Quantcast

Author: david b.

The Modern History of Cyber Warfare 5: The Internet of Things

The lecturer now outlines the hazards associated with billions of things being connected to the Internet and highlights nation state cyber warfare goals. As we’re approaching billions and billions of things connected to the Internet, imagine supply chain attacks for what we are calling the Internet of...

The Modern History of Cyber Warfare 4: 0day Black Market and State Sponsored Attacks

This entry covers the issue of 0day exploits being discovered and unethically used by some companies to gain profit, and touches upon state sponsored attacks. We are basically kind of in the middle of a cyber cold war, and the evidence is kind of staring right at us. So let’s talk about, basically, the...

The Modern History of Cyber Warfare 3: Ongoing Debate on APTs

This section touches upon the tangible consequences of advanced persistent threats being utilized and the debate concerning the acceptable extent of that. While we’re talking about groups of hackers, let’s just dive into the deep end of it: advanced persistent threats, and talk about the small history...

The Modern History of Cyber Warfare 2: Hacker Culture in the Western and Eastern World

The “Offensive Security” lecture at FSU continues with extensive analysis of advanced persistent threats of the last several years and an overview of hacker culture differences globally. So, while we were still in 2010, in June Stuxnet was discovered; at least Stuxnet v.1.01.1, and everyone in...

The Modern History of Cyber Warfare

This article reflects the lecture for CIS5930/CIS4930 “Offensive Security” at the Florida State University, covering some of the events that compose the history of what’s called “cyber warfare”. Today’s lecture is about that term: cyber warfare, the history of it, the public...

The Lifecycle of Cybercrime 5: Public-Private Partnerships as a Countermeasure

Now Erik Rasmussen takes some time to talk about the US Secret Service’s achievements and the role of public-private partnerships in fighting cybercrime. Nicholas Percoco: Now I’d like to have you spend a couple of minutes talking about some of the successes your organization has had. We spoke a lot...

The Lifecycle of Cybercrime 4: Perspective of the Secret Service

Now Nicholas Percoco invites Erik Rasmussen from the US Secret Service to join the discussion of cybercrime and answer questions from the community. Nicholas Percoco: So, now what we’re going to do is we’re going to bring out a special guest, somebody I’ve been working with for a long period of time,...

The Lifecycle of Cybercrime 3: Demos of Exploit-Based Data Theft

In this part of the keynote Nicholas Percoco demonstrates the flow of a typical personal data harvesting attack based on the use of common exploits. Now what I want to do is change gears a little bit. We talked about the major methods of attack, and so I want to share with you a little bit of an attack demo....

The Lifecycle of Cybercrime 2: Dissecting the Breach Process

Trustwave’s Nicholas Percoco is now shifting the focus of his keynote over to phases of the cybercrime process targeting organizations for data breaches. There are some of the other examples here that we’ll talk about, but really what I want to do is talk closely about the process. Now, these are...

The Lifecycle of Cybercrime – Nicholas Percoco and Erik Rasmussen at RSA Conference US 2013

Ethical hacker and security researcher with Trustwave Nicholas Percoco keynotes at RSA Conference 2013, addressing nuances of the present-day cybercrime. Nicholas Percoco: Thank you very much! Good afternoon! We’ll be spending the next 30 minutes or so talking about the lifecycle of cybercrime. We live...

Before, During, and After – 20 Years of DEFCON Follow-Up: Motivation Towards Checks and Balances

Gail Thackeray now turns it over to Dead Addict so that he speaks on more of a motivational side of DEFCON and relations with the law enforcement. Dead Addict: First of all I’d like to thank Jason Scott; if anyone’s looked on your DVD, there’s a good amount of material, including the issues of Tap...

Before, During, and After – 20 Years of DEFCON, or FEDCON?

Some of the pioneers of Defcon, Gail Thackeray and Dead Addict, take the floor at Defcon 20 to recall how it all started and compare it to where it is now. Gail Thackeray: Good morning, my name is Gail Thackeray and I was at DEFCON 1; I was the only prosecutor they invited to come (who would?), and my...

Jihadist Use of the Internet 2008-2011 Overview 4: Forensics and the Hierarchy of Murder

Making final strokes to the presentation, Jeff Bardin reviews more toolkits, including one on forensics, and al-Qaeda’s strategic and operational objectives. Somewhere along the line the Jihadis were able to get hold of the FBI Field Kit for forensics (see right-hand image). This was posted online on...

Jihadist Use of the Internet 2008-2011 Overview 3: Online Training Materials

Moving on with his overview of Jihadist activities on the Internet, Jeff Bardin outlines the variety of training resources available online. There are many interpretations to Jihad available online. In particular, the Salafi created their own e-books that convert those looking to become radicalized or learn...

Jihadist Use of the Internet 2008-2011 Overview 2: Cyber Jihad Methods and Tools

In here Jeff Bardin continues to highlight the Jihadist software, communication means, online guides, and dwells on the phases of radicalization process. Some of their early methods that used network security tools out there – obfuscation, denial and deception – included the distribution of Asrar...

Cyber Jihad: Jihadist Use of the Internet 2008-2011

Jeff Bardin from Treadstone 71 provides a detailed overview of the Jihadist activities on the Internet, including their software tools, online resources, etc. Good day and welcome to this cyber jihadist use of the Internet from 2008 to 2011 overview by Treadstone 71. This deck, over 60 slides, will cover...

Investigating and Preventing Cyberbullying 6: Trust and Parental Monitoring

As the panelists move towards the end of the discussion, they are raising the issue of parent approach to their kids’ activities online. David Kirkpatrick: You know, this is a room full of people whose business is solving problems that happen online, basically. It is very interesting, and I think it’s a...

Investigating and Preventing Cyberbullying 5: Insight into Social Reporting

This part is entirely dedicated to the unique and effective reporting mechanism adopted by Facebook to mitigate cyberbullying and abuse scenarios. David Kirkpatrick: So, I want to switch gears a little bit and show you guys something as a way of leading to my next questions for Joe. So, could we have the...

Investigating and Preventing Cyberbullying 4: The Role of Empathy

The RSA panelists are looking here into the importance of showing empathy in online bullying scenarios, in particular on the bystanders’ end. David Kirkpatrick: I want to ask other panelists too about this issue of empathy, because I think almost everyone of you mentioned it as we were prepping for this....

Investigating and Preventing Cyberbullying 3: Facebook’s Perspective

What you can learn from this section is the way Facebook is dealing with the phenomenon of cyberbullying as viewed by Joe Sullivan, the Company’s CSO. David Kirkpatrick: Ok, so, Joe, what is Facebook’s general perspective on this? I mean, you, I know, think about it a lot. So how should we view Facebook...

Investigating and Preventing Cyberbullying 2: Lessons Learned from the Megan Meier Case

In this part of the panel, the participants are focusing on offline to online bullying relation as well as the notorious Megan Meier case and its consequences. David Kirkpatrick: So, Jaana, I want to jump to the other end of the road here. As a social scientist who’s spent your career studying bullying in...

Pandora’s Box Meets the Sword of Damocles: Investigating and Preventing Cyberbullying

The increasingly disturbing issue of the cyberbullying phenomenon getting discussed and analyzed by InfoSec professionals David Kirkpatrick, Sameer Hinduja, Joe Sullivan, Jaana Juvonen and Mark Krause during RSA Conference US keynote. David Kirkpatrick: Welcome back from lunch and I’m told that you’re a...

A Study of Clickjacking 4: Summary and Q&A

Adding finishing strokes to his USENIX Security presentation, Lin-Shung Huang provides conclusions drawn from the study and answers questions from the audience. So, to sum up, we demonstrated new clickjacking variants that can evade current defenses. Our user studies show that our attacks are highly...

A Study of Clickjacking 3: Ensuring Visual and Temporal Integrity

This part of Lin-Shung Huang’s presentation covers new techniques that are effective for ensuring better defenses against different variants of clickjacking. Now, we know that current defenses are insufficient in one way or another. The question is: can we design a better defense? We set a few design...

A Study of Clickjacking 2: Existing Defenses and New Attack Variants

Lin-Shung Huang now describes the current clickjacking defenses and outlines the new attack variants that were evaluated using the Amazon Mechanical Turk. Existing Defences So, I talked about the existing attacks. Now, what are the current defenses to protect visual integrity? One method is user...

Clickjacking: Attacks and Defenses

Lin-Shung Huang from Carnegie Mellon presents a study at USENIX Security about clickjacking attack vectors and the defenses to deploy for evading this issue. Hello, I am David Lin-Shung Huang from Carnegie Mellon. Today I will be talking about clickjacking attacks and defenses and will introduce three new...

Building a Higher Order of Security Intelligence 4: Moving Forward

The RSA Conference keynote by Francis deSouza ends with a listing of actions to implement for the security industry to advance in the right direction. So, what’s the answer? As we look forward, one part of the answer is absolutely making sure that organizations, that individuals, that countries have all...

Building a Higher Order of Security Intelligence 3: The Role of Situational Awareness

Francis deSouza now talks about issues associated with big intelligence and how those affect situational awareness that’s critical to enterprise cybersecrity. So, how do we deal with all those trends? Well, in this conference you’re going to hear a lot about big data and about security analytics, so...

Building a Higher Order of Security Intelligence 2: Cybercrime Trends

Francis deSouza enumerates here the new trends affecting the entire cyber threat landscape, including multi-flank attacks, “bulletproof” hosting providers, etc. So, what are the new trends we’re seeing across those stages? Multi-Flank Attacks Well, in the last year we’ve seen a growth in the...

Symantec’s Francis deSouza on Building a Higher Order of Security Intelligence

Francis deSouza, President of Products and Services at Symantec, gives a keynote at RSA Conference US 2013 about the role of big data and security intelligence for protection against advanced persistent threats, breaches and sophisticated cyber attacks. Good morning! A major international brand was recently...