Date post: | 29-Jan-2018 |
Category: |
Technology |
Upload: | vitor-domingos |
View: | 1,679 times |
Download: | 0 times |
Security is sexy againSecurity is sexy again------------
no, not that kind of sexyno, not that kind of sexy
by Vitor Domingos@ IDC -Information Security
Vitor DomingosVitor [email protected]@prt.schttp://vitordomingos.comhttp://vitordomingos.com
- cloud computing & security consultant- thenextweb.com editor- mobilemonday founder- videocaster
- ex failed entrepreneur- ex ITIJ / MJ- ex CGD- ex forumB2B- ex Maxitel- ex Jazztel
VERY IMPORTANT AGENDAVERY IMPORTANT AGENDA
- First- First
- Second - Second
- Third- Third
OLD SCHOOLOLD SCHOOL
- anti virus- anti virus
- IDS, firewall, scanners- IDS, firewall, scanners
- encryption, DMZ, password enforcement- encryption, DMZ, password enforcement
- data protection & security governance- data protection & security governance
- some other commercial bullshit bingo- some other commercial bullshit bingo
- social engineering- social engineering
NEW SCHOOLNEW SCHOOL
- social engineering and hacking- social engineering and hacking
- id theft (banks)- id theft (banks)
- phishing, spoofing, vishing, brandjacking- phishing, spoofing, vishing, brandjacking
- spam, bot networks, malware, pharming- spam, bot networks, malware, pharming
- XSS (twitter)- XSS (twitter)
- private data harvesting (facebook)- private data harvesting (facebook)
Security Menace HistorySecurity Menace History
1.0 – FUN - Virus, Stealing Information
2.0 – MONEY - Worms, Trojans, Virus
3.0 – MONEY 2.0 - DDoS, Trojans, ID Theft
4.0 – MARKETINGFarmVille, Mafia Wars, Data Theft
Security is (now) personalSecurity is (now) personal
1.0- Direct- One-on-One- Hardware/Software
2.0
- Cloud- Distributed- Social- Personal
Firewall HistoryFirewall History
1 Gen – Packet Filter1 Gen – Packet Filter
2 Gen – Application Layer2 Gen – Application Layer
3 Gen – Stateful Filter3 Gen – Stateful Filter
4 Gen – Semantic4 Gen – Semantic
5 Gen – Personal 5 Gen – Personal
Security got smaller and distributedSecurity got smaller and distributed
USB PENUSB PENSD CardSD Card
PhonePhoneSmartphoneSmartphone
CloudCloudSaaSSaaSIaaSIaaSNaaSNaaSDaaS DaaS ......
Phones ...Phones ...
- 15 years of pure unsecurity and few exploits
- mobile is the most personal and private item we own
- phones are now computers, the personal kind
- they even run full operating systems
What's in ...What's in ...
- phone calls; - addressbook; - emails; - sms; - mms; - browser history; - pictures and some documents; - calendar;- gps tracking data; - shop details; - credit card info; - other sync evilness
GSM CrackedGSM Cracked
- A51 Rainbowtable cracking software (reflextor.com/trac/a51)
- GSM interception software (airprobe.org)
- Software defined radio (gnuradio.org)
- Cheap radion software (ettus.com/products)
20102010
- UTMS cracked (on paper) - Sandwich attack
- MMS Remote Exploit
- iPhone SMS Remote Exploit
- Bluetooth Spamming and Attacks (bluesnarfing, bluebug, bluebugging) -$18 bluetooth sniffer
- Bluetooth audio flow to headset interception
- Over the air wire tapping
- ... and what about flash ? :)
Future (risks?)Future (risks?)
- Near Field Communications2008: hacking NFC phones, URI spoofing, NDEF worm; 2010: Nokia announces that all phones will be NFC ready
- Mobile javascript in the browser (2000 called and they want to block javascript all again)
- Phone SSL, VPN
- Location Based something - gowalla//forsquare problems
Future (risks?)Future (risks?)
- Spyware disguised as apps (cydia iphone appstore, android apps)
- Virus/Worm/Botnet - iphone; vodafone memory card spyware bug on android phones - Tinyurl problems (?)
- Social phishing from fake call centers
- Data Leaks
- Startups with little security concerns
New world out (t)hereNew world out (t)here
- Earth calling security, hello ?
- Fresh new start (cloud, distributed, mobile, web)
- Think global
- Same old-school practices apply; new skills
- SME/SMB
- Security as a Service