hack miami emiliocasbas
TRANSCRIPT
Some numbers…
30k new malicious URLs each day80% legitimate webs
Sources:
• http://www.sophos.com/medialibrary/PDFs/other/SophosSecurityThreatReport2012.pdf• http://www.barracudalabs.com/wordpress/index.php/2012/03/28/maliciousness-in-top-ranked-alexa-domains/
2 popular websites (alexa TOP 25k)
Drive by downloads
• http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf
WEB SECURITY IS BECOMING MORE CHALLENGING
Source: Manufacturing compromise: The emergence of Exploit-as-a-servicehttp://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
WEB SECURITY IS BECOMING MORE CHALLENGING
Source: Manufacturing compromise: The emergence of Exploit-as-a-servicehttp://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
WEB SECURITY IS BECOMING MORE CHALLENGING
Source: Manufacturing compromise: The emergence of Exploit-as-a-servicehttp://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
WEB SECURITY IS BECOMING MORE CHALLENGING
Source: Manufacturing compromise: The emergence of Exploit-as-a-servicehttp://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
WEB SECURITY IS BECOMING MORE CHALLENGING
Source: Manufacturing compromise: The emergence of Exploit-as-a-servicehttp://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
HOW LONG malicious?
Source: Manufacturing compromise: The emergence of Exploit-as-a-servicehttp://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
2.5h average lifetime
HOW LONG malicious?
Source: Manufacturing compromise: The emergence of Exploit-as-a-servicehttp://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
2.5h average lifetime44 days average lifetime
compromised?
Some info…
“Compromised websites: an owner’s perspective” (paper)
Source:
• http://www.stopbadware.org/files/compromised-websites-an-owners-perspective.pdf
Only small websites?
http://www.eeye.comhttp://www.ey.comhttp://www.coverity.comhttp://www.imperva.comhttp://www.avaya.comhttp://www.natwest.comhttp://www.entrust.comhttp://www.safenet-inc.comhttp://www.secureworks.comhttp://www.rbs.co.ukhttp://www.mckinsey.comhttp://www.conocophillips.comhttp://www.ford.comhttp://www.chevron.comhttp://www.verisign.comhttp://www.vasco.comhttp://www.ingrammicro.comhttp://www.eset-la.com….
What could we do?
Promote a safer web?
Spend money on web security audits?
Webmasters help for hacked sites?
What could we do?
Promote a safer web?
Spend money on web security audits?
Webmasters help for hacked sites?
What could we do?
Promote a safer web?
Spend money on web security audits?
Webmasters help for hacked sites?
What could we do?
Promote a safer web?
Spend money on web security audits?
Webmasters help for hacked sites?
Security awareness value
BAD BETTER
Apache/2.2.22(Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5
PHP/4.3.10-22
Microsoft-IIS/6.0
MetaGenerator[Joomla! 1.5
Index-Of
UncommonHeaders[x-varnish
X-Frame-Options[SAMEORIGIN
X-XSS-Protection[
cloudflare-nginx
gws
Desenmascara.me features:
• Show a security awareness value
• Infrastructure details in plain words
• Suspicious iframes
• Check website blacklisted
• Ranking best websites
Desenmascara.me wishlist:
• Implement AI
• More passive checks
• Public stats
• Public API
• Open Source project?
Thank you!
“I’ve seen estimates that over 99% of all internet attacks could be prevented if the web systems administrators would just use the most current versions”
Bruche Schneier on <Secrets & Lies>
“Webmasters need to ensure that their websites are running good code that isn’t open to exploitation”
Ian Fette, Google Security Team