Here are my notes from the second day of the Hacker Halted conference.
Inside the Storm
- Brandon Enright – Exposing Stormworm presentation
Virtual Worlds – A Wild Frontier Or New World Order?
- NDU IRMC – Information Resources Management College
- Virtual worlds provide an easy environment for users to get profiled
- Many new virtual environments are being created
- Some for adults, some for kids, some for learning, some for therapy, etc
- Identity theft
- Lots of r&d money is being poured into these environments
- If the company goes under, so does all that money
- NOAA has a neat weather map in second life
- World of Warcraft
- Patch 2.3 – Every 15 seconds the warden program will take a snapshot of programs running (pid, file handle, etc) to ensure no cheating applications are in use.
- 10 million users online. Can get access to lots of machines if there is a server hack.
- Easy to clone environments in virtual worlds
- Who are you really talking to? The real person or an impersonator?
- Second Life data breach of 2006
- Company didn’t care because users signed an agreement that stated they weren’t responsible for securing the data??
Cyber Attacks – Prevention, Detection & Response
- Always update your security policies
- Malware exploits are intelligence preparation of the battlefield
- We must understand the threat and not be complacement
- Attack platforms are changing
- Malicious ads were placed on a local radio station, lots of machines got infected
- The information you put online can end up hurting you
- A project page was used to identify team members and a targeted attack was performed to this group
- The bad guys are testing us and our defenses
- There isn’t enough information sharing
- Need to get back to the orange book
- Specify the level of security before you purchase hardware / software
- Tower of Secrets – Book on Russian espionage
Infect Me Baby One More Time – The Ease of Malware Infection
- Storm owners getting arrogant – they now have a storm codec
- 20,000 new malware samples a day
- One new infected page found every five seconds – Every four out of five are compromised