• Save
E Crime Mid Year Meeting London
Upcoming SlideShare
Loading in...5
×
 

E Crime Mid Year Meeting London

on

  • 1,161 views

 

Statistics

Views

Total Views
1,161
Views on SlideShare
1,151
Embed Views
10

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 10

http://www.linkedin.com 6
https://www.linkedin.com 4

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

E Crime Mid Year Meeting London E Crime Mid Year Meeting London Presentation Transcript

  • Don’t be blinded by The Light Jason Hart CISSP CISM SVP CRYPTOCard
  • About Me
  • Legal Disclaimer ALWAYS GET PERMISSION IN WRITING. – Performing “scans” against networked systems without permission is illegal. Password cracking too – You are responsible for your own actions! – If you go to jail because of this material it’s not my fault, although I would appreciate it if you dropped me a postcard. – This presentation references tools and URLs - use them at your own risk!
  • Accepted Security Principles • Confidentiality HOW DO I • Integrity ACHIEVE THIS IN A CLOUDY WORLD? • Availability • Accountability • Auditability
  • Welcome to the 3rd Age of Hacking (It’s Easier) • 1st Age: Servers • Servers • FTP, Telnet, Mail, Web. • These were the things that consumed bytes from a bad guy • The hack left a foot print • 2nd Age: Browsers: • Javascript, ActiveX, Java, Image Formats, DOMs • These are the things that are getting locked down – Slowly – Incompletely • 3rd Age: Passwords: - Simplest and getting easier • Gaining someone's password is the skeleton key to their life and your business • Totally invisible – no trace
  • Cyber Crime – Cloud Attack Welcome to the Future of Hacking • Channels: web, mail, open services • Targeted attacks on premium resources • Carpet bombing for most attacks • Secondary infections through controlled outposts
  • Authentication Mechanisms • HTTP Authentication – Basic Authentication – Digest Authentication • Integrated Windows (NTLM) Authentication • Certificate-Based Authentication • Forms-based Authentication
  • Password Surfing ☺ "login: *" "password: *" filetype:xls • This returns xls files containing login names and passwords.
  • Auto Meta Data Mining • Automated doc search via Google/Bing • Specify domains to target • Automated download and analysis of docs
  • The Weapons Key loggers both software and hardware So easy And many more
  • ToR • ToR is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet and is being used by Governments World Wide
  • 100 Government & Embassy Passwords I uncovered last year on a hacking forum – reported to Hi Tech Crime Unit Indian Embassy in Oman 65.109.245.38 da da01877y Kazakhstan Embassy in Russia 81.176.67.157 akmaral@kazembassy.ru 86rb43 Kyrgyztan Embassy in Iran 212.42.96.15 embiran asdfgh Uzbekistan Consulate in France 57.66.151.179 Parij_C p2a2r0i9j Kazakhstan Embassy in Russia 81.176.67.157 alla@kazembassy.ru vhs35 Kyrgyztan Embassy in kazakhstan 212.42.96.15 kaz_emb W34#eEDd Kazakhstan Embassy in212.34.224.157 m0006614 Berlin_C b5a6h7o8r9 dol57 Uzbekistan Consulate in Germany 57.66.151.179 Indian Embassy in Italy Russia 81.176.67.157 askarest@kazembassy.ru srpq86m Uzbekistan Embassy in Russia57.66.151.179 Dehli_C i1n9d5u6 Kazakhstan Consulate in India 81.176.67.157 b.kuatbekova@kazembassy.ru bk145 Indian Embassy in Belgium 212.100.160.114 commercial@indembassy.be india01 Uzbekistan Consulate in New York 57.66.151.179 Nyu_York_UN t2r7d31ln8 Kazakhstan Embassy in Russia 81.176.67.157 baimenche@kazembassy.ru 1956 Mongolian Embassy in USA 209.213.221.249 esyam@mongolianembassy.us temp Uzbekistan Consulate in South Korea 57.66.151.179 Seul_C s1e7u0l7c Kazakhstan Embassy in Russia 81.176.67.157 den@kazembassy.ru bek70 Mongolian Embassy in USA 209.213.221.249 j.mendee@mongolianembassy.us temp Uzbekistan Consulate in USA 57.66.151.179 Vashington_c s7a9s5h3a1 Kazakhstan Embassy in Russia 81.176.67.157 emo@kazembassy.ru art35 Mongolian Embassy in USA 209.213.221.249 n.tumenbayar@mongolianembassy.us temp Uzbekistan Embassy in Afghanistan 57.66.151.179 AfghanQ a1f2g3h4a5n6q Kazakhstan Embassy in Russia 81.176.67.157 galikhin@kazembassy.ru aGC4jyfPassword UK Visa Application Centre in Nepal 208.109.119.54 vfsuknepal@vfs-uk-np.com The Office ofEmbassy in Afghanistantlc@dalailama.com tsephell Uzbekistan Dalai Lama 65.19.137.2 57.66.151.179 afghanm a1f1g0h1a0n2m
  • LIVE e-
  • Next Generation Social Engineering • http://twitter.com/#search?q=New%20Job%20Role • http://twitter.com/#search?q=Hacked%20Password
  • Simple Iphone User Attack …. User www Hacker
  • What is the Solution?
  • What’s the solution Some options are more secure than others • Create a password policy • Improve your password security • Implement Two-Factor Authentication
  • Solving the password problem User productivity requires simple, flexible, continuous and secure access to information Internal people Branch Offices PDA Users Remote Users 3rd Party Access Users and their workspaces Password Solution to password problem Two-factor authentication – a unique identity for every user, every time they log in, using: something they know + something they have Your Cloud Business processes, applications and company assets
  • Jason Hart CISSP CISM Blog: www.twofactor.blogspot.com Jason.Hart@CRYPTOCard.com Thank you