Hacker attack Malware infection Data loss No traces Copyright violation Software errors Data leaks Infection and downtime Data leaks Legal prosecution Productivity loss Resource waste Reputation damage Botnets Financial losses Identity theft Harassment Age verification threats Spam Hiding of origin Resource consumption Information fraud Inaccuracies of data Web 2.0 threats
Injection Attacks Cross-Site scripting Cross-Domain Attacks Malicious scripts Framework vulnerabilities Access, Authentication, Authorisation Development Process Issues Knowledge and Information Management vulnerabilities End-user Related problems General Software and Scripting Vulnerabilities Web 2.0 vulnerabilities
Target: the Person Think about Cyber-bullying and cyber-stalking Threats: Identity theft, Harassment, Age verification threats Vulnerabilities: Access, Authentication, Authorization; End-user Related problems Incident:the story of Megan Meier And think about what happened with Lori Drew… Asset: Private information, personal reputation, Physical security Impact: lethal…
Target: the Company Think about the Twitter account hacks Threats: Identity theft, Harassment, Spam, Information fraud Vulnerabilities: : Access, Authentication, Authorization; Knowledge and Information Management vulnerabilities Incident: celebrity Twitter hacks Asset: Corporate and personal reputation, Corporate secrets Impact: high
Target: the Country Think about WikiLeaks Threat: Data leak Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; Knowledge and Information Management vulnerabilities; End-user Related problems; General Software and Scripting Vulnerabilities Incident: Afghan War Diary Impact: high (maybe lethal?)
Target: the Computer Think about the Web 2.0 worms Threats: Botnets, Financial losses, Identity theft, Spam, Hiding of origin, Resource consumption Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; End-user Related problems; General Software and Scripting Vulnerabilities Incident: the KOOBFACE worm Impact: high
Conclusions Nothing has changed in our behavior for centuries, but we have new tools and broader audience Web 2.0 services are generally more secure in traditional technical aspect than other type of web services, but preventive controls are not enough We have to deal with the problem between the keyboard and the chair…
Maslow's hierarchy of needs Web 2.0 realizes three layers of human needs So people needs safety and security – but maybe we didn’t realize it yet If Web 2.0 can be lethal, do we also need the physiological layer?
Countermeasures Technical countermeasures: – Preventive controls focusing on information (DLP) – Detective controls (log management) – Secure applications (WAF, application controls) Administrative countermeasures – New security policy approach – New legal background – Broad awareness training – Communication, communication, communication Mathematical countermeasures – The more information we have the less value they have
Your consent to our cookies if you continue to use this website.