Hacks Happen - (Keynote) Stanford Emerging Threats and Defenses Symposium (07232008)
Information about Hacks Happen - (Keynote) Stanford Emerging Threats and Defenses...
Published on August 9, 2008
Conservative estimates put the total annual IT security spending in the US at $50 billion and e-crime losses at $100 billion. We’re losing two dollars for every dollar spent. Those numbers are said to be worse on a global scale. Newly passed laws, industry regulation, and press coverage have certainly raised the profile of the problem, but where have these actions really gotten us?
Websites are riddled with easy to exploit vulnerabilities, millions of desktops are infected with botnet connected malware, and cyber-attacks are more targeted, numerous, and financially motivated than ever! All the statistics we have seem to be moving in the wrong direction. And the more effort we invest the harder it is to tell if the situation is getting better or worse.
These days we have a lot more experts and less expertise. More products and less coverage. More best practices and less security. More news and less information. This environment type of environment is exactly why hacks happen every minute of every hour of every day. Its time to take a second look at what we know, reconsider what we think we know, and possibly come to a whole new set of assumptions.
Hacks Happen Jeremiah Grossman WhiteHat Security founder & CTO blog: http://jeremiahgrossman.blogspot.com/ email: firstname.lastname@example.org © 2008 WhiteHat Security, Inc. 1
0wN3d!!1 2 2
1998’ best practices Don’t write your own crypto algorithms Don’t run web servers as root Use Secure Sockets Layer (SSL) Have proper ﬁle system permissions Wait, how does this make a website secure? 3 3
What’s input validation? 4 4
http://www.w3.org/Security/Faq/ 5 5