Passwords and Botnets and Zombies (oh my!)

45
passwords and botnets and zombies

description

The WordPress community has a huge security challenge on the horizon. Now powering almost 20% of the Internet, WordPress lets us build businesses and lifestyles behind a single password. Protecting one site is hard, but the real challenge is making sure that distributed attacks across WordPress sites don't find unprotected sites to attack. In this talk, Brennen Byrne, the CEO of Clef, discusses the attacks and defenses being established in the new security paradigm and the new strategies being worked on to protect your site from the robot army.

Transcript of Passwords and Botnets and Zombies (oh my!)

Page 1: Passwords and Botnets and Zombies (oh my!)

passwords and botnets and zombies

Page 2: Passwords and Botnets and Zombies (oh my!)

passwords and botnets and zombies

oh my!

Page 3: Passwords and Botnets and Zombies (oh my!)

this talk is about

security

Page 4: Passwords and Botnets and Zombies (oh my!)

a lot of people think security is

hard

Page 5: Passwords and Botnets and Zombies (oh my!)

a lot of people think security is

hard

confusing

Page 6: Passwords and Botnets and Zombies (oh my!)

a lot of people think security is

hard

confusingcomplicated

Page 7: Passwords and Botnets and Zombies (oh my!)

a lot of people think security is

hard

confusingcomplicated

technical

impossible

frustratingnot for you

painful

infuriating

Page 8: Passwords and Botnets and Zombies (oh my!)

but we all know that it’s

important

Page 9: Passwords and Botnets and Zombies (oh my!)

but we all know that it’s

important

and my job is to make it

easy

Page 10: Passwords and Botnets and Zombies (oh my!)

3 reasonswe need to talk about security:

Page 11: Passwords and Botnets and Zombies (oh my!)

almost 20% of the web runs on wordpress

Page 12: Passwords and Botnets and Zombies (oh my!)

almost 20% of the web runs on wordpress

lots of attacks on wordpress sites

Page 13: Passwords and Botnets and Zombies (oh my!)

almost 20% of the web runs on wordpress

lots of attacks on wordpress sites

security is fun and interesting

Page 14: Passwords and Botnets and Zombies (oh my!)

hello, my name is brennen (@brennenbyrne)

Page 15: Passwords and Botnets and Zombies (oh my!)

I’m a founder of Clef (getclef.com)

Page 16: Passwords and Botnets and Zombies (oh my!)

what is clef?

Page 17: Passwords and Botnets and Zombies (oh my!)

passwords and botnets and zombies

oh my!

Page 18: Passwords and Botnets and Zombies (oh my!)

how important is a single password?

Page 19: Passwords and Botnets and Zombies (oh my!)

could one password:

take down your site?

hurt your clients?

ruin your business?

endanger lives?

Page 20: Passwords and Botnets and Zombies (oh my!)

as wordpress becomes more important so do our passwords.

Page 21: Passwords and Botnets and Zombies (oh my!)

the old way to break a password

Page 22: Passwords and Botnets and Zombies (oh my!)

guess common passwords

virus with a keylogger

advanced interrogation

Page 23: Passwords and Botnets and Zombies (oh my!)

in order to defend myself

Page 24: Passwords and Botnets and Zombies (oh my!)

ban IPs that are guessing wrong

don’t download viruses

don’t piss off enemy nation-states

Page 25: Passwords and Botnets and Zombies (oh my!)

use an admin username other than “admin”

if i’m good, i could also

post from author accounts, not admin

change the table prefix of my databases

be careful about who i give permissions

Page 26: Passwords and Botnets and Zombies (oh my!)

but attackers have gotten smarter

Page 27: Passwords and Botnets and Zombies (oh my!)

botnets

Page 28: Passwords and Botnets and Zombies (oh my!)

botnets are what happens when your parents download viruses

Page 29: Passwords and Botnets and Zombies (oh my!)

their computers become

zombies

Page 30: Passwords and Botnets and Zombies (oh my!)

sites infect visitors’ computers

botnets attack sites

visitors join botnet

bigger botnet attacks more sites

Page 31: Passwords and Botnets and Zombies (oh my!)

botnets swarm and attack your site from millions of different computers

Page 32: Passwords and Botnets and Zombies (oh my!)

ban IPs that are guessing wrong

don’t download viruses

don’t piss off enemy nation-states

Page 33: Passwords and Botnets and Zombies (oh my!)

botnets are the attackers’ response to our better defenses

as wordpress becomes a better target the incentives for breaking it rise

Page 34: Passwords and Botnets and Zombies (oh my!)

with new attacks come new defenses

Page 35: Passwords and Botnets and Zombies (oh my!)

bruteprotect

Page 36: Passwords and Botnets and Zombies (oh my!)

clef

Page 37: Passwords and Botnets and Zombies (oh my!)

but attack and response isn’t enough

Page 38: Passwords and Botnets and Zombies (oh my!)

passwords are a long-term problem

Page 39: Passwords and Botnets and Zombies (oh my!)

brain

computer

vs.

Page 40: Passwords and Botnets and Zombies (oh my!)

more services online

longer, harder passwords

and

Page 41: Passwords and Botnets and Zombies (oh my!)

hacks this year

Adobe

Twitter

Living Social

Evernote

Drupal

Page 42: Passwords and Botnets and Zombies (oh my!)

clef

Page 43: Passwords and Botnets and Zombies (oh my!)

wordpress security requires:

making security standard

increasing accessibility to security

dedication to casual user

secure defaults

Page 44: Passwords and Botnets and Zombies (oh my!)

weakness in the community is dangerous

Page 45: Passwords and Botnets and Zombies (oh my!)

questions?


Black Market Botnets

Black Market Botnets

Botnets Malware Spyware

Botnets Malware Spyware

Defense against botnets

Defense against botnets

Marvel Zombies

Marvel Zombies

BotNets & Targeted Malware

BotNets & Targeted Malware

Space Zombies

Space Zombies

Bots, Botnets and Zombies - WeLiveSecurity · Bots, Botnets and Zombies Is your PC a zombie? Here’s how to avoid the attentions of blacklisters and vampire slayers. ... to join

Bots, Botnets and Zombies - WeLiveSecurity · Bots, Botnets and Zombies Is your PC a zombie? Here’s how to avoid the attentions of blacklisters and vampire slayers. ... to join

Roger Dingledine The Tor Project · “Oh, your employees are reading our patents/jobs page/product sheets?” ... Viruses Exploits Phishing Spam Botnets Zombies Espionage DDoS Extortion.

Roger Dingledine The Tor Project · “Oh, your employees are reading our patents/jobs page/product sheets?” ... Viruses Exploits Phishing Spam Botnets Zombies Espionage DDoS Extortion.

Army of Botnets

Army of Botnets

Zombies & Cyclops

Zombies & Cyclops

Chiste & Zombies

Chiste & Zombies

Zombies Scholars

Zombies Scholars

Sinkholing Botnets

Sinkholing Botnets

Thomas Zombies

Thomas Zombies

Wearable botnets 201560319_v3

Wearable botnets 201560319_v3

about botnets

about botnets

Introduction to Botnets - CCDCOE · referred to as a botnet or zombie network. ... After the Takedown . Introduction to Botnets Introduction to Botnets Organization

Introduction to Botnets - CCDCOE · referred to as a botnet or zombie network. ... After the Takedown . Introduction to Botnets Introduction to Botnets Organization

Zombies Epiphenomenalism

Zombies Epiphenomenalism

Transcending Zombies

Transcending Zombies

Botnets And Alife

Botnets And Alife