In 2011, we saw a large increase in web site exploits that exposed private user data as well as a breakdown in the trust of SSL (for various reasons) and the introduction of real malware on to the OS X scene. If there were just three things I could ask Mac users to do in… Continue reading
Posts Tagged → Twitter
Why Didn’t They Just…?
A while back I was engaged in a conversation on Twitter with @diami03 & @chriseng regarding (what I felt was) the need for someone to provide the perspective from within a medium-to-large enterprise, especially when there are so many folks in infosec who are fond of saying “why didn’t they just…?” in response to events… Continue reading
WEIS 2011 :: Session 2 :: Identity :: Negative Information Looms Longer Than Positive Information
Laura Brandimarte Alessandro Acquisti Joachin Vosgerau Twitter transcript #weis2011 How does information related to past events and retrieved today get discounted? Why does neg valence receive more weight? #weis2011 how do we improve trustworthyness? #weis2011 “designers of modern tech do not understand human fallibility and design systems w/o taking them into account” < true #weis2011... Continue reading
WEIS 2011 :: Session 2 :: Identity :: Economic Tussles in Federated Identity Management
Susan Landau Tyler Moore Presentation [PDF] Tyler presented really well and it’s a great data set and problem to investigate. He & Susan shed a ton of light on an area most folks never think about. Well done. Twitter transcript #weis2011 this looks to be a “must read” resource for anyone embarking on a federated… Continue reading
WEIS 2011 :: Session 2 :: Identity :: Social Networks, Personalized Advertising & Privacy Controls
Catherine Tucker Presentation [PDF] Catherine’s talk was really good. She handled questions well and is a very dynamic speaker. I’m looking forward to the paper. Twitter transcript #weis2011 Premise of the study was to see what impact privacy controls enablement/usage have on advertising. It’s an empirical study #data! #weis2011 click through rates DOUBLED for personalized… Continue reading
WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates
Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux Presentation [PDF] Twitter transcript #weis2011 Overview of basic ssl/tls/https concepts. Asking: how prevalent is https, what are problems with https? #weis2011 Out of their large sample, only 1/3 (34.7%) have support for https, login is worse! only 22.6% < #data! #weis2011 (me) just like Microsoft for patches/vulns,… Continue reading
WEIS 2011 :: Session 1 :: Attacks :: The Underground Economy of Fake Antivirus Software
Brett Stone-Gross Ryan Abman Richard A. Kemmerer Christopher Kruegel Douglas G Steigerwald Presentation [PDF] Twitter transcript #weis2011 presenting analysis of *actual* data from 21 servers from 3 multi-million $ fake a/v ops!!! < #spiffy #weis2011 showing example of fake a/v exploit that was embedded in HTML. good walkthrough. useful slides for an orgs tech ed/brown... Continue reading
WEIS 2011 :: Session 1 :: Attacks :: Where Do All The Attacks Go?
Dinei Florncio Cormac Herley Presentation [PDF] Twitter transcript #weis2011 New threat model (that may scale). Rather than use individual users & attackers, use population of users, pop of attackers #weis2011 assumption/proposition: attacker attacks when Expected{gain} > Expected{loss} #weis2011 (me) more good math on the slides. using the populations, they made a probability model to predict… Continue reading