SlideShare a Scribd company logo

ICT security and Open Data

SecuRing
SecuRing

This document discusses security risks related to open data systems. It provides examples of risks such as website defacement, malware serving, denial of service attacks, unauthorized data modification, data scraping, and re-identification of anonymized data. The document advocates defining security requirements during the design process to check for security and conduct testing before deployment. This will help address risks like data breaches, malware, and loss of user trust in open data systems.

Internet
1 of 27
ICT Security and Open Data Should we care? Wojciech Dworakowski
2 Who am I?
3 Agenda Open Data systems IT security risks  by examples What is security? How to achieve it?
Source: http://news.softpedia.com/ 4 Polish Ministry of Work and Social Policy (2008) Defacement Źródło: http://www.dawidd.master.pl/ Źródło: http://www.niebezpiecznik.pl
5 Malware serving User visiting infected website can be attacked Example: „Nearly 100 Thai Government websites were hacked and used to serve malware last month. More than 500 distinct attacks were launched from these websites” Source: http://news.netcraft.com/archives/2014/05/06/thai-government-websites-infested- with-malware.html
6 Malware hosting Source: W.Dworakowski, SecuRing
7 Impact Loss of reputation Loss of users’ trust Loss of PageRank
8 Denial of service DDoS (Distributed Denial of Service) Ex: Latvia (2008), South Korea (2009), Ukraine (2014) • Multiple connections from around the world • Relatively easy to launch • Difficult to fight and expensive to protect
9 Is it difficult?
10 Too Open Data Source: http://news.bbc.co.uk/2/hi/technology/8533641.stm
11 Was it difficult? 7,4 mln tax records leaked ~ 120 GB of tax data „Hacking” script: for i in {1..7500000}; do wget http://www2.vid.gov.lv/eds/Pages/GetDuf.aspx?id=$i; done
12 Unauthorized modification of data System for recruitment to high schools in Poland Possibility to modify candidate’s grades Source: niebezpiecznik.pl
13 Unauthorized modification of data Consider more sensitive systems, e.g.: • Legal Register of Companies • Statistical data • National election results (realtime)
14 Data mining scraping Polish Land Registry
15 Data scraping Access to: • Property data • Owners’ data (including ID, address) • Mortgage data (amount, bank, date) But… user has to: • Know register number • Enter captcha Incremental with one control digit Could be bypassed (in the past) or human solved (about 2$ / 1000 captchas)
16 18722717 indexed land registers. Collected data: 31066649 plots, 1628061 buildings, 6812230 premises. About 7 EUR / record
17 Deanonymization & Re-identification Statistical methods of analysis Finding unique user „fingerprint” Corelation with other datasets 87% of US citizens has unique combination of: gender, ZIP, date of birth* * Latanya Sweeney, Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
18 Example Anonymized hospital data Voter registration list • Name • Address • Gender • ZIP • Birth date Massachusetts Governor William Weld  6 people has it’s birth date  3 of them were men  Only 1 with Cambridge ZIP • Medical procedures • Gender • ZIP • Birth date From Latanya Sweeney research paper: Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
How to lower security risks?
20 We can politely ask ;) "We would like to ask those who would like to deface this Open Data [website], Open Data is your data. This is the public’s data about you, so I don’t think it’s in the interest of the Filipinos to damage the information that we have.” Presidential Spokesperson Edwin Lacierda Source: http://www.rappler.com/nation/48454-hackers-open-data
21 Cost of software bugs Project definition Development Design Maintenance Deployment Verify requirements Define security requirements Security testing
22 What does it mean „secure”? Each system is different Not all risks are equally important • Website defacement / Malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification • …
23 How to define security? Who? How? Why? Attack scenarios Attacker Goals  Who can attack our system?  Why? What is motivation?  How attackers can achieve their goals?
24 How to define security? Who? How? Why? Attack scenarios Attacker Goals Countermeasures  What should be done to stop those attacks?  Security requirements
25 Summary 1. Define security requirements 2. Check them during design & development 3. Test security before deployment
26 Summary Examples of risks to consider: • Website defacement / malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification
27 Open data security Should we care? http://www.securing.pl e-mail: info@securing.pl Jontkowa Górka 14a 30-224 Kraków tel. (12) 4252575 fax. (12) 4252593 Wojciech Dworakowski wojciech.dworakowski@securing.pl tel. 506 184 550

Recommended

SLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for PrivacySLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for Privacy
SLVA Information Security
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
Rebecca Leitch
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891
Risk Crew
 
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
South Tyrol Free Software Conference
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
Wynthorpe
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
SecuRing
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ictAten Kecik
 
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
SecuRing
 

Recommended

SLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for PrivacySLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for Privacy
SLVA Information Security
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
Rebecca Leitch
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891
Risk Crew
 
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
South Tyrol Free Software Conference
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
Wynthorpe
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
SecuRing
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ictAten Kecik
 
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
SecuRing
 
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Arief Gunawan
 
Open Education and the Role of ICT
Open Education and the Role of ICTOpen Education and the Role of ICT
Open Education and the Role of ICTMart Laanpere
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guide
SecuRing
 
Info2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemsInfo2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemssaltashict
 
Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...
Keerthi Delwatta
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
Andris Soroka
 
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Dr. Shalini Pandey
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtDaniela Silva
 
ICT in Education
ICT in EducationICT in Education
ICT in EducationHertiki Marsaid
 
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsTen Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
SecuRing
 
The impact of ICT in education
The impact of ICT in educationThe impact of ICT in education
The impact of ICT in education
Ingrid Noguera
 
INTRODUCTION TO ICT
INTRODUCTION TO ICTINTRODUCTION TO ICT
INTRODUCTION TO ICTKak Yong
 
Information and communication technology:a class presentation
Information and communication technology:a class presentationInformation and communication technology:a class presentation
Information and communication technology:a class presentation
Selim Reza Bappy
 
ICT in Education ppt
ICT in Education pptICT in Education ppt
ICT in Education ppt
Hamid Zaib
 
Ict ppt
Ict pptIct ppt
Ict pptkrishankasotia
 
ICT in Education
ICT in EducationICT in Education
ICT in Education
Ollie Bray
 
Integration of ICT in Teaching and Learning
Integration of ICT in Teaching and LearningIntegration of ICT in Teaching and Learning
Integration of ICT in Teaching and Learning
St.Xavier's College , Palayamkottai - 627 002
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bankshreemala1
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
bugcrowd
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 

More Related Content

Viewers also liked

Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Arief Gunawan
 
Open Education and the Role of ICT
Open Education and the Role of ICTOpen Education and the Role of ICT
Open Education and the Role of ICTMart Laanpere
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guide
SecuRing
 
Info2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemsInfo2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemssaltashict
 
Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...
Keerthi Delwatta
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
Andris Soroka
 
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Dr. Shalini Pandey
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtDaniela Silva
 
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsTen Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
SecuRing
 
The impact of ICT in education
The impact of ICT in educationThe impact of ICT in education
The impact of ICT in education
Ingrid Noguera
 
INTRODUCTION TO ICT
INTRODUCTION TO ICTINTRODUCTION TO ICT
INTRODUCTION TO ICTKak Yong
 
Information and communication technology:a class presentation
Information and communication technology:a class presentationInformation and communication technology:a class presentation
Information and communication technology:a class presentation
Selim Reza Bappy
 
ICT in Education ppt
ICT in Education pptICT in Education ppt
ICT in Education ppt
Hamid Zaib
 
ICT in Education
ICT in EducationICT in Education
ICT in Education
Ollie Bray
 
Integration of ICT in Teaching and Learning
Integration of ICT in Teaching and LearningIntegration of ICT in Teaching and Learning
Integration of ICT in Teaching and Learning
St.Xavier's College , Palayamkottai - 627 002
 

Viewers also liked (17)

Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
 
Open Education and the Role of ICT
Open Education and the Role of ICTOpen Education and the Role of ICT
Open Education and the Role of ICT
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guide
 
Info2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemsInfo2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systems
 
Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
 
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-Art
 
ICT in Education
ICT in EducationICT in Education
ICT in Education
 
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsTen Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
 
The impact of ICT in education
The impact of ICT in educationThe impact of ICT in education
The impact of ICT in education
 
INTRODUCTION TO ICT
INTRODUCTION TO ICTINTRODUCTION TO ICT
INTRODUCTION TO ICT
 
Information and communication technology:a class presentation
Information and communication technology:a class presentationInformation and communication technology:a class presentation
Information and communication technology:a class presentation
 
ICT in Education ppt
ICT in Education pptICT in Education ppt
ICT in Education ppt
 
Ict ppt
Ict pptIct ppt
Ict ppt
 
ICT in Education
ICT in EducationICT in Education
ICT in Education
 
Integration of ICT in Teaching and Learning
Integration of ICT in Teaching and LearningIntegration of ICT in Teaching and Learning
Integration of ICT in Teaching and Learning
 

Similar to ICT security and Open Data

7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bankshreemala1
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
bugcrowd
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
GDSCCVR
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
RedZone Technologies
 
Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences.
Matthew Lease
 
Attacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdfAttacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdf
ssuser264cc11
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
SohamChakraborty61
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensive
sidraasif9090
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
Chuck Brooks
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
Ulf Mattsson
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
mariaidga
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
mihinpr
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
parveen837153
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
aryan532920
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
Jose L. Quiñones-Borrero
 
Bagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdfBagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdf
AyushSingh224545
 

Similar to ICT security and Open Data (20)

7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences.
 
Attacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdfAttacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdf
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensive
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Bagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdfBagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdf
 

More from SecuRing

Developer in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersDeveloper in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4Developers
SecuRing
 
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
SecuRing
 
Developer in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON NameDeveloper in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON Name
SecuRing
 
Is persistency on serverless even possible?!
Is persistency on serverless even possible?!Is persistency on serverless even possible?!
Is persistency on serverless even possible?!
SecuRing
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!
SecuRing
 
0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments
SecuRing
 
Developer in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 editionDeveloper in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 edition
SecuRing
 
20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms
SecuRing
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?
SecuRing
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
SecuRing
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defense
SecuRing
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS apps
SecuRing
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
SecuRing
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
SecuRing
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scale
SecuRing
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
SecuRing
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
SecuRing
 
Budowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOSBudowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOS
SecuRing
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.
SecuRing
 
Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS Apps
SecuRing
 

More from SecuRing (20)

Developer in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersDeveloper in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4Developers
 
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
 
Developer in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON NameDeveloper in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON Name
 
Is persistency on serverless even possible?!
Is persistency on serverless even possible?!Is persistency on serverless even possible?!
Is persistency on serverless even possible?!
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!
 
0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments
 
Developer in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 editionDeveloper in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 edition
 
20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defense
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS apps
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scale
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
 
Budowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOSBudowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOS
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.
 
Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS Apps
 

Recently uploaded

原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 

Recently uploaded (20)

原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 

ICT security and Open Data

  • 1. ICT Security and Open Data Should we care? Wojciech Dworakowski
  • 2. 2 Who am I?
  • 3. 3 Agenda Open Data systems IT security risks  by examples What is security? How to achieve it?
  • 4. Source: http://news.softpedia.com/ 4 Polish Ministry of Work and Social Policy (2008) Defacement Źródło: http://www.dawidd.master.pl/ Źródło: http://www.niebezpiecznik.pl
  • 5. 5 Malware serving User visiting infected website can be attacked Example: „Nearly 100 Thai Government websites were hacked and used to serve malware last month. More than 500 distinct attacks were launched from these websites” Source: http://news.netcraft.com/archives/2014/05/06/thai-government-websites-infested- with-malware.html
  • 6. 6 Malware hosting Source: W.Dworakowski, SecuRing
  • 7. 7 Impact Loss of reputation Loss of users’ trust Loss of PageRank
  • 8. 8 Denial of service DDoS (Distributed Denial of Service) Ex: Latvia (2008), South Korea (2009), Ukraine (2014) • Multiple connections from around the world • Relatively easy to launch • Difficult to fight and expensive to protect
  • 9. 9 Is it difficult?
  • 10. 10 Too Open Data Source: http://news.bbc.co.uk/2/hi/technology/8533641.stm
  • 11. 11 Was it difficult? 7,4 mln tax records leaked ~ 120 GB of tax data „Hacking” script: for i in {1..7500000}; do wget http://www2.vid.gov.lv/eds/Pages/GetDuf.aspx?id=$i; done
  • 12. 12 Unauthorized modification of data System for recruitment to high schools in Poland Possibility to modify candidate’s grades Source: niebezpiecznik.pl
  • 13. 13 Unauthorized modification of data Consider more sensitive systems, e.g.: • Legal Register of Companies • Statistical data • National election results (realtime)
  • 14. 14 Data mining scraping Polish Land Registry
  • 15. 15 Data scraping Access to: • Property data • Owners’ data (including ID, address) • Mortgage data (amount, bank, date) But… user has to: • Know register number • Enter captcha Incremental with one control digit Could be bypassed (in the past) or human solved (about 2$ / 1000 captchas)
  • 16. 16 18722717 indexed land registers. Collected data: 31066649 plots, 1628061 buildings, 6812230 premises. About 7 EUR / record
  • 17. 17 Deanonymization & Re-identification Statistical methods of analysis Finding unique user „fingerprint” Corelation with other datasets 87% of US citizens has unique combination of: gender, ZIP, date of birth* * Latanya Sweeney, Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
  • 18. 18 Example Anonymized hospital data Voter registration list • Name • Address • Gender • ZIP • Birth date Massachusetts Governor William Weld  6 people has it’s birth date  3 of them were men  Only 1 with Cambridge ZIP • Medical procedures • Gender • ZIP • Birth date From Latanya Sweeney research paper: Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
  • 19. How to lower security risks?
  • 20. 20 We can politely ask ;) "We would like to ask those who would like to deface this Open Data [website], Open Data is your data. This is the public’s data about you, so I don’t think it’s in the interest of the Filipinos to damage the information that we have.” Presidential Spokesperson Edwin Lacierda Source: http://www.rappler.com/nation/48454-hackers-open-data
  • 21. 21 Cost of software bugs Project definition Development Design Maintenance Deployment Verify requirements Define security requirements Security testing
  • 22. 22 What does it mean „secure”? Each system is different Not all risks are equally important • Website defacement / Malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification • …
  • 23. 23 How to define security? Who? How? Why? Attack scenarios Attacker Goals  Who can attack our system?  Why? What is motivation?  How attackers can achieve their goals?
  • 24. 24 How to define security? Who? How? Why? Attack scenarios Attacker Goals Countermeasures  What should be done to stop those attacks?  Security requirements
  • 25. 25 Summary 1. Define security requirements 2. Check them during design & development 3. Test security before deployment
  • 26. 26 Summary Examples of risks to consider: • Website defacement / malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification
  • 27. 27 Open data security Should we care? http://www.securing.pl e-mail: info@securing.pl Jontkowa Górka 14a 30-224 Kraków tel. (12) 4252575 fax. (12) 4252593 Wojciech Dworakowski wojciech.dworakowski@securing.pl tel. 506 184 550