Search:

レーシングカート2008 レーシングカート2007 Kart Racing 2008 Kart Racing 2007

How Cybercriminals Steal Money

Kart Racing 2008
Kart Racing 2008 Kart Racing 2008
Kart Racing 2008

Google Tech TalksJune, 16 2008ABSTRACTAttend this session and learn how you can prevent today's most significant data security vulnerabilities—the kind that leave businesses open to fraud that ranges from capturing tens of millions of credit card numbers to stealing money from bank accounts to constructing next-generation botnets. We'll review how cross-site request forgery, cross-site script inclusion and SQL injection attacks work and discuss their impact on Web 2.0, AJAX, mashup and social networking applications. We'll present industry-wide statistics on security vulnerabilities, cover emerging security trends and discuss the current state of security education. Then we'll tell you how to defend against security attacks and how to modify your software development process to achieve security, and we'll recommend certification programs, books and organizations that can help you secure your applications.Speaker: Neil DaswaniNeil Daswani has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). While at Stanford, Neil cofounded the Stanford Center Professional Development (SCPD) Security Certification Program ( http://proed.stanford.edu/?sec... His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and earned a bachelor's in computer science with honors with distinction from Columbia University. Neil is also the lead author of "Foundations of Security: What Every Programmer Needs To Know" (published by Apress; ISBN 1590597842; http://tinyurl.com/33xs6g )

Channel: People & Blogs
Uploaded: January 1, 1970 at 8:59 am
Author: googletechtalks

Length: 55:27
Rating: 4.26
Views: 23110

Tags: education  engedu  google  googletechtalks  talk  talks  techtalk  techtalks  

Video Url:


Embed Code:

Video Comments

falkon14 (January 1, 1970 at 8:59 am)
how do we get our hands on the credit card makers?
HackerGuru100 (January 1, 1970 at 8:59 am)
I didn't know youtubes videos can be that long, only a nerd would watch it all without getting bored after 2 minutes!.
Fire4FX (January 1, 1970 at 8:59 am)
zzz I work in IT - no wonder nerds find it hard to get girls. this was boring I fell asleep. Reminds me of work meetings. IT sucks & is over glamorised by apparently high paying jobs pfft.
larrymccowen (January 1, 1970 at 8:59 am)
Don't wanna watch the whole thing? List of important points... # [01:48] Years ago cybercriminals were teenagers writing viruses and worms, today they are organized crime looking for stealing money.# [03:19] Intermediate goals to stealing money are data theft, extortion and malware distribution.# [04:02] Russian Business Network (RBN) is an example of organized cybercrime.
larrymccowen (January 1, 1970 at 8:59 am)
# [09:00] Attack #1: SQL Injection.# [16:30] Preventing SQL injections.# [17:00] Dont blacklist (filter) characters in queries. Whitelist (allow) well-defined set of safe values for each field.# [18:30] Take a look at mod_security if you use Apache web server. Mod_security is a Web Application Firewall. It allows you to define a set of rules the web application must follow.
larrymccowen (January 1, 1970 at 8:59 am)
# [19:30] Prepared statements and bind variables help to avoid SQL injections.# [23:00] Other mitigations strategies include - limiting web application users privileges on the sql server, hardenining database server and host operating system.# [23:45] Second order SQL injections (link to pdf) abuse data that is already in the database.
larrymccowen (January 1, 1970 at 8:59 am)
# [23:55] Blind SQL injection (link to pdf) is a technique to reverse engineer the structure of the database.# [24:25] Attack #2: Cross-Site Request Forgery (XSRF).# [26:00] How XSRF Works.# [31:30] Drive-By-Pharming (pdf) is an XSRF technique where the attacker changes DNS settings of a users broadband router (fact - 50% of home users do not change default router password).# [34:00] Preventing XSRF.
djnuller (January 1, 1970 at 8:59 am)
Noby Gonna Watch This Video Finnish
Zoza15 (January 1, 1970 at 8:59 am)
That might be true, But nerds Got more brains than you can imagine...So stop insulting those people...
metallicp (January 1, 1970 at 8:59 am)
informative presentation ! thanx for the post

Kart Racing スーパー・バーム企画 © 2007 All Rights Reserved.