Web 2.0Big brother 2011. Start    protect thyself
Who?               HTTP          Requests, Responses       Send username/password          If TRUE. Set a CookieAs long as...
Status?           Loggedin:• Cookies are secrets• We MUST keep them as secrets• But we aren’t doing that• Who’s work is it...
WiFi. Aye!• Can you feel it, coming in the air tonight?• Yes its all in the air• Anyone can have them. Just listen and you...
TerminalAsk and ye shall be..$ sudo tcpdump -A -i en1 tcp port 80
RequestingPOST /login.php?login_attempt/1.1Host: login.facebook.comLOOK closely:email=yaya@yada.com&pass=holysh**AmH00ked
Answered.HTTP/1.1 302 FoundLocation:http://www.facebook.com/home.phpset-Cookie: xs=ajwsddlfgs2454lIUYQHAWhsalqas
What? How can u...                    “SIDE-JACKING”or Session Hijacking is where someone takes control ofyour session and...
Put on Protection- Avoid insecure sites on open Wifi- Avoid Starbucks Coffee. Nothing is free- Secure your Wifi Network at l...
SSL?- Don matter. Attackers can redirect your browser usingSSLStrip- Avoid insecure sites while on wifi.- Sites like gmail ...
Use only secure L/WAN• At least WPA2 encryption (protects against  each other)• Avoid Starbucks Wifi• Check your network op...
One-on-One yessss• Generally traffic should be end-to-end
DONT EAT SHIT• IGNORANT Service providers• EXCUSES: We are working on it, we Care,  we are Scaling
GMAIL              Full SSL JAN 2010“We had to deploy no additional machines and no              special Hardware.”   - ht...
How BAD?           Email not up there(Hotmail)FB, Twitter is your main communication network             Loads of sites do...
Its really BAAAD      Check this out       FIRESHEEP         Eric Butler              &       Ian Gallagher San Diego Octo...
FIRESHEEP          Firefox Extension             Mac OS X           Windows XP          Firefox 3 Not 4http://codebutler.g...
Companies Must ActThey MUST PROTECT there Users and Websites. Its their             Maternal Responsibility.              ...
No Qs?      Good    the-CRAB    @ilinkolniLinkoln 23/10/2010
Upcoming SlideShare
Loading in …5
×

Protect Thy Computer and Thyself

378 views

Published on

Protecting yourself from evil eyes on your network will keep you safe. By Nelson Kelem at iLinkoln Digital Media Meetup in Lincoln

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
378
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Protect Thy Computer and Thyself

    1. 1. Web 2.0Big brother 2011. Start protect thyself
    2. 2. Who? HTTP Requests, Responses Send username/password If TRUE. Set a CookieAs long as the cookie is alive. We use the cookie for all new requests.
    3. 3. Status? Loggedin:• Cookies are secrets• We MUST keep them as secrets• But we aren’t doing that• Who’s work is it. (ALL OF US)
    4. 4. WiFi. Aye!• Can you feel it, coming in the air tonight?• Yes its all in the air• Anyone can have them. Just listen and you have em
    5. 5. TerminalAsk and ye shall be..$ sudo tcpdump -A -i en1 tcp port 80
    6. 6. RequestingPOST /login.php?login_attempt/1.1Host: login.facebook.comLOOK closely:email=yaya@yada.com&pass=holysh**AmH00ked
    7. 7. Answered.HTTP/1.1 302 FoundLocation:http://www.facebook.com/home.phpset-Cookie: xs=ajwsddlfgs2454lIUYQHAWhsalqas
    8. 8. What? How can u... “SIDE-JACKING”or Session Hijacking is where someone takes control ofyour session and starts doing everything you can do orworse on your account without your knowledge.You have probably seen emails from your FB friends thatis spam but your friend did not send it. This is one typeof things that can happen.
    9. 9. Put on Protection- Avoid insecure sites on open Wifi- Avoid Starbucks Coffee. Nothing is free- Secure your Wifi Network at least with WPA2 + pre-shared key so you know who is connected at all times- You are on your own most times. All the best.
    10. 10. SSL?- Don matter. Attackers can redirect your browser usingSSLStrip- Avoid insecure sites while on wifi.- Sites like gmail by default are much better due to fullblown SSL all through.-Logging out doesn’t make session invalid. “Remember Me” check box?
    11. 11. Use only secure L/WAN• At least WPA2 encryption (protects against each other)• Avoid Starbucks Wifi• Check your network operators credentials• ISPs?• Try VPN
    12. 12. One-on-One yessss• Generally traffic should be end-to-end
    13. 13. DONT EAT SHIT• IGNORANT Service providers• EXCUSES: We are working on it, we Care, we are Scaling
    14. 14. GMAIL Full SSL JAN 2010“We had to deploy no additional machines and no special Hardware.” - http://www.imperialviolet.org/2010/06/25/ overlocking-ssl.html
    15. 15. How BAD? Email not up there(Hotmail)FB, Twitter is your main communication network Loads of sites do it wrong
    16. 16. Its really BAAAD Check this out FIRESHEEP Eric Butler & Ian Gallagher San Diego October 21010
    17. 17. FIRESHEEP Firefox Extension Mac OS X Windows XP Firefox 3 Not 4http://codebutler.github.com/firesheep
    18. 18. Companies Must ActThey MUST PROTECT there Users and Websites. Its their Maternal Responsibility. They Don’t? DEMAND SSL EVERYWHERE
    19. 19. No Qs? Good the-CRAB @ilinkolniLinkoln 23/10/2010

    ×