The document discusses various topics related to human, computer, and vulnerability such as profiling mobile users, intelligence, related works on web profiling and privacy, and the author's approach to addressing privacy problems with user profiling research. It provides background on trends in information technology and predictions for the future, and examines concepts like profiling, why profiling is done, and intelligence in relation to profiling.

1. Human, Computer and Vulnerability
작성자 :서승현(20113920)
tgnice@nchovy.com
1

2. Table of Contents
1. Background …………….…………………………………………………………………………………. 4
1.1 IT Trend ……….……………………………………………………………………………………... 5
1.2 Prediction ..…………………………………………………………………………………..…….. 8
1.3 Benchmarking ….…………………………………………………………………………………. 10
1.4 What They Do .......………………………………………………………………………………. 11
1.5 CES 2012 ………….…………………………………………………………………………………. 14
2. What is Profiling …….…………………………………………………………………………………. 15
2.1 Definition …….……………………………………………………………………………………... 16
2.2 Type of Profiling ………………………………………………………………………………….. 17
2.3 Different View ……………………………………………………………………………..…….. 18
2.4 Expectation …………………………………………………………………………………..…….. 19
3. Why Do We Profiling …………………………………………………………………………………. 20
3.1 Origins ..………………………………………………………………………………………..……. 21
3.2 Present .………………………………………………………………………………………..……. 22
3.3 Future ………………………………………………………………………………….........……. 24
4. Mobile User Profiling …………………………………………………………………................ 25
4.1 Context Aware ………………………………………………………………………............... 26
4.2 Set of Raw Data ……………………………………………………………………............... 28
4.3 Extract Attribute ………………………………………………………………………………... 30
4.4 Constraints …………………………………………………………………………………………. 31
2

3. Table of Contents
5. Intelligence ……………………………………………………………………………………………..... 32
5.1 Introduce …………………………………………………………………………………………….. 33
5.2 Intellectual Intelligence.………………………………………………………………………. 34
5.3 Emotional Intelligence ……………………………………………………………………….. 35
5.4 Qualified Intelligence …………………………………………………………………………. 36
6. Related Works ……………………………………………………………………………………........ 37
6.1 Web Profiling……………………………………………………………………………………….. 38
6.2 Location Sensing………………………………………………………………………………….. 39
6.3 Energy Efficiency………………………………………………………………………………….. 40
6.4 Emotion Sensing …………………………………………………………………………………. 41
6.5 Privacy ……………………………………………………………………………………………….. 43
7. Approach ………………………..…………………………………………………………………......... 44
7.1 Privacy Problem ..…………………………………………………………………................ 45
7.2 User Profiling ..………………………………………………………………………............... 46
7.3 Research Goal .………………………………………………………………………............... 48
Appendix 49
References 59
3

4. 4

5. 0. Speaker Profile
 (2007. 11 ~ 2010. 12)
 nchovy team in INZEN Security
 Nchovy.com Foundation Member
 Krakenapps.org Committer
 IDS Neowatcher Maintainer
 Malware, Exploit Analysis
 Security Group Chief
 (2011. 02 ~ 2011. 12)
 Freelance at Future System , Itnade
 Conference
 2008.02 PADOCON Spoofing & Scanning
 Certification
 CCNP
 LPIC
 CISA
5

6. 6

7. 1. Prologue 1.1 Are you Safe?
7

8. 1. Prologue 1.2 Do You Know?
8

9. 1. Prologue 1.2 Do You Know?
9

10. 1. Prologue 1.3 Cyber Attack
10

11. 1. Prologue 1.4 Threat
11

12. 1. Prologue 1.5 We Need This?
12

13. 13

14. 2. Hackers 2.1 History
 Hacking has been around for more than a
century. In the 1870s, several teenagers
were flung off the country's brand new
phone system by enraged authorities
 University facilities with huge mainframe
computers, like MIT's artificial intelligence
lab, become staging grounds for hackers.
At first, "hacker" was a positive term for a
person with a mastery of computers who
could push programs beyond what they
were designed to do.
 John Draper makes a long-distance call for
free by blowing a precise tone into a
telephone that tells the phone system to
open a line. Draper discovered the whistle
as a give-away in a box of children's cereal
14

15. 2. Hackers 2.1 History
 Two members of California's Homebrew
Computer Club begin making "blue
boxes," devices used to hack into the
phone system. The members, who adopt
handles "Berkeley Blue" (Steve Jobs) and
"Oak Toebark" (Steve Wozniak), later go
on to found Apple Computer.
 Morris, Son of former National Security
Agency scientist Robert Morris, is known
as the creator of the Morris Worm, the
first computer worm to be unleashed on
the Internet. As a result of this crime, he
was the first person prosecuted under the
1986 Computer Fraud and Abuse Act.
15

16. 2. Hackers 2.1 History
 Kevin Mitnick secretly monitors the e-mail of
MCI and Digital Equipment security officials.
He is arrested (again), N.C., after he is tracked
down via computer by Tsutomu Shimomura
at the San Diego Supercomputer Center.
 Tsutomu Shimomura is a senior fellow at the
San Diego Supercomputer Center, where he
works on problems in areas as diverse as
computational physics and computer security.
In February 1995 he helped several online
service and Internet companies track down
computer outlaw Kevin Mitnick.
16

17. 2. Hackers 2.2 Now
17

18. 2. Hackers 2.2 Now
18

19. 2. Hackers 2.3 Kind of
19

20. 2. Hackers 2.4 Near Enemy
20

21. 21

22. 3. Information Security 3.1 Definitions
 Protecting information and information
systems from unauthorized access, use,
disclosure, disruption, modification,
perusal, inspection, recording or
destruction
 Computer security and information
assurance are frequently used
interchangeably
 Confidentiality, Integrity, Availability
 Plus Accountability(Non-Repudiation)
 Process, Risk Management, BCP/DRP
22

23. 3. Information Security 3.2 Attributes
 Confidentiality
 used to prevent the disclosure of
information to unauthorized individuals or
systems
 Integrity
 means that data cannot be modified
undetectably. This is not the same thing
as referential integrity in databases
 Availability
 A requirement intended to assure that
systems work promptly and service is not
denied to authorized users
 Accountability(Non-Repudiation)
 The requirement that actions of an entity
may be traced uniquely to that entity.
23

24. 3. Information Security 3.3 Risk Management
 Risk management is the identification,
assessment, and prioritization of risks
(defined in ISO 31000 as the effect of
uncertainty on objectives, whether positive or
negative) followed by coordinated and
economical application of resources to
minimize, monitor, and control the probability
and/or impact of unfortunate events or to
maximize the realization of opportunities
 Composite Risk Index = Impact of Risk event x
Probability of Occurrence
24

25. 3. Information Security 3.4 Process
 Security Governance
 The Software Engineering Institute at Carnegie Mellon University, in a publication
titled "Governing for Enterprise Security (GES)", defines characteristics of effective
security governance
 Incident Response Plans
 computer security incident management involves the monitoring and detection of
security events on a computer or computer network, and the execution of proper
responses to those events
 Change Management
 Change management is an IT service management discipline. The objective of change
management in this context is to ensure that standardized methods and procedures
are used for efficient and prompt handling of all changes to control IT infrastructure,
in order to minimize the number and impact of any related incidents upon service
25

26. 3. Information Security 3.5 BCP/DRP
 BCP may be a part of an organizational
learning effort that helps reduce
operational risk.
 BCP is working out how to continue
operations under adverse conditions that
include local events like building fires,
theft, and vandalism, regional incidents
like earthquakes and floods, and national
incidents like pandemic illnesses.
 Disaster recovery is the process, policies
and procedures related to preparing for
recovery or continuation of technology
infrastructure critical to an organization
after a natural or human-induced disaster
26

27. 27

28. 4. Social Engineering 4.1 Survey
28

29. 4. Social Engineering 4.2 Fact
29

30. 4. Social Engineering 4.3 Human Vulnerability
30

31. 4. Social Engineering 4.4 Based on Trust
31

32. 4. Social Engineering 4.5 Physical Security
 Basic Security
 Robbery / Access Control
 Protect Asset from External Threat
 Include People
32

33. 33

34. 5. Network Hacking 5.1 DoS
 A denial-of-service attack (DoS attack) or
distributed denial-of-service attack (DDoS attack)
is an attempt to make a computer or network
resource unavailable to its intended users
 Method
 Consumption of computational resources,
such as bandwidth, disk space, or processor
time.
 Disruption of configuration information,
such as routing information.
 Disruption of state information, such as
unsolicited resetting of TCP sessions.
 Disruption of physical network components.
 Obstructing the communication media
between the intended users and the victim
so that they can no longer communicate
adequately.
34

35. 5. Network Hacking 5.2 ARP Spoofing
 ARP spoofing is a computer hacking technique
whereby an attacker sends fake ("spoofed")
Address Resolution Protocol (ARP) messages
onto a Local Area Network.
 Even ARP entries which have not yet expired
will be overwritten when a new ARP reply
packet is received. There is no method in the
ARP protocol by which a host can authenticate
the peer from which the packet originated. This
behavior is the vulnerability which allows ARP
spoofing to occur.
 Defense
 Static ARP entries
 OS Security
35

36. 5. Network Hacking 5.3 XSS
 Cross-site scripting (XSS) is a type of computer insecurity vulnerability typically found in
Web applications (such as web browsers through breaches of browser security) that
enables attackers to inject client-side script into Web pages viewed by other users.
 XSS vulnerabilities have been reported and exploited since the 1990s. Prominent sites
affected in the past include the social-networking sites Twitter, Facebook, MySpace,
and Orkut.
36

37. 37

38. 6. Malware 6.1 Types of Malware
38

39. 6. Malware 6.2 Original Sin
39

40. 6. Malware 6.3 Definition
 Short for Malicious Software
 Software designed to disrupt computer
operation, gather sensitive information,
or gain unauthorized access to computer
systems
 Computer viruses, worms, trojan horses,
spyware, adware, most rootkits, and
other malicious programs
 Is not the same as defective software
40

41. 6. Malware 6.4 Infection
 Called Virus, Worm
 Many early infectious programs. They were
generally intended to be harmless or merely
annoying, rather than to cause serious damage
to computer systems
 Before Internet access became widespread,
viruses spread on personal computers by
infecting the executable boot sectors of floppy
disks
 Virus is used for a program has infected some
executable software and, when run, causes
the virus to spread to other executables.
 A worm is a program that actively transmits
itself over a network to infect other computers.
41

42. 6. Malware 6.5 Concealment
 Called Trojan Horses, Rootkit, Backdoor
 When a malicious program is disguised as
something normal or desirable, users may be
tempted to install it without realizing it. This is
the technique of the Trojan horse or trojan.
 A rootkit was a set of tools installed by a human
attacker on a Unix system, allowing the attacker
to gain administrator (root) access
 A backdoor is a method of bypassing normal
authentication procedure
42

43. 43

44. 7. Encryption 7.1 Origins
44

45. 7. Encryption 7.1 Origins
 A watermark is a recognizable image or
pattern in paper that appears as various
shades of lightness/darkness when viewed by
transmitted light (or when viewed by
reflected light, atop a dark background),
caused by thickness or density variations in
the paper
 Cryptology From Greek κρυπτός, "hidden,
secret" graphein, "writing", or -λογία, -logia,
"study", respectively
 Steganography is the art and science of
writing hidden messages in such a way that
no one, apart from the sender and intended
recipient, suspects the existence of the
message, a form of security through obscurity
45

46. 7. Encryption 7.2 Water Marking
 In philately, the watermark is a key feature
of a stamp, and often constitutes the
difference between a common and a rare
stamp
 A watermark is very useful in the
examination of paper because it can be
used for dating, identifying sizes, mill
trademarks and locations, and the quality
of a paper.
 Encoding an identifying code into digitized
music, video, picture, or other file is known
as a digital watermark.
46

47. 7. Encryption 7.3 Cryptography
 It is about constructing and analyzing protocols
that overcome the influence of adversaries and
which are related to various aspects in
information security such as data confidentiality,
data integrity, and authentication.
 Symmetric-Key Cryptography
 DES,AES
 Public-Key Cryptography
 RSA(Ronald Rivest, Adi Shamir, Len
Adleman)
 Cryptanalysis
Bruce Schneier
47

48. 7. Encryption 7.4 Steganography
 The first recorded uses of steganography can be
traced back to 440 BC when Herodotus mentions
two examples of steganography in his Histories.
 Steganography includes the concealment of
information within computer files. In digital
steganography, electronic communications may
include steganographic coding inside of a
transport layer, such as a document file, image
file, program or protocol
 Steganography is used by some modern printers,
including HP and Xerox brand color laser printers.
Tiny yellow dots are added to each page. The
dots are barely visible and contain encoded
printer serial numbers, as well as date and time
stamps
48

49. 49

50. 8. Privacy 8.1 Issues
50

51. 8. Privacy 8.1
 Latin : Privatus “Separated from the Rest”
 Want Anonymous
 Keyboard Warrior
 Debate Sensitive Topic
 Social Fatigue
 Security Problem(Like Social ID)
 Do Not Want
 Watch Your Behavior
 Know Your Feeling
 Know Where You Are/Live
51

52. 52

53. 9. Related Works 9.1 Kraken
 It means Legendary sea monsters of
giant proportions said to dwell off the
coasts of Norway and Iceland.
 OSGi Based Network Security Platform
 Pcap Packet Analysis
53

54. 9. Related Works 9.2 Network Scanning
54

55. 9. Related Works 9.3 Metasploit
 The Metasploit Project is an open-source,
computer security project which provides
information about security vulnerabilities
and aids in penetration testing and IDS
signature development. Its most well-known
sub-project is the Metasploit Framework, a
tool for developing and executing exploit
code against a remote target machine
 Created by H.D Moore in 2003
 Penetration Testing Tool
55

56. 9. Related Works 9.4 Backtrack
 BackTrack is a distribution based on the Ubuntu
GNU/Linux distribution aimed at digital forensics
and penetration testing use
 It is named after backtracking
 Merged WHAX and Auditor Security Collection
 Penetration Testing Tool
56

57. 9. Related Works 9.5 Anti Virus
 is software used to detect and
remove computer viruses, as well
as many other types of harmful
software, collectively referred to as
malware.
 Identification methods
 Signature-based detection
 Suspicious behavior
monitoring
 Heuristics
57

58. 58

59. 10. Conclusion Acknowledge
59

60. 10. Conclusion Anxious
60

61. 10. Conclusion Fact
61

62. 10. Conclusion iOS is Not Secure
62

63. 10. Conclusion Process
63

64. 10. Conclusion Password
64

65. 10. Conclusion Did you See?
65

66. 10. Conclusion Deal With Devil
66

67. 10. Conclusion Too Much Anxious?
67

68. 10. Conclusion Is This Right?
68

69. 10. Conclusion Don’t be pirate
69

70. 10. Conclusion Defend Yourself
70

71. 10. Conclusion
You can't defend. You can't prevent. The only thing
you can do is detect and respond. – Bruce Schneier
71

72. 72

73. Appendix Issues
73

74. Appendix Issues
74

75. Appendix Problem
75

76. Appendix Risk Management
76

77. Appendix Social Engineering Book
77

78. Appendix Information Security Directions
78

79. Appendix Social Engineering Example
79

80. Appendix VB100 Anti-Virus Test
80

81. Appendix Apple’s Security Issue
81

82. Appendix Infection/Attack
82

83. Appendix X-large Password
83

84. Appendix Google’s Technique
84

85. Appendix Example of Steganography
85

86. 86

87. References Papers
 Hacking : The Art of Exploitation
 The Art of Deception
 Social Engineering
 Authorized translation of the English of Information Security : Principles and
Practice(WILEY)
 Hacking : The Next Generation(O’REILLY)
 Practical : Cryptography(WILEY)
 Rootkits : subverting the windows kernel (Addison-Wesley)
 Malware Forensic(SYGRESS)
 Professional Penetration Testing(SYGRESS)
 Botnet Detection(Springer)
 Malware Detection(Springer)
87

88. References Keyword
 Information Security
 Virus Bulletin
 Malware
 Trojan
 Worm
 Botnet
 Steganography
 DES,3DES,AES,RSA
 DoS, DDoS
 Hacker
 Cyber Attack
 Lulz Sec, Anonymous(Hacker Group), Anti-Sec
 RSA
88

89. 89