Upload
jessepollak
View
218
Download
0
Embed Size (px)
DESCRIPTION
The WordPress community has a huge security challenge on the horizon. Now powering almost 20% of the Internet, WordPress lets us build businesses and lifestyles behind a single password. Protecting one site is hard, but the real challenge is making sure that distributed attacks across WordPress sites don't find unprotected sites to attack. In this talk, Brennen Byrne, the CEO of Clef, discusses the attacks and defenses being established in the new security paradigm and the new strategies being worked on to protect your site from the robot army.
Citation preview
passwords and botnets and zombies
passwords and botnets and zombies
oh my!
this talk is about
security
a lot of people think security is
hard
a lot of people think security is
hard
confusing
a lot of people think security is
hard
confusingcomplicated
a lot of people think security is
hard
confusingcomplicated
technical
impossible
frustratingnot for you
painful
infuriating
but we all know that it’s
important
but we all know that it’s
important
and my job is to make it
easy
3 reasonswe need to talk about security:
almost 20% of the web runs on wordpress
almost 20% of the web runs on wordpress
lots of attacks on wordpress sites
almost 20% of the web runs on wordpress
lots of attacks on wordpress sites
security is fun and interesting
hello, my name is brennen (@brennenbyrne)
I’m a founder of Clef (getclef.com)
what is clef?
passwords and botnets and zombies
oh my!
how important is a single password?
could one password:
take down your site?
hurt your clients?
ruin your business?
endanger lives?
as wordpress becomes more important so do our passwords.
the old way to break a password
guess common passwords
virus with a keylogger
advanced interrogation
in order to defend myself
ban IPs that are guessing wrong
don’t download viruses
don’t piss off enemy nation-states
use an admin username other than “admin”
if i’m good, i could also
post from author accounts, not admin
change the table prefix of my databases
be careful about who i give permissions
but attackers have gotten smarter
botnets
botnets are what happens when your parents download viruses
their computers become
zombies
sites infect visitors’ computers
botnets attack sites
visitors join botnet
bigger botnet attacks more sites
botnets swarm and attack your site from millions of different computers
ban IPs that are guessing wrong
don’t download viruses
don’t piss off enemy nation-states
botnets are the attackers’ response to our better defenses
as wordpress becomes a better target the incentives for breaking it rise
with new attacks come new defenses
bruteprotect
clef
but attack and response isn’t enough
passwords are a long-term problem
brain
computer
vs.
more services online
longer, harder passwords
and
hacks this year
Adobe
Living Social
Evernote
Drupal
clef
wordpress security requires:
making security standard
increasing accessibility to security
dedication to casual user
secure defaults
weakness in the community is dangerous
questions?