bad software is eating the world. - defcamp 1/20161109...2016/11/09 · “software is eating the...
TRANSCRIPT
1
Bad software is eating the world.
Mark Felegyhazi
CrySyS Lab / avatao
2
“Software is eating the world”
3
Challenges of the software economy
need skilled people
to build secure software
4
Internet of Things
5
6
Barnaby Jack pacemaker hack
7
Barnaby Jack pacemaker hack
1. Bedside transmitters sold with pacemakers (9-15m) 2. Ping to discover model and serial number of
transmitter 3. Reprogram transmitter firmware 4. Reprogram the pacemaker remotely 5. Transmitters have access to remote servers 6. Upload specific firmware to remote servers and
cause mass killing
8
Self-driving cars
9
CrySyS car hacking
PC running WinCC PLC management software
PLC controlling the uranium centrifuges
uranium centrifuges
PC running a vehicle diagnostic software
ECU controlling some function of the vehicle
vehicle
10
Critical infrastructure
11
11
12
Websites are the key target
13
Apps are no better
14
What can happen? – Advanced attack
15
What can happen? – Weak suppliers
16
What can happen? – OpenSSL Heartbleed
17
How to write secure code?
18
Secure software development
hackers live here
19
cost
time
cost of security bugs
design development testing production
1x 5x
15x
60x
20
cost
time
cost of security bugs
design development testing production
1x 5x
15x
60x
21
Code reuse
22
Debugging (for security)
23
Rubber-duck debugging
24
Code review
25
Pair programming
26
Automated code testing
27
Use reliable crypto protocols
28
Need people to write secure code
29
Businesses need IT people
30
No bad developers, please
31
Security is missing from education
32
security @ universities?
33
Practice labs are very costly
costly to build practice labs (infrastructure AND content)
34
it must be fun
35
Need practical, fun learning!
36
avatao High-quality, up-to-date
IT security exercises
37
Security tool tutorials
38
Hacking events (created in 5 mins)
39
Security for developers
40
Join our community to build secure software!
http://platform.avatao.com/defcamp2016
(open until Sunday, Nov 13)
Mark Felegyhazi w: http://avatao.com e: [email protected]
41
Security tools and fun adventures
Hands-on IT security challenges
Hands-on exams proving true skills
Expert community
Cost-effective training
Cloud-based virtual platform
KNOWLEDGE YOU NEED