John Bambenek
Chief Forensic Examiner, Bambenek Consulting
C.O.D.E. Lightning Talks, 8.13.2013
 Global Revenue: Between $25B - $100B
 Includes several career paths:
◦ Software developlment
◦ Research and vulnerabili...
 The news is actually worse:
◦ We keep falling to the same fundamental
weaknesses
◦ Unsophisticated users
◦ Input validat...
 The obvious:
◦ Bank accounts, credit cards, SSNs, passwords
◦ Encryption keys
◦ Trade secrets
 The less obvious:
◦ Acce...
 Think about how your technology can be
misused
 Secure coding, assess your own technology
 Actively monitor for abuse
...
 Mobile Payments
 Security information management
 Data loss prevention
 Real-time security threat intelligence
 Real...
 Thanks!
John Bambenek
jcb@bambenekconsulting.com
217-493-0760
http://bambenekconsulting.com
http://twitter.com/ILCyberSe...
Upcoming SlideShare
Loading in …5
×

Security and cybercrime - C.O.D.E. Lightning Talk, 8.12.2013

555 views

Published on

A talk on security and cybercrime to the Champaign Organization of Developers and Engineers given on 8/12/2013.

Published in: Technology, Business
  • Be the first to comment

Security and cybercrime - C.O.D.E. Lightning Talk, 8.12.2013

  1. 1. John Bambenek Chief Forensic Examiner, Bambenek Consulting C.O.D.E. Lightning Talks, 8.13.2013
  2. 2.  Global Revenue: Between $25B - $100B  Includes several career paths: ◦ Software developlment ◦ Research and vulnerability analysis ◦ Money laundering ◦ “B2B Brokering” ◦ Logistics  They spend more resources assessing our weaknesses than we do.  We respond by always following their lead ◦ “First loss” principle
  3. 3.  The news is actually worse: ◦ We keep falling to the same fundamental weaknesses ◦ Unsophisticated users ◦ Input validation ◦ Weak authentication ◦ Weak attribution ◦ We trust things we shouldn’t trust ◦ Retasking insecure processes for a digital world
  4. 4.  The obvious: ◦ Bank accounts, credit cards, SSNs, passwords ◦ Encryption keys ◦ Trade secrets  The less obvious: ◦ Access to email accounts / social media  The obscure: ◦ Address books (especially of important people) ◦ Mailing lists
  5. 5.  Think about how your technology can be misused  Secure coding, assess your own technology  Actively monitor for abuse ◦ Listen to others when they say you’re compromised  Use 2-factor authentication or 3rd party authentication (Open ID, authy, Google Auth, Facebook, et al)  Outsource “risk” to qualified providers
  6. 6.  Mobile Payments  Security information management  Data loss prevention  Real-time security threat intelligence  Real authentication
  7. 7.  Thanks! John Bambenek jcb@bambenekconsulting.com 217-493-0760 http://bambenekconsulting.com http://twitter.com/ILCyberSecurity

×