SlideShare ist ein Scribd-Unternehmen logo

ICT security and Open Data

SecuRing
SecuRing

This document discusses security risks related to open data systems. It provides examples of risks such as website defacement, malware serving, denial of service attacks, unauthorized data modification, data scraping, and re-identification of anonymized data. The document advocates defining security requirements during the design process to check for security and conduct testing before deployment. This will help address risks like data breaches, malware, and loss of user trust in open data systems.

Internet
1 von 27
ICT Security and Open Data Should we care? Wojciech Dworakowski
2 Who am I?
3 Agenda Open Data systems IT security risks  by examples What is security? How to achieve it?
Source: http://news.softpedia.com/ 4 Polish Ministry of Work and Social Policy (2008) Defacement Źródło: http://www.dawidd.master.pl/ Źródło: http://www.niebezpiecznik.pl
5 Malware serving User visiting infected website can be attacked Example: „Nearly 100 Thai Government websites were hacked and used to serve malware last month. More than 500 distinct attacks were launched from these websites” Source: http://news.netcraft.com/archives/2014/05/06/thai-government-websites-infested- with-malware.html
6 Malware hosting Source: W.Dworakowski, SecuRing
7 Impact Loss of reputation Loss of users’ trust Loss of PageRank
8 Denial of service DDoS (Distributed Denial of Service) Ex: Latvia (2008), South Korea (2009), Ukraine (2014) • Multiple connections from around the world • Relatively easy to launch • Difficult to fight and expensive to protect
9 Is it difficult?
10 Too Open Data Source: http://news.bbc.co.uk/2/hi/technology/8533641.stm
11 Was it difficult? 7,4 mln tax records leaked ~ 120 GB of tax data „Hacking” script: for i in {1..7500000}; do wget http://www2.vid.gov.lv/eds/Pages/GetDuf.aspx?id=$i; done
12 Unauthorized modification of data System for recruitment to high schools in Poland Possibility to modify candidate’s grades Source: niebezpiecznik.pl
13 Unauthorized modification of data Consider more sensitive systems, e.g.: • Legal Register of Companies • Statistical data • National election results (realtime)
14 Data mining scraping Polish Land Registry
15 Data scraping Access to: • Property data • Owners’ data (including ID, address) • Mortgage data (amount, bank, date) But… user has to: • Know register number • Enter captcha Incremental with one control digit Could be bypassed (in the past) or human solved (about 2$ / 1000 captchas)
16 18722717 indexed land registers. Collected data: 31066649 plots, 1628061 buildings, 6812230 premises. About 7 EUR / record
17 Deanonymization & Re-identification Statistical methods of analysis Finding unique user „fingerprint” Corelation with other datasets 87% of US citizens has unique combination of: gender, ZIP, date of birth* * Latanya Sweeney, Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
18 Example Anonymized hospital data Voter registration list • Name • Address • Gender • ZIP • Birth date Massachusetts Governor William Weld  6 people has it’s birth date  3 of them were men  Only 1 with Cambridge ZIP • Medical procedures • Gender • ZIP • Birth date From Latanya Sweeney research paper: Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
How to lower security risks?
20 We can politely ask ;) "We would like to ask those who would like to deface this Open Data [website], Open Data is your data. This is the public’s data about you, so I don’t think it’s in the interest of the Filipinos to damage the information that we have.” Presidential Spokesperson Edwin Lacierda Source: http://www.rappler.com/nation/48454-hackers-open-data
21 Cost of software bugs Project definition Development Design Maintenance Deployment Verify requirements Define security requirements Security testing
22 What does it mean „secure”? Each system is different Not all risks are equally important • Website defacement / Malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification • …
23 How to define security? Who? How? Why? Attack scenarios Attacker Goals  Who can attack our system?  Why? What is motivation?  How attackers can achieve their goals?
24 How to define security? Who? How? Why? Attack scenarios Attacker Goals Countermeasures  What should be done to stop those attacks?  Security requirements
25 Summary 1. Define security requirements 2. Check them during design & development 3. Test security before deployment
26 Summary Examples of risks to consider: • Website defacement / malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification
27 Open data security Should we care? http://www.securing.pl e-mail: info@securing.pl Jontkowa Górka 14a 30-224 Kraków tel. (12) 4252575 fax. (12) 4252593 Wojciech Dworakowski wojciech.dworakowski@securing.pl tel. 506 184 550

Empfohlen

SLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for PrivacySLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for PrivacySLVA Information Security
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingRebecca Leitch
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Risk Crew
 
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...South Tyrol Free Software Conference
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ictAten Kecik
 
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...SecuRing
 

Empfohlen

SLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for PrivacySLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for PrivacySLVA Information Security
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingRebecca Leitch
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Risk Crew
 
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...South Tyrol Free Software Conference
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ictAten Kecik
 
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...SecuRing
 
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...Arief Gunawan
 
Open Education and the Role of ICT
Open Education and the Role of ICTOpen Education and the Role of ICT
Open Education and the Role of ICTMart Laanpere
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideSecuRing
 
Info2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemsInfo2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemssaltashict
 
Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Keerthi Delwatta
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Dr. Shalini Pandey
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtDaniela Silva
 
ICT in Education
ICT in EducationICT in Education
ICT in EducationHertiki Marsaid
 
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsTen Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsSecuRing
 
The impact of ICT in education
The impact of ICT in educationThe impact of ICT in education
The impact of ICT in educationIngrid Noguera
 
INTRODUCTION TO ICT
INTRODUCTION TO ICTINTRODUCTION TO ICT
INTRODUCTION TO ICTKak Yong
 
Information and communication technology:a class presentation
Information and communication technology:a class presentationInformation and communication technology:a class presentation
Information and communication technology:a class presentationSelim Reza Bappy
 
ICT in Education ppt
ICT in Education pptICT in Education ppt
ICT in Education pptHamid Zaib
 
Ict ppt
Ict pptIct ppt
Ict pptkrishankasotia
 
ICT in Education
ICT in EducationICT in Education
ICT in EducationOllie Bray
 
Integration of ICT in Teaching and Learning
Integration of ICT in Teaching and LearningIntegration of ICT in Teaching and Learning
Integration of ICT in Teaching and LearningSt.Xavier's College , Palayamkottai - 627 002
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bankshreemala1
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 

Weitere ähnliche Inhalte

Andere mochten auch

Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...Arief Gunawan
 
Open Education and the Role of ICT
Open Education and the Role of ICTOpen Education and the Role of ICT
Open Education and the Role of ICTMart Laanpere
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideSecuRing
 
Info2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemsInfo2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemssaltashict
 
Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Keerthi Delwatta
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Dr. Shalini Pandey
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtDaniela Silva
 
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsTen Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsSecuRing
 
The impact of ICT in education
The impact of ICT in educationThe impact of ICT in education
The impact of ICT in educationIngrid Noguera
 
INTRODUCTION TO ICT
INTRODUCTION TO ICTINTRODUCTION TO ICT
INTRODUCTION TO ICTKak Yong
 
Information and communication technology:a class presentation
Information and communication technology:a class presentationInformation and communication technology:a class presentation
Information and communication technology:a class presentationSelim Reza Bappy
 
ICT in Education ppt
ICT in Education pptICT in Education ppt
ICT in Education pptHamid Zaib
 
ICT in Education
ICT in EducationICT in Education
ICT in EducationOllie Bray
 

Andere mochten auch (17)

Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
 
Open Education and the Role of ICT
Open Education and the Role of ICTOpen Education and the Role of ICT
Open Education and the Role of ICT
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guide
 
Info2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemsInfo2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systems
 
Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
 
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-Art
 
ICT in Education
ICT in EducationICT in Education
ICT in Education
 
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsTen Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
 
The impact of ICT in education
The impact of ICT in educationThe impact of ICT in education
The impact of ICT in education
 
INTRODUCTION TO ICT
INTRODUCTION TO ICTINTRODUCTION TO ICT
INTRODUCTION TO ICT
 
Information and communication technology:a class presentation
Information and communication technology:a class presentationInformation and communication technology:a class presentation
Information and communication technology:a class presentation
 
ICT in Education ppt
ICT in Education pptICT in Education ppt
ICT in Education ppt
 
Ict ppt
Ict pptIct ppt
Ict ppt
 
ICT in Education
ICT in EducationICT in Education
ICT in Education
 
Integration of ICT in Teaching and Learning
Integration of ICT in Teaching and LearningIntegration of ICT in Teaching and Learning
Integration of ICT in Teaching and Learning
 

Ähnlich wie ICT security and Open Data

7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bankshreemala1
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
 
Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Matthew Lease
 
Attacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdfAttacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdfssuser264cc11
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxSohamChakraborty61
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensivesidraasif9090
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachUlf Mattsson
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas mariaidga
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
Bagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdfBagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdfAyushSingh224545
 

Ähnlich wie ICT security and Open Data (20)

7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences.
 
Attacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdfAttacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdf
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensive
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Bagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdfBagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdf
 

Mehr von SecuRing

Developer in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersDeveloper in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersSecuRing
 
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!SecuRing
 
Developer in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON NameDeveloper in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON NameSecuRing
 
Is persistency on serverless even possible?!
Is persistency on serverless even possible?!Is persistency on serverless even possible?!
Is persistency on serverless even possible?!SecuRing
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!SecuRing
 
0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS EnvironmentsSecuRing
 
Developer in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 editionDeveloper in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 editionSecuRing
 
20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy MechanismsSecuRing
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?SecuRing
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy MechanismsSecuRing
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defenseSecuRing
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsSecuRing
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleSecuRing
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainSecuRing
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsSecuRing
 
Budowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOSBudowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOSSecuRing
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.SecuRing
 
Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsSecuRing
 

Mehr von SecuRing (20)

Developer in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersDeveloper in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4Developers
 
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
 
Developer in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON NameDeveloper in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON Name
 
Is persistency on serverless even possible?!
Is persistency on serverless even possible?!Is persistency on serverless even possible?!
Is persistency on serverless even possible?!
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!
 
0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments
 
Developer in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 editionDeveloper in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 edition
 
20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defense
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS apps
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scale
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
 
Budowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOSBudowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOS
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.
 
Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS Apps
 

Kürzlich hochgeladen

Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolinonuriaiuzzolino1
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptxAsmae Rabhi
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 

Kürzlich hochgeladen (20)

Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 

ICT security and Open Data

  • 1. ICT Security and Open Data Should we care? Wojciech Dworakowski
  • 2. 2 Who am I?
  • 3. 3 Agenda Open Data systems IT security risks  by examples What is security? How to achieve it?
  • 4. Source: http://news.softpedia.com/ 4 Polish Ministry of Work and Social Policy (2008) Defacement Źródło: http://www.dawidd.master.pl/ Źródło: http://www.niebezpiecznik.pl
  • 5. 5 Malware serving User visiting infected website can be attacked Example: „Nearly 100 Thai Government websites were hacked and used to serve malware last month. More than 500 distinct attacks were launched from these websites” Source: http://news.netcraft.com/archives/2014/05/06/thai-government-websites-infested- with-malware.html
  • 6. 6 Malware hosting Source: W.Dworakowski, SecuRing
  • 7. 7 Impact Loss of reputation Loss of users’ trust Loss of PageRank
  • 8. 8 Denial of service DDoS (Distributed Denial of Service) Ex: Latvia (2008), South Korea (2009), Ukraine (2014) • Multiple connections from around the world • Relatively easy to launch • Difficult to fight and expensive to protect
  • 9. 9 Is it difficult?
  • 10. 10 Too Open Data Source: http://news.bbc.co.uk/2/hi/technology/8533641.stm
  • 11. 11 Was it difficult? 7,4 mln tax records leaked ~ 120 GB of tax data „Hacking” script: for i in {1..7500000}; do wget http://www2.vid.gov.lv/eds/Pages/GetDuf.aspx?id=$i; done
  • 12. 12 Unauthorized modification of data System for recruitment to high schools in Poland Possibility to modify candidate’s grades Source: niebezpiecznik.pl
  • 13. 13 Unauthorized modification of data Consider more sensitive systems, e.g.: • Legal Register of Companies • Statistical data • National election results (realtime)
  • 14. 14 Data mining scraping Polish Land Registry
  • 15. 15 Data scraping Access to: • Property data • Owners’ data (including ID, address) • Mortgage data (amount, bank, date) But… user has to: • Know register number • Enter captcha Incremental with one control digit Could be bypassed (in the past) or human solved (about 2$ / 1000 captchas)
  • 16. 16 18722717 indexed land registers. Collected data: 31066649 plots, 1628061 buildings, 6812230 premises. About 7 EUR / record
  • 17. 17 Deanonymization & Re-identification Statistical methods of analysis Finding unique user „fingerprint” Corelation with other datasets 87% of US citizens has unique combination of: gender, ZIP, date of birth* * Latanya Sweeney, Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
  • 18. 18 Example Anonymized hospital data Voter registration list • Name • Address • Gender • ZIP • Birth date Massachusetts Governor William Weld  6 people has it’s birth date  3 of them were men  Only 1 with Cambridge ZIP • Medical procedures • Gender • ZIP • Birth date From Latanya Sweeney research paper: Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
  • 19. How to lower security risks?
  • 20. 20 We can politely ask ;) "We would like to ask those who would like to deface this Open Data [website], Open Data is your data. This is the public’s data about you, so I don’t think it’s in the interest of the Filipinos to damage the information that we have.” Presidential Spokesperson Edwin Lacierda Source: http://www.rappler.com/nation/48454-hackers-open-data
  • 21. 21 Cost of software bugs Project definition Development Design Maintenance Deployment Verify requirements Define security requirements Security testing
  • 22. 22 What does it mean „secure”? Each system is different Not all risks are equally important • Website defacement / Malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification • …
  • 23. 23 How to define security? Who? How? Why? Attack scenarios Attacker Goals  Who can attack our system?  Why? What is motivation?  How attackers can achieve their goals?
  • 24. 24 How to define security? Who? How? Why? Attack scenarios Attacker Goals Countermeasures  What should be done to stop those attacks?  Security requirements
  • 25. 25 Summary 1. Define security requirements 2. Check them during design & development 3. Test security before deployment
  • 26. 26 Summary Examples of risks to consider: • Website defacement / malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification
  • 27. 27 Open data security Should we care? http://www.securing.pl e-mail: info@securing.pl Jontkowa Górka 14a 30-224 Kraków tel. (12) 4252575 fax. (12) 4252593 Wojciech Dworakowski wojciech.dworakowski@securing.pl tel. 506 184 550