My Summary for "Realities of Security in the Cloud"
A very interesting meetup, some of the securtiy issues reminded me of the UK Metpolice (i.e. London's Police) presentation to the British Computer Society in 2006
However the world has moved on and the Cloud Computing has provided fresh challenges and opportunities for criminals.
James gave a live demo, giving a quick overview of some of the open source tooling (kali linux) available to protect yourself:
As James pointed out, one of the key metrics is to be better protected than the competition ... nice joke about the guy who goes running/training every day in the jungle.
The other thing to mention was the cool venue, a very beautiful and discreet office on Singel based in an old hidden church ("After the reformation, the 'alteratie' 1578, Catholic churches in the Netherlands were forbidden any outward appearance of a Catholic Church).
The hosts were also uber-friendly … so inSided HQ looks like a cool place to work.
My Notes for this meetup
Here are my (rough) notes from the meetup …
AWS meetup - security
James Brown (bday)
- Director of Cloud Computing and Solutions Architecture at Alert Logic
- very expreienced presentor
- Now works alert logic (13 years) "we're a managed service"
- Former AWS employee (Business development UK ... 3.5 years)
Now customers goto the cloud for security i.e. now more secure than on-prem (<< first time I have heard this)
Some History:
- early 2000: sql slammer ... paper based queue .. creaed a worm for the hell of it .. exploiting lazy programing
- mid 2000 - cyber crime
- 2015 - advanced attacked (no nice line around your infrastructure)
- no easy targets
- automated patching
- 205 days before realize they have been compromised
- proactive analysis of credit cards
DevOps
- can improve your security
- slide stolen from chef
- shellshock ... it took 10 mins to report on servers with vulnerability, 1 hour to create cookbook and 10 mins to patc
traditional sysadmin >> 8 hours 144 hours 5days
1985 UK Prestel System
- page for admin details (username/password)
Spamboot growth stats:
Bagel Spamboot (2004) 100,000 hosts (approx. order)
Strorm Spamboot (2007) 10,000,000 hosts (approx. order)
MafiaBoy - 1.7bn damage ... 2000 DDoS campaign
Crime = Risk vs Reward ... very simple formula
CyberCrime ... risk is nearly zero
rewards are pretty
telegraph: cybercrime is more luvaritve than drugs
cybercrime as powerful as nations
crime as service ... hire people in bitcoins
combining physical and cyber crimes
You have:
- customers
- data
- resources
- ip (large consultanties ... )
- cash(blackmail) ... equivalent to 1960s: if you don't pay me some money I'm going to put bricks through your window
Spam emails ... logins credentials:
- Associated Press - Barack Obama is injured 2013
- Tv5Monde (April 2015)
- Can be done from within the company
South Koria
- 1GB to home
- hacking Mrs Brown
DDos for hire
- basic, gold and diamond
Underground Categories
- Guide Tutorials
- Drug Chemicals
- Weapons
- Software & Malware
Cope spaces
- source code hosting
- blackmail ... stood up ddos - stood up to cybercrime and were need destroyed
- hotelhippo ... similar story ... same story it doesn't pay to stand up to bullies ;)
- jamie oliver ... hacked three times?
UK 2013
- #1 cyber crime (<< why? very high adoption of internet usage?)
- 7000 ddos attackes per day
- or generally weak identify procedures in the UK << i.e. leaves them vunerable to cyber crimes
Cloud vs on-prem
- 5 times more likely on the cloud
- realestate ... open target for online backmail
Secure Development Framework/Lifecycle
- how to develop code
- frameworks: django, or small widget
On-prem vs Cloud
- better monitoring for on-prem
Scaning for smaller clients
- alert logic : can scan small and micro instances
- some capability for scanning against other cluster providers (azure)
- get hr to send out fake emmails to find who are weak links
Too many false positives
- kills most security tools
- no one can deal with 1000 alerts per day
-
Open source
- paris price of oranges .. famous example of open source intelligence
Google Dorks
- vulnerablities in live websites
- frameworks and addins ... searching for vulnerabilities
- returns 100s or 1000s of vulnerabily sites
- asp.net frameowrk for monitoring
- dump out entire cookies's for auth
- aspxauth ... elamah.axd
- gitrob
- spider app
- pulls down apps locally
- looking for rsa keys
- sound cloud ec2_access_key/ec2_secret_key
- scan github for version vulnerabilities
kali linux
- theharverster (http://tools.kali.org/information-gathering/theharvester)
- dmitry ?
- smb analysis
- smtp analysis
blind sql inject
- pass in boolean fnction
- does the first character od the table stat with 'a'
- multi-threaded
- does the second character od the table stat with 'a'
python sqlmap.py 52.20.69.85
- which db engine ? MySQL==5.0.12
-
Some Old Details for "Exploring Current Techniques in Combating E-Crime" (Apr 2006 )
Presentors:
Chris Simpson, Metropolitan Police Computer Crime Unit;
Gavin Butler, University of Westminster
The evening will look at several areas including:-
* Profiling e-criminals
* Avenues that are open in London for dealing with computer crime
and internet-related crime and to provide advice to individuals and
companies in handling e-crime
