That’s scary that Healthcare is only 43%, now that many medical machines and devices are internet-enabled. I was surprised Technology was just 50%, and last place’s 27% will surprise no one.
Speaking is Chris Wysopal, co-founder and CTO of Veracode – a premiere application security company. As in, good source.
From SecTor 2015.
Of all the malware, Ransomware terrifies me… imagine your entire digital life is held hostage.
How it works: a message takes over the screen > hi your entire computer is locked, along with all your files > want the key? > pay the ransom > get key, unlock (more here)
The bigger problem is whether or not to pay, because there’s no definitive evidence which is more successful.
Possible Scenarios – pay, they want more, withhold key / pay, they keep their word and send key / don’t pay, and you haven’t backed up in 7 months, imagine the cleanup and rebuilding
The keynote speaker at the recent SecTor security conference manages the Secret Service’s Cyber Intelligence Section, and even those guys haven’t seen a pattern. Jason B. Brown says it’s consistently 50/50 the key will actually be sent, so they don’t feel comfortable advising either way.
(how to edit a photo before uploading here)
– Think before clicking
– Weekly backups
– Strong passwords, stored in a password manager
– Surf stupid sites on a laptop that’s independent of your online life. No using it to log into email or social media accounts. Photos and documents are moved to your main computer, then deleted. Oh you locked up my empty hard-drive? Wipe & rebuild.
Blog tag = SecTor
Online security.
There’s 1 day left of SecTor, Canada’s premiere security conference.
That blog title is not dramatic, it’s like 98%. Makes sense, look how fast we adopted the internet of everything, that’s currently pretty vulnerable and held together with popsicle sticks, a nightmare is coming, one day you’ll tell your grandchildren of a time when people’s password was password, tada! You have a job for life.
I went straight for the car hacking stuff.
Check out the Keynote while eating lunch, and making friends.
Sit in on a talk, which looks like this.
That’s Christopher Pogue of Nuix, talking about cybercrime and forensics. He made a good point: if the 3rd parties and vendors connecting to your network aren’t secure, neither are you.
Or if you feel shy, go to the lock picking village and grab a seat; I find people into locking picking are generally welcoming and fun.
Take the requisite conference-bathroom-selfie.
Don’t be shy to ask questions! And don’t let the nature of the information put you off, it’s a friendly crowd.
Too bad you missed the annual party, though. Finally after 1,000 emails got meet Sabrina, who runs communications & media, and edited my article about the car hacking keynote by Chris Valasek.
Whom I also met IRL, read that piece here.
Tickets and location information here, and whomever’s running their Twitter is funny @SecTorCa #SecTorCA
One day I’d like to give a talk, maybe another year of quiet study first.
I have 3 possible topics, but they’re not yet strong enough to type here.
Blog tag = SecTor
Chris Valasek is the Keynote speaker on October 21, 12pm at SecTor Security Conference.
Consider this scenario: a virus is accidentally downloaded onto a driver’s phone, who unknowingly pairs it to his car, now the infection is inside the vehicle, where the Bluetooth and brakes run on the same network… what’s the defence?
How do you mass-update the software in tens of thousands of cars? It can costs millions just for an automaker to mail a “come in and get updated” letter to its customers.
As vehicles become more computers-on-wheels than cars, the act of securing them should be a priority for automakers, yet there’s an absence of information on this topic.
Here’s a rare opportunity to hear from a bleeding-edge expert at this year’s SecTor, Canada’s premier IT security conference.
Christopher Valasek is a pioneer in automotive security. He serves as Director of Vehicle Security Research at IOActive, one of the first companies to specialize in automotive security.
He’s not just a theory guy, Chris is an actual practitioner. Remember last year when the headlines screamed “a Prius and Ford have been hacked!’ – that was him. If you’ve read anything in the news about car hacking, it probably contains a quote or citation to his work.
He’s not out to do bad and hack your product, or show up individual OEMs, this is a rare chance to hear from one of the good guys, plus – the added advantage of having a mind like this assessing your product, for free.
On October 21 at noon, Chris’ keynote presentation, ‘The Connected Car: Security Throwback’ , will demonstrate how present-day automotive security is like a hard shell with a gooey inner layer – protect the outside, but once inside, it’s a field day.
(photo via Forbes)
He’ll draw comparisons between today’s auto landscape and the early 2000s of the internet, when protection mechanisms were an afterthought. He feels automotive security is stuck in a hole in time, and that the same solutions used to secure the networks of 10 years ago, can be applied to today’s automotive security issues.
Because the more computers and code that go in to cars, the greater the odds of a mistake being made and someone like Chris finding it. Moreover, with the automotive production cycle being so long (2018 model years are now being finalized), a problem found today is going to be prevalent for some time.
Automotive industry types – is your product resistant against a cyber-attack? If you’re not securing the vehicles you’re producing, then they can be weaponized, and yes that sentence is intended to give you chills.
His keynote will include the opportunity to ask questions. Catch it at SecTor on Tuesday, October 21 at 12:00 – 1:10pm. Ticket information here
Blog tag = auto security
Meet me in this post
Above is the vendor area, and below is the lunch keynote, the talk I was most looking forward to.
Meet Charlie Miller, one of the world’s best hackers, and, leading expert in a personal favourite topic, NFC.
NFC – Near Field Communication. You likely haven’t heard much about NFC yet, but you will.
Think of those ads on TV, where you put your phone next to your buddy’s, and photo gets beamed over wirelessly. That’s NFC. Charlie has figured out how to use NFC to hack your phone; here he is in action (green shirt).
He brushes close to the victim’s phone, and tada – Charlie can now access and download all the photos, contacts, files, make it call and text… and nothing AT ALL appears on the victim’s phone that would alert him this is happening.
Andorid users: you are, as always, the most susceptible to this attack. Best defense – check ‘yes I want to approve each NFC connection before it happens’.
He also said this, which is so true:
“Real hacking is sitting in your basement watching a phone change every 10 or 20 seconds.” -@0xcharlie at #sectorca
— Steve Werby (@stevewerby) October 2, 2012
And this.
Not all all like that famous Swordfish movie scene, eh.
Above is a contest called, ‘Capture the Flag’; there’s one at most conferences.
I saw a basketball playing robots.
And a lockpick village.
I’ll show you what using those tools looks like on video sometime. Like hacking, it is not at all like in the movies.
Went upstairs for a sunlight break.
SecTor is happening again today, click here for detials.
If you’re intersted in getting into information security, this is your opportunity. It’s a friendly, and resource-rich environment, in an fast-growing industry that has an almost 100% employment rate.
Thanks for a great time, SecTor, and congratulations on your 6th and largest year to date!