The Internet's 10 most dangerous people you don't know
Robert Hansen (who actually wore a suit, which was quite surprising to me) gave out a list of 10 people he thought were the most dangerous people for the internet that you don't actually know. These are people responsible for infrastructure or services that are important to the safety and ongoing functionality and yet are not generally recognized as important/dangerous people.
10. Network engineer at C|Net
They own com.com which is the craziest domain. If you owned that domain you could probably serve up malware and sniff a whole lot of e-mail that is accidentally sent to example.com.com
9. Giorgio Maone
- He makes noscript which a lot of security people use.
- They use it and never read the source.
- He could be bribed/coerced into modifying the extension to do something different that is insecure.
8. Eddy Nigg StartCom
(could be any person at an ssl reseller). He can create a wildcard certificate for any domain. He has to try to trust people and yet shouldn't really trust people. Which allows man-in-the-middle quite easily.
7. John Doe at Authorize.net
They are the biggest online merchant service provider - they know credit card data for so many sites. It's arguably worse than Visa/Mastercard since nobody really cares about the merchants or their security and the merchants have a lot more data about the transaction (the specific domain it's coming from, for example). Further, if they just blackmailed people from sketchy sites then the end-user would assume it's the sketchy site doing it so a malicious person at one of these organizations (or who gets access to their data) could go undetected for a long time.
6. Check in engineer at Mozilla
- They add something bad to the code like a sniffer or an SSL cert. He retracted this one, which makes sense because Mozilla isn't really more vulnerable than any other software vendor and they are much less popular.
5. Chirag and Floyd at Adwords
It's legitimate XSS on 50% of the internet? You could steal everything from lots of really important sites.
4. John Doe at Google's Postini
They read all your gmail. Inbound and outbound. Which means they actually see a fairly large amount of all e-mail. Privacy fail!
3. John Doe at 1 Wilshire
It's a major peering point for a lot of stuff on the internets, so they can snoop on and/or block lots of traffic.
2. John Doe at gtei.net
They control the IP addresses 22.214.171.124 and 126.96.36.199 which are DNS servers that a lot of people use because they are easy to remember. Many networking engineers and pieces of equipment are set to use these, so if they are abused they could cause massive problems.
1. iDefense, Verisign, Network Solutions
They control .com. Which is kinda important.
Buy his book - Detect Malice.