Hacker Halted: Day 1 Notes

//Hacker Halted: Day 1 Notes

Here are my notes from the first day of the Hacker Halted conference.

Keynote Address – OSI Exposed & Examined

  • Level 8 politics, level 9 religion, level 10 economics
  • $200 per workstation is average for IT budget
    • 10% of that budget should be the security budget at the least
  • If no security budget, do one or two things that are cheap and effective to build the case for security
    • Don’t do it by yourself
    • Bring the most important issue to the table first
  • For most, companies/people don’t care about security until something happens to them
  • Biggest challenge is showing a return on investment
  • Different business slant – information assurance instead of security – consumer protection

Evolution of an International Conglomerate – The Malware Ecosystem

  • Last year Kaspersky collected 2 million malware samples
  • This year they collected 20 million samples (already)
  • Like B2B, criminals have their own network -  C2C
  • DIY malware kit can be bought for $20 USD.
  • An undetected trojan can be bought for $1000 USD.
  • Some come with an SLA
    • Once detected by AV, get a new one
    • Guaranteed infection rates
    • Technical support
  • There needs to be a high profile arrest to scare the criminals
  • Social networks provide tons of information
  • Targeted social engineering attacks are on the rise
  • RBN is dead; they all relocated to China and Taiwan

Malware Forensics Investigations

  • Prosecution takes lots of time and coordination
    • One case was between five states, and involved multiple homes, and collocation center
  • To preserve data do you need a license?
    • In some states, it can be criminal if you don’t have a license
    • Exemptions – lawyers
  • Private authority
    • Job description gives you authority for internal investigations
    • Written incident response policies
      • If not done right, can be not admissible
  • Contractors
    • Engagement document / Statement of work
    • Service agreement
    • NDA
  • Laws
    • Lots of various laws to keep in mind with various cases
    • COPPA / Juvenile act
    • UK – Computer misuse act of 1990 and Justice act of 2006
    • Germany – Misuse of devices – 2007

VOIP Security Uncovered

No Tech Hacking – Techno Style

  • Hackers for Charity
  • Vince’s Van Eck Phreaking van – HAD to sell it to the NSA
  • Profiling people from what they wear
  • Shoulder surfing came from pay phones and calling cards
  • Art of electronic deduction – Determine a person’s technical skill level by what the taskbar shows running
  • Profiling people from their cars
    • Cost of the car
    • Oil change stickers to determine the area of where they live
    • Parking stickers
    • Bumper stickers
    • License plate holders and vanity plates
  • Locks
    • Some can be opened with common house hold products like a bic pen, toilet paper, cardboard, or soda bottle
2017-03-12T17:40:27-07:00 June 1st, 2008|Security Conferences|0 Comments

Related Posts

Leave A Comment

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.

Read more About Us

Support Us

Support this site via patreon.

Other Information