1 / 19

Average Security Controls vs. Hacker Tools: 1999 to 2010

Average Security Controls vs. Hacker Tools: 1999 to 2010. Presented By: Jason Witty 2/16/2006. Presentation Overview. Quick Disclaimer Amusing (or not) Statistics 1999 – 2006 Us vs. Them Existing Tool Screenshots Predictions to 2010 Wrap-up / Questions. Disclaimer.

nelson
Download Presentation

Average Security Controls vs. Hacker Tools: 1999 to 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Average Security Controls vs. Hacker Tools:1999 to 2010 Presented By: Jason Witty 2/16/2006

  2. Presentation Overview • Quick Disclaimer • Amusing (or not) Statistics • 1999 – 2006 Us vs. Them • Existing Tool Screenshots • Predictions to 2010 • Wrap-up / Questions

  3. Disclaimer The views and opinions expressed in this presentation are strictly those of the author and should not be taken as an endorsement of any company or technology. Permission is granted to redistribute this material in its entirety provided that this disclaimer notice is not removed or altered. Do not spray directly into eyes. Knives are sharp – they cut things. Caution: filling is hot. 

  4. Computer Incident Statistics • In 1988 there were only 6 computer incidents reported to CERT/CC. • There were 137,529 reported to CERT in 2003. • CERT stopped tracking incident stats in 2004, due to the “widespread use of automated attack tools” (everybody’s getting attacked)

  5. Vulnerabilities Source: http://nvd.nist.gov/ • 2005 - 55 MS advisories • 2004 45 MS advisories • 2003 51 MS advisories 2005: Apple released nearly as many vulns as Microsoft

  6. Black Hat vs. White Hat “Maturity”

  7. Black Hat vs. White Hat “Maturity”

  8. Black Hat vs. White Hat “Maturity” Rent-a-BotNet

  9. 2002 Hacker Tools: Web Hacking WebCracker Web Session Brute Forcer

  10. 1990-1999 Hacker Tools Ultimate Zip Cracker L0phtcrack Nessus, Netcat, SAINT, NMAP, Juggernaut, Etehreal

  11. 2000-2005 Hacker Tools Whoppix DSniff, Airsnarf, Hping2, Ettercap, Nikto, Kismet, Netstumbler

  12. 2006 Hacker Tools: Back Track BackTrack = WHAX (Formerly Whoppix) + Auditor Security Collection

  13. 2006: Here and Now • The new iPod Video (60GB) can store: • 25,000 photos OR • 15,000 songs OR • 2,000 videos OR • 1,536,000,000 CC#’s (Name, Exp Date., CVV Codes = 40 B/rec) OR • 60 pick-up trucks worth of paper documents

  14. 2006: Here and Now - II McAfee Internal User Security Survey (Europe) http://www.theregister.co.uk/2005/12/15/mcafee_internal_security_survey • 1 in 5 workers let family and friends use company laptops. • More than 50% connect their own devices to their work PC. 25% of the above do so every day. • 1 in 10 confessed to downloading content they shouldn't • 2 in 3 have a limited knowledge of computer security • 5% admitted to accessing areas in their IT system that they shouldn't have

  15. 2006: Here and Now - III • Teenage kids are renting Bot-nets in 10,000 PC lots, for $/hr. on IRC • Highly complex worms contain multiple exploits, payloads, and encrypted commands • Point and Click Hacking is Here. All CVEs, published exploits, GUI tools, and an OS to use them on fit on a single CD (which BTW fits in the standard amount of RAM on a PC these days.) • The RIAA continues to sue grandmothers, children, students, etc. for illegally downloading songs of the Internet. • Auditrocities ;-)

  16. Predictions for 2010 (Next 5 Years) • Security as a “Feature” vs. “Product” (and better security “Process”) • Infosec and Physical security more closely integrated – NOTE: Cameras *Everywhere* • RIAA, MPAA finally “get it” – common standards/tools for DRM integrated into most products • Strong Authentication standard for eCommerce, biometrics prevalent • ERM drives ESM/SIM/SEM integration – Enterprise Risk Dashboards common • DDoS prevention technology integrate into all firewalls, routers, switches (driven by easy access to Bot-Nets)

  17. Questions?

  18. Tool Links • BiDiBLAH - http://www.sensepost.com/research/bidiblah/ • BackTrack (Formerly WHAX[Whoppix] + Auditor) - http://www.whoppix.net/index.php/Main_Page • Top 75 Tools - http://www.insecure.org/tools.html • Packet Storm has tens of thousands of free hacker tools available - http://www.packetstormsecurity.org

  19. Random Stuff • Linus Torvalds born Sunday Dec 28th, 1969 • Unix OS “born” Thursday Jan 1st, 1970

More Related