• Save
Security and cybercrime - C.O.D.E. Lightning Talk, 8.12.2013
Upcoming SlideShare
Loading in...5
×
 

Security and cybercrime - C.O.D.E. Lightning Talk, 8.12.2013

on

  • 463 views

A talk on security and cybercrime to the Champaign Organization of Developers and Engineers given on 8/12/2013.

A talk on security and cybercrime to the Champaign Organization of Developers and Engineers given on 8/12/2013.

Statistics

Views

Total Views
463
Views on SlideShare
463
Embed Views
0

Actions

Likes
1
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security and cybercrime - C.O.D.E. Lightning Talk, 8.12.2013 Security and cybercrime - C.O.D.E. Lightning Talk, 8.12.2013 Presentation Transcript

    • John Bambenek Chief Forensic Examiner, Bambenek Consulting C.O.D.E. Lightning Talks, 8.13.2013
    •  Global Revenue: Between $25B - $100B  Includes several career paths: ◦ Software developlment ◦ Research and vulnerability analysis ◦ Money laundering ◦ “B2B Brokering” ◦ Logistics  They spend more resources assessing our weaknesses than we do.  We respond by always following their lead ◦ “First loss” principle
    •  The news is actually worse: ◦ We keep falling to the same fundamental weaknesses ◦ Unsophisticated users ◦ Input validation ◦ Weak authentication ◦ Weak attribution ◦ We trust things we shouldn’t trust ◦ Retasking insecure processes for a digital world
    •  The obvious: ◦ Bank accounts, credit cards, SSNs, passwords ◦ Encryption keys ◦ Trade secrets  The less obvious: ◦ Access to email accounts / social media  The obscure: ◦ Address books (especially of important people) ◦ Mailing lists
    •  Think about how your technology can be misused  Secure coding, assess your own technology  Actively monitor for abuse ◦ Listen to others when they say you’re compromised  Use 2-factor authentication or 3rd party authentication (Open ID, authy, Google Auth, Facebook, et al)  Outsource “risk” to qualified providers
    •  Mobile Payments  Security information management  Data loss prevention  Real-time security threat intelligence  Real authentication
    •  Thanks! John Bambenek jcb@bambenekconsulting.com 217-493-0760 http://bambenekconsulting.com http://twitter.com/ILCyberSecurity