Week of Cyber Meetups28 Jul 2019
Last week was full of interesting cyber security meetups in London. I attended two, one hosted at Capital One office and another one hosted by OWASP at Revolut office.
Cyber London, hosted by Capital One
https://www.meetup.com/London-Cyber-Capital-One/events/262063647/ On the 17th of July Georg(my colleague) and I attended a cybersecurity event after work, hosted and organized by Capital One.
There were two talks:
- Hostage Negotiation, Cyber Extortion, Critical Incident Handling and You!
- Browser Security Basics
Hostage Negotiation, Cyber Extortion, Critical Incident Handling and You!
“To Pay or Not To Pay used to be the question, now, Are You Ready to Negotiate?” That was one of the themes of the talk. Two presenters had extensive experience in hostage negotiation and fighting organized crime. One is formerly the Team Leader of Canada’s Royal Canadian Mounted Police’s (RCMP) International Negotiation Team, graduate of both the FBI’s and Scotland Yard’s Hostage Negotiation Programs. Another formerly a United Nations senior security official. They shared their experience and knowledge of organized crime. Even though they do not deal with cybercrime directly, a lot of their methods are also applicable to IT. Do not pay the ransomware creators.
Browser Security Basics
The most interesting talk from the engineering perspective, where we had a chance to hear from Mark Goodwin, Mozilla engineer who is working on the Firefox web browser.
Mark covered the basics of browser security, what it does and why it’s important. He also covered the use of Rust at Mozilla, why it’s a great language from a security point of view(memory and thread safety) and plans to increase the amount of Rust code in Firefox. https://wiki.mozilla.org/Oxidation
OWASP London Chapter Meeting at Revolut
https://www.meetup.com/OWASP-London/events/262880260/ There were three talks:
- Scaling Security - Move Fast and Make Things
- Hack In, Cash Out: Hacking and Securing Payment Technologies
- Advanced Bots and Security Evasion Techniques
Scaling Security - Move Fast and Make Things
Talk by Revolut CISO, where he talked about the use of Google Cloud Platform at Revolut, a bit about how they do AppSec, automation around security they do at Revolut, microservices, context-aware access https://cloud.google.com/context-aware-access/, how important it is to move and react fast. He also shared the bank’s plans for the near future.
Hack In, Cash Out: Hacking and Securing Payment Technologies
Talk by a researcher from Positive Technologies, who talked about attacks on payment platforms, what cybercriminals do, what his company has found. To sum up, there are a lot of problems with payment platforms. One of the methods criminals used to use was a race condition, where there would be a transaction, from account A to B, transferring a very small amount of money, say £0.000005 and then instantly criminals would send cancel transaction call. Due to the processing error, account B would still have £0.000005
Advanced Bots and Security Evasion Techniques
This talk was presented by a Senior Researcher at F5 networks, covering advanced techniques used by bot creators and what F5 does to detect them. As always there was free pizza and beer. The office was very cool, in a good location and hip inside! There was a vending machine that gave out Revolut debit cards. You just need to register it through the app.
PS Join OWASP https://www.owasp.org/index.php/Membership