How Cybercriminals Steal Money
BackGoogle Tech Talks
June, 16 2008
ABSTRACT
Attend this session and learn how you can prevent today's most significant data security vulnerabilities—the kind that leave businesses open to fraud that ranges from capturing tens of millions of credit card numbers to stealing money from bank accounts to constructing next-generation botnets. We'll review how cross-site request forgery, cross-site script inclusion and SQL injection attacks work and discuss their impact on Web 2.0, AJAX, mashup and social networking applications. We'll present industry-wide statistics on security vulnerabilities, cover emerging security trends and discuss the current state of security education. Then we'll tell you how to defend against security attacks and how to modify your software development process to achieve security, and we'll recommend certification programs, books and organizations that can help you secure your applications.
Speaker: Neil Daswani
Neil Daswani has served in a variety of research , development, teaching, and managerial roles at Google, Stanford University , DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia Technologies). While at Stanford, Neil cofounded the Stanford Center Professional Development (SCPD) Security Certification Program ( His areas of expertise include security, wireless data technology, and peer-to-peer systems. He has published extensively in these areas, frequently gives talks at industry and academic conferences, and has been granted several U.S. patents. He received a Ph.D. and a master's in computer science from Stanford University, and earned a bachelor's in computer science with honors with distinction from Columbia University. Neil is also the lead author of "Foundations of Security: What Every Programmer Needs To Know" (published by Apress; ISBN 1590597842; )
Channel: People & Blogs
Uploaded: June 19, 2008 at 5:12 am
Author: googletechtalks
Length: 00:55:27
Rating: 4.31
Views: 20765
Tags: google techtalks techtalk engedu talk talks googletechtalks education
Video Comments:
larrymccowen (November 24, 2008 at 6:56 pm)
# [09:00] Attack #1: SQL Injection.
# [16:30] Preventing SQL injections.
# [17:00] Dont blacklist (filter) characters in queries. Whitelist (allow) well-defined set of safe values for each field.
# [18:30] Take a look at mod_security if you use Apache web server. Mod_security is a Web Application Firewall. It allows you to define a set of rules the web application must follow.
# [16:30] Preventing SQL injections.
# [17:00] Dont blacklist (filter) characters in queries. Whitelist (allow) well-defined set of safe values for each field.
# [18:30] Take a look at mod_security if you use Apache web server. Mod_security is a Web Application Firewall. It allows you to define a set of rules the web application must follow.
larrymccowen (November 24, 2008 at 6:55 pm)
# [19:30] Prepared statements and bind variables help to avoid SQL injections.
# [23:00] Other mitigations strategies include - limiting web application users privileges on the sql server, hardenining database server and host operating system.
# [23:45] Second order SQL injections (link to pdf) abuse data that is already in the database.
# [23:00] Other mitigations strategies include - limiting web application users privileges on the sql server, hardenining database server and host operating system.
# [23:45] Second order SQL injections (link to pdf) abuse data that is already in the database.
larrymccowen (November 24, 2008 at 6:54 pm)
# [23:55] Blind SQL injection (link to pdf) is a technique to reverse engineer the structure of the database.
# [24:25] Attack #2: Cross-Site Request Forgery (XSRF).
# [26:00] How XSRF Works.
# [31:30] Drive-By-Pharming (pdf) is an XSRF technique where the attacker changes DNS settings of a users broadband router (fact - 50% of home users do not change default router password).
# [34:00] Preventing XSRF.
# [24:25] Attack #2: Cross-Site Request Forgery (XSRF).
# [26:00] How XSRF Works.
# [31:30] Drive-By-Pharming (pdf) is an XSRF technique where the attacker changes DNS settings of a users broadband router (fact - 50% of home users do not change default router password).
# [34:00] Preventing XSRF.
djnuller (November 19, 2008 at 12:18 pm)
Noby Gonna Watch This Video Finnish
metallicp (November 11, 2008 at 1:28 am)
informative presentation !
thanx for the post
thanx for the post
frvfilms (November 6, 2008 at 11:30 pm)
beautiful,
Rmac550 (November 6, 2008 at 1:48 pm)
I didnt know that youtube videos can be this long. whoever watched the entire thing is a nerd and has no life
Zoza15 (November 15, 2008 at 7:51 am)
That might be true, But nerds Got more brains than you can imagine...
So stop insulting those people...
So stop insulting those people...
SsLiquid (November 3, 2008 at 6:48 pm)
ah yes precisely. the botnets circut the anual cyber trial used for the wire transfer and then the malware alarm constitutes money made through various ransom notes written to established firms. hahaha what the fuck is this dude talking about. i fell asleep before this even started
-
Links:
-
Tags:
hip-hop interviews videos r kelly usher eminem jay-z beyonce chris brown artist
# [01:48] Years ago cybercriminals were teenagers writing viruses and worms, today they are organized crime looking for stealing money.
# [03:19] Intermediate goals to stealing money are data theft, extortion and malware distribution.
# [04:02] Russian Business Network (RBN) is an example of organized cybercrime.