University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > Hacking is not random: a case-control study of webserver-compromise risk

Hacking is not random: a case-control study of webserver-compromise risk

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Laurent Simon.

Abstract: Each month many thousands of websites are compromised by criminals and repurposed to host phishing websites, distribute malware, and peddle counterfeit goods. Despite the substantial harm imposed, the number of infected websites has remained stubbornly high. In this talk we describe a case-control study to identify risk factors that are associated with higher rates of webserver compromise. Surprisingly, we find that webservers running outdated software are less likely to be compromised than those running up-to date software. We then examine what happens to webservers following compromise. We find that under 5% of hacked WordPress websites are subsequently updated, but those that do are recompromised about half as often as those that do not update.

Bio: Marie Vasek is a PhD student in the computer science department at Southern Methodist University and the research scientist at StopBadware. Her research interests include security economics and cybercrime, particularly web-based malware.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2017 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity