Aug 6 2008

The Code Room - Vegas Episode - Casino Hackers

Posted by cheyennejack at 3:11 PM
0 comments
- Categories: ColdFusion | Programming | Security

Share this: del.icio.us digg StumbleUpon Facebook Technorati Fav Mixx Spurl newsvine Furl reddit Yahoo! My Web Wists Simpy BlinkList BlogMarks smarking Ma.gnolia MSN Live Google Bookmarks Segnalo diigo excites Netvouz

Unfortunately, "The Code Room" only had 3 episodes to my knowledge, but by far this has been a continual favorite of mine to send to other people, especially when talking about SQL Injection attacks.  Its a webisode featuring a team of white hats and black hats battling it out to steal millions of dollars from a Las Vegas casino.  This webisode moves around the web a lot, so I decided to post it here and hope to continual find it as it moves around the Microsoft universe of URLs.

Get Microsoft Silverlight


Episode 3

 

There seems to be a new rash of attacks pouring in from all over, especially from booming China.  The threats are more frequent, larger and more profitable, especially in countries where just selling one legit email can feed their family for an entire day, a small list - an entire year.  There are new tools for hackers out there that automate the exploitation long known vulnerabilities attacking development teams that have not been properly educated.  Setting up these machines and plugging them into the internet can generate pure profit for the less scrupulous. 

Of course, this comes at the expense of those losing their personal information and the companies housing this data.  The very same companies whose executive management consistently calls for more ROI and features ahead of security year after year.  I imagine the companies suffering the greatest are the mid-tier and small companies, more prone to attack now that "security through obsecurity" does not work.  The same tools you use to market your company, even using SEO to get better ranking on Google, can now be harnessed by hackers to find your weakest point, your weakest developer.

It is going to be a hard lesson to learn, but hopefully those executive management teams will now listen a little more carefully when advised of security issues.  Pro-longing a launch by a week to approve a code review process, is more than a ounce of prevention.  Securing better training for developers or even being willing to let underperformers go, is not an option, its a necessity.

Finally, it doesn't hurt that this webisode features Atlanta's own, Caleb Sima, former CTO and co-founder of SPI Dynamics.  That company has since been acquired by HP where he is now  the CTO of HP Application Security Center.  Wonder if that means my SPI Dynamics shirt will become a collectors item in the world of secure nerdom.


Share this: del.icio.us digg StumbleUpon Facebook Technorati Fav Mixx Spurl newsvine Furl reddit Yahoo! My Web Wists Simpy BlinkList BlogMarks smarking Ma.gnolia MSN Live Google Bookmarks Segnalo diigo excites Netvouz




Comments

Write your comment



(it will not be displayed)