When Vulnerability Disclosure Gets Ugly For CNIT 123 1-17-2015 All materials posted at samsclass.info and free to use.

Slides:



Advertisements
Similar presentations
MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Advertisements

Slide 1 FastFacts Feature Presentation February 21, 2013 To dial in, use this phone number and participant code… Phone number: Participant.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.
Sex Offender Registration and Community Notification Meeting The purpose of community notification is to provide information to protect you and your family,
United States v. Nosal. The Nosal Fact Pattern Korn/Ferry computer Confidential information and trade secrets Authorized access by users logging in with.
1 ENFORCING SOCIAL MEDIA AND COMPUTER USAGE POLICIES Haley R. Van Loon BrownWinick 666 Grand Avenue, Suite 2000 Des Moines, IA Telephone:
Infotex Awareness Training Tools. m.infotex.com/tools Information Security Tools.
Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
Using e-journals Birkbeck Library. Using e-journals: outline of session What are journals / ejournals? Understanding a journal reference Finding a specific.
CSC101 FINAL PROJECT by Sally Fletcher & Nicole Seguin December 11 th, 2003.
Best Practices – Overview
DePaul Bears Try Your Luck!. Why buy this product? Approximately 1,000,000 cell phone users Approximately 2,000,000 or more people play the lottery New.
Case #2- Prescription Renewal. John is a 45 year old male who has no refills left on his anti- hypertensive medications. He decided to phone his local.
Legal Issues Concerning Minors For STD Workers ISDH STD Prevention Program 2014.
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
Teenangel Gabriella. AIM is an instant messaging system. You have to be thirteen years old to use AIM. Besides sending messages, AIM is also used to tell.
Avon Foundation for Women Breast Health Outreach Program Online Application Tutorial.
Spam and The Computer Fraud and Abuse Act Richard Warner.
CS105 Lab 1 – Introduction Section: ??? TA: ??? ??? Announcements CITES Accounts Compass Netfiles Other Administrative Information CS105 Fall
Off campus access to journals using your University login “It keeps asking me for money, but I’ve been told we should get it for free!” – a frequently.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
FERPA Questions and Answers Lenawee Data Camps June and August, 2009.
The Significance and Evolution of End User Privacy Julie Earp College of Management North Carolina State University WISE 2010 Sponsored by TRUST June 21-24,
Stupid Whitehat Tricks HOPE X July 20, How it Started 2011.
Safe Use of Social Media Cadets – Air Force’s Future.
Immunization Data Exchange (BYIM v 2.0*1) Transporting the Message to the IIS Nathan Bunker & John Parker Updated 08/05/2011.
AY Year  The administration period runs for two weeks in the 14 –weeks sessions (fall and spring) and six calendar days in other sessions. 
 Research on the best software that suits your preference. I recommend Adobe Dreamweaver as that is what I’m using to create my website.
Security Problems at Colleges All materials posted at samsclass.info and free to use.
CODE OF CONDUCT TRAINING. We conduct our global business honestly, ethically and legally, believing that good ethics is good business. The Company’s Philosophy.
Department of Commerce & Consumer Affairs Business Registration Division Commissioner of Securities Office Investor Education Program.
CASE – year old charged with hacking Prosecutors: Katrina Prather Sterlin Sanders John Young.
Web Applications Testing By Jamie Rougvie Supported by.
At the Log in page enter your college provided username and password then click submit to login to Owl Link.
Talk to friends family coworkers managers Read handouts websites Read Talk Challenge both sides.
Computer Fraud and Abuse Act Richard Warner. Liability under the CFAA  1030(a)(2)(C) imposes liability on whoever “intentionally accesses a computer.
Hi! I’m Scooter and I will walk you through the new ONLINE attendance program known as Aeries. Start by double clicking on the Aeries icon on your desktop.
Los Angeles Times v. Free Republic Katy Clevenger Fall 2011 Introduction to Library and Information Science.
Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.
1 ENFORCING SOCIAL MEDIA AND COMPUTER USAGE POLICIES Haley R. Van Loon BrownWinick 666 Grand Avenue, Suite 2000 Des Moines, IA Telephone:
The Legalities of using U.S.(foreign) Servers with Canadian students by Erin Gibbs and Rob Airey.
Personal Privacy and the Public Internet John E. Carter Kennesaw State University IT 3700.
Databases vs the Internet. QUESTION: What is the main difference between using library databases and search engines? ANSWER: Databases are NOT the Internet.
User Name Password Login Forget your password? Join the Take-Me-Home Community Enjoy you time out with your friend and family Get you and your car home.
CODE OF CONDUCT TRAINING We conduct our global business honestly, ethically and legally, believing that good ethics is good business. The Company’s Philosophy.
Cyberbullying and the First Amendment Community Legal Education Program Nebraska College of Law.
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
Module 4 Creating EMC Files, Uploading EMC Files and Downloading Reports PC-ACE Pro32.
STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.
1 1.Log in to the computer in front of you –Temp account: 210class / 2.Update your in Cascadia's system –If I need to you I'll use.
Identity Theft: How Vulnerable are you? Ronald J. Leach.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
Census – Summer Agenda Overview School Census 2016 Dummy Run Create and Validate Return Break Identify and analyse validation errors Detail and.
A Gift of Fire, 2edChapter 7: Computer Crime1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical Issues for Computers and the.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
18 USC § 1030 Computer Fraud and Abuse Act
When Vulnerability Disclosure Gets Ugly
Wordpress.
Yahoo Mail Is Not Working Support number
Check the buttons at the bottom of your Alert
is not secure is not secure..
Chapter 3: Business Ethics, Social Forces, and the Law
The logistics of applying to college
Go to Type in the journal name.
Open Google Chrome and go to the Woodbridge High School website Login = username for logging into the computer Password = password (change it via edit.
Vulnerability in an Android App I Found last November - Attack and Countermeasure - Ken Okuyama Sony Digital Network Applications.
Cleaning Up the Internet of Evil Things
Presentation transcript:

When Vulnerability Disclosure Gets Ugly For CNIT All materials posted at samsclass.info and free to use

Obvious Security Problems Cold Calls All materials posted at samsclass.info and free to use

Old Wordpress Version Wall Street Journal – Wordpress version from 2012 – Ty Ryan Satterfield All materials posted at samsclass.info and free to use

SQLi on Pastebin All materials posted at samsclass.info and free to use

Websmart, Inc. and 100,000 Vulnerable Websites All materials posted at samsclass.info and free to use

Pharma Infections at Colleges All materials posted at samsclass.info and free to use

19 Colleges Infected with Pharma 5 Fixed within a few weeks 7 Fixed within 8 months 7 Still Infected on All materials posted at samsclass.info and free to use

Infections at UC Santa Cruz All materials posted at samsclass.info and free to use

UCSC cleaned their server Re-infected a week later NEED ROOT CAUSE ANALYSIS All materials posted at samsclass.info and free to use

Many More Pharma Infections Dozens of other schools, businesses, foreign sites, etc. infect.htm#19more All materials posted at samsclass.info and free to use

Exposed Data All materials posted at samsclass.info and free to use

Exposed Error Logs Can leak cookies Even when secured by HTTPS All materials posted at samsclass.info and free to use

Google Dork for Exposed ELMAH Pages All materials posted at samsclass.info and free to use

Exposed Student Data All materials posted at samsclass.info and free to use

Exposed Password Hash All materials posted at samsclass.info and free to use

Plaintext Login Pages at Colleges All materials posted at samsclass.info and free to use

Insecure Login Pages at Colleges 90 colleges notified in Dec, 2013 All materials posted at samsclass.info and free to use

Big Names Cornell Johns Hopkins Stanford UC Berkeley All materials posted at samsclass.info and free to use

Results 7 months after notification: 16/57 plaintext login pages fixed or improved (28%) 8/33 mixed login pages fixed or improved (24%) All materials posted at samsclass.info and free to use

Other Problems All materials posted at samsclass.info and free to use

ActiveMQ Free open-source middleware from Apache A Defcon talk said it was often insecure, so I looked on SHODAN to see All materials posted at samsclass.info and free to use

Real Check Data? All materials posted at samsclass.info and free to use

Wordpress Bots All materials posted at samsclass.info and free to use

>2000 WordPress Bots Thanks to Steven Veldkamp All materials posted at samsclass.info and free to use

WordPress Has Known for 7 Years All materials posted at samsclass.info and free to use

Open DNS Resolvers at Colleges All materials posted at samsclass.info and free to use

Results Seven months after notification 38% decrease in open resolvers, from a total of 682 to 421 All materials posted at samsclass.info and free to use

Results After 4 Days 4/19 colleges improved their rating 3 s returned (but one of them improved) 4 responses, 2 hostile, 2 friendly All materials posted at samsclass.info and free to use

HIPAA Violation at LSU All materials posted at samsclass.info and free to use

Open FTP Server with Medical Data All materials posted at samsclass.info and free to use

Reaction I notified them on June 17, 2014 No reply, but server was down 4 hours later Then on Aug All materials posted at samsclass.info and free to use

Reaction All materials posted at samsclass.info and free to use

John Poffenbarger All materials posted at samsclass.info and free to use

John Poffenbarger I encourage you to promptly investigate after publicly denouncing any such behaviors, as I would not expect an institution to accept, endorse, or tolerate any such actions. I would have to wonder how this would affect the moral judgment of your graduating students entering the workforce. All materials posted at samsclass.info and free to use

LSU Legal Notice All materials posted at samsclass.info and free to use

I Protested – To the reporter – To the CEO of his newspaper – To the Feds, against LSU, for HIPAA whistleblower retaliation After a few days, it was clear that none of this was going to do any good All materials posted at samsclass.info and free to use

I Believed 1.My actions were 100% lawful 2.Newspapers can't just publish complete lies and get away with it 3.I enjoyed HIPAA whistleblower protection 4.I'm in real trouble now, time to call a lawyer All materials posted at samsclass.info and free to use

Computer Fraud and Abuse Act (a) Whoever— – (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains— – (C) information from any protected computer; shall be punished as provided in subsection (c) of this section. (2) the term “protected computer” means a computer— – (B) which is used in or affecting interstate or foreign commerce or communication

All materials posted at samsclass.info and free to use

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.