Business Development Manager – Defense, Global Government Solutions Group (GGSG) Cisco Systems Biography: Kah-Kin Ho has been in Cisco 14 years and in his current position as Business Development Manager in the Global Government Solutions Group, he has been promoting the use of Internet Protocol (IP) technology in the Defense market in Europe, Emerging and India. He works with Cisco Sales team in their respective country on strategic Defense opportunities, providing them with thought leadership on program capture activities. He is also an adviser to a number of Defense organizations on how best to leverage IP technology in the battle space. Kah-Kin is also involved in solution architecture and has filed 2 US Patents on IP Networking protocols. In his previous assignments, in a span of 7 years, he was involved in the Service Provider/Telecommunications market in Asia Pacific where he had worked in the capacities of System Engineer, Consulting Engineer, and Systems Engineering Manager. He has extensive experience in addressing large opportunities in this market space and over the years has been instrumental in helping Cisco capture several large opportunities. Kah-Kin graduated from the State University of New York with Bachelor and Master of Science degrees in Electrical Engineering. His favorite pastimes are skiing, swimming, and reading. E-mail: [email protected] Ph: +41 44 878 73 44 Abstract: Hacked While Browsing. Using the Web to Spread Malware The use of malware to create infected hosts or ´bots´ in enterprise and consumer networks underpins virtually all online crime. These bots are used in sophisticated business models including spam, illegal drug sales, bank fraud, illegitimate software sales, click fraud, adware and data theft. Combating these global organized crime gangs and their attacks has been a major focus for the last ten years.The modern web ecosystem enables instant access to rich content and applications. However, these evolving tools have created new vectors for criminals attacks. Insecure web applications can allow access to back-end databases. The modern web browser integrates dozens of applications to interpret documents, audio and video as part of a rich web experience. The browser offers unprecedented access to these applications which are frequently accessed and exploited by criminals. Most of the infections that create the bots and feed the online crime engine are occurring through the browser, often assisted via insecure web applications. These exploits and vulnerabilities are one of the top concerns of financial, healthcare and government computer security professionals around the world. This session begins with by illustrating criminals´ successful exploitation of web attacks to make millions in illicit profits. We will then dive into the fundamental weaknesses in HTTP, the web browser ecosystem, DNS and web servers that enable these criminal-enriching attacks. We will show real-world examples of browser ecosystem exploits delivered via a SQL injected US website. This session will conclude with a discussion of solutions including user training, client security, gateway solutions and monitoring. Presentation: http://icc.ite.gmu.edu/csga2010/Kahkin_Ho.ppt |
 | |
|
|