James Lyne: Everyday cybercrime -- and what you can do about it
HTML-код
- Опубликовано: 6 сен 2024
- How do you pick up a malicious online virus, the kind of malware that snoops on your data and taps your bank account? Often, it's through simple things you do each day without thinking twice. James Lyne reminds us that it's not only the NSA that's watching us, but ever-more-sophisticated cybercriminals, who exploit both weak code and trusting human nature.
TEDTalks is a daily video podcast of the best talks and performances from the TED Conference, where the world's leading thinkers and doers give the talk of their lives in 18 minutes (or less). Look for talks on Technology, Entertainment and Design -- plus science, business, global issues, the arts and much more.
Find closed captions and translated subtitles in many languages at www.ted.com/tra...
Follow TED news on Twitter: / tednews
Like TED on Facebook: / ted
Subscribe to our channel: / tedtalksdirector
Kind of awkward when he's making all of these jokes with no reaction. I found myself sharply exhaling through my nose. Great talk.
he ate his balls up there
Thank you everyone for the comments (and on the TED site). Great to see the security pros got it was a simplified demo and talk to try and capture more mainstream attention. Articles due shortly to outline the best practices for those that are interested.
Charming presentation
I feel bad Mr Lyne he put some neat jokes and no one laughed :(
True. I feel for the crowd though. They missed out a lot. :)
awseomeACE I personally thought this was one of the best Ted talks. he had a few funnies that no one laughed at... must of been a German audience :P
I thought I was the only one whod noticed. lol
They did laugh. But there's no microphone on the audience so you didn't hear them ;)
You could hear some of the laughter though, so unless that laughter was so loud it was picked up by his cheek mic your theory does not hold up. Besides I've seen other TED talks where the audience were definitely heard laughing. try ruclips.net/video/_QdPW8JrYzQ/видео.html or my favourite, ruclips.net/video/C4Uc-cztsJo/видео.html
that public is dead LMFAO
Thank you, really glad you enjoyed it. We need to build up more discussion in this area as it is starting to affect our society more and more.
Thank you, I'm really glad it had an impact! Spread the word and tell some family and friends :)
Thank you
This talk is really funny but I feel like the audience were boomers
lol. Did they hide the identity of the dolphin at 12:03 ?
Was the audience dead? The only other TED talk I laughed so much while watching was the scam email one!
Did you see the sequel to the scam email talk? ruclips.net/video/C4Uc-cztsJo/видео.html
Very true. Whilst some operating systems due have architectural advantages over others the user will always be a weakness. I tried in the talk to raise awareness for people outside the security community - WE all know these things but it's important to make others thing about it too.
Very good presentation! It was delivered with humor, but yet the seriousness of the issues facing us all in protecting our data was heard loud and clear. I am sharing the link to this with many family members who don't quite understand the seriousness behind logical protection.
what an amazing crowd!! just so energetic and humorous..!!!
Ah, finally! I was waiting for TED to start addressing this stuff -- I almost wish there was a whole TED event just dedicated to cybercrime -- James Lyne's lecture addresses a huge problem that has far-reaching effects, and takes more than the time he is allotted to fully unpack. It points to so many other issues that could be discussed individually. Hoping to see more of this -- thanks James!
I'm an IT engineer, just discovered James today on TED. Really good talk because it's nice and easy for none tech people to understand. Also liked the point about phones, ipads, Androids etc giving away previously connected WIFI APs when they are scanning. You didn't seem to take this further though? I assume time reasons. Explaining that people can then setup a fake AP with the same name, so if you're in the area, you're connect to the rough AP rather than the genuine one.
They were actually great. It's a big room with lots of people and I'm the only one with a mic. They asked lots of great questions afterwards and were very engaged. I can't complain!
#1.
Absolutely riveting presentation!. I'm just over 60, was in the R.A.A.F. - communications/security/intel. gathering.
Only during my last couple of years did computers make their presence known, but what I saw and heard really troubled me, and still does.
Most people have virtually 'no idea' of REAL security, they merely hover around the edges of it, thinking what they do is their best security practice, it's their laziness and nievete that is their own major security threat.
In...
I am a software engineering student and I found your talk extremely informative and fascinating! Thank you so much for this talk! People need to treat online privacy like the locks on their doors.
There are some great initiatives trying to improve this such as the Rasberry PI project. We need to make sure that people not only know how to use technology but that there is a community of people who understand how it works too.
James Lyne, I hope that the world have many people like you, thank you.
Absolutely not! I keep on practicing and trying to improve though :)
Excellent point. I had an argument with a friend recently who said security is a temporal issue - the new generation won't have the same problems. Unfortunately whilst familiarity with technology has increased, the notion of privacy and security in many cases has reduced. People are prepared to give up more information and don't see it as a risk. Education and awareness are one of our biggest problems.
And a HUGE thank you to those who provided intelligence and information for the talk, SophosLabs and those referenced in the URL in the talk (about the gang) who put it together. You guys are awesome.
I miss the days of talking to my buddy on two tin cans connected with a string...
A pleasure, I'm glad you liked it. There's plenty more to pick up and lots of good material online if you want to learn more.
Hello everyone, thanks for the comments. I definitely tried to balance simplicity and creating interest for those outside security more so than in. I couldn't fit top tips in to the talk time, but suggestions like Open DNS are awesome. A little bit of the basics would enhance security a great deal for all kinds of people and then we can earn the right to work on more advanced things.
One of the most informative talks I've seen.
As to how to remove it, a great deal of malware can be removed with clean up tools. Sometimes a particularly nasty piece of malware a cleanup from a separate book disk. In the worst instances rebuilding to a backup may be necessary. It's very prudent to have a backup on this basis.
that said, it was done that way for various use cases involving multiple AP and now it is there it's tougher to change!
There is big issue that most physical infrastructure/fiber cables and ac power for example is NOT secured even with a padlock, just manhole cover...
My local internet node isnt even locked. I walk by it frequently and wonder if/when someone will exploit that. Telephone relays were often left unlocked back in the 80s-90s, but they wised up to that. Phone phreakers were exploiting that like crazy.
Very charismatic and interesting speaker! Every minute was engaging!
holy moly that ddos ad is ancient. seeing that pepsi max pop up caught me off guard
Thank you Dan that's very kind. There was so much more that could have been covered, but it's a short talk and hard to decide. It's far from perfect but I am glad that some people like yourself found it valuable :)
Hey there, let me clarify. The device in question LOOKS like a USB key but is actually a small programmable keyboard. The idea is to bypass exactly the control you describe. The device plugs in and then types out the malicious payload rather than running it as a file. This means it can run on a system even where autorun is disabled. There are a few of these devices but they don't cost much to make or acquire. Hope that makes more sense now :)
Good job on the presentation. You've probably come to realize the older generations are already lost to this cyber "war", as too few of them will ever realize the scope of their computer's capabilities. However, it's the younger generations' growing tendency to look at technology from a black box PoV that is truly scary. As computing becomes more and more console-ified and cloud-y, it'll only get worse.
The same happened to electronics w/ VLSI, but people couldn't hack your fridge from Russia.
I've never seen such an active discussion going on a TED video. Really good to see this.
Good information, but scary. Knowing what cyber criminals can do.
That is an excellent point - I entirely agree. Those that know how to USE technology are becoming far more common. The number of people who know how it actually works is far too small.
DON'T FORGET KITBOGA AND JIM BROWING, THEY'RE LEGENDS
I swear you are the first TED-talks person to interact via youtube, not that everyone here realizes it, but that kinda makes you a celebrity and that's pretty awesome. Thanks for sharing. Oh and btw have you ever gone to or been a spokesperson at def-con?
The crowd must've just had lunch and are sleeping. He's hilarious! Great presentation.
2:00 That ad that that guy who offered businesses DDOS services - doesn't that violate RUclips's terms of service? I've had accounts of mine canned for _opinions_ , but not touching any criminal activity
buzzkill crowd
2020 still mesmerising
An entirely understandable problem :). Try a password manager which will record all of the passwords for you so you can have complex passwords and only have to remember one good password.
Hi there! That's an excellent question. A scan with an up to date anti-malware product is a good quick check to see if malicious code is on your system. A great deal of the mainstream malware like FakeAV, Randsomeware, Banking Trojans etc will show up if not at first shortly after. Some malicious code of a more targeted nature may not be detected. It gets pretty difficult to detect this unless you are prepared to do some fairly rigorous checks on your system.
One of the great TEDTalk I had ever seen.
My computer science A-levels were quite good. We did some basic algorithms and data structures which teaches you a lot about how computers work already.
Thanks Brandon, really glad you enjoyed it :)
This was so informative. Even though I knew the basics about hacking and viruses I learned a lot. Loved the Presentation.
Had an out of band question about detecting/clearing rootkits. Unfortunately detecting rootkits can be quite a challenge -even up to date AV often misses it because it's running at a higher level than the security software itself. Prevention is obviously good but not always realistic. Rootkit cleanup is best done from a separate boot disk where it is not running, or really by rebuilding/restoring from a backup.
I really don't think his suggestions are going to be implemented , I m very interested on what the same audience's statistics would look like in the next talk.
Thank you! I am shocked about the query boxes, but I didn't quite catch the point about the windows calculator. Hopefully you could put together a presentation for kids that gets the point across. I assume game sites,like Barbie dress up, etc, are virus ridden.
Let's also not forget targeted malicious code or hacking. Penetration testers often have a small celebration when they see the CEO using a Mac. In summary yes they are a little less exposed to malware but they are far from immune from an attacker and safely the average Mac user things they are safe so doesn't do the basics to stay secure.
I get where you are coming from now. So less malware and explicit crime (financial fraud etc) and more just focused on the privacy piece. There is a lot of philosophy surrounding the concept of privacy and your right to it and why you should care. Many people feel very strongly about it. In other instances, you can take the attitude that it doesn't have a high risk of damage -- but I am sure we can agree that being informed and it being a conscious choice is a preferable position? :)
Dear Mr. Lyne,
you owe me one smartphone I threw out of the window after panicking over your talk.
Sincerely,
youprobablyhaveallmyinformationbynowanyway.
Very good speak. This should be mandatory to watch for every user of a PC or smartphone.
There are a surprisingly large number of providers out there!
It exploits an out of date piece of software. So without any user input the code runs in the background and installs. It doesn't matter if you have auto-run/download turned off it will work either way. That's why it's really key to patch! Good question :)
I had to remind myself of that several times through the talk when I gave it. Huge room! I am really glad you liked it though :)
If someone hacks into your iPhone, how do they "gain control" of your camera? Also, do they have access to/ability to tamper with your photos?
Absolutely. Use a boot disk or another computer to mount the file system is a good call. It's getting harder to insert rootkits with trusted boot mechanisms providing hardware through to bootloader trust relationships with more modern operating sytems, but there are plenty around without that!
Thanks for the talk - one of the better on TED. Subbed. Your suggestion for asking yourself "is this information something that I want to share online or not?" is something that people won't be able to answer in most cases I suspect because we can't predict in what contexts it be used in.
Sharing your dob for example on a dating site could be very useful when used in conjunction with other data to tie you down but that wouldn't be an obvious consideration upfront - i.e. today's reality.
Use of malware distributed by legitimate websites which are infected is the most common means of distribution at the moment. That said, you still see plenty of good old bot activity scanning away for open ports and credential guessing. It is more likely you will get hit via the browser today than anything else.
Dude you are awesome, a not boring IT related topic talk is always good, and I hope to see you more often here!
He was probably the last one to talk and everyone was tired.
This talk very well done, well explained, well illustrated, and shockingly relevant. Thanks for sharing this.
I think the biggest problem with passwords is that a lot of just can't remember 20+ different crazy letter combinations...
The quickest solution to that is biometric security stuff that is cheap and probably built in to technology.
I love that site.
Deployment costs and challenges aside, such authentication schemes could have some scary privacy ramifications if someone was able to scrape it as you walked past. Passwords have stuck around for so long as they are easy to deploy, low cost and they don't requrie special tech. They do suck though!
Best ted talk.
Here's another question I just thought about... what are the ramifications of connections that could keep refreshing and keep connected all the time?
With mobile systems i don't see why we wouldn't always be in connections with our banks, social media, etc. And for a hacker to login they'd need to bump us off the system somehow... And couldn't security programs use user location discrepancies to block hackers?
one of the best ted talks that ive heard.
You have not heard much then
I will be posting it on here very shortly!
Though by saying it doesn't matter you might be contributing to the problem and hurting others. Or is your point limited to online privacy rather than malicious code on your system?
my point is limited to privacy of personal info. of course malware that uses it' resources, or that can compromise security of internet banking IE (although that should be easily avoided by having dual authorization with your password and something that you have on you (like something that produces a security code every time it's pressed)), is a real crime. having info about my age, address, etc AFAIK is not even a crime, but if it is, it's not a crime against person or property.
Wow, the thing with the SSIDs really shocked me. I thought that was a passive thing; I didn't know smartphones were actively giving away the list of wifis one has been connected to.
I also don't see any technical reason why phones should do that. Can you go into a bit more detail here, James?
you were very engaging to listen too, I have no idea why these people didn't pick up your jokes.
Thank you! Booklet is nearly ready :) Will post it here in reply.
James, that was a fantastic talk. Thanks for the valuable info on protecting ourselves from viruses and attacks.
He has a lot of good information. It's scary to think that anyone can get the information he got from the audience. Following the security measures will help keep data safe.
what if your wife is a hacker?
Excellent talk.
you only forgot to mention about 0day, mean that you didn`t sure 100% even if you have "good" AV.
also, how government can track us, mobile operators etc.
Good job!
Thank you.
What a great talk
Sure thing - devices will send out probes for networks they have previously connected to and are saved in the favourites list (both those that are open and passwords). They do this to identify networks to connect back to them automatically. Unfortunately it is trivial to collect this information using wireless sniffing. In some regards a safer implementation would have had it enumerate the broadcasts from the wireless routers and then decide locally to connect or not.
Hey, I know what you mean. I had a hard time of it. The first talk I wrote I included all kinds of scary demonstrations and new content, but when I sampled it with people I found that really the biggest issue is that unlike you and I this IS new to a lot of people. So I focused on the basics. There are resources coming up shortly to help secure, hope it at least creates some interest. Anyway, thanks for the feedback :)
Good point... Hadn't thought of that, but I imagine you could create a crazy algorithm to mask a single print and there be enough variation in the uniqueness of biometric data that it would be near impossible to crack, but i dunno.
Very insightful! Definitely worth a watch.
How to do thorough check if the computer has got virus or not? Also how to remove completely without formating computer? Thanks a lot
This guy was really funny but he also scared the hell out of me with his talk of cybercrime (he's right, of course, and that's what makes it scary). A very interesting mix.
Great speech James! Had the perfect balance of humor and information making it very engaging to listen to :)
As I understand it, MSE is a fairly weak protection software; there are some very powerful free antivirus software out there. Personally I use SuperAntiSpyware and AVG, though there are many other good ones as well.
identity stealing is not a problem of having too much personal information publicly available, it's a security problem of the organizations that are targeted. if security was proper (IE if you need some password that only you know (or better a dual authentication with something you know (password) and something you have (a card)) to access any of the things that identity thieves manage to access.) no amount of personal info could get you access to a persons unique rights.
>If it becomes the main platform it also becomes the main target.
yes, but the difference is that with linux if it becomes the main platform it also is the one with most whitehat hackers, exposing and submitting patches that fix the vulnerabilities faster then in proprietary software.
But still, ultimately if there's no user awareness of basic best practices the rest is useless.
Yep! Understanding these risks really helps as it enables us to tweak and write appropriate algorithms we use to design a communication system. Clearly u r the Guru in this field and I hope I can learn lots from U. Hungry for knowledge! Any special blog you'd refer to? :) Cheers!
I watched this for my crimology class.
I have no need of the dangers of the hackers and we need to be vigilant. It was great to hear about all the wonderful things you are doing, but I spent 17m 27 sec hoping to hear what an expert suggests I do and at 16:47 I heard - '...go online and find the simple best practices...' '...find these resources...' I thought that is what I did when I downloaded this talk based on the title 'what you can do about it...'
Tremenda conferencia; muy informativa, practica y aterrizada en la actualidad del cibercrimen; gracias TED!!
It should be mandatory that all children should learn how a computer works!
Where can i get an internship for blackhole?