Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage Presentations The Nihilist’s Guide to Wrecking Humans & Systems

The Nihilist’s Guide to Wrecking Humans & Systems



Christina Camilleri talks about how social engineering can be used in conjunction with technical attacks to create sophisticated and destructive attack chains, shares some real world war stories and highlights what can be done to protect against these threats.


Christina Camilleri is a Security Analyst at Bishop Fox, a security consulting firm. Her primary areas of expertise are web application penetration testing, open source intelligence and social engineering. She has attended and presented at local and international conferences on social engineering and has won highest scoring OSINT report for two years in a row in the DEFCON Social Engineering CTF.

About the conference

Software is changing the world. QCon empowers software development by facilitating the spread of knowledge and innovation in the developer community. A practitioner-driven conference, QCon is designed for technical team leads, architects, engineering directors, and project managers who influence innovation in their teams.

Recorded at:

Jul 17, 2016

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • Good presentation, good stories

    by Richard Richter,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    For many users it is possible to restrict the policy without impacting their workflow, but developers are complicated and fight security as "it stands in their way" - of course we know it is critical. But it is critical once in a while when something happens - for many of us it virtually never does, or we don't know... But I don't know about good unintrusive way how to manage all the passwords and connections to databases, messagings, etc. Sure, tomcat with default password is silly and changing the password should happen. But how to avoid storing database password out of some INI file? I don't want to enter it (or many other passwords) again with every restart of the application. And if one uses some master password then SOME password is still in the memory somewhere and privileged user can get to it.
    On developer's workstation directly I don't need remote desktop or sshd. I feel safer when I have to be physically at the machine. On the other that means I can't log on the machine via VPN. I prefer when I can work via VPN using my home computer as I don't like remote desktops in general, but often it may not be supported policy.
    Securing devel/test/prod servers is another topic altogether. But for my workstation, sometimes I'd welcome some instant "single user" setup, even though the OS is multiuser capable.
    In general - trust is not secure, but makes stuff happen. How to weave security (here clearly presented as limited trust, I understand why) into environment where things happen? Where creative work is fun? Where is the balance?

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p