Search:

car rental enterprise car rental rental car budget car rental car rental ireland national car rental ireland car rental alamo car rental

How Cybercriminals Steal Money

Rental Car Center
Rental Car Center Rental Car Center
Rental Car Center

Google Tech Talks June, 16 2008 ABSTRACT Attend this session and learn how you can prevent today's most significant data security vulnerabilities—the kind that leave businesses open to fraud that ranges from capturing tens of millions of credit card numbers to stealing money from bank accounts to constructing next-generation botnets. We'll review how cross-site request forgery, cross-site script inclusion and SQL injection attacks work and discuss their impact on Web 2.0, AJAX, mashup and social networking applications. We'll present industry-wide statistics on security vulnerabilities, cover emerging security trends and discuss the current state of security education. Then we'll tell you how to defend against security attacks and how to modify your software development process to achieve security, and we'll recommend certification programs, books and organizations that can help you secure your applications. Speaker: Neil Daswani Neil Daswani has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). While at Stanford, Neil cofounded the Stanford Center Professional Development (SCPD) Security Certification Program ( http://proed.stanford.edu/?sec... His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and earned a bachelor's in computer science with honors with distinction from Columbia University. Neil is also the lead author of "Foundations of Security: What Every Programmer Needs To Know" (published by Apress; ISBN 1590597842; http://tinyurl.com/33xs6g )

Channel: People & Blogs
Uploaded: November 30, 1999 at 12:00 am
Author: googletechtalks

Length: 55:27
Rating: 4.32
Views: 20791

Tags: education  engedu  google  googletechtalks  talk  talks  techtalk  techtalks  

Video Url:


Embed Code:

Video Comments

larrymccowen (November 30, 1999 at 12:00 am)
Don't wanna watch the whole thing? List of important points... # [01:48] Years ago cybercriminals were teenagers writing viruses and worms, today they are organized crime looking for stealing money. # [03:19] Intermediate goals to stealing money are data theft, extortion and malware distribution. # [04:02] Russian Business Network (RBN) is an example of organized cybercrime.
larrymccowen (November 30, 1999 at 12:00 am)
# [09:00] Attack #1: SQL Injection. # [16:30] Preventing SQL injections. # [17:00] Dont blacklist (filter) characters in queries. Whitelist (allow) well-defined set of safe values for each field. # [18:30] Take a look at mod_security if you use Apache web server. Mod_security is a Web Application Firewall. It allows you to define a set of rules the web application must follow.
larrymccowen (November 30, 1999 at 12:00 am)
# [19:30] Prepared statements and bind variables help to avoid SQL injections. # [23:00] Other mitigations strategies include - limiting web application users privileges on the sql server, hardenining database server and host operating system. # [23:45] Second order SQL injections (link to pdf) abuse data that is already in the database.
larrymccowen (November 30, 1999 at 12:00 am)
# [23:55] Blind SQL injection (link to pdf) is a technique to reverse engineer the structure of the database. # [24:25] Attack #2: Cross-Site Request Forgery (XSRF). # [26:00] How XSRF Works. # [31:30] Drive-By-Pharming (pdf) is an XSRF technique where the attacker changes DNS settings of a users broadband router (fact - 50% of home users do not change default router password). # [34:00] Preventing XSRF.
djnuller (November 30, 1999 at 12:00 am)
Noby Gonna Watch This Video Finnish
Zoza15 (November 30, 1999 at 12:00 am)
That might be true, But nerds Got more brains than you can imagine... So stop insulting those people...
metallicp (November 30, 1999 at 12:00 am)
informative presentation ! thanx for the post
frvfilms (November 30, 1999 at 12:00 am)
beautiful,
Rmac550 (November 30, 1999 at 12:00 am)
I didnt know that youtube videos can be this long. whoever watched the entire thing is a nerd and has no life
SsLiquid (November 30, 1999 at 12:00 am)
ah yes precisely. the botnets circut the anual cyber trial used for the wire transfer and then the malware alarm constitutes money made through various ransom notes written to established firms. hahaha what the fuck is this dude talking about. i fell asleep before this even started

Rental Car Center © 2007 All Rights Reserved.