[Dailydave] FraudWorld vs. SpookWorld

Wed Apr 1 04:13:29 EDT 2015

I've seen tech companies who's developers and sysadmins have been trained
(or beaten into a good posture) by pentesters as per industry trend only to
be completely at loss when fraud hits. And if you follow the cyber advice
and get a "BigData" "correlated event processing" and so on you still need
a fraud team to build out your use cases and they will simply go
"please-install-Silver-Tail-thank-you-very-much".

--
Konrads Smelkovs
Applied IT sorcery.

On 31 March 2015 at 14:30, John Strand <john at blackhillsinfosec.com> wrote:

> Funny.
>
> No mention of compliance.
>
> It hit me about a week ago, fewer and fewer people are talking compliance.
>
> Fraud and Spook, are coming up a lot more.
>
> Are we growing - If just a little?
>
> John
>
> On Mon, Mar 30, 2015 at 5:24 PM, Anton Chuvakin <anton at chuvakin.org>
> wrote:
>
>> So far, I've shoved this most excellent post in quite a few faces ....
>> and will shove in more :-)
>>
>> I often wonder whether those same people who equate infosec/"cyber" with
>> fraud (and there are plenty, sadly - not on *this* enlightened list of
>> course :-)) and thus want to "solve cyber", also want to "solve theft",
>> "solve murder", "solve greed", etc, etc, etc.
>>
>> Ah, here goes one more: "... we don't need security, we don't handle
>> credit card numbers here" ....
>>
>>
>> On Sat, Mar 28, 2015 at 6:10 AM, Dave Aitel <dave at immunityinc.com> wrote:
>>
>>> So much of security is driven by "fraud" and coming from a spook
>>> background as many people on this list do, I find it annoying.
>>> RSA-the-conference-and-meme is one of those markets that just baffles a
>>> lot of people who come from the government space. How is any of that
>>> stuff possibly worth so much money?
>>>
>>> "Fraud" is partially the answer I think. Things that come from the fraud
>>> world are as alien to spook-world as a giant ant-eater is to North
>>> America. At some level defeating Fraud is about hygiene, more than
>>> security. It's about valuing information in fungible units defined by
>>> "Credit Cards" or "Users" and not by "importance".
>>>
>>> But climates can change and we are at the cusp of that change. If you
>>> look at how Google Wallet or ApplePay work, they have the major
>>> advantage in that they already know what you want to buy before you buy
>>> it, and they know where you are at all times, so fraud is going to get
>>> exponentially more difficult. It may, in fact, become impossible.
>>> Imagine if consumer Fraud went extinct? Is this harder to imagine than a
>>> world without woolly mammoths?
>>>
>>> Companies have learned this year from Sony Pictures that protecting
>>> yourself against nation-states is the difference between surviving and
>>> not surviving, and that doing so requires a completely different
>>> corporate design than they're used to. FraudWorld has been invaded by
>>> SpookWorld.
>>>
>>> Good times! :) Of course, I can't end without saying that if you want to
>>> see what the climate is going to look like, what the swamp creatures
>>> about to invade tend to eat, then you have to come down to the
>>> Everglades and see us at INFILTRATE.
>>>
>>> -dave
>>>
>>>
>>>
>>> _______________________________________________
>>> Dailydave mailing list
>>> Dailydave at lists.immunityinc.com
>>> https://lists.immunityinc.com/mailman/listinfo/dailydave
>>>
>>>
>>
>>
>> --
>> Dr. Anton Chuvakin
>> Site: http://www.chuvakin.org
>> Twitter: @anton_chuvakin <https://twitter.com/anton_chuvakin>
>> Work: http://www.linkedin.com/in/chuvakin
>>
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunityinc.com
>> https://lists.immunityinc.com/mailman/listinfo/dailydave
>>
>>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150401/bb246943/attachment.html>