@evacide from #EFF had a great Keynote about the human aspects, why we need 100% #HTTPS coverage (with just 99%, drive-by zero-click malware insertions can still happen). #SCS23
The second keynote at #SCS23 with some technical difficulties. Therefore, the screen is filmed with a camera and projected to the screen. Instead of a plain HDMI connection. (And no, it is not for security reasons aka #AirGap).
➡️ In some cases, one year of "lying low", ⅔ years of slow contact buildup
➡️ Buildup of "personal relationship", possibly including #flirting
➡️ Learning whether to recruit as insider (disgruntled? …)
➡️ Opinion surveys to get more information
#Phishing is upgrading to real spy recruiting qualities.
Be aware of this!
#Honeypots are often too obvious about being a #Honeypot: #SheilaABerta looks at error messages and their differences between the emulated service and the honeypot's version. She requires only a single message to expose the fake service.
Honeypot writer need to improve their "compatibility". #SCS23
Managing #ThirdParty risk, namely the potential security problems comes from using #SaaS services, will be the main challenge for the near future. And don't forget the subcontracters.
Christian Folini compared this to the #Xplain leak, without mentioning their name. #SCS23
#StefanLüders at #SCS23 explaining that when adding more manageability, scalability, virtualization etc. you continually add abstraction layers, separate networks, ….
Only to reconnect them at the next level again, reintroducing the interdependence and kill isolation anf security.
Add comment