I’ve got a confession to make. I’ve never attended an RSA Conference before last week. For RSAC 2019, however, I had the honor of giving one of my favorite presentations, 12 Ways to Hack 2FA. The crowd filled the presentation room and a spill-over room to hear it. I was a little under the weather, but I think it went well enough.
I was just as delighted to attend the full conference and many sessions. Most of the talks were good. Many were excellent. Two full vendor halls with lots to see, do and learn: book signings, entertainment, fun activities and lots of bar meetups. If you like to collect conference swag, you will find no better conference. I’d go again in a heartbeat.
I met with dozens of companies at the conference, but two stood out.
The Media Trust: An anti-malvertising service for website owners
I have long known about entities that serve banner ads are a huge risk to the websites that profit from them. Bad guys target banner ad companies and code to inject malicious code into content that a visitor to an otherwise legitimate website consumes—a practice known as malvertising. I wrote about “transitive trust” back in 2008, telling website owners that they must verify (and trust) all code running on their website no matter where it comes from.
Flash forward to today. I interviewed The Media Trust CEO and founder, Chris Dison, who says that the average website he works with has 30 to over 1,000 different code components coming from all over the world. If you track the involved domains for any popular website, you’ll be surprised how many different pieces of code and content are making up a single page. Sometimes that nth-party code is malicious, either getting accidentally compromised or launched by some malicious content vendor who otherwise looks legitimate.