Virtual trust, Virtual Permission and the Illusion of Security

DerbyCon 1 - 2011

Presented by: infojanitor
Date: Saturday October 01, 2011
Time: 13:00 - 13:50
Location: Track 3

This presentation will cover common issues implemented in existing technology, future technology and the allowance of applications to make human decisions without human interaction. Currently application developers are implementing applications with the ability to make human type choices that in some cases are not to the users benefit. This precedent in application implementation is causing multiple security issues across devices, services, and within applications that previously had no interaction with each other or networked environments. It is the underlying element that has been talked around by other security presenters due to its symptoms which are evident for the past few years but no one has identified it as the cause. This talk will also provide clear examples of how the implementation of virtual trust and permission are giving users an illusion of security which makes them feel secure even when they are not; Bruce Schneier calls it “Security Theater”. The talk hopes to provide security professionals and non-security professionals of all levels awareness of the issue so that they may be able to improve their security footprint, fend off digital snake oil salesmen, and protect their environment from elements and attack vectors that they had not considered before.

infojanitor

Infojanitor is a computer security professional working for a fortune 100 company that fed his initial techno lust using a commodore 64 in the mid 1980’s. Spent some time working at the John’s Hopkins Applied Physics Lab (JHU/APL) communications shop making databases and learning about PC’s, Sun systems and other technologies. He served ten years in US Air Force as a keyboard jockey performing database work sometimes while armed in other countries. He then spent the next 13 years after working for our “Uncle” legally robbing banks, breaking into lofty institutions and making things not show up on the public relation’s radar for customers for which he still maintains non-disclosure agreements (NDA’s). Has this presentation been given before: No


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats