SlideShare una empresa de Scribd logo

Passwords and Botnets and Zombies (oh my!)

J
jessepollak

The WordPress community has a huge security challenge on the horizon. Now powering almost 20% of the Internet, WordPress lets us build businesses and lifestyles behind a single password. Protecting one site is hard, but the real challenge is making sure that distributed attacks across WordPress sites don't find unprotected sites to attack. In this talk, Brennen Byrne, the CEO of Clef, discusses the attacks and defenses being established in the new security paradigm and the new strategies being worked on to protect your site from the robot army.

Tecnología
1 de 45
Descargar para leer sin conexión
passwords and botnets and zombies
passwords and botnets and zombies oh my!
this talk is about security
a lot of people think security is hard
a lot of people think security is hard confusing
a lot of people think security is hard confusing complicated
a lot of people think security is not for you hard confusing impossible technical frustrating complicated infuriating painful
but we all know that it’s important
but we all know that it’s important and my job is to make it easy
3 reasons we need to talk about security:
almost 20% of the web runs on wordpress
almost 20% of the web runs on wordpress lots of attacks on wordpress sites
almost 20% of the web runs on wordpress lots of attacks on wordpress sites security is fun and interesting
hello, my name is brennen (@brennenbyrne)
I’m a founder of Clef (getclef.com)
what is clef?
passwords and botnets and zombies oh my!
how important is a single password?
could one password: take down your site? hurt your clients? ruin your business? endanger lives?
as wordpress becomes more important so do our passwords.
the old way to break a password
virus with a keylogger guess common passwords advanced interrogation
in order to defend myself
don’t download viruses ban IPs that are guessing wrong don’t piss off enemy nation-states
if i’m good, i could also use an admin username other than “admin” post from author accounts, not admin change the table prefix of my databases be careful about who i give permissions
but attackers have gotten smarter
botnets
botnets are what happens when your parents download viruses
their computers become zombies
botnets attack sites sites infect visitors’ computers visitors join botnet bigger botnet attacks more sites
botnets swarm and attack your site from millions of different computers
don’t download viruses ban IPs that are guessing wrong don’t piss off enemy nation-states
botnets are the attackers’ response to our better defenses as wordpress becomes a better target the incentives for breaking it rise
with new attacks come new defenses
bruteprotect
clef
but attack and response isn’t enough
passwords are a long-term problem
brain vs. computer
more services online and longer, harder passwords
hacks this year Adobe Twitter Living Social Evernote Drupal
clef
wordpress security requires: making security standard increasing accessibility to security dedication to casual user secure defaults
weakness in the community is dangerous
questions?

Recomendados

Insecure Trends in Web 2.0
Insecure Trends in Web 2.0Insecure Trends in Web 2.0
Insecure Trends in Web 2.0
Ferruh Mavituna
 
Security for javascript
Security for javascriptSecurity for javascript
Security for javascript
Hữu Đại
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small Businesses
PECB
 
Discourage hackers using the ecc 521 system
Discourage hackers using the ecc 521 systemDiscourage hackers using the ecc 521 system
Discourage hackers using the ecc 521 system
Global Secured - Reclaim Your Privacy - Gsecc
 
Douglas Crockford - Ajax Security
Douglas Crockford - Ajax SecurityDouglas Crockford - Ajax Security
Douglas Crockford - Ajax Security
Web Directions
 
WordPress Security Update: How we're building the web's most secure platform ...
WordPress Security Update: How we're building the web's most secure platform ...WordPress Security Update: How we're building the web's most secure platform ...
WordPress Security Update: How we're building the web's most secure platform ...
jessepollak
 
Criza eco1929
Criza eco1929Criza eco1929
Criza eco1929
Butnaras Doina
 
Simulovaný soudní proces
Simulovaný soudní procesSimulovaný soudní proces
Simulovaný soudní proces
TomasPistek
 

Recomendados

Insecure Trends in Web 2.0
Insecure Trends in Web 2.0Insecure Trends in Web 2.0
Insecure Trends in Web 2.0
Ferruh Mavituna
 
Security for javascript
Security for javascriptSecurity for javascript
Security for javascript
Hữu Đại
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small Businesses
PECB
 
Discourage hackers using the ecc 521 system
Discourage hackers using the ecc 521 systemDiscourage hackers using the ecc 521 system
Discourage hackers using the ecc 521 system
Global Secured - Reclaim Your Privacy - Gsecc
 
Douglas Crockford - Ajax Security
Douglas Crockford - Ajax SecurityDouglas Crockford - Ajax Security
Douglas Crockford - Ajax Security
Web Directions
 
WordPress Security Update: How we're building the web's most secure platform ...
WordPress Security Update: How we're building the web's most secure platform ...WordPress Security Update: How we're building the web's most secure platform ...
WordPress Security Update: How we're building the web's most secure platform ...
jessepollak
 
Criza eco1929
Criza eco1929Criza eco1929
Criza eco1929
Butnaras Doina
 
Simulovaný soudní proces
Simulovaný soudní procesSimulovaný soudní proces
Simulovaný soudní proces
TomasPistek
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfA Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdf
Host It Smart
 
Passwords: the weakest link in WordPress security
Passwords: the weakest link in WordPress securityPasswords: the weakest link in WordPress security
Passwords: the weakest link in WordPress security
jessepollak
 
Robert wayman cis 1020 chpt 9
Robert wayman cis 1020 chpt 9Robert wayman cis 1020 chpt 9
Robert wayman cis 1020 chpt 9
robsworld
 
Passwords the weakest link in word press security
Passwords the weakest link in word press securityPasswords the weakest link in word press security
Passwords the weakest link in word press security
jessepollak
 
Network Security
Network SecurityNetwork Security
Network Security
SOBXTECH
 
The Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityThe Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress Security
AidanChard
 
Types of Security Threats WordPress Websites Face: Part-1
Types of Security Threats WordPress Websites Face: Part-1Types of Security Threats WordPress Websites Face: Part-1
Types of Security Threats WordPress Websites Face: Part-1
WPWhiteBoard
 
Types of Security Threats WordPress Websites Face - Part 2
Types of Security Threats WordPress Websites Face - Part 2Types of Security Threats WordPress Websites Face - Part 2
Types of Security Threats WordPress Websites Face - Part 2
WPWhiteBoard
 
Sept 2014 cloud security presentation
Sept 2014 cloud security presentationSept 2014 cloud security presentation
Sept 2014 cloud security presentation
Joan Dembowski
 
Secure wordpress site
Secure wordpress siteSecure wordpress site
Secure wordpress site
firojkhansahu
 
Computer viruses and its prevention
Computer viruses and its preventionComputer viruses and its prevention
Computer viruses and its prevention
davidmmc
 
Passwords: the weakest link in WordPress security
Passwords: the weakest link in WordPress securityPasswords: the weakest link in WordPress security
Passwords: the weakest link in WordPress security
jessepollak
 
Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.
Mike Barker
 
Malware and malicious programs
Malware and malicious programsMalware and malicious programs
Malware and malicious programs
Ammar Hasayen
 
Home cyber security
Home cyber securityHome cyber security
Home cyber security
Michael File
 
Parent engagement cvps
Parent engagement cvpsParent engagement cvps
Parent engagement cvps
jeygenraam
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
Jeff Zahn
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
StuartJDavidson.com
 
Cyber crime.pptx
Cyber crime.pptxCyber crime.pptx
Cyber crime.pptx
GARDENGAMERZE77Fancl
 
C 7
C 7C 7
C 7
Les Davy
 
Building Trust on the Blockchain: The Importance of Mental Models
Building Trust on the Blockchain: The Importance of Mental ModelsBuilding Trust on the Blockchain: The Importance of Mental Models
Building Trust on the Blockchain: The Importance of Mental Models
jessepollak
 
Cryptography 101 (with math)
Cryptography 101 (with math)Cryptography 101 (with math)
Cryptography 101 (with math)
jessepollak
 

Más contenido relacionado

Similar a Passwords and Botnets and Zombies (oh my!)

Robert wayman cis 1020 chpt 9
Robert wayman cis 1020 chpt 9Robert wayman cis 1020 chpt 9
Robert wayman cis 1020 chpt 9
robsworld
 
Passwords the weakest link in word press security
Passwords the weakest link in word press securityPasswords the weakest link in word press security
Passwords the weakest link in word press security
jessepollak
 
Parent engagement cvps
Parent engagement cvpsParent engagement cvps
Parent engagement cvps
jeygenraam
 

Similar a Passwords and Botnets and Zombies (oh my!) (20)

A Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfA Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdf
 
Passwords: the weakest link in WordPress security
Passwords: the weakest link in WordPress securityPasswords: the weakest link in WordPress security
Passwords: the weakest link in WordPress security
 
Robert wayman cis 1020 chpt 9
Robert wayman cis 1020 chpt 9Robert wayman cis 1020 chpt 9
Robert wayman cis 1020 chpt 9
 
Passwords the weakest link in word press security
Passwords the weakest link in word press securityPasswords the weakest link in word press security
Passwords the weakest link in word press security
 
Network Security
Network SecurityNetwork Security
Network Security
 
The Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityThe Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress Security
 
Types of Security Threats WordPress Websites Face: Part-1
Types of Security Threats WordPress Websites Face: Part-1Types of Security Threats WordPress Websites Face: Part-1
Types of Security Threats WordPress Websites Face: Part-1
 
Types of Security Threats WordPress Websites Face - Part 2
Types of Security Threats WordPress Websites Face - Part 2Types of Security Threats WordPress Websites Face - Part 2
Types of Security Threats WordPress Websites Face - Part 2
 
Sept 2014 cloud security presentation
Sept 2014 cloud security presentationSept 2014 cloud security presentation
Sept 2014 cloud security presentation
 
Secure wordpress site
Secure wordpress siteSecure wordpress site
Secure wordpress site
 
Computer viruses and its prevention
Computer viruses and its preventionComputer viruses and its prevention
Computer viruses and its prevention
 
Passwords: the weakest link in WordPress security
Passwords: the weakest link in WordPress securityPasswords: the weakest link in WordPress security
Passwords: the weakest link in WordPress security
 
Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.
 
Malware and malicious programs
Malware and malicious programsMalware and malicious programs
Malware and malicious programs
 
Home cyber security
Home cyber securityHome cyber security
Home cyber security
 
Parent engagement cvps
Parent engagement cvpsParent engagement cvps
Parent engagement cvps
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentation
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
 
Cyber crime.pptx
Cyber crime.pptxCyber crime.pptx
Cyber crime.pptx
 
C 7
C 7C 7
C 7
 

Más de jessepollak

Más de jessepollak (6)

Building Trust on the Blockchain: The Importance of Mental Models
Building Trust on the Blockchain: The Importance of Mental ModelsBuilding Trust on the Blockchain: The Importance of Mental Models
Building Trust on the Blockchain: The Importance of Mental Models
 
Cryptography 101 (with math)
Cryptography 101 (with math)Cryptography 101 (with math)
Cryptography 101 (with math)
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101
 
Passwords: the weakest link in WordPress security
Passwords: the weakest link in WordPress securityPasswords: the weakest link in WordPress security
Passwords: the weakest link in WordPress security
 
Clef security architecture
Clef security architectureClef security architecture
Clef security architecture
 
Anatomy of a WordPress Hack
Anatomy of a WordPress HackAnatomy of a WordPress Hack
Anatomy of a WordPress Hack
 

Último

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Passwords and Botnets and Zombies (oh my!)