Speaking at OWASP NoVa

I’m slated to talk at the Northern Virginia chapter of OWASP on Thursday the 15th at 6:00pm. I chose something that I recently got interested in.

A Closer Look at Identity Theft Through Peer-to-Peer Networks

Identity theft through peer-to-peer networks has been in the press every so often for a few years. A couple things that seem to get the focus in most of the stories I read are: (a) Don’t download stuff that’s dangerous, and (b) don’t share what you don’t want shared. There’s are other issues beyond those. In a handful of hours after I installed LimeWire for the first time, I was staring at social security numbers, medical records, proprietary corporate information, and all manner of stuff I should not see. The implications were staggering. Not only did I have what it took to commit identity theft hundreds of times over, I had more subtle and interesting information: information that could be used as leverage against a person in a company, or against the company itself. I could practically shut down a rural medical practice by reporting all the HIPAA violations on their systems. I could leverage the fact that someone in a company has a history of financial troubles. I could successfully counter-bid against a mining company to beat all its proposals to major government customers. Without naming names and handing over the keys to identity theft, I will raise awareness of:

(a) how p2p networks can disclose information you don’t intend, and what that means to you or your employer or your client

(b) how p2p networks can threaten your web app (yep, ties it right back to OWASP)

© what you should do, if you use p2p networks at all

Directions and more information can be found at the chapter’s web page.