Conference:  Defcon 31

Authors: Cory Doctorow

2023-08-01

The enshittification of the internet follows a predictable trajectory: first, platforms are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. It doesn't have to be this way. Enshittification occurs when companies gobble each other up in an orgy of mergers and acquisitions, reducing the internet to "five giant websites filled with screenshots of text from the other four" (credit to Tom Eastman!), which lets them endlessly tweak their back-ends to continue to shift value from users and business-customers to themselves. The government gets in on the act by banning tweaking by users - reverse-engineering, scraping, bots and other user-side self-help measures - leaving users helpless before the march of enshittification. We don't have to accept this! Disenshittifying the internet will require antitrust, limits on corporate tweaking - through privacy laws and other protections - and aggressive self-help measures from alternative app stores to ad blockers and beyond!

Conference:  Global AppSec Dublin 2023

Authors: Syue Siang Su

2023-02-16

The presentation discusses the importance of smart contract security in blockchain technology and the need for reverse engineering and control flow graph construction to ensure correct executing logics.

• Blockchain technology allows developers to define rules and create applications with automatic verification through smart contracts.
• Front-end security issues in web3 can affect back-end security.
• Reverse engineering and control flow graph construction are necessary for smart contract security.
• Tools such as the Third Eye, Truffle, and ConsenSys can aid in auditing smart contract code.
• Constructing a control flow graph helps to understand program flow and ensure correct executing logics.

Conference:  Global AppSec Dublin 2023

Authors: Jessica Robinson

2023-02-15

The evolution of the security practitioner and leader in the future to keep up with the pace of the ever-growing cybersecurity industry.

• The complexity of cybersecurity defense and proactive innovation requires a collaborative change in thinking.
• Adapting to the industry's pace influences security strategies, creativity, and culture in companies and the industry.
• Effective leadership is crucial in protecting businesses, communities, and people's way of life.
• The CSO role is a leadership growth area that requires modeling integrity and making tough decisions.
• Partnering with other executives and prioritizing security bugs in software engineering are essential in application security.

Conference:  Global AppSec San Francisco 2022

Authors: Adarsh Nair, Greeshma M R

2022-11-17

Metaverse is the concept where rather than just viewing digital content, users can immerse themselves in a space where digital and physical worlds merge. Because of advances in digital technology, we are opening ourselves up to the possibility of being in a universe that is infinite. To mould this virtual environment in this new era of digital inquiry, it is necessary to make use of technology that focusses on privacy. However, just as there are some inherent risks and security issues with the Internet as it exists today, there will be risks that will need to be addressed as we move forward into a world of digital connection. Cybercriminals, obviously, are going to be a part of the metaverse and attempts to steal people's personal information and identities will be made. Identity thefts, unauthorized data collection, ransomware attacks, social engineering attacks, impact on mental health and perceptions, increase in deepfakes and so on, are few of the risks that this paper present. Identity theft could become even more prevalent in the metaverse unless strong security measures are enacted. It already runs as a multibillion-dollar industry, with the number of cases increasing by more than 50% from 2020's figures. Hackers can utilize virtual reality headsets and controllers to steal personal information, such as fingerprints and iris scanning, as well as facial geometries, from people who use them. Ransomware attackers could deny you access to your bank accounts or other critical platforms.The metaverse requires us to give up more personal information than we are used to — more than we currently do while using the internet — and this greatly raises the risk.People can be psychologically manipulated into revealing private information through social engineering. Hackers wishing to sell personal information on the Dark Web could potentially profit from the vast amounts of personal data that will be stored in the metaverse. Since metaverse is an immersive experience, the manipulated, disturbing visual content potentially spread by malicious elements can have higher impact than those consumed via the current web. People's perception of the actual world can be affected by the foundational technologies in virtual and augmented reality, according to a study by Stanford University researchers. Creating deepfakes of your metaverse avatar could be more plausible, which are a threat to the society that thrives on information consumption.As we move toward a world where nearly everything is done digitally, the risks of digital interaction will also increase. Passwords and usernames are no longer sufficient to prevent cyberattacks when viewed from a metaverse perspective. A comprehensive authentication solution can promise a more secure interaction and guarantee better user experience.

Conference:  Global AppSec San Francisco 2022

Authors: Lisa Nee

2022-11-17

Quantum computing has been a fast growing technology that brings rewards and risks.  In the wrong hands, threat actors can decrypt codes that would take weeks or months. On the other side is quantum cryptography that, while still in development, could enable both the sender and recipient notifications of any eavesdropping which may satisfy privacy concerns of the transfer of data to the US which are subject to the US Patriot Act that enable government seizure of data without legal proceedings or notice. This discussion will introduce a high level basic understanding of quantum computing, international data transfer issues and quantum cryptography as a potential privacy solution, and begin the discussion of whether if and when such technology is available, is it part of an individual's privacy right to have the technology available or create a serious threat to national security and anti-terrorism.