Updated Posts :

  • The Post "Attacker Classes and Pyramid " has been updated to the third iteration. The post was updated in terms of coherency but I also added my OWASP BENELUX presentation entitled "The Rise of the Vulnerability Markets - History, Impacts and Mitigations". The presentation underlines the rationale behind the Attacker centric concept and the proposed Attacker Triad.
Slide Deck :
 

Notable excerpts : 
The analysis of 54 exploit kits (mapped to the Opportunitsts/Mass-market class) lead to the following results:
Results : In order to protect against all tracked exploit-kits you had to patch 19 vulnerabilities in 2009, 24 in 2010 and 4 in 2011. That should be hardly a challenge and confirms the sophistication put forward in the Attacker Triad.

 The analysis of 54 exploit kits (Source: Contagio) lead to the following results:


Following up on my blog post a few months ago entitled "PCI compliance, Security in isolated systems and Parking Tellers Part 1" - I took a brief look the other day at another Ticket issued by a Parking Teller in Luxembourg.

Updated :
  • Clarified some of the explanations
  • Masked Luhn number