BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon New York

Find real-world practical inspiration from the world’s most innovative software leaders. Attend in-person.
QCon San Francisco

Learn what's next in software from world-class leaders pushing the boundaries. Attend in-person or get video-only pass to recordings.
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage Presentations The Nihilist’s Guide to Wrecking Humans & Systems

Development
QCon New York (June 13-15): Learn best practices from senior developers at early adopter companies.

The Nihilist’s Guide to Wrecking Humans & Systems

Bookmarks
42:36

Summary

Christina Camilleri talks about how social engineering can be used in conjunction with technical attacks to create sophisticated and destructive attack chains, shares some real world war stories and highlights what can be done to protect against these threats.

Bio

Christina Camilleri is a Security Analyst at Bishop Fox, a security consulting firm. Her primary areas of expertise are web application penetration testing, open source intelligence and social engineering. She has attended and presented at local and international conferences on social engineering and has won highest scoring OSINT report for two years in a row in the DEFCON Social Engineering CTF.

About the conference

Software is changing the world. QCon empowers software development by facilitating the spread of knowledge and innovation in the developer community. A practitioner-driven conference, QCon is designed for technical team leads, architects, engineering directors, and project managers who influence innovation in their teams.

Recorded at:

Jul 17, 2016

This content is in the Security topic

Related Topics:

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • Good presentation, good stories

    by Richard Richter,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    For many users it is possible to restrict the policy without impacting their workflow, but developers are complicated and fight security as "it stands in their way" - of course we know it is critical. But it is critical once in a while when something happens - for many of us it virtually never does, or we don't know... But I don't know about good unintrusive way how to manage all the passwords and connections to databases, messagings, etc. Sure, tomcat with default password is silly and changing the password should happen. But how to avoid storing database password out of some INI file? I don't want to enter it (or many other passwords) again with every restart of the application. And if one uses some master password then SOME password is still in the memory somewhere and privileged user can get to it.
    On developer's workstation directly I don't need remote desktop or sshd. I feel safer when I have to be physically at the machine. On the other that means I can't log on the machine via VPN. I prefer when I can work via VPN using my home computer as I don't like remote desktops in general, but often it may not be supported policy.
    Securing devel/test/prod servers is another topic altogether. But for my workstation, sometimes I'd welcome some instant "single user" setup, even though the OS is multiuser capable.
    In general - trust is not secure, but makes stuff happen. How to weave security (here clearly presented as limited trust, I understand why) into environment where things happen? Where creative work is fun? Where is the balance?

    Back to top

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT