Presentation is loading. Please wait.

Presentation is loading. Please wait.

Whitehat Vigilante BayThreat Dec. 10, 2011. Executive Summary This talk has no – Demos – Exploits – 1337ness It's just a sermon about social skills –

Published byDwayne Hood Modified over 9 years ago

Similar presentations

Presentation on theme: "Whitehat Vigilante BayThreat Dec. 10, 2011. Executive Summary This talk has no – Demos – Exploits – 1337ness It's just a sermon about social skills –"— Presentation transcript:

1 Whitehat Vigilante BayThreat Dec. 10, 2011

2 Executive Summary This talk has no – Demos – Exploits – 1337ness It's just a sermon about social skills – Ethics – Legality – Attitude

3 Bio

4

5 PBS Hacked

6

7 Attitudes

8 Blend In: Hide Image from presenceinbusiness.com

9 Make Your Own Rules Images from listentoleon.net & anpop.com

10 Cyber-Terrorists Masked Mobs Create fear Cause paranoia Intimidate critics into silence

11 Lone Vigilantes

12 Nobody's Right if Everybody's Wrong Buffalo Springfield image from freewebs.com

13 The Middle Way

14 Laws From cybercrime.gov

15 CISSP Code of Ethics

16 Cold Calls

17 Find Vulnerable Sites Dumped on Pastebin

18 Verify the Vulnerability Do NOT explore any further Actually injecting commands is a crime

19 Find a Contact Address

20 My Letter

21 Letter Design Simple management-level summary of the problem No technical details Give your real name & contact information Don't demand anything Don't make any threats

22 Pilot Study 3 days after notification 7/23 Fixed (30%) – http://samsclass.info/lulz/cold-calls.htm

23 Student Projects Done by CISSP-prep students at CCSF Contacted over 200 sites with SQL injections > 15% of them were fixed

24 Major Breaches or Vulnerabilities

25 Breaches or Vulnerabilities I Reported FBI (many times) UK Supreme Court Chinese Government Police departments (many of them) Other Courts CNN, PBS Apple Schools (many of them)

26 I Sought Personal Contacts

27 CERT

28 Positive Results Several good security contacts inside corporations, law enforcement, and government agencies Many problems fixed, several before they were exploited

29 Negative Results A few of my Twitter followers were offended and suspicious when I found so many high- profile vulnerabilities so fast Accusations – Performing unauthorized vulnerability scans – Peddling bogus security services – Betraying the USA All 100% false & baseless

30 Ethics Complaint

31 Fortuitous Timing

32 Recommendations for Cold Calls

33 Be Respectful No abuse or criticism Sincere desire to help Accept being ignored without protest Demand nothing Respect their right to leave their servers unpatched

34 Be Right Report clear-cut vulnerabilities, widely understood and important, like SQL Injection Do nothing illegal or suspicious – No vulnerability scans – No intrusion or exploits – Report only vulnerabilities that are already published by others

35 Clarity of Purpose Genuine desire to help the people you are contacting No hidden agenda – Desire to sell a product – Desire to belittle or mock – Dominate and control others – Plans to attack sites yourself – Revenge

36 Expect Abuse If you become visible in the hacking community, you are a target It doesn't matter what you say or do Many hackers are arrogant, insecure, and emotionally immature

37 Be Fearless Understand the importance of the sites you are helping Are they worth more than your – Inconvenience – Time expended – Exposure to criticism and humiliation

38 Acknowledgements I am very grateful for the support of CNIT, MPICT, and CCSF Especially – Carmen Lamha – Maura Devlin-Clancy – Pierre Thiry – James Jones – Tim Ryan It would be much simpler to just fire me than to support my mad actions

Download ppt "Whitehat Vigilante BayThreat Dec. 10, 2011. Executive Summary This talk has no – Demos – Exploits – 1337ness It's just a sermon about social skills –"

Similar presentations

Whitehat Vigilante and The Breach that Wasn't HI-TEC July 26, 2012.

Whitehat Vigilante and The Breach that Wasn't HI-TEC July 26, 2012.
Ethical Hacking: New Web 2.0 Attacks and Defenses HI-TEC 2011.

Ethical Hacking: New Web 2.0 Attacks and Defenses HI-TEC 2011.
Prescription for Criminal Justice Forensics. The government has all but declared a national state of emergency regarding computer-related crimes and has.

Prescription for Criminal Justice Forensics. The government has all but declared a national state of emergency regarding computer-related crimes and has.
Student plagiarism in Norwegian universities and university colleges: What works, what doesn’t work, what still needs to be done Jude Carroll KTH & Oxford.

Student plagiarism in Norwegian universities and university colleges: What works, what doesn’t work, what still needs to be done Jude Carroll KTH & Oxford.
ANTI- BULLYING WEEK CYBER BULLYING 16 – 20 November 2009.

ANTI- BULLYING WEEK CYBER BULLYING 16 – 20 November 2009.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
How to Respond to Disruptive, Threatening or Violent Behavior 2013 Presented by Scott M. Drucker, Esq. Arizona Association of REALTORS®

How to Respond to Disruptive, Threatening or Violent Behavior 2013 Presented by Scott M. Drucker, Esq. Arizona Association of REALTORS®
COMPUTER CRIME An Overview Agenda u Background and History u Potential Criminals u Ethics Survey u Criminal Activity u Preventative Measures u Background.

COMPUTER CRIME An Overview Agenda u Background and History u Potential Criminals u Ethics Survey u Criminal Activity u Preventative Measures u Background.
Internet Safety/Cyber Ethics

Internet Safety/Cyber Ethics
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.

 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Social Networking: Risks and realities Nick Barron

Social Networking: Risks and realities Nick Barron
The Business of Penetration Testing

The Business of Penetration Testing
Yes No Yes No Yes No Yes No Yes No Yes No Yes No.

Yes No Yes No Yes No Yes No Yes No Yes No Yes No.

Similar presentations

Ads by Google