Presented at
Kiwicon 4: The four e:Sheep-persons of the Cyber Infopocalypse (2010),
Nov. 27, 2010, 2:15 p.m.
(30 minutes)
Inspired by the work of Dan Farmer in his seminal survey of the exploitable internet population "Shall We Dust Moscow" (1997), we use two recently developed tools (WhatWeb by Andrew and BlindElephant by Patrick) to update the global vulnerability census for 2010, discovering unpatched and vulnerable devices and applications across a sample of 2 million hosts. We use the results to pose and discuss various (real and imagined) correlations of security posture to other factors, and surprise ourselves (and hopefully you) in the process. Who is more up to date; the US or Nigeria? What about porn sites vs governments sites? *Nix based or Windows based? Now: *Why* do you think that, and if the actual answer surprises you, what does that help us learn about our thought process as analysts and security professionals? We bring data (and some pretty graphs and maps) to let you test your instincts against reality and learn to ask deeper questions.
Presenters:
-
Patrick
Patrick Thomas is a security research engineer with Qualys. He works on automated vulnerability detection tools, malware detection, pragmatic security, and dabbles in the security implications of public policy and vice versa. He percolates and occasionally dispenses ideas on the above at CoffeeToCode.net.
-
Andrew
Andrew Horton is a Wellington security consultant for Security-Assessment.com. He provides your favourite daily security news at www.MorningStarSecurity.com.
Links:
Similar Presentations: