ITWeb’s 2010 Security Summit
This year saw ITWeb hosting their annual Security Summit and in tune with 2010 we can say we were there, can you say the same?
The conference saw extremely talented people from the IT security industry speaking on the problems that are currently rife and what are possible solutions. Speakers ranged from internationally renowned Joe Grand, Moxie Marlinspike, Charlie Miller, Felix FX Lidner to local speakers such as Ian de Villiers, Matt Erasmus and many other speakers.
As all these experts gathered and spoke on their various topics one of the key underlining factors of importance that was pointed out was that sites like face book (mainly, seeing as a lot of people are hooking up to it) have, the amount of threats it poses to privacy and the threats that are posed towards it. Another key aspect that was subtly shown was how the people that used to do hacking back in the 90’s whose only reason was passion have been replaced by such people whose only goal is to try and steal money from unsuspecting people.
Botnets
A very important aspect in the current security climate. A very interesting aspect Saumil Shah spoke about was how the Zeus botnet one of the more famous ones at the moment can be purchased for around $1500. For most scammers out there they are not really afraid to spend the start-up capital as they know that if they get to infect around 15 pc’s and steal $100 or so from a person via the Leprechaun plug-in (you may be thinking what is this? It is a add-on that allows the owner to transfer money from the targets pc in real time as they access the account.) they have essentially regained their capital and will continue till the person cleans their pc of this malware and breaking away from the botnet.
Leprechaun is an example of a “Man-In-The-Browser” attack. Man in the browser is the new buzzword in malware. It is a tool that hijacks the browser and lets an attacker take over the established session. This method defeats all sorts of strong and secure authentication. The hijack happens after the user authenticates (securely) and takes over the established session. (thanks Saumil for help on this topic).
Human Hacking more commonly known as Social Engineering
As Albert Einstein once said “Two things are infinite: the universe and human stupidity; and I am not sure about the universe”. Which brings us to the point in hand, people are slowly dumbing down because of the internet (whether you believe it or not) people in schools rarely do old school research and just rely on using sites such as Google and Wikipedia (They even have the audacity to just copy and not to do research and formulate an answer) to get answers. These sites in itself are not bad just the way people use them. Another point Saumil Shah touched on was a way through which he enticed a person to open an run .pdf documents which had hidden code in it, he would add text which was highlighted saying the document was encypted and if you wished to view the document click ok. Most people do not read the solid area and just see encrypted and go all ooooh and open the document and they would get completely taken over (or as in Sumil’s example calc or 2 calcs). Simply put it we need to create a security mindset that people need to use and just be all round more aware of their surroundings. I could go on forever on this topic but will cut it off here.
We will have a whole lot more in the coming week so stay tuned.
Tweet This
Share on Facebook
Digg This
Save to delicious
Stumble it
RSS Feed