SlideShare ist ein Scribd-Unternehmen logo

The theater we call security

Als PPTX, PDF herunterladen
SensePost
SensePost

Presentation by Evert Smith at the University of Pretoria to the honors class of 2008. The presentation begins by naming the different domains of security and an explanation of C.I.A. A graphical illustration of how attack sophistication vs intruder knowledge has changed between 1990 and 2004 is given. The presentation ends with an explanation of what the security theater is and a few interesting IT security news.

TechnologieBusiness
1 von 16
…. we come in THE THEATER WE CALL SECURITY Presented by Evert Smith 21 July 2008
I N N T R O D theBreakdown U •whatisIS ? The light C •whatDoesitTake? The T Fu I Background - the person O - the skill
Background
the domains of security Security Management Practices Security Architecture and Models Preventive Maintenance Application Development Security Operations Security Physical Security Cryptography Telecommunications, Network, and Internet Security Business Continuity Planning Law, Investigations, and Ethics
Security is about C.I.A Risk drives infosec Decisions & Importance decided by the C.I.A factor Confidentiality Examples of C.I.A Integrity Availability - Email interception - Cheque fraud - Messy computer room
* C++ #include <iostream> * Assembly int main() IDEAL * awk { MODELWindows API (in Borland Pascal) World!” } BEGIN Hello; program { print “Hello * SMALL std::coutconst “Hello World!n”; << uses WinTypes, WinProcs; STACKszClassName = „PASCLASS32′; 100h } DATASEG WndProc(Window:export; Message, WParam: Word; function LParam: Longint): Longint; HWnd; * HW DB “hello, world”, 13, 10, „$‟ C++|C++/CLI var LPPaint : TPaintStruct; int main() : HDC; CODESEGTheDC begin WndProc := 0; { Begin: case Message of wm_Destroy: System::Console::WriteLine(”Hello World!”); MOV AX, @data begin PostQuitMessage(0); } MOV DS, AX Exit; end; wm_Paint: MOV DX, OFFSET HW begin TheDC := BeginPaint(Window, LPPaint); MOV AH, 09H 5, 5, „hello, world‟, 12); TextOut(TheDC, Why doINT 21H issues ? (I’ve been using this for years – cuz it hasn’t we have end; end; changed)MOV AX, 4C00H WndProc := DefWindowProc(Window, Message, WParam, LParam); end; procedure WinMain; • TechnologyHWnd; becoming more complex → SLOC var INT 21HWindow: Message: TMsg; END Begin TWndClass = ( • The Internet not designed to be safe → Redundancy const WindowClass: style: 0; • Socio-economical changes → Social networks lpfnWndProc: @WndProc; cbClsExtra: 0; cbWndExtra: 0; • Rushed, Like Whatever → Time is money hInstance: 0; hIcon: 0; hCursor: 0; hbrBackground: 0; lpszMenuName: szClassName;
Entropy: Viruses Patches Spam Phishing / Pharming Hoaxes Apathy Malware/Spyware Hackers
Are you contributing?
Who is credited in being the father of the Internet? Arpanet, Vint Cerf, Bob Khan et al (1975 TCP/IP) Who invented the mouse ? Douglas Engelbart (1964) Who invented e-mail? Ray Tomlinson (1971) Who invented the WWW<html> Tim Brenners-Lee (1988)
Security theater consists of security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security Who says nucular ? Security Theater • Your desk – good defence against nucular attacks •Airports in the US i.e. Liquid ban, profiling. Gun-shirts •Shopping malls intensly in your face i.e. Bag checks, guards in gene • Personal computer security – it’s a joke
Security Theater – the human touch • Security design is about psychology - ignored and exploited • The pig vs Security
• Unpatched Windows PCs "Own3d" In Less Than Four Minutes (or Maybe 16 Hours) t • Spammer Gets 30 Months for Inundating AOL • Charges Against New Zealand Botmaster Dropped • Rogue Employee Locks San Francisco's Network • Review site furious over McAfee SiteAdvisor 'false alert‘ • Facebook Bug Exposes Members' Data
#!/bin/bash # Funcion to prompt questions from audience and appear # to look intelligent while [ ! –lt audience. bored ] do verbose answering of questions sleep like forever done echo “That’s All Folks. Thanks for Listening.” ….this is where
#!/bin/bash “It’s a pity you have to pay for awesomeness” evert@sensepost.com ….this is where 

Empfohlen

Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
SensePost
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
SensePost
 
Setiri : Advances in trojan technology
Setiri : Advances in trojan technologySetiri : Advances in trojan technology
Setiri : Advances in trojan technology
SensePost
 
The game has changed
The game has changedThe game has changed
The game has changed
SensePost
 
Clobbering the Cloud
Clobbering the CloudClobbering the Cloud
Clobbering the Cloud
SensePost
 
Pushing a camel through the eye of a needle
Pushing a camel through the eye of a needlePushing a camel through the eye of a needle
Pushing a camel through the eye of a needle
SensePost
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summary
SensePost
 
objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile exploration
SensePost
 

Empfohlen

Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
SensePost
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
SensePost
 
Setiri : Advances in trojan technology
Setiri : Advances in trojan technologySetiri : Advances in trojan technology
Setiri : Advances in trojan technology
SensePost
 
The game has changed
The game has changedThe game has changed
The game has changed
SensePost
 
Clobbering the Cloud
Clobbering the CloudClobbering the Cloud
Clobbering the Cloud
SensePost
 
Pushing a camel through the eye of a needle
Pushing a camel through the eye of a needlePushing a camel through the eye of a needle
Pushing a camel through the eye of a needle
SensePost
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summary
SensePost
 
objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile exploration
SensePost
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based Application
SensePost
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17
SensePost
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
SensePost
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana Attacks
SensePost
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
SensePost
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
SensePost
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
SensePost
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
SensePost
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
SensePost
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented Defence
SensePost
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine clouds
SensePost
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
SensePost
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) Pwnage
SensePost
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application Hacking
SensePost
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
SensePost
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and Defences
SensePost
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2
SensePost
 
State of the information security nation
State of the information security nationState of the information security nation
State of the information security nation
SensePost
 
OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?
SensePost
 
Security threats facing SA businessess
Security threats facing SA businessessSecurity threats facing SA businessess
Security threats facing SA businessess
SensePost
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 

Weitere ähnliche Inhalte

Mehr von SensePost

Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
SensePost
 

Mehr von SensePost (20)

Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based Application
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana Attacks
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented Defence
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine clouds
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) Pwnage
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application Hacking
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and Defences
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2
 
State of the information security nation
State of the information security nationState of the information security nation
State of the information security nation
 
OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?
 
Security threats facing SA businessess
Security threats facing SA businessessSecurity threats facing SA businessess
Security threats facing SA businessess
 

Kürzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Kürzlich hochgeladen (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

The theater we call security

  • 1. …. we come in THE THEATER WE CALL SECURITY Presented by Evert Smith 21 July 2008
  • 2.
  • 3. I N N T R O D theBreakdown U •whatisIS ? The light C •whatDoesitTake? The T Fu I Background - the person O - the skill
  • 5. the domains of security Security Management Practices Security Architecture and Models Preventive Maintenance Application Development Security Operations Security Physical Security Cryptography Telecommunications, Network, and Internet Security Business Continuity Planning Law, Investigations, and Ethics
  • 6. Security is about C.I.A Risk drives infosec Decisions & Importance decided by the C.I.A factor Confidentiality Examples of C.I.A Integrity Availability - Email interception - Cheque fraud - Messy computer room
  • 7. * C++ #include <iostream> * Assembly int main() IDEAL * awk { MODELWindows API (in Borland Pascal) World!” } BEGIN Hello; program { print “Hello * SMALL std::coutconst “Hello World!n”; << uses WinTypes, WinProcs; STACKszClassName = „PASCLASS32′; 100h } DATASEG WndProc(Window:export; Message, WParam: Word; function LParam: Longint): Longint; HWnd; * HW DB “hello, world”, 13, 10, „$‟ C++|C++/CLI var LPPaint : TPaintStruct; int main() : HDC; CODESEGTheDC begin WndProc := 0; { Begin: case Message of wm_Destroy: System::Console::WriteLine(”Hello World!”); MOV AX, @data begin PostQuitMessage(0); } MOV DS, AX Exit; end; wm_Paint: MOV DX, OFFSET HW begin TheDC := BeginPaint(Window, LPPaint); MOV AH, 09H 5, 5, „hello, world‟, 12); TextOut(TheDC, Why doINT 21H issues ? (I’ve been using this for years – cuz it hasn’t we have end; end; changed)MOV AX, 4C00H WndProc := DefWindowProc(Window, Message, WParam, LParam); end; procedure WinMain; • TechnologyHWnd; becoming more complex → SLOC var INT 21HWindow: Message: TMsg; END Begin TWndClass = ( • The Internet not designed to be safe → Redundancy const WindowClass: style: 0; • Socio-economical changes → Social networks lpfnWndProc: @WndProc; cbClsExtra: 0; cbWndExtra: 0; • Rushed, Like Whatever → Time is money hInstance: 0; hIcon: 0; hCursor: 0; hbrBackground: 0; lpszMenuName: szClassName;
  • 10.
  • 11. Who is credited in being the father of the Internet? Arpanet, Vint Cerf, Bob Khan et al (1975 TCP/IP) Who invented the mouse ? Douglas Engelbart (1964) Who invented e-mail? Ray Tomlinson (1971) Who invented the WWW<html> Tim Brenners-Lee (1988)
  • 12. Security theater consists of security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security Who says nucular ? Security Theater • Your desk – good defence against nucular attacks •Airports in the US i.e. Liquid ban, profiling. Gun-shirts •Shopping malls intensly in your face i.e. Bag checks, guards in gene • Personal computer security – it’s a joke
  • 13. Security Theater – the human touch • Security design is about psychology - ignored and exploited • The pig vs Security
  • 14. • Unpatched Windows PCs "Own3d" In Less Than Four Minutes (or Maybe 16 Hours) t • Spammer Gets 30 Months for Inundating AOL • Charges Against New Zealand Botmaster Dropped • Rogue Employee Locks San Francisco's Network • Review site furious over McAfee SiteAdvisor 'false alert‘ • Facebook Bug Exposes Members' Data
  • 15. #!/bin/bash # Funcion to prompt questions from audience and appear # to look intelligent while [ ! –lt audience. bored ] do verbose answering of questions sleep like forever done echo “That’s All Folks. Thanks for Listening.” ….this is where
  • 16. #!/bin/bash “It’s a pity you have to pay for awesomeness” evert@sensepost.com ….this is where 