Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
All aboard the lulz boat
Transcript of All aboard the lulz boat
Wordpress Attack allowed local access.
Linux kernel exploit allowed root access.
Compromised additional servers due to shared passwords. SQLi
Source code for scedev.net leaked. 3134 ATM ID's and locations leaked DB's for various affiliates leaked.
Admin data for servers available. Devastating attack against FBI affiliates.
Usernames & Passwords leaked.
Home address details of CEO's leaked. 250, 000 contestants
info leaked. Internal configuration for FOX.com leaked.
DB for sales staff leaked. 26,000 user details leaked. US Senate hacked.
Internal config released. AT&T used pirated copy of Winrar What lesson has been learned? None really
Security is hard
No-one takes it seriously Last file leaked was a list of routers.
Most had default usernames and passwords. Lulzsec have shown how ineffective the security community & market really is Too often the thought is "let's buy a tool!!" Tools like vuln scanners, IPSes, and WAFs will fail you when you need them most. Everyone in security is to blame We in security cater more to those who check boxes than we do actual security Security is the first business I have seen where the customer is not always right. There is no silver bullet approach Security buy in across all levels Work with the best out there Blackbox testing is not effective Rarely do big IT departments communicate with each other Doing it for
the Lulz Who am I? It's hard to get the basics right Gobble Gobble Training Lulzsec won't be the last 1: SQLi 2: XSS 3: RFI 4: Botnets What is the reason for the recent rash of hacking? hackers aren't necessarily smart victims are stupid Embedded security testing Daniel@SensePost.com Daniel.Cuthbert@OWASP.org @dcuthbert Assessment Manager
for SensePost Wrote the Testing Guide
Now joint lead for ASVS We aren't getting our message across