Web Admin Blog Real Web Admins. Real World Experience.

13Nov/090

The 10 Least-Likely and Most Dangerous People on the Internet

This presentation was by Robert "RSnake" Hansen and was designed to be a fun conversation to have over drinks with security people.  I feel privileged to have been one of those security people who he talked about this with beforehand.  A very interesting topic about the non-obvious threats that may or may not exist.   My notes are below:

Why?

  • Because I use the Internet
  • Because I'm a target
  • Because most people don't know
  • Because it's a fun conversation to have over drinks with security guys
  • Maybe/hopefully you'll continue this conversation instead of just arguing!

Ground Rules

  • Must be non-obvious and must be directly related to the Internet.  Not:
    • ...the President or any other gov'ernment official
    • ...or someone involved with SCADA Systems/Brick and mortar
  • Must be in control of some infrastructure or software, etc
  • Must have the largest or widest negative impact possible for the least amount of work and least likelihood of being stopped
  • No magic - must be real and dangerous
  • They can't be "bad" people
  • You can't take this list too seriously

How I Got Started

  • Started thinking about core technologies that everything relies on
  • Made a big list
  • Shopped it around to dozens of security experts
  • Assigned an arbitrary, unscientific, hand-wavy, risk-rating system of my own design
  • Ranked them in order of how scared I am of them personally

#10

  • John Doe at C|Net
  • Job: Network Engineer
  • Why: Controls com.com
  • Impact: Largest collection point of typo traffic both for web adn email.
    • Doesn't require anything overt or even indefensible

#9

  • Giorgio Maone of NoScript
  • Job: Consultant
  • Why: Controls NoScript
  • Impact: Nearly every security researcher on the planet - complete compromise.  In general the most paranoid people on earth would be compromised.
    • Builds arbitrary whitelists (ebay.com)
    • Has changed functionality to subvert Adblock Plus
Tagged as: , , , , , , , , Continue reading
28Jul/080

Small and Medium-Sized Companies Too Small to Get Hacked

McAfee released the results of a survey last week after sampling 500 IT decision-makers from companies with 1,000 to 2,000 employees.  The results are pretty astounding.  Forty-four percent think that cybercrime is only an issue for larger organizations and believe it does not affect them.  Fifty-two percent believe that because they are not well known, cybercriminals will not specifically target them.  Forty-five percent do not think that they are a valuable target for cybercriminals.  Lastly, forty-six percent do not think they can be a source of profit for cybercriminals. 

Tagged as: , , , , Continue reading
   

Recent Posts

Recent Comments

devops

Links

Security

Tags

agile amazon analysis application appsec attack aws best browser cloud Cloud Computing code Conferences data devops ec2 firewall google hansen internet Management network Operations owasp PCI penetration performance practices project rsnake SaaS secure Security strategies testing velocity velocity08 velocityconf velocityconf08 velocityconf09 Virtualization vulnerability waf web xss

Categories