Awhile back I posted a link to all the DefCon 15 videos. I’ve started to go through them now. There is waaaay too many of them, but I’m game to go through them.
Broward Horne talks about click fraud and how simple it is to perpetrate it in Click Fraud Detection with Practical Memetrics. He uses a number of heuristics to detect the potential likelihood of click fraud. One cool thing mentioned is a paper by Google called The Anatomy of Clickbot.A.
Dan Kaminsky, Director of Penetration Testing Services at IOActive talks about exploiting some of the core technologies and assumptions that the internet is based around in Design Reviewing the Web. He also gets points for the best quote in a long while: Design bugs are like zombies; they come back from the dead. Essentially, he uses the Same Origin Policy to hack itself using bugs in Flash that were fixed in Java, etc. back in 1996. Two other notable items
- A hacker’s career goal should to be the hacker in the room when dumb decisions get made
- Imagine how much money you could make if you could sell the top link result in google
To solve the second point, he suggests that we are all going to have to have all our content running over verifiable, secure connections.
How To Be A WiFi Ninja is a wonderfully named talk by Matthew L Shuchman (pilgrim) of WarDrivingWorld. Naturally, he had to define what the Ninja Code is, which I’ve reproduced.
- Determine needs and objectives
- Never trust the manufacturers limitations
- Make changes to existing setup(s)
- Access wifi at extended range and with greater speed
Hopefully it is as obvious to the reader how we can twist this around as a set of steps to do better testing. The key thing that the talk illustrates is how important it is to know the tech you are working with. Sure, having domain knowledge is important, but knowing how it is built is also critical!