One benefit from bug bounties, with a classic example of the Google Calendar hack.
Watch more videos on my YouTube channel.
Archive for the ‘Videos’ Category
Bounty Hunters at GrrCon 2018
Posted byBounty hunters, those keyboard cowboys, bent on circumventing protections and leveraging mistakes in software. All for coin, swag, and glory. But bug bounty programs are the latest attempt to find and stamp out code-level weaknesses. We’ve tried education. We’ve tried coding guidelines. We’ve tried top tens and paid penetration testers. And now we turn to the lone hunter, hoping to find and close just one more vulnerability. This session will highlight some achievements in recent times by these bounty hunters. And stepping back, thinking about defensibility, a framework and approach for building stronger software will be shared. After all, anyone writing code today lives with a price on their head.
Watch more videos on my YouTube channel.
Stuck in Traffic – Elderly Driver Edition
Posted byA support scam provides a case study in why we need to talk to our parents about cyber security.
Watch more videos on my YouTube channel.
Stuck in Traffic – Bypassed Multi-factor Loses Cryptocurrency
Posted byControls are only as good as the people behind them. Example? A SMS multi-factor authentication, a phone company, an investor, and $23 million in cryptocurrency.
Watch more videos on my YouTube channel.
Stuck in Traffic – Honepots and Distractors
Posted byWhat’s the one thing most people get wrong when setting up their first honeypot?
Watch more videos on my YouTube channel.
Stuck in Traffic – Test Data Feedback
Posted byTwo tips I received on Twitter about yesterday’s video on securing test data.
Watch more videos on my YouTube channel.
Stuck in Traffic – No Production Data in Test
Posted byThou shall not copy production data into test environments! Yeah, good luck with that. Here’s a reasonable approach to protecting sensitive data in development environments.
Watch more videos on my YouTube channel.
Stuck in Traffic – Watch Those Backups
Posted byLevel One Robotics provides a case study on what not to do, in a breach that rocked the Motor City last month.
Watch more videos on my YouTube channel.
Stuck in Traffic – Response Time
Posted byThe human response time is around 200-300 milliseconds. But what’s our security team’s response time? And are our tools aligned with that time?
Watch more videos on my YouTube channel.
Stuck in Traffic – Pickpocketing $20 Million in Ethereum
Posted byDevelopers don’t always read documentation. Firewall admins don’t always block all ports. And users don’t have CyberSecurity street smarts. Now, combine all three with cryptocurrency.
Watch more videos on my YouTube channel.