SlideShare une entreprise Scribd logo

ICT security and Open Data

SecuRing
SecuRing

This document discusses security risks related to open data systems. It provides examples of risks such as website defacement, malware serving, denial of service attacks, unauthorized data modification, data scraping, and re-identification of anonymized data. The document advocates defining security requirements during the design process to check for security and conduct testing before deployment. This will help address risks like data breaches, malware, and loss of user trust in open data systems.

Internet
1  sur  27
ICT Security and Open Data Should we care? Wojciech Dworakowski
2 Who am I?
3 Agenda Open Data systems IT security risks  by examples What is security? How to achieve it?
Source: http://news.softpedia.com/ 4 Polish Ministry of Work and Social Policy (2008) Defacement Źródło: http://www.dawidd.master.pl/ Źródło: http://www.niebezpiecznik.pl
5 Malware serving User visiting infected website can be attacked Example: „Nearly 100 Thai Government websites were hacked and used to serve malware last month. More than 500 distinct attacks were launched from these websites” Source: http://news.netcraft.com/archives/2014/05/06/thai-government-websites-infested- with-malware.html
6 Malware hosting Source: W.Dworakowski, SecuRing
7 Impact Loss of reputation Loss of users’ trust Loss of PageRank
8 Denial of service DDoS (Distributed Denial of Service) Ex: Latvia (2008), South Korea (2009), Ukraine (2014) • Multiple connections from around the world • Relatively easy to launch • Difficult to fight and expensive to protect
9 Is it difficult?
10 Too Open Data Source: http://news.bbc.co.uk/2/hi/technology/8533641.stm
11 Was it difficult? 7,4 mln tax records leaked ~ 120 GB of tax data „Hacking” script: for i in {1..7500000}; do wget http://www2.vid.gov.lv/eds/Pages/GetDuf.aspx?id=$i; done
12 Unauthorized modification of data System for recruitment to high schools in Poland Possibility to modify candidate’s grades Source: niebezpiecznik.pl
13 Unauthorized modification of data Consider more sensitive systems, e.g.: • Legal Register of Companies • Statistical data • National election results (realtime)
14 Data mining scraping Polish Land Registry
15 Data scraping Access to: • Property data • Owners’ data (including ID, address) • Mortgage data (amount, bank, date) But… user has to: • Know register number • Enter captcha Incremental with one control digit Could be bypassed (in the past) or human solved (about 2$ / 1000 captchas)
16 18722717 indexed land registers. Collected data: 31066649 plots, 1628061 buildings, 6812230 premises. About 7 EUR / record
17 Deanonymization & Re-identification Statistical methods of analysis Finding unique user „fingerprint” Corelation with other datasets 87% of US citizens has unique combination of: gender, ZIP, date of birth* * Latanya Sweeney, Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
18 Example Anonymized hospital data Voter registration list • Name • Address • Gender • ZIP • Birth date Massachusetts Governor William Weld  6 people has it’s birth date  3 of them were men  Only 1 with Cambridge ZIP • Medical procedures • Gender • ZIP • Birth date From Latanya Sweeney research paper: Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
How to lower security risks?
20 We can politely ask ;) "We would like to ask those who would like to deface this Open Data [website], Open Data is your data. This is the public’s data about you, so I don’t think it’s in the interest of the Filipinos to damage the information that we have.” Presidential Spokesperson Edwin Lacierda Source: http://www.rappler.com/nation/48454-hackers-open-data
21 Cost of software bugs Project definition Development Design Maintenance Deployment Verify requirements Define security requirements Security testing
22 What does it mean „secure”? Each system is different Not all risks are equally important • Website defacement / Malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification • …
23 How to define security? Who? How? Why? Attack scenarios Attacker Goals  Who can attack our system?  Why? What is motivation?  How attackers can achieve their goals?
24 How to define security? Who? How? Why? Attack scenarios Attacker Goals Countermeasures  What should be done to stop those attacks?  Security requirements
25 Summary 1. Define security requirements 2. Check them during design & development 3. Test security before deployment
26 Summary Examples of risks to consider: • Website defacement / malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification
27 Open data security Should we care? http://www.securing.pl e-mail: info@securing.pl Jontkowa Górka 14a 30-224 Kraków tel. (12) 4252575 fax. (12) 4252593 Wojciech Dworakowski wojciech.dworakowski@securing.pl tel. 506 184 550

Recommandé

SLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for PrivacySLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for Privacy
SLVA Information Security
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
Rebecca Leitch
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891
Risk Crew
 
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
South Tyrol Free Software Conference
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
Wynthorpe
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
SecuRing
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ict
Aten Kecik
 
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
SecuRing
 

Recommandé

SLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for PrivacySLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for Privacy
SLVA Information Security
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
Rebecca Leitch
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891
Risk Crew
 
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
SFScon21 - Lars Eilebrecht - A more human-centric privacy managing approach f...
South Tyrol Free Software Conference
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
Wynthorpe
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
SecuRing
 
Chapter 1-introduction to ict
Chapter 1-introduction to ictChapter 1-introduction to ict
Chapter 1-introduction to ict
Aten Kecik
 
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
AppSec EU 2015 - E-banking transaction authorization - possible vulnerabiliti...
SecuRing
 
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Arief Gunawan
 
Open Education and the Role of ICT
Open Education and the Role of ICTOpen Education and the Role of ICT
Open Education and the Role of ICT
Mart Laanpere
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guide
SecuRing
 
Info2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemsInfo2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systems
saltashict
 
Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...
Keerthi Delwatta
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
Andris Soroka
 
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Dr. Shalini Pandey
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-Art
Daniela Silva
 
ICT in Education
ICT in EducationICT in Education
ICT in Education
Hertiki Marsaid
 
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsTen Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
SecuRing
 
The impact of ICT in education
The impact of ICT in educationThe impact of ICT in education
The impact of ICT in education
Ingrid Noguera
 
INTRODUCTION TO ICT
INTRODUCTION TO ICTINTRODUCTION TO ICT
INTRODUCTION TO ICT
Kak Yong
 
Information and communication technology:a class presentation
Information and communication technology:a class presentationInformation and communication technology:a class presentation
Information and communication technology:a class presentation
Selim Reza Bappy
 
ICT in Education ppt
ICT in Education pptICT in Education ppt
ICT in Education ppt
Hamid Zaib
 
Ict ppt
Ict pptIct ppt
Ict ppt
krishankasotia
 
ICT in Education
ICT in EducationICT in Education
ICT in Education
Ollie Bray
 
Integration of ICT in Teaching and Learning
Integration of ICT in Teaching and LearningIntegration of ICT in Teaching and Learning
Integration of ICT in Teaching and Learning
St.Xavier's College , Palayamkottai - 627 002
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
shreemala1
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
bugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 

Contenu connexe

En vedette

Open Education and the Role of ICT
Open Education and the Role of ICTOpen Education and the Role of ICT
Open Education and the Role of ICT
Mart Laanpere
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guide
SecuRing
 
Info2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemsInfo2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systems
saltashict
 
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Dr. Shalini Pandey
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-Art
Daniela Silva
 
INTRODUCTION TO ICT
INTRODUCTION TO ICTINTRODUCTION TO ICT
INTRODUCTION TO ICT
Kak Yong
 

En vedette (17)

Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
Understanding the Regulatory Evolution of Mobile Commerce and the Opportun...
 
Open Education and the Role of ICT
Open Education and the Role of ICTOpen Education and the Role of ICT
Open Education and the Role of ICT
 
Approaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guideApproaching the unknown - Windows Phone application security assessment guide
Approaching the unknown - Windows Phone application security assessment guide
 
Info2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systemsInfo2 sec 5_-_protecting_ict_systems
Info2 sec 5_-_protecting_ict_systems
 
Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...Business case for upgrading ict data security system by keerthi delwatta u105...
Business case for upgrading ict data security system by keerthi delwatta u105...
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
 
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
Shalini Pandey seminar 2013 (Role of ICT in Rural Development)
 
Interdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-ArtInterdisciplinary Lesson Plan ICT-Art
Interdisciplinary Lesson Plan ICT-Art
 
ICT in Education
ICT in EducationICT in Education
ICT in Education
 
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive ControlsTen Commandments of Secure Coding - OWASP Top Ten Proactive Controls
Ten Commandments of Secure Coding - OWASP Top Ten Proactive Controls
 
The impact of ICT in education
The impact of ICT in educationThe impact of ICT in education
The impact of ICT in education
 
INTRODUCTION TO ICT
INTRODUCTION TO ICTINTRODUCTION TO ICT
INTRODUCTION TO ICT
 
Information and communication technology:a class presentation
Information and communication technology:a class presentationInformation and communication technology:a class presentation
Information and communication technology:a class presentation
 
ICT in Education ppt
ICT in Education pptICT in Education ppt
ICT in Education ppt
 
Ict ppt
Ict pptIct ppt
Ict ppt
 
ICT in Education
ICT in EducationICT in Education
ICT in Education
 
Integration of ICT in Teaching and Learning
Integration of ICT in Teaching and LearningIntegration of ICT in Teaching and Learning
Integration of ICT in Teaching and Learning
 

Similaire à ICT security and Open Data

7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
shreemala1
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
RedZone Technologies
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
Ulf Mattsson
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
mihinpr
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
aryan532920
 

Similaire à ICT security and Open Data (20)

7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences.
 
Attacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdfAttacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdf
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensive
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Bagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdfBagesh_Data Privacy and Security.pdf
Bagesh_Data Privacy and Security.pdf
 

Plus de SecuRing

Developer in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersDeveloper in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4Developers
SecuRing
 
Is persistency on serverless even possible?!
Is persistency on serverless even possible?!Is persistency on serverless even possible?!
Is persistency on serverless even possible?!
SecuRing
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!
SecuRing
 
0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments
SecuRing
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
SecuRing
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
SecuRing
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
SecuRing
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
SecuRing
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
SecuRing
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.
SecuRing
 

Plus de SecuRing (20)

Developer in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersDeveloper in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4Developers
 
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
 
Developer in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON NameDeveloper in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON Name
 
Is persistency on serverless even possible?!
Is persistency on serverless even possible?!Is persistency on serverless even possible?!
Is persistency on serverless even possible?!
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!
 
0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments0-Day Up Your Sleeve - Attacking macOS Environments
0-Day Up Your Sleeve - Attacking macOS Environments
 
Developer in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 editionDeveloper in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 edition
 
20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defense
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS apps
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scale
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
 
Budowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOSBudowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOS
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.
 
Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS Apps
 

Dernier

VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Delhi Call girls
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
Escorts Call Girls
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
 

Dernier (20)

VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 

ICT security and Open Data

  • 1. ICT Security and Open Data Should we care? Wojciech Dworakowski
  • 2. 2 Who am I?
  • 3. 3 Agenda Open Data systems IT security risks  by examples What is security? How to achieve it?
  • 4. Source: http://news.softpedia.com/ 4 Polish Ministry of Work and Social Policy (2008) Defacement Źródło: http://www.dawidd.master.pl/ Źródło: http://www.niebezpiecznik.pl
  • 5. 5 Malware serving User visiting infected website can be attacked Example: „Nearly 100 Thai Government websites were hacked and used to serve malware last month. More than 500 distinct attacks were launched from these websites” Source: http://news.netcraft.com/archives/2014/05/06/thai-government-websites-infested- with-malware.html
  • 6. 6 Malware hosting Source: W.Dworakowski, SecuRing
  • 7. 7 Impact Loss of reputation Loss of users’ trust Loss of PageRank
  • 8. 8 Denial of service DDoS (Distributed Denial of Service) Ex: Latvia (2008), South Korea (2009), Ukraine (2014) • Multiple connections from around the world • Relatively easy to launch • Difficult to fight and expensive to protect
  • 9. 9 Is it difficult?
  • 10. 10 Too Open Data Source: http://news.bbc.co.uk/2/hi/technology/8533641.stm
  • 11. 11 Was it difficult? 7,4 mln tax records leaked ~ 120 GB of tax data „Hacking” script: for i in {1..7500000}; do wget http://www2.vid.gov.lv/eds/Pages/GetDuf.aspx?id=$i; done
  • 12. 12 Unauthorized modification of data System for recruitment to high schools in Poland Possibility to modify candidate’s grades Source: niebezpiecznik.pl
  • 13. 13 Unauthorized modification of data Consider more sensitive systems, e.g.: • Legal Register of Companies • Statistical data • National election results (realtime)
  • 14. 14 Data mining scraping Polish Land Registry
  • 15. 15 Data scraping Access to: • Property data • Owners’ data (including ID, address) • Mortgage data (amount, bank, date) But… user has to: • Know register number • Enter captcha Incremental with one control digit Could be bypassed (in the past) or human solved (about 2$ / 1000 captchas)
  • 16. 16 18722717 indexed land registers. Collected data: 31066649 plots, 1628061 buildings, 6812230 premises. About 7 EUR / record
  • 17. 17 Deanonymization & Re-identification Statistical methods of analysis Finding unique user „fingerprint” Corelation with other datasets 87% of US citizens has unique combination of: gender, ZIP, date of birth* * Latanya Sweeney, Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
  • 18. 18 Example Anonymized hospital data Voter registration list • Name • Address • Gender • ZIP • Birth date Massachusetts Governor William Weld  6 people has it’s birth date  3 of them were men  Only 1 with Cambridge ZIP • Medical procedures • Gender • ZIP • Birth date From Latanya Sweeney research paper: Uniqueness of Simple Demographics in the U.S. Population http://www.citeulike.org/user/burd/article/5822736
  • 19. How to lower security risks?
  • 20. 20 We can politely ask ;) "We would like to ask those who would like to deface this Open Data [website], Open Data is your data. This is the public’s data about you, so I don’t think it’s in the interest of the Filipinos to damage the information that we have.” Presidential Spokesperson Edwin Lacierda Source: http://www.rappler.com/nation/48454-hackers-open-data
  • 21. 21 Cost of software bugs Project definition Development Design Maintenance Deployment Verify requirements Define security requirements Security testing
  • 22. 22 What does it mean „secure”? Each system is different Not all risks are equally important • Website defacement / Malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification • …
  • 23. 23 How to define security? Who? How? Why? Attack scenarios Attacker Goals  Who can attack our system?  Why? What is motivation?  How attackers can achieve their goals?
  • 24. 24 How to define security? Who? How? Why? Attack scenarios Attacker Goals Countermeasures  What should be done to stop those attacks?  Security requirements
  • 25. 25 Summary 1. Define security requirements 2. Check them during design & development 3. Test security before deployment
  • 26. 26 Summary Examples of risks to consider: • Website defacement / malware serving • Denial of service • Data confidentiality breach • Unauthorized data modification • Data scrapping • Deanonymization / re-identification
  • 27. 27 Open data security Should we care? http://www.securing.pl e-mail: info@securing.pl Jontkowa Górka 14a 30-224 Kraków tel. (12) 4252575 fax. (12) 4252593 Wojciech Dworakowski wojciech.dworakowski@securing.pl tel. 506 184 550