State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.
-
Upload
nancy-stewart -
Category
Documents
-
view
213 -
download
0
Transcript of State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.
![Page 1: State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.](https://reader030.fdocuments.in/reader030/viewer/2022032703/56649f4e5503460f94c6ef73/html5/thumbnails/1.jpg)
State of Internet Security 2007
Jason Witty - October 9th, 2007
SecureWorld Expo, Detroit
![Page 2: State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.](https://reader030.fdocuments.in/reader030/viewer/2022032703/56649f4e5503460f94c6ef73/html5/thumbnails/2.jpg)
Agenda
1. Current state overview 1. Current state overview
2. Phishing and trojans2. Phishing and trojans
3. Tools and data3. Tools and data
4. Solutions 4. Solutions
![Page 3: State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.](https://reader030.fdocuments.in/reader030/viewer/2022032703/56649f4e5503460f94c6ef73/html5/thumbnails/3.jpg)
Current State Overview
Computer hackers met organized crime 3-5 years ago
Many phishing scams no longer require you to type in your information in order to steal your credentials
Breaking into systems has moved from “geek in a basement” to “13 year old with a GUI”
“Hacking” is no longer the real worry – computer fraud and ID/IP/Trade Secret theft is
LARGE data storage capacity has gotten SMALL
Regulation is helping, but public awareness is still dismal
![Page 4: State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.](https://reader030.fdocuments.in/reader030/viewer/2022032703/56649f4e5503460f94c6ef73/html5/thumbnails/4.jpg)
Recent News The “RBN” (Russian
Business Network) controls millions of Botnet’ed computers on the Internet The Storm worm
alone has compromised 1-10 million PCs
The MPACK kit allows automated compromise of victims PCs by delivering targeted exploits
Torpig (and other) trojans target eCommerce sites and delivers MitM attacks
![Page 5: State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.](https://reader030.fdocuments.in/reader030/viewer/2022032703/56649f4e5503460f94c6ef73/html5/thumbnails/5.jpg)
New for 2007: 0-Day “eBay”
![Page 6: State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.](https://reader030.fdocuments.in/reader030/viewer/2022032703/56649f4e5503460f94c6ef73/html5/thumbnails/6.jpg)
Sample Tools: Point and Click Compromise
![Page 7: State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.](https://reader030.fdocuments.in/reader030/viewer/2022032703/56649f4e5503460f94c6ef73/html5/thumbnails/7.jpg)
LARGE Data Storage is SMALL
• A single iPod Video (160GB) can store:– 60,000 photos– 40,000 songs– 6,000 videos– 4,096,000,000 Credit Card Records
(Name, Exp Date., CVV Codes = 40 Bytes/rec)– 320 Copies of “Back|track” OS and tools– 160 pick-up trucks worth of paper documents
DiscoverCard has
50,000,000 cardsissued
TEXT
MasterCard has
750,000,000 cardsissued
Visahas
1,600,000,000 cardsissued
TOTAL of 3:2,400,000,000
cardsissued
![Page 8: State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.](https://reader030.fdocuments.in/reader030/viewer/2022032703/56649f4e5503460f94c6ef73/html5/thumbnails/8.jpg)
Solutions?
End-userEnd-user Corp. IP TheftCorp. IP Theft CriminalsCriminals
• Public service announcements
• Read-only, trusted operating systems
•Corporate commercials using security as advantage
• Stronger OS controls (Vista, etc.)
• 2FA, not “Strong auth”
• Tougher, internationally recognized penalties
• Better, not more, legislation
• More qualified investigative resources for LE teams
• Public / private partnerships
• “Data Leakage” detection (eg. Vontu, Tablus, Verdasys, etc.)
• More of the same network, system, application controls
• Stronger OS controls (Vista, etc.)
• DRM and “data level security”
![Page 9: State of Internet Security 2007 Jason Witty - October 9 th, 2007 SecureWorld Expo, Detroit.](https://reader030.fdocuments.in/reader030/viewer/2022032703/56649f4e5503460f94c6ef73/html5/thumbnails/9.jpg)
Closing
Back|Track - www.remote-exploit.org/backtrack.html Top 75 Tools - http://www.insecure.org/tools.html Packet Storm has tens of thousands of free hacker tools available
- http://www.packetstormsecurity.org WabiSabiLabi -
http://www.wslabi.com/wabisabilabi/initPublishedBid.do
Thank you for being part of the solution!