|
|
|
Six notebooks, three controls, and a third of a presentation |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Six notebooks, three controls, and a third of a presentation Par www.jwgoerlich.usLe [2011-09-20] à 12:49:13
Présentation : Protecting the organization's ability to execute on its mission, this should be the driver for security controls. At the same time I was giving that message, a series of events re-enforced the need for focus. Here is the tale. The back story of my GrrCon talk. It is a tale of six notebooks. It is a tale of six security pros. And it is a tale of security being out of sync with mission. Notebook one. My help desk provided me with a travel notebook, which I loaded up with my slide deck. I also made a copy on USB flash drive just in case. At the last minute, I decided to leave the notebook at the hotel room. After all, I thought, this was a hacker con. Did I want to expose the notebook to that risk No, I decided, and opted for a little physical security. Notebook two. Notebook two turned out to not be a notebook at all. See, the conferences that I have spoken at provided a notebook loaded with slides at the podium. I arrived early, checked the room, tried the mic and the notebook. Looked good, I thought. I later learned that the con had not provided notebooks. Why Um, Wolf, this is a hacker con. Right. Physical security. Notebook three. Turns out that what I thought was a con provided notebook was actually the speaker before me. She packed up, and I realized the mistake. Too late to return to the hotel now. I was on deck. Notebook four. Infosec_Rogue and the misec crew came to my rescue. Infosec_Rogue could not read my USB drive, of course, because his OS was locked down. Good method of avoiding USB malware, btw. I lock USB down on all my Windows 7 2008 computers. So we passed to the next notebook. OS security. By this point, I had started in on my presentation. I apologize for not catching the names of the other folks that pitched in. Notebook five. The fellow could read and copy my slides. Being a reasonably paranoid security guy, however, his Open Office was locked down. We have the slides But we cannot show the slides. App security. Notebook six. Copying the files from notebook five to a USB drive that could be read on notebook six, we were able to get the slides onto a computer with Office 2007. Bingo. We are in business. About a third of the way into my deck, my slides caught up with me. Score It was a funny but powerful reminder. The control environment physical security OS security by means of driver lock-down application security by means of locking down Open Office. The impact to the mission I gave a third of my talk with no slides. This was a talk on gearing security controls to the organization's mission. Hmm, irony, much When I get back to the office, I am taking a hard look for security controls that get in the way of people getting their work done. Cheers, Wolfgang Once again, thank you to the misec crew for helping me out. You guys rock.
Les derniers articles du site "www.jwgoerlich.us" :
- Friday Books and Talks 08 14 2015
- Friday Books and Talks 08 07 2015
- Friday Books and Talks 07 31 2015
- Converge Detroit Podcasts
- InfoSec Institute IT Thought Leader Interview
- Friday Books and Talks 05 29 2015
- Wired DevOps isn't a job, but it is still important
- Phone phreaking visits Apple Pay's authentication
- Friday Books and Talks 05 15 2015
- Starbucks gift card fraud
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
