Hacking is not random: a case-control study of webserver-compromise risk

Add to your list(s) Download to your calendar using vCal

• Marie Vasek, PhD student in the Computer Science and Engineering department, Southern Methodist University (SMU)
• Wednesday 19 November 2014, 15:05-16:05
• Lecture Theatre 2, Computer Laboratory, William Gates Building.

If you have a question about this talk, please contact Laurent Simon.

Abstract: Each month many thousands of websites are compromised by criminals and repurposed to host phishing websites, distribute malware, and peddle counterfeit goods. Despite the substantial harm imposed, the number of infected websites has remained stubbornly high. In this talk we describe a case-control study to identify risk factors that are associated with higher rates of webserver compromise. Surprisingly, we find that webservers running outdated software are less likely to be compromised than those running up-to date software. We then examine what happens to webservers following compromise. We find that under 5% of hacked WordPress websites are subsequently updated, but those that do are recompromised about half as often as those that do not update.

Bio: Marie Vasek is a PhD student in the computer science department at Southern Methodist University and the research scientist at StopBadware. Her research interests include security economics and cybercrime, particularly web-based malware.

This talk is part of the Computer Laboratory Security Seminar series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Security Seminar
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• Lecture Theatre 2, Computer Laboratory, William Gates Building
• School of Technology
• Security-related talks
• Trust & Technology Initiative - interesting events
• bld31

Note that ex-directory lists are not shown.