2. 23/04/13 BCS - April 20132
Who, me?
• Clinton Ingrams
• CSC
– Cyber Security Centre, DMU
– Teaching CS since 1986
– Love PHP
3. 23/04/13 BCS - April 20133
• The problems
• What, if anything, can be done?
4. 23/04/13 BCS - April 20134
Famous Hacks
• LinkedIn
• eHarmony
5. 23/04/13 BCS - April 20135
Problem 1 – the Wetware
• Gullible people
– Don't understand/care about security
• Social Engineering
http://www.madsecurity.com/portfolio/social-engineering/
6. 23/04/13 BCS - April 20136
Problems 2 – crappy Web Apps
• Web application issues
– OWASP top 10
• Errors in business logic
– Ebay
– TV news service
– bitcoins
7. 23/04/13 BCS - April 20137
• Web sites are easy to build
• Web applications are also easy
– PHP – very easy to learn
• (could make it harder)
8. 23/04/13 BCS - April 20138
• WAMP or XAMPP make the AMP stack to
install & configure
• Wordpress, Drupal & Joomla make it
easy...
– but reliant on the developers
9. 23/04/13 BCS - April 20139
Common hacks
• SQLi, XSS, Command Line Injection
– SEO attacks
• Clickjacking, CSRFing, Cross-site History
Manipulation
• Hacks are “easy” with automated toolkits
– Backtrack & Samurai
– Metasploit
– SQLMap
10. 23/04/13 BCS - April 201310
Problem 3 – Smart ...
• Buildings
• Towns & Cities
11. 23/04/13 BCS - April 201311
Problem 3 – Smart ...
• Medical
–Pacemakers
–Diagnosic equipment
–Data set manipulation
12. 23/04/13 BCS - April 201312
Problem 3 – Smart ...
• Utilities
–SCADA problems
• Supervisory Control and Data
Acquisition
• Industrial Control Systems
–Stuxnet
13. 23/04/13 BCS - April 201313
Problem 3 – Smart ...
• Transport
–Traffic Control systems
–Hugo Teso
• Hacked aircraft systems with an
Andoid app
21. 23/04/13 BCS - April 201321
Research
• Vehicle Forensics
– Cyber MOT
• Collaborations with legal experts, cyber
psychologists, historians & linguists
• Read more at:
http://www.dmu.ac.uk/research/research-
faculties-and-institutes/technology/cyber-
security-centre/research.aspx
22. 23/04/13 BCS - April 201322
TSI
• Trustworthy Software Initiative
“A public-private partnership for enhancing
the overall software and systems culture,
with the objective that all software should
become designed, implemented and
maintained in a trustworthy manner.”
23. 23/04/13 BCS - April 201323
Risks
• Trust disappears as the web becomes a
more dangerous place for business,
education and entertainment