Evolution - I know what you (and your company) did last summer 簡報

透過網路發掘及重組你的資料 !

People regularly ask me - what can you find out about...?
... without touching/hacking them
... without them knowing
Most of the time it turns out there is a lot to be found

“Why couldn't you do this??”
‧Because we know the fabric of the 'net
‧Because we think different thoughts
‧Because we are have built-in deviousness
‧Because we know who and how to ask

“But why would you like to know this?”
Hackers are not interested in the application of data, but know how to get to it.

Interlude
You are :
‧the information you publish
‧the information others publish about you
‧your associations, and
‧the information you search for.

The holy grail of information collection – your search terms

How can we know what other people are searching for?

Thus...in conclusionThe mouse is mightier than the pen
‧Security experts tend to focus on technology itself, ignoring the application and surroundings of it's use.
‧The web 2.0 contains great tech (?secure?) but little is known about the security implications when the tech is actually used.

‧Real criminals don't write buffer overflows – they follow the route of least resistance.
‧Mainstream criminals tend to lag behind. We knew about phishing attacks back in 95.
‧What will be on their minds in 2010?
‧I am guessing it would be something close to this...