Post on 15-May-2015
description
transcript
Security? Who Cares!
Privacy is Dead
BsidesSFMarch 3, 2010 Brett Hardin1
Brett Hardin - BsidesSF
Who Am I
2
✓Pen Tester✓Security Researcher
Old Lives:
@miscsecurity
Currently:
Brett Hardin
✓Product Manager
Brett Hardin - BsidesSF
• Inviting my Dad to LinkedIn
3
Brett Hardin - BsidesSF
Disconnected Generation
• “Older” Generations don’t get it.
• “Younger” Generations do.
• Do They?
4
Brett Hardin - BsidesSF
• Geo Location becoming more available.
• Open APIs make this Scary
Geo Location
5
Brett Hardin - BsidesSF
Permission Based Systems
• When you tweet out your Foursquare check-ins (some people even do this automatically), it essentially makes Foursquare an asymmetric network. And believe it or not, some people are doing that without really thinking about it. Or they’re doing it because it’s easier to gain friends/followers on an asymmetric network.
• Connecting them to non-permission based systems.
6
Brett Hardin - BsidesSF7
Brett Hardin - BsidesSF8
Brett Hardin - BsidesSF9
A mayor you say?
Brett Hardin - BsidesSF10
http://foursquare.com/venue/1404526
Brett Hardin - BsidesSF
• Share a bunch of information with people you don’t care about.
• “Connect” with old friends
• Flog the dead horse.
11
Brett Hardin - BsidesSF
DOD okays use of Social Networks
• February 26, 2010
• DOD okays use of Social Networks
• (http://www.defense.gov/NEWS/DTM%2009-026.pdf)
• “Scary Precedent”?
• http://wefollow.com/twitter/military
12
Brett Hardin - BsidesSF
• Who has heard of Blippy?
13
Brett Hardin - BsidesSF
Social Demographics being harvested
• To identify “creditworthy” customers, CC companies are beginning to harvest info from social networking sites.
• http://www.creditcards.com/credit-card-news/social-networking-social-graphs-credit-1282.php
14
Brett Hardin - BsidesSF
Security as a Process
• How many times have you heard this?
• It’s not working!
• We need new concepts.
• People will continue to get compromised.
15
!
Brett Hardin - BsidesSF
Are we doing our Job? (Raise your hands)
• Who here works for a company who creates software?
• Who here, be honest, has an actual SDLC process?
• Who started one?
16
Brett Hardin - BsidesSF
What can we do?
• Work Harder?
• Complain?
• Drop It?
• http://www.youtube.com/watch?v=6qIgVrOy9vM
• “It’s over Johnny, It’s Over!”
• “Nothing is Over! Nothing!”
17
Brett Hardin - BsidesSF
Where to Begin?
• I don’t know.
• Embrace it?
• Public Networks are Public
18