www.divedeeperevents.com [email protected] In attending this session you agree that any software demonstrated comes absolutely with NO WARRANTY.
Download
Report
Transcript www.divedeeperevents.com [email protected] In attending this session you agree that any software demonstrated comes absolutely with NO WARRANTY.
www.divedeeperevents.com
[email protected]
In attending this session you agree that any software
demonstrated comes absolutely with NO WARRANTY. Use
entirely at your own risk. Microsoft Corporation, Quality
Training (Scotland) Ltd, Dive Deeper Technology Events EMEA &
the other 3rd party vendors whose software is demonstrated as
part of this session are not responsible for any subsequent loss
or damage whatsoever...You have been warned!
Enterprise 1.0
Hierarchy
Friction
Bureaucracy
Inflexibility
IT-driven technology / Lack of user control
Top down
Centralized
Teams are in one building / one time zone
Silos and boundaries
Need to know
Information systems are structured and dictated
Taxonomies
Overly complex
Closed/ proprietary standards
Scheduled
Long time-to-market cycles
Enterprise 2.O
Flat Organization
Ease of Organization Flow
Agility
Flexibility
User-driven technology
Bottom up
Distributed
Teams are global
Fuzzy boundaries, open borders
Transparency
Information systems are emergent
Folksonomies
Simple
Open
On Demand
Short time-to-market cycles
Cybercrime: Vulnerability Exploit Cycle
Novice Intruders
Use Crude
Exploit Tools
Crude
Exploit Tools
Distributed
Advanced
Intruders
Discover New
Vulnerability
Source: CERT
Automated
Scanning/Exploit
Tools Developed
Widespread Use
of Automated
Scanning/Exploit
Tools
Intruders Begin
Using New
Types
of Exploits
Auction, 8%
Other, 9%
Retail, 3%
Payment
Services, 26%
Financial, 54%
The financial services sector continues
to be the most targeted industry sector (APWG)
Cybercrime: Latest Trends – Applications are King!
http://www.sans.org/top-cyber-security-risks/
Current Cybercrime Trends!
1. Client-side software that remains
un-patched.
2. Internet-facing web sites that are
vulnerable.
3. Operating systems continue to
have fewer remotely-exploitable
vulnerabilities that lead to massive
Internet worms.
4. Windows: Conficker/Downadup
5. Large increase in Insider Threats
http://www.sans.org/top-cyber-security-risks/
Current Cybercrime Trends!
6. Application Vulnerabilities
Exceed OS Vulnerabilities
7. Web Application Attacks
8. Apple: QuickTime and Six
More
9. Application Patching is Much
Slower than Operating System
Patching
10.Rising numbers of zero-day
vulnerabilities
http://www.sans.org/top-cyber-security-risks/
Social Networking: The New Boom Town!
Social Networking Systems:
Operational Threats
•
•
•
400 Million users (100 Million on Mobile)
If Facebook was a country it would be the
world’s 4th largest.
Average of 130 friends per user
More than 45 Million status updates per day
More than Two Billion photos and 16 Million
videos uploaded per month. That’s twice the
amount of YouTube.
People spend over 500 billion minutes per
month on Facebook
44% of Facebook Users don’t vet Friends!
•
http://www.facebook.com/press/info.php?statistics
•
•
•
•
Threats
Increased Network Intrusions
CSRF (Cross-site Request Forgery)
worm (Latest Attack)
Cyber Stalking / ID Theft
not
Cyber Criminals come in 8 Basic Models
Largest Growth Sector
National
Interest
Spy
Personal
Gain
Thief
Trespasser
Personal
Fame
Curiosity
Vandal
Script-Kiddy
SOURCE: Microsoft and Accenture
Author
Undergraduate
Expert
Specialist
With special thanks to:
BOA,
ROMAN VEGA, ROMEO ANTONIO
VEGA, MIKE OLDFIELD,
JERRY DEEWOOD
IGOR ANATOLY
TERESCHENKO
Floppy Disk – Evidence #4
Unerased file: zakarty-tr1.txt
Contents:
WaitApp: zakaz.txt - Áëîêíîò
App: zakaz.txt - Áëîêíîò |Pos:44x44-772x365|
Delay:0:00:01
Mouse: x:308 y:60 butt:Left
Delay:0:00:05
Mouse: x:51 y:96 butt:Left
Delay:0:00:01
Key:|250||241||251||252|C|253|
WaitApp: RenCode 2000 (M) - Database: L:\WORK\zakaz.wok
App: Action mode: Magnetic Stripe - Database: zakaz.wok |Pos:193x165-832x604|
Delay:0:00:02
Mouse: x:798 y:184 butt:Left
Delay:0:00:02
Mouse: x:778 y:503 butt:Left
Delay:0:00:01
Key:|252|V|253||9|
WaitApp: zakaz.txt - Áëîêíîò
Boa Factory Services
Expansion of assortment and change of the prices will be published soon.
Do not miss special short-term actions!
- The process of ordering is explained on every single page down here.
- Any corrections, more precise on every order we settle along the way. We give
unique order number for every client. You can always see your order status here.
- Read Policy of Boa Factory before making the order.
- There are few services that we recommend to use from other vendors. We recommend
you buying cards data (standard and CVV) from Script and different services from
trusted sellers.
Policy of Boa Factory
- We do NOT responsible for amount of money available on dumps we sold, we sell
valid dumps, meaning they all checked for decline. So if you do not find 1k on
this card we won’t accept any claims.
This is basically usual card with cvv2 code, the only difference between any other cards is that you have the ability to go to the web site of the bank where
the card has been issued and by entering the login and password information you'll be able to know the current balance on the card, daily charge limits,
available credit amount, date of last purchase, but that's not all. You'll also be able to change the cardholder's billing address and the phone number on
the card (ex. to the address and telephone # of your drop). The Name and Surname cannot be changed.
Why would you need such kind of service?
1. This card is irreplaceable for people who do the shopping, when you have the ability to change the address on the address you need. Which means
when shop is sending the stuff you've ordered it can see that the address on the card is exactly the same as the address you're dropping this to.
2. This will also be a great service for those who work with Western Union! This kind of card goes with extra features like SSN and Date of Birth of the
owner. You'll also be able to see the daily limits, and current balance.
3. Once again this card maybe a great get-out for those who does the PayPal verification. Because you have online access to the card, you'll be able to see
those cents that PayPal will send you for verification. However there is a flip-side of the coin, the card may never enter the PayPal system, this only
depends on person professionalism and luck.
Here is the current price list:
1. The price of the card with available balance from $1,000 to $3,000 will be $100. This card goes with online access, which means I'm opening and giving
you the card out, and you'll be able to change the Address and Phone # on it.
2. The price of the card with available balance from $4,001 to $6,000 will be $150.
3. The price of the card with available balance from $7,001 to $15,000 will be $250.
4. The price of the card with available balance from $16,001 to $30,000 will be $350.
Guarantees:
Unfortunately there is no guarantees for this kind of service. You change the billing address yourself, I'm giving you the working card, just after that you go
to the web site of the bank with the login\password information provided by me, and make yourself sure that the amount of money that we've previously
discussed is available on the card. Just after moment you are the only one whos responsible for the card. I can only replace you the card if it has been
closed within an hour after you've received it. My recommendation is to only use the card if you have
Cyber Terrorism: Botnet Example:
Georgian cyber attacks launched by Russian crime gangs
2008 cyber attacks that brought internet
traffic to a standstill in Georgia were carried
out by civilians and Russian crime gangs.
US Cyber Consequences Unit (US-CCU) said
the cyber attacks coincided with the
Russian military's invasion of Georgia in
August 2008!
It was almost impossible for citizens and
officials to communicate about what was
happening on the ground during the
military operation.
Cyber Terrorism Botnet Example:
Georgian cyber attacks launched by Russian crime gangs
Wave 1 - The first group involved used
botnets, command and control channels,
and other resources operated by Russian
crime gangs.
11 government websites were felled by
the botnets, which directed a torrent of
traffic at their targets.
A separate source of the cyber attacks
came in the form of civilians who
willingly installed improvised software
that targeted an additional 43 websites
operated by Georgia-based news
agencies.
Engaged
Not Engaged
Actively Disengaged
Hacker Recruitment Process
Get Noticed
Hacking Contest
Tracked at Conferences
Advertise via IRC
Channels & Websites
Apply for Job in Target
Company
Top Tip: Protect & Survive
Top Tip: Generate a Secure Appearance!
www.divedeeperevents.com
[email protected]
www.microsoft.com/teched
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
Sign up for Tech·Ed 2011 and save $500
starting June 8 – June 31st
http://northamerica.msteched.com/registration
You can also register at the
North America 2011 kiosk located at registration
Join us in Atlanta next year