Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Sharing is caring: Empowering webmasters for a safer web

Kelly Harrington (Google)
4:45pm–5:25pm Tuesday, October 31, 2017
Security usability
Location: Sutton South

Who is this presentation for?

  • Webmasters, security analysts, and developers

Prerequisite knowledge

  • A basic understanding of how the web works
  • Familiarity with website management and web-based security threats

What you'll learn

  • Understand how web-based malware campaigns affect end users
  • Learn how compromised websites may be abused in attacks targeting end users
  • Explore practical steps webmasters can take to detect and recover from compromises and free tools available for getting useful info and alerts

Description

Web malware attacks are often distributed through hacked web pages and applications. While the webmasters of these sites may be guilty of missing an important update, they are hardly willing participants in the malware campaign. In fact, as victims of such campaigns, they often end up losing money, page views, and even their reputation when their visitors are hijacked by the attackers. This makes webmasters excellent allies to web security efforts. By providing them free, high-quality information to aid in recovery, webmasters can be empowered to quickly address any issues with their sites.

The challenge is that attackers are also listening. There have been reports of attackers registering on webmasters’ behalves for security notifications so they can use this information to evade detection. It must be assumed that any information that has been shared with a webmaster can also make it to the attacker. This leads to a difficult balance: you need to share enough data with webmasters to resolve the problem without sharing too much and tipping your hand to the attackers.

Kelly Harrington explores how web security initiatives work with webmasters to clean up malware attacks and fix other security issues that affect the web ecosystem. Along the way, Kelly explains how to strike the right balance between providing help to site owners and protecting data from bad actors.

Photo of Kelly Harrington

Kelly Harrington

Google

Kelly Hope Harrington is a senior software engineer on the safe browsing team at Google, where she focuses on detection of web-based threats and outreach to webmasters. In her 20% time, she coleads Google’s presence at the San Francisco Pride Parade. Kelly holds a BS in computer science from Carnegie Mellon University, where she took a special interest in computer security and linguistics.