technology

technology

Information Information SecuritySecurity High-Tech eraHigh-Tech erainin

protect

protect

us ?

us ?

cancan anyany

Our empirical observations ... Antibody grows only after we suffer.

Medicine is invented always after the bacteria is discovered.

Same with the Computer viruses

They are invented first before there is any anti-virus.

3

Rock Solid Security ...Rock Solid Security ...

by : Eduardo Seguraby : Eduardo Segura

HUH !!!!!!HUH !!!!!!

It was broken within 2 days !!!!

QuickTime™ and aH.264 decompressor

are needed to see this picture.

“Secure” database server ????

“Secure” telephone

network ????

(Jan 1991) First hacker arrest: MArk Abene (a.k.a. Phiber Optik)

“Secure” internet

backbone ????

(May 1998)... in testimony before congress L0pht Hacker group claimed that they can bring down the internet

“Secure” distribution

media (DVD,

1997) ????

(Oct 1999) DeCSS is released, a closed source Windows-only application for DVD ripping

Thank You ...Thank You ...

Threats in day-to-day

life

Threats in day-to-day

life

by : Eric Soby : Eric So

Losing personal privacy over the internet

Losing information from laptop or memory drive

Media copyright issue all over the world, e.g. Youtube, DVD copy

Disadvantage - Technology for daily life

Satellite Missions

High resolution photography (IMINT) e.g. monitoring weather and making maps

Communications eavesdropping (SIGINT)

Covert communications

Enforcement of nuclear test bans (see National Technical Means)

Detection of missile launches

Spy Satellite . . .

GPS Surveillance --Turn a cell phone into a surveillance device provided by Accutracking (http://www.accutracking.com/)

Mass surveillance – domestic telephone call, Traffic camera and commercial records.

Surveillance

Pudding Media is offering a service uses voice-recognition software to find tens of thousands of key words in a user's conversation to trigger ads that are shown on the user's screen.

Conversation may have been monitored

Privacy for free VOIP

Same password used over multiple sites.

Personal Profile can be brought up from any administrator.

Contact information may be sold to other advertisement company or partners as a online properties before 2000.

E-commerce

Using the Vision 20/20 POM Offender Locator to identify:

Missing Person

Tracking

The vision 20/20

US Computer EmergencySex Offender LocatorWeatherTrace your missing pet

Thank You ...Thank You ...

Open Wi-FiOpen Wi-Fi

by : Kiran Patilby : Kiran Patil

Yahoo!!!!Yahoo!!!!

Internet

VoIP

Phone access

Game

consumer electronic device connectivity.

Wi-Fi ... the future wave

War driving ... used to detect WiFi and collect information to decide which one to attack.

Wi-Fi ...hacking tools

Wi-Fi ...hacking tools

Evil Twin

Attack at two Miami Marshall's stores : TJX Breach SEPTEMBER 25, 2007

Hijacking a Macbook in 60 Seconds or Less

Hacking using Open Wi-Fi

Enable WPA

Change the SSID from the default.

Enable Mac Address Filtering in your Access Point

Restrict the range of available IP addresses that your router will allow to connect

Wi-Fi ... What should be done ?

Always make sure you are connecting to right network.

Avoid Open Wi-Fi if absolutely not sure about it.

Do not assume that hackers will not target you ... sometimes they do it just for fun.

Set up a software firewall (such as Zone Alarm) on each computer.

Enable logs on your router

Wi-Fi ... What should be done ?

Thank You ...Thank You ...

PhishingPhishing

by : Pantesh Shahby : Pantesh Shah

From Wikipedia

In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication

Phishing ... what’s that ?

Phishing ... an increasing problem

source : WikiPedia

Deceptive Phishing

Malware-Based Phishing

Keyloggers and Screenloggers

Session Hijacking

Web Trojans

Phishing ...multiple faces

Hosts File Poisoning

Data Theft

DNS-Based Phishing (“Pharming”).

Content-Injection Phishing

Man-in-the-Middle Phishing

Search Engine Phishing

Phishing ...one best(worst) example

Google’s anti-phising softwareAnti-phising tool bar in IEMany available anti-phising software

Phishing ... some protection technology

Be-suspicious about the e-mail asking for your private information.

Make sure that link you click brings you to legitimate web-site

Look out for poor spelling / grammar in official looking e-mail.

Do not fall for million dollars - money does not come as free

Phishing ...a few tips to protect ourselves

Thank You ...Thank You ...

Daily life Watch-outs

Daily life Watch-outs

by : Niketa Patelby : Niketa Patel

A lot of password cracking softwares are readily available on internet.

Modern technology enables hacker to try out password cracking guesses ( from common words to ancient language ) in a speed of light.

Account hacking can not only reveals private information, but also can be a gateway to install ‘Torjan Horse’ ( or ‘back door’ ) program to access our computer and data without us ever knowing about it.

Password security

To protect password

Need to make our password unique for each account

Need to change our password frequently

Need to keep our password secret

Password security

Email has become such a commonplace part of our lives that many of us forget just how insecure it can be. For instance:

Email generally travels across the Internet in an unencrypted form (plain,readable text) that anyone between the source and destination can read.

Email attachments are the most commonly used method for spreading worms, viruses and Trojan Horses. Infection can happen by clicking on something as innocent looking as a .jpg or .zip file.

Once an email has been sent, you have no control over what happens with it.

E-mail security

Never send your password in an email.

Be certain of an attachment's safety before opening it.

Never reply to unsolicited email

Never allow guests to use your account.

Beware: HTML messages are a common way for viruses and other hostile content to transmit themselves. Use caution when opening a HTML message from an unknown source. Most email tools allow you to read messages in plain-text format,which eliminates the risk

E-mail security- do’s & dont’s

Social Engineering

QuickTime™ and aH.264 decompressor

are needed to see this picture.

Social engineering uses the skills of the con artist ...

These "engineers" impersonate

computer administrators company officialsemployees of a partner company

Social Engineering

Social engineering is one of the most effective hacker exploits

no technology can defend against it.

Some surveys have shown that over 70% of people will divulge their password or other information under the right circumstances

Social Engineering

Thank You ...Thank You ...

Can any technology protect us ?

Can any technology protect us ?

Information Security in High-Tech era Information Security in High-Tech era

Our original quest . . .Our original quest . . .

what ever we have discussed so far is revolving around

us

Security is only as strong as its weakest linkwhich is again ...

Another empirical observation

us

http://www.theregister.co.uk/2007/03/19/diamond_blag/

http://www.theregister.co.uk/2007/04/17/chocolate_password_survey/

Two recent news . . .

http://www.theregister.co.uk/2007/03/19/diamond_blag/

22% IT professionals revealed their password with simple question

A further 42% of IT professionals revealed their password With social engineering technique.

39% said that they will tell IT department staff their password

32% said that they will tell their password to their boss.

More on this password survey ...

Technology may help us to build the strongest lock . . .

It is our responsibility to protect the key.

Our Conclusion ...

Thanks to Haroon Mahmood and Rich Brueckner of SUN Microsystems Inc. for sharing their creation on the ‘social engineering’ video clip.

Many of the the information and ‘clip arts’ presented here has been taken from the ‘Security Training’ documentation from SUN Microsystems Inc.

Acknowledgment

Discussion Session

. . .

Discussion Session

. . .