28. • North Korea
• Need good hackers
• Support the community (secret)
• Push industry
Government
2013年8月30日星期五
29. • Money talks
• Cyber attacks is real
• Strict law
• Result in over 200 security companies
Industry
2013年8月30日星期五
30. • Hacking competitions from 1999
• Passionated on Defcon CTF
• Inspired by world class hackers
• Try to make something themselves
The community
2013年8月30日星期五
32. • Over 10 hacking contests/conferences per year
• http://hackerschool.org
• KOSEC (Korea Security)
• Nurturing for next generation
The community
2013年8月30日星期五
33. • Support conferences and hacker’s activity
• Give back to the community
• Work for security company instead of military
service
Industry
2013年8月30日星期五
34. • Universities have infosec related majors
• Universities have MOU with Cyber command
• Full scholarship for cyber warfare students
• Go to Army after graduation (for 5 years)
Academy
2013年8月30日星期五
35. • Eager to hire skilled hackers
• KISA (Korea Internet & Security Agency)
• NCSC (National Cyber Security Center)
• Cyber command
• BoB (Best of the Best)
Government
2013年8月30日星期五
63. ‣ Net-banking security practices
‣ Business strategies
‣The result of a Power Balance
‣ Study and solutions
Overview
2013年8月30日星期五
64. • Screen keyboards
• Eliminating popup windows
• Password Reminder
• One Time Password (Bingo Card)
• One Time Password (Send by e-mail)
Net-banking security practices
2013年8月30日星期五
65. • Net-banking service enabled by default
• Prefer to do what others are doing
• Customer expectation
Business strategies
2013年8月30日星期五
66. • Money talks
• Banks became customer of ‘self-consequence’
• Systems Integrators become ‘ingratiating’
• Solutions for delighting banks
• No risk analysis !
The result of a Power Balance
2013年8月30日星期五
67. • Convenience is the enemy of security
• Less differentiation, less confusion
• Enable the service when needed
• Use credit card instead of wire transfer
Study and solutions
2013年8月30日星期五
97. • Probe local path/file from the Internet Zone
• Access local file from the Internet Zone
• Access local file from the Local Computer
Zone
Attack types
2013年8月30日星期五