SlideShare une entreprise Scribd logo

Protect Thy Computer and Thyself

iLinkoln Meetup
iLinkoln Meetup

Protecting yourself from evil eyes on your network will keep you safe. By Nelson Kelem at iLinkoln Digital Media Meetup in Lincoln

Technologie
1  sur  19
Web 2.0 Big brother 2011. Start protect thyself
Who? HTTP Requests, Responses Send username/password If TRUE. Set a Cookie As long as the cookie is alive. We use the cookie for all new requests.
Status? Loggedin: • Cookies are secrets • We MUST keep them as secrets • But we aren’t doing that • Who’s work is it. (ALL OF US)
WiFi. Aye! • Can you feel it, coming in the air tonight? • Yes its all in the air • Anyone can have them. Just listen and you have em
Terminal Ask and ye shall be.. $ sudo tcpdump -A -i en1 tcp port 80
Requesting POST /login.php?login_attempt/1.1 Host: login.facebook.com LOOK closely: email=yaya@yada.com&pass=holysh**AmH00ked
Answered. HTTP/1.1 302 Found Location:http://www.facebook.com/home.php set-Cookie: xs=ajwsddlfgs2454lIUYQHAWhsalqas
What? How can u... “SIDE-JACKING” or Session Hijacking is where someone takes control of your session and starts doing everything you can do or worse on your account without your knowledge. You have probably seen emails from your FB friends that is spam but your friend did not send it. This is one type of things that can happen.
Put on Protection - Avoid insecure sites on open Wifi - Avoid Starbucks Coffee. Nothing is free - Secure your Wifi Network at least with WPA2 + pre- shared key so you know who is connected at all times - You are on your own most times. All the best.
SSL? - Don matter. Attackers can redirect your browser using SSLStrip - Avoid insecure sites while on wifi. - Sites like gmail by default are much better due to full blown SSL all through. -Logging out doesn’t make session invalid. “Remember Me” check box?
Use only secure L/WAN • At least WPA2 encryption (protects against each other) • Avoid Starbucks Wifi • Check your network operators credentials • ISPs? • Try VPN
One-on-One yessss • Generally traffic should be end-to-end
DONT EAT SHIT • IGNORANT Service providers • EXCUSES: We are working on it, we Care, we are Scaling
GMAIL Full SSL JAN 2010 “We had to deploy no additional machines and no special Hardware.” - http://www.imperialviolet.org/2010/06/25/ overlocking-ssl.html
How BAD? Email not up there(Hotmail) FB, Twitter is your main communication network Loads of sites do it wrong
Its really BAAAD Check this out FIRESHEEP Eric Butler & Ian Gallagher San Diego October 21010
FIRESHEEP Firefox Extension Mac OS X Windows XP Firefox 3 Not 4 http://codebutler.github.com/firesheep
Companies Must Act They MUST PROTECT there Users and Websites. Its their Maternal Responsibility. They Don’t? DEMAND SSL EVERYWHERE
No Qs? Good the-CRAB @ilinkoln iLinkoln 23/10/2010

Recommandé

Are You Safe From Hackers
Are You Safe From HackersAre You Safe From Hackers
Are You Safe From HackersMichele Butcher-Jones
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Michele Butcher-Jones
 
Passwords, Attacks, and Security oh My!
Passwords, Attacks, and Security oh My!Passwords, Attacks, and Security oh My!
Passwords, Attacks, and Security oh My!Michele Butcher-Jones
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Michele Butcher-Jones
 
JAva Script Toolkit
JAva Script ToolkitJAva Script Toolkit
JAva Script ToolkitDiego La Monica
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri
 
My Site Was Hacked!
My Site Was Hacked!My Site Was Hacked!
My Site Was Hacked!Didit Marketing
 

Recommandé

Are You Safe From Hackers
Are You Safe From HackersAre You Safe From Hackers
Are You Safe From HackersMichele Butcher-Jones
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Michele Butcher-Jones
 
Passwords, Attacks, and Security oh My!
Passwords, Attacks, and Security oh My!Passwords, Attacks, and Security oh My!
Passwords, Attacks, and Security oh My!Michele Butcher-Jones
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Michele Butcher-Jones
 
JAva Script Toolkit
JAva Script ToolkitJAva Script Toolkit
JAva Script ToolkitDiego La Monica
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri
 
My Site Was Hacked!
My Site Was Hacked!My Site Was Hacked!
My Site Was Hacked!Didit Marketing
 
Technical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionTechnical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionOtto Kekäläinen
 
Avoiding Viruses 2003
Avoiding Viruses 2003Avoiding Viruses 2003
Avoiding Viruses 2003hcj2010
 
Using Varnish with WordPress (#wcilm)
Using Varnish with WordPress (#wcilm)Using Varnish with WordPress (#wcilm)
Using Varnish with WordPress (#wcilm)Tiffany Kuchta
 
WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017Otto Kekäläinen
 
Framabag, Wallabag, together let’s decentralize internet !
Framabag, Wallabag, together let’s decentralize internet !Framabag, Wallabag, together let’s decentralize internet !
Framabag, Wallabag, together let’s decentralize internet !Nicolas Lœuillet
 
Twitter Talk
Twitter TalkTwitter Talk
Twitter TalkAndre Nosalsky
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Protecting online data unit 1
Protecting online data unit 1Protecting online data unit 1
Protecting online data unit 1callum321
 
Httpd sys content_t_apache_linux
Httpd sys content_t_apache_linuxHttpd sys content_t_apache_linux
Httpd sys content_t_apache_linuxJames Jara
 
Maintaining a big open source project: lessons learned
Maintaining a big open source project: lessons learnedMaintaining a big open source project: lessons learned
Maintaining a big open source project: lessons learnedLeonardo Tegon
 
Importance of-website-backups
Importance of-website-backupsImportance of-website-backups
Importance of-website-backupsmymlmfinder
 
Community Career Center: The Beginner’s Guide to LastPass
Community Career Center: The Beginner’s Guide to LastPassCommunity Career Center: The Beginner’s Guide to LastPass
Community Career Center: The Beginner’s Guide to LastPassKeitaro Matsuoka
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
Installar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureInstallar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureJames Jara
 
iPhone offline webapps
iPhone offline webappsiPhone offline webapps
iPhone offline webappsHome
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linuxJames Jara
 
Future of Mobile Web - Coldfront conf
Future of Mobile Web - Coldfront confFuture of Mobile Web - Coldfront conf
Future of Mobile Web - Coldfront confPaul Kinlan
 
apidays LIVE Singapore - The trouble with Webhooks by Phil Nash
apidays LIVE Singapore - The trouble with Webhooks by Phil Nashapidays LIVE Singapore - The trouble with Webhooks by Phil Nash
apidays LIVE Singapore - The trouble with Webhooks by Phil Nashapidays
 
The Semantic Web: The Why? What? How?
The Semantic Web: The Why? What? How?The Semantic Web: The Why? What? How?
The Semantic Web: The Why? What? How?iLinkoln Meetup
 
World history extra credit
World history extra creditWorld history extra credit
World history extra creditTate_Allen
 

Contenu connexe

Tendances

Technical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionTechnical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionOtto Kekäläinen
 
Avoiding Viruses 2003
Avoiding Viruses 2003Avoiding Viruses 2003
Avoiding Viruses 2003hcj2010
 
Using Varnish with WordPress (#wcilm)
Using Varnish with WordPress (#wcilm)Using Varnish with WordPress (#wcilm)
Using Varnish with WordPress (#wcilm)Tiffany Kuchta
 
WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017Otto Kekäläinen
 
Framabag, Wallabag, together let’s decentralize internet !
Framabag, Wallabag, together let’s decentralize internet !Framabag, Wallabag, together let’s decentralize internet !
Framabag, Wallabag, together let’s decentralize internet !Nicolas Lœuillet
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Protecting online data unit 1
Protecting online data unit 1Protecting online data unit 1
Protecting online data unit 1callum321
 
Httpd sys content_t_apache_linux
Httpd sys content_t_apache_linuxHttpd sys content_t_apache_linux
Httpd sys content_t_apache_linuxJames Jara
 
Maintaining a big open source project: lessons learned
Maintaining a big open source project: lessons learnedMaintaining a big open source project: lessons learned
Maintaining a big open source project: lessons learnedLeonardo Tegon
 
Importance of-website-backups
Importance of-website-backupsImportance of-website-backups
Importance of-website-backupsmymlmfinder
 
Community Career Center: The Beginner’s Guide to LastPass
Community Career Center: The Beginner’s Guide to LastPassCommunity Career Center: The Beginner’s Guide to LastPass
Community Career Center: The Beginner’s Guide to LastPassKeitaro Matsuoka
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
Installar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureInstallar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureJames Jara
 
iPhone offline webapps
iPhone offline webappsiPhone offline webapps
iPhone offline webappsHome
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linuxJames Jara
 
Future of Mobile Web - Coldfront conf
Future of Mobile Web - Coldfront confFuture of Mobile Web - Coldfront conf
Future of Mobile Web - Coldfront confPaul Kinlan
 
apidays LIVE Singapore - The trouble with Webhooks by Phil Nash
apidays LIVE Singapore - The trouble with Webhooks by Phil Nashapidays LIVE Singapore - The trouble with Webhooks by Phil Nash
apidays LIVE Singapore - The trouble with Webhooks by Phil Nashapidays
 

Tendances (20)

Technical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionTechnical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 edition
 
Avoiding Viruses 2003
Avoiding Viruses 2003Avoiding Viruses 2003
Avoiding Viruses 2003
 
Using Varnish with WordPress (#wcilm)
Using Varnish with WordPress (#wcilm)Using Varnish with WordPress (#wcilm)
Using Varnish with WordPress (#wcilm)
 
WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017
 
Framabag, Wallabag, together let’s decentralize internet !
Framabag, Wallabag, together let’s decentralize internet !Framabag, Wallabag, together let’s decentralize internet !
Framabag, Wallabag, together let’s decentralize internet !
 
Twitter Talk
Twitter TalkTwitter Talk
Twitter Talk
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy Style
 
Protecting online data unit 1
Protecting online data unit 1Protecting online data unit 1
Protecting online data unit 1
 
Httpd sys content_t_apache_linux
Httpd sys content_t_apache_linuxHttpd sys content_t_apache_linux
Httpd sys content_t_apache_linux
 
Maintaining a big open source project: lessons learned
Maintaining a big open source project: lessons learnedMaintaining a big open source project: lessons learned
Maintaining a big open source project: lessons learned
 
Importance of-website-backups
Importance of-website-backupsImportance of-website-backups
Importance of-website-backups
 
Community Career Center: The Beginner’s Guide to LastPass
Community Career Center: The Beginner’s Guide to LastPassCommunity Career Center: The Beginner’s Guide to LastPass
Community Career Center: The Beginner’s Guide to LastPass
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla Revealed
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
 
Installar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureInstallar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configure
 
iPhone offline webapps
iPhone offline webappsiPhone offline webapps
iPhone offline webapps
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linux
 
Future of Mobile Web - Coldfront conf
Future of Mobile Web - Coldfront confFuture of Mobile Web - Coldfront conf
Future of Mobile Web - Coldfront conf
 
apidays LIVE Singapore - The trouble with Webhooks by Phil Nash
apidays LIVE Singapore - The trouble with Webhooks by Phil Nashapidays LIVE Singapore - The trouble with Webhooks by Phil Nash
apidays LIVE Singapore - The trouble with Webhooks by Phil Nash
 

En vedette

The Semantic Web: The Why? What? How?
The Semantic Web: The Why? What? How?The Semantic Web: The Why? What? How?
The Semantic Web: The Why? What? How?iLinkoln Meetup
 
World history extra credit
World history extra creditWorld history extra credit
World history extra creditTate_Allen
 
World history extra credit
World history extra creditWorld history extra credit
World history extra creditTate_Allen
 
Networking for MBA
Networking for MBANetworking for MBA
Networking for MBAKK Bajpai
 
Pbe 3.0 final presentation 2011
Pbe 3.0 final presentation 2011Pbe 3.0 final presentation 2011
Pbe 3.0 final presentation 2011Tate_Allen
 
El psc de salt et necessita
El psc de salt et necessitaEl psc de salt et necessita
El psc de salt et necessitaEduard53
 

En vedette (7)

The Semantic Web: The Why? What? How?
The Semantic Web: The Why? What? How?The Semantic Web: The Why? What? How?
The Semantic Web: The Why? What? How?
 
World history extra credit
World history extra creditWorld history extra credit
World history extra credit
 
World history extra credit
World history extra creditWorld history extra credit
World history extra credit
 
Creative arts
Creative artsCreative arts
Creative arts
 
Networking for MBA
Networking for MBANetworking for MBA
Networking for MBA
 
Pbe 3.0 final presentation 2011
Pbe 3.0 final presentation 2011Pbe 3.0 final presentation 2011
Pbe 3.0 final presentation 2011
 
El psc de salt et necessita
El psc de salt et necessitaEl psc de salt et necessita
El psc de salt et necessita
 

Similaire à Protect Thy Computer and Thyself

Rob "Mubix" Fuller: Attacker Ghost Stories
Rob "Mubix" Fuller: Attacker Ghost StoriesRob "Mubix" Fuller: Attacker Ghost Stories
Rob "Mubix" Fuller: Attacker Ghost StoriesArea41
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPPich Pra Tna
 
Step by Step on How to Setup DarkComet
Step by Step on How to Setup DarkCometStep by Step on How to Setup DarkComet
Step by Step on How to Setup DarkCometPich Pra Tna
 
Anonymous security handbook
Anonymous security handbookAnonymous security handbook
Anonymous security handbooki4box Anon
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
Internet security lessons for IoT
Internet security lessons for IoTInternet security lessons for IoT
Internet security lessons for IoTDirk Zittersteyn
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014B2BPlanner Ltd.
 
Derby con 2014
Derby con 2014Derby con 2014
Derby con 2014TonikJDK
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Dan Kaminsky
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itZoltan Balazs
 
Data management and office communication
Data management and office communicationData management and office communication
Data management and office communicationRomulo Lopez
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterIT-oLogy
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 
West Chester - Tech Training Session 11
West Chester - Tech Training Session 11West Chester - Tech Training Session 11
West Chester - Tech Training Session 11William Mann
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self DefenseBarry Caplin
 
[Computer] hacking for dummies how to learn to hack in easy steps
[Computer] hacking for dummies how to learn to hack in easy steps[Computer] hacking for dummies how to learn to hack in easy steps
[Computer] hacking for dummies how to learn to hack in easy stepsLee Toulouse
 

Similaire à Protect Thy Computer and Thyself (20)

Rob "Mubix" Fuller: Attacker Ghost Stories
Rob "Mubix" Fuller: Attacker Ghost StoriesRob "Mubix" Fuller: Attacker Ghost Stories
Rob "Mubix" Fuller: Attacker Ghost Stories
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
 
Breaking out of restricted RDP
Breaking out of restricted RDPBreaking out of restricted RDP
Breaking out of restricted RDP
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIP
 
Step by Step on How to Setup DarkComet
Step by Step on How to Setup DarkCometStep by Step on How to Setup DarkComet
Step by Step on How to Setup DarkComet
 
Anonymous security handbook
Anonymous security handbookAnonymous security handbook
Anonymous security handbook
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014
 
Internet security lessons for IoT
Internet security lessons for IoTInternet security lessons for IoT
Internet security lessons for IoT
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014
 
Derby con 2014
Derby con 2014Derby con 2014
Derby con 2014
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
 
Academy4 l m
Academy4 l mAcademy4 l m
Academy4 l m
 
Data management and office communication
Data management and office communicationData management and office communication
Data management and office communication
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 
West Chester - Tech Training Session 11
West Chester - Tech Training Session 11West Chester - Tech Training Session 11
West Chester - Tech Training Session 11
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self Defense
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_ccc
 
[Computer] hacking for dummies how to learn to hack in easy steps
[Computer] hacking for dummies how to learn to hack in easy steps[Computer] hacking for dummies how to learn to hack in easy steps
[Computer] hacking for dummies how to learn to hack in easy steps
 

Dernier

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 

Dernier (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

Protect Thy Computer and Thyself

  • 1. Web 2.0 Big brother 2011. Start protect thyself
  • 2. Who? HTTP Requests, Responses Send username/password If TRUE. Set a Cookie As long as the cookie is alive. We use the cookie for all new requests.
  • 3. Status? Loggedin: • Cookies are secrets • We MUST keep them as secrets • But we aren’t doing that • Who’s work is it. (ALL OF US)
  • 4. WiFi. Aye! • Can you feel it, coming in the air tonight? • Yes its all in the air • Anyone can have them. Just listen and you have em
  • 5. Terminal Ask and ye shall be.. $ sudo tcpdump -A -i en1 tcp port 80
  • 6. Requesting POST /login.php?login_attempt/1.1 Host: login.facebook.com LOOK closely: email=yaya@yada.com&pass=holysh**AmH00ked
  • 8. What? How can u... “SIDE-JACKING” or Session Hijacking is where someone takes control of your session and starts doing everything you can do or worse on your account without your knowledge. You have probably seen emails from your FB friends that is spam but your friend did not send it. This is one type of things that can happen.
  • 9. Put on Protection - Avoid insecure sites on open Wifi - Avoid Starbucks Coffee. Nothing is free - Secure your Wifi Network at least with WPA2 + pre- shared key so you know who is connected at all times - You are on your own most times. All the best.
  • 10. SSL? - Don matter. Attackers can redirect your browser using SSLStrip - Avoid insecure sites while on wifi. - Sites like gmail by default are much better due to full blown SSL all through. -Logging out doesn’t make session invalid. “Remember Me” check box?
  • 11. Use only secure L/WAN • At least WPA2 encryption (protects against each other) • Avoid Starbucks Wifi • Check your network operators credentials • ISPs? • Try VPN
  • 12. One-on-One yessss • Generally traffic should be end-to-end
  • 13. DONT EAT SHIT • IGNORANT Service providers • EXCUSES: We are working on it, we Care, we are Scaling
  • 14. GMAIL Full SSL JAN 2010 “We had to deploy no additional machines and no special Hardware.” - http://www.imperialviolet.org/2010/06/25/ overlocking-ssl.html
  • 15. How BAD? Email not up there(Hotmail) FB, Twitter is your main communication network Loads of sites do it wrong
  • 16. Its really BAAAD Check this out FIRESHEEP Eric Butler & Ian Gallagher San Diego October 21010
  • 17. FIRESHEEP Firefox Extension Mac OS X Windows XP Firefox 3 Not 4 http://codebutler.github.com/firesheep
  • 18. Companies Must Act They MUST PROTECT there Users and Websites. Its their Maternal Responsibility. They Don’t? DEMAND SSL EVERYWHERE
  • 19. No Qs? Good the-CRAB @ilinkoln iLinkoln 23/10/2010

Notes de l'éditeur

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n