Security Matters Scott D Anderson Wellesley College scott

  • Slides: 13
Download presentation
Security Matters Scott D. Anderson Wellesley College scott. anderson@acm. org

Security Matters Scott D. Anderson Wellesley College scott. anderson@acm. org

Blame it on … n n Last year, David Musicant told about how his

Blame it on … n n Last year, David Musicant told about how his students inadvertently launched a denial of service attack on Carleton College’s mail server Ah, but I can top that.

Background n n I teach a course in “Web Databases, ” which covers My.

Background n n I teach a course in “Web Databases, ” which covers My. SQL, several middleware technologies (PHP, Perl/CGI and Java Servlets) and miscellanous related topics I am also my department’s Sys. Admin, so I should know better

Check your email first n n n Monday, December 5 th, 2005 Panic: The

Check your email first n n n Monday, December 5 th, 2005 Panic: The CS web server is down! Class material unavailable! Ah, network jack is bad; switch to working jack. Problem solved Go read mail

Let Tim tell it

Let Tim tell it

The Phishing email (extract) From: Comerica Bank [mailto: customers@comerica. com] Sent: Monday, December 05,

The Phishing email (extract) From: Comerica Bank [mailto: customers@comerica. com] Sent: Monday, December 05, 2005 1: 09 AM To: orders@westburypharmacy. com Subject: Comerica Bank Online® Department Notice …In order to safeguard your account, we require that you confirm your banking details. To help speed up this process, please access the following link so we can complete the verification of your Comerica Online® Banking Account registration information : [http: //cs. wellesley. edu/~webdb/apache/comerica/CONSUMER/LOGIN/inde x. html]https: //webbanking. comerica. com/CONSUMER/LOGIN/login. asp …

How did this happen? n n n Spring 2005, I taught my Web Database

How did this happen? n n n Spring 2005, I taught my Web Database course Introduced new material on file upload (e. g. pictures) Included a working demonstration Later, discussed web security All course material is online on the web

Aftermath n n From the logs, we found only one IP accessing that script,

Aftermath n n From the logs, we found only one IP accessing that script, with what appeared to be the initial upload and a few tests The IP was from Romania, where the trail ran cold

Moral(s) n Consider security first

Moral(s) n Consider security first

Moral(s) n n Consider security first Horror stories make great lessons

Moral(s) n n Consider security first Horror stories make great lessons

Moral(s) n n n Consider security first Horror stories make great lessons White knights

Moral(s) n n n Consider security first Horror stories make great lessons White knights abound

Moral(s) n n Consider security first Horror stories make great lessons White knights abound

Moral(s) n n Consider security first Horror stories make great lessons White knights abound I was forgiven

Moral(s) n n n Consider security first Horror stories make great lessons White knights

Moral(s) n n n Consider security first Horror stories make great lessons White knights abound I was forgiven So, be bold. You can’t do worse than I’ve done.