

Owning Bad Guys and Mafia with JavaScript Botnets 2: Creating a JavaScript Botnet from Scratch

Having rejected several overly complicated tactics, Chema Alonso and his colleagues came up with a fairly simple, yet effective method for making a botnet to be used in their study, which is being thoroughly described in this part of the presentation. Another idea that we thought might work in our case is...

Owning Bad Guys and Mafia with JavaScript Botnets

Spanish computer security expert Chema Alonso gives a great talk at Defcon 20 about the ways to expose online scammers through the use of JavaScript botnets. The title of this session is “Owning bad guys and mafia with JavaScript botnets”. I hope you will enjoy the topic. But before I start, I...

Getting Ahead of the Security Poverty Line 8: Questions and Answers

Final part of Andy Ellis’ keynote at HITBSecConf 2012 is dedicated to answering questions from the event attendees, relating to the role of CSO in a company. Now I’m happy to take a question or two or five from the crowd, if anybody wants them. – Hi! My question is: often a big mistake that...

Getting Ahead of the Security Poverty Line 7: Increasing Security Value over Time

Andy Ellis elaborates here on the methods to prioritize security tasks within organizations and thus maintain high security value in the long-term perspective. As security professionals, we have a lot on our plates, we have a lot of things to do. How many people here juggle? If you try to learn to juggle,...

Getting Ahead of the Security Poverty Line 6: Third-Party Security Reviews

This section of the keynote sheds light on common mistakes made while evaluating vendor services, and outlines the most judicious approach to this activity. Another area we’ve recently been looking at is third-party security reviews. Everybody probably has this, certainly, in these days of outsourcing;...

Getting Ahead of the Security Poverty Line 5: Security Awareness Enhancement Practices

This part of the keynote is dedicated to optimization of security awareness training programs, and the common drawbacks of external audits for organizations. Let’s talk about a couple of other problems and things we’ve done to deal with them. Security awareness – anybody here involved in security...

Getting Ahead of the Security Poverty Line 4: Effecting Long-Term Change

Andy Ellis now makes emphasis on risk reduction in a long-term perspective, concurrently highlighting some scare techniques security vendors tend to leverage. Now let’s look at some ways that people act, and I’m going to include a couple of my anecdotes here. First one isn’t me. So, I went and took 3...

Getting Ahead of the Security Poverty Line 3: Perceived and Actual Risk

The subject matter Andy Ellis focuses on here is the so-called Set-Point Theory of Risk Tolerance addressing the concept of perceived and actual risk. The Peltzman Effect Why are things getting worse for the organizations? And this comes back to the Peltzman effect. Sam Peltzman is an economist at the...

Getting Ahead of the Security Poverty Line 2: Degrees of Security Value

In this entry, Akamai’s Andy Ellis dwells on the degrees of security assurance within organizations, and explains why adversaries succeed in their attacks. How much security value is ‘good enough’? We’d all love to have perfect security; we’re not going to be there though. This graph is...