Whitehat Vigilante BayThreat Dec. 10, 2011. Executive Summary This talk has no – Demos – Exploits – 1337ness It's just a sermon about social skills –

Slides:



Advertisements
Similar presentations
Whitehat Vigilante and The Breach that Wasn't HI-TEC July 26, 2012.
Advertisements

Ethical Hacking: New Web 2.0 Attacks and Defenses HI-TEC 2011.
Prescription for Criminal Justice Forensics. The government has all but declared a national state of emergency regarding computer-related crimes and has.
Student plagiarism in Norwegian universities and university colleges: What works, what doesn’t work, what still needs to be done Jude Carroll KTH & Oxford.
ANTI- BULLYING WEEK CYBER BULLYING 16 – 20 November 2009.
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
How to Respond to Disruptive, Threatening or Violent Behavior 2013 Presented by Scott M. Drucker, Esq. Arizona Association of REALTORS®
COMPUTER CRIME An Overview Agenda u Background and History u Potential Criminals u Ethics Survey u Criminal Activity u Preventative Measures u Background.
Internet Safety/Cyber Ethics
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense
1 Telstra in Confidence Managing Security for our Mobile Technology.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Social Networking: Risks and realities Nick Barron
The Business of Penetration Testing
Yes No Yes No Yes No Yes No Yes No Yes No Yes No.
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Rich Gallagher Point of Contact Group
Background The value and importance adolescent girls place on their friendships has been well documented as has the prevalence of indirect aggression in.
Introduction to Computer Ethics
Stupid Whitehat Tricks HOPE X July 20, How it Started 2011.
Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.
Parts taken from Human Behavior 2ed Chapter 22 Effort and Ethics.
Perky Perko Placement Co Employment Training Agency.
Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
Hands-on SQL Injection Attack and Defense Winter ICT Educator Conference Jan. 3-4, 2013.
Human Behavior Communication/ Conflict.  How you deal with conflict comes from your unique personality and what you learned growing up.  How is your.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009.
Ethical Hacking Han Li  Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action.
Security for Online Games Austin GDC, September 2009 Tim Ray, CISSP.
MVHS Career Night 2015 Information Security. Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.
Crown Prosecution Service Violence against Women and Girls Jude Watson Violence against Women and Girls Strategy Manager.
Presents Ethical Hacking 1 For Inplant Training / Internship, please download the "Inplant training registration form" from our.
The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon, Steve Wozniak Kevin D. MitnickWilliam L. SimonSteve.
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.
Security Insights: User Security. Users – the Achilles heel Users interaction Security technology protects: Machine Machine User > Machine Machine.
Soroush Dalili 9 Dec Computer Security MSc. of Birmingham University.
Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:
Black + White = Grey Ethical Issues Surrounding the Creation and Distribution of Hacker Tools Used in Distributed Denial of Service Attacks Joseph Levine.
CYBERBULLYING Introduction to Cyberbullying CYBERBULLYING ASSEMBLY.
CM1240: Workplace Communications Types of Messages.
The Hacking Suite For Governmental Interception. The pain: the impact of encryption on Law Enforcement and National Security FBI - Statement Before the.
The Hacking Suite For Governmental Interception. Which are todays challenges? Encryption Cloud Mobility.
Threats to computers Andrew Cormack UKERNA.
DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat
John Butters Running Tiger Teams
How to build a defense-in-depth
Cyber Security in New Jersey State Government
Network Intrusion Responder Program
Cultural Tips “We are MVNU” MVNU Lifestyle Guidelines
Hands-On Ethical Hacking and Network Defense
Ransomware in Web Apps OWASP Singapore.
Firewalls and Security
S.14 Prostitution/Paying for Sex
S.14 Prostitution/Paying for Sex
Prostitution/Paying for Sex
ECCouncil v10 Certified Ethical Hacker Exam (CEH V10) Get certified in one attempt!
Presentation transcript:

Whitehat Vigilante BayThreat Dec. 10, 2011

Executive Summary This talk has no – Demos – Exploits – 1337ness It's just a sermon about social skills – Ethics – Legality – Attitude

Bio

PBS Hacked

Attitudes

Blend In: Hide Image from presenceinbusiness.com

Make Your Own Rules Images from listentoleon.net & anpop.com

Cyber-Terrorists Masked Mobs Create fear Cause paranoia Intimidate critics into silence

Lone Vigilantes

Nobody's Right if Everybody's Wrong Buffalo Springfield image from freewebs.com

The Middle Way

Laws From cybercrime.gov

CISSP Code of Ethics

Cold Calls

Find Vulnerable Sites Dumped on Pastebin

Verify the Vulnerability Do NOT explore any further Actually injecting commands is a crime

Find a Contact Address

My Letter

Letter Design Simple management-level summary of the problem No technical details Give your real name & contact information Don't demand anything Don't make any threats

Pilot Study 3 days after notification 7/23 Fixed (30%) –

Student Projects Done by CISSP-prep students at CCSF Contacted over 200 sites with SQL injections > 15% of them were fixed

Major Breaches or Vulnerabilities

Breaches or Vulnerabilities I Reported FBI (many times) UK Supreme Court Chinese Government Police departments (many of them) Other Courts CNN, PBS Apple Schools (many of them)

I Sought Personal Contacts

CERT

Positive Results Several good security contacts inside corporations, law enforcement, and government agencies Many problems fixed, several before they were exploited

Negative Results A few of my Twitter followers were offended and suspicious when I found so many high- profile vulnerabilities so fast Accusations – Performing unauthorized vulnerability scans – Peddling bogus security services – Betraying the USA All 100% false & baseless

Ethics Complaint

Fortuitous Timing

Recommendations for Cold Calls

Be Respectful No abuse or criticism Sincere desire to help Accept being ignored without protest Demand nothing Respect their right to leave their servers unpatched

Be Right Report clear-cut vulnerabilities, widely understood and important, like SQL Injection Do nothing illegal or suspicious – No vulnerability scans – No intrusion or exploits – Report only vulnerabilities that are already published by others

Clarity of Purpose Genuine desire to help the people you are contacting No hidden agenda – Desire to sell a product – Desire to belittle or mock – Dominate and control others – Plans to attack sites yourself – Revenge

Expect Abuse If you become visible in the hacking community, you are a target It doesn't matter what you say or do Many hackers are arrogant, insecure, and emotionally immature

Be Fearless Understand the importance of the sites you are helping Are they worth more than your – Inconvenience – Time expended – Exposure to criticism and humiliation

Acknowledgements I am very grateful for the support of CNIT, MPICT, and CCSF Especially – Carmen Lamha – Maura Devlin-Clancy – Pierre Thiry – James Jones – Tim Ryan It would be much simpler to just fire me than to support my mad actions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.