There is one very important fact, most people overlook when considering privacy and user data: Data cannot be owned. Personal data cannot be owned. This small fact has astounding implications when considering privacy. Consider the intersection of two distinct, troublesome areas: data broker operations and the computer fraud and abuse act.
When considering threats to the integrity of your network, advertisers are not the first thing that comes to mind. Yet the market for user data is so rich right now that it is ripe for exploitation. The brokers can buy and sell any data they wish, with no concern for the origin or means of acquiring data. They are not required to and unwilling to reveal their sources. Some provisions in the Computer Fraud and Abuse Act open up the opportunity to acquire data surreptitiously by discouraging the public from discovering what may be happening to their data. Quiet, quasi-criminal operations could exist that syphon data that is illegitimately collected and sell to legitimate brokers.
The result of this alignment of circumstances is that there is an entirely unexplored class of attackers that may operate beneath the radar, yet out in the open. The data market is not something that has the potential for regulation, so it is incumbent on organizations to be aware of the threat and take appropriate measures to contain it.
Christie started her career with a BSEE with an emphasis in digital communications from the University of Kansas. A 15 year enterprise network engineer career, largely in finance and manufacturing followed. Starting with a study in anthropology she decided to change fields, eventually pursuing an old interest in communications security and privacy and a brief internship in hardware security. Seeking to combine her interests in technology and society she began pursuing the field from a new perspective, enrolling as JD candidate at Santa Clara Law. She now consults on privacy issues related to communications technology while completing her law degree. She has also cofounded Fork the Law, an effort to bridge the gap between technologists and legislation. Ttile: “Malware Management Framework” – We detected WinNTI with it! With all the security products you use, you still don’t have confidence that your networks are malware-free. And you’re right. They aren’t. You want to know a dirty little secret? There IS a way to discover the most advanced malware! This discussion comes straight from the guys in the trenches who have been dealing with real world advanced malware for years. We are not in pristine labs, but the kind of environments that most of us really have, but won’t admit in public. Through our own wins and losses at defending our environments, we have identified what works and what doesn’t, and have created the Malware Management Framework: A simple methodology for defending your systems against the most advanced malware. We will cover the Malware Management Framework and provide specific, actionable items on how to use it in your environment with tools you may already have, and free tools you have not yet seen. If you are responsible for defending a network, and you want to have higher confidence that systems in your environment are malware-free, you need to attend this discussion.
Ian and Michael (The Thoughtful Hackers coined by Paul Asidoorian on a PaulDotCom interview) are security professionals and researchers. They first discovered a critical flaw in a major card key system. In their real jobs, Ian and Michael are defending against cutting edge advanced malware and researching how to better detect and respond to this ever increasing threat. Michael’s background includes 20 years of security consulting for Fortune 500 organizations, running BSides Texas, and general awesomeness. Ian’s background includes security, networking and software development, and was a former CISO for the State of Texas. Now Ian and Michael defend against malefactors, nefarious ne’er-do-weller’s trying to do nefarious things and trying to p0wn their employer’s assets. They can be found on twitter as @MI2Security (Ian) and @HackerHurricane (Michael).
Ian and Michael (The Thoughtful Hackers coined by Paul Asidoorian on a PaulDotCom interview) are security professionals and researchers. They first discovered a critical flaw in a major card key system. In their real jobs, Ian and Michael are defending against cutting edge advanced malware and researching how to better detect and respond to this ever increasing threat. Michael’s background includes 20 years of security consulting for Fortune 500 organizations, running BSides Texas, and general awesomeness. Ian’s background includes security, networking and software development, and was a former CISO for the State of Texas. Now Ian and Michael defend against malefactors, nefarious ne’er-do-weller’s trying to do nefarious things and trying to p0wn their employer’s assets. They can be found on twitter as @MI2Security (Ian) and @HackerHurricane (Michael).