Security? Who cares! - Brett Hardin

Security? Who Cares! Privacy is Dead Brett Hardin March 3, 2010 1 BsidesSF

Who Am I Brett Hardin @miscsecurity Old Lives: ✓Pen Tester ✓Security Researcher Currently: ✓Product Manager Brett Hardin - BsidesSF 2

• Inviting my Dad to LinkedIn Brett Hardin - BsidesSF 3

Disconnected Generation • “Older” Generations don’t get it. • “Younger” Generations do. • Do They? Brett Hardin - BsidesSF 4

Geo Location • Geo Location becoming more available. • Open APIs make this Scary Brett Hardin - BsidesSF 5

Permission Based Systems • When you tweet out your Foursquare check-ins (some people even do this automatically), it essentially makes Foursquare an asymmetric network. And believe it or not, some people are doing that without really thinking about it. Or they’re doing it because it’s easier to gain friends/followers on an asymmetric network. • Connecting them to non-permission based systems. Brett Hardin - BsidesSF 6

Brett Hardin - BsidesSF 7

Brett Hardin - BsidesSF 8

A mayor you say? Brett Hardin - BsidesSF 9

http://foursquare.com/venue/1404526 Brett Hardin - BsidesSF 10

• Share a bunch of information with people you don’t care about. • “Connect” with old friends • Flog the dead horse. Brett Hardin - BsidesSF 11

DOD okays use of Social Networks • February 26, 2010 • DOD okays use of Social Networks • (http://www.defense.gov/NEWS/DTM%2009-026.pdf) • “Scary Precedent”? • http://wefollow.com/twitter/military Brett Hardin - BsidesSF 12

• Who has heard of Blippy? Brett Hardin - BsidesSF 13

Social Demographics being harvested • To identify “creditworthy” customers, CC companies are beginning to harvest info from social networking sites. • http://www.creditcards.com/credit-card-news/social-networking- social-graphs-credit-1282.php Brett Hardin - BsidesSF 14

! Security as a Process • How many times have you heard this? • It’s not working! • We need new concepts. • People will continue to get compromised. Brett Hardin - BsidesSF 15

Are we doing our Job? (Raise your hands) • Who here works for a company who creates software? • Who here, be honest, has an actual SDLC process? • Who started one? Brett Hardin - BsidesSF 16

What can we do? • Work Harder? • Complain? • Drop It? • http://www.youtube.com/watch?v=6qIgVrOy9vM • “It’s over Johnny, It’s Over!” • “Nothing is Over! Nothing!” Brett Hardin - BsidesSF 17

Where to Begin? • I don’t know. • Embrace it? • Public Networks are Public Brett Hardin - BsidesSF 18

http://misc-security.com	461
http://bretthard.in	62
http://localhost	23
http://feeds.feedburner.com	15
http://www.slideshare.net	2

Security? Who cares! - Brett Hardin

by Security B-Sides on Mar 08, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

5 Embeds 563

Statistics

Security? Who cares! - Brett Hardin — Presentation Transcript