Social and Mobile and Cloud OH MY!

  • 433 views
Uploaded on

Presented at InnoTech Oklahoma by Tyler Shields on 11-3-2011. All rights reserved.

Presented at InnoTech Oklahoma by Tyler Shields on 11-3-2011. All rights reserved.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
433
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. What is the same with these twitter accounts?
  • 2. They have all been hacked!
  • 3. Social Networking
  • 4. Mobile Computing
  • 5. Mobile Computing
  • 6. The Cloud
  • 7. The Times They Are a Changing..
  • 8. I’m Secure, I Have A Firewall!
  • 9. Malware Is for PCs!
  • 10. Viral AdoptionRefers to a system architecture that can beadopted incrementally, and gains momentum as it scales.http://dl.media.mit.edu/viral/viral.pdf - Viral Communications, Media Laboratory Research Draft May 19 th 2003
  • 11. New Age Malware• Decentralized• Interconnected• Mobile• Quick Content Publishing• Decentralized• Interconnected• Mobile• Has Access to Data
  • 12. KoobFace• Social media worm• Propagation via Facebook messages• Propagation via Facebook wall posts• Spams your friend list to an “update for Adobe Flash”• Installs pay per install malware on target• Infected computers operate as a botnet
  • 13. I Know EXACTLY Where All My Data LivesSure it’s Safe in the Cloud!
  • 14. The Path Your Data Takes Approved Cloud Vendor The Office Central Sub-Cloud Vendor Server Sub-Cloud Vendor The Calendar Mirrored via Google Laptop – Stolen At The Airport The Lost iPhone The Hacked Home PC Google Docs ToIndirect: Ooops Did I Say Share With remote That on Facebook?! Co-Worker
  • 15. Own The Borg, Own The WORLD!In 2009, Twitter gets COMPLETELY owned… TWICE!Brute force password attack of targeted user reveals a passwordof “Happiness” – User is a Twitter admin… OWNED!A French hacker owns the Yahoo email account of a user ontwitter. He then resets that users twitter password and views theemail in the Yahoo account. User is a twitter admin… OWNED!
  • 16. Own The Borg, Own The WORLD!6/19/11 1:54 PM: Dropbox pushes code breaking authentication6/19/11 5:46 PM: Dropbox pushes fix to authentication bug What can YOU do with four hours of access to every user’s data?!
  • 17. I Know Exactly What My Code Does!Besides, Application Permissions Keep Me Safe!
  • 18. Code Reuse, Outsourcing, And Third Party Libraries Most Code Is: Reused Outsourced Third Party Libraries (with source) Third Party Libraries (binary format)Your vendors don’t know what their code does either!
  • 19. • • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• • •• •• •• •• •
  • 20. WSJ Article Discloses NJProsecutor’s Investigation JD-GUI Pandora App Publish Blog Post • Location • Bearing Investigate Other • Altitude Applications • Android ID Publish second blog postingwith updated findings regarding permissions and other apps Pandora Removes Ad Libraries
  • 21. Here’s Some Numbers…53,000 Applications AnalyzedAndroid Market: ~48,0003rd Party Markets: ~5,000Permissions RequestedAverage: 3Most Requested: 117Top “Interesting” PermissionsGPS information: 24% (11,929)Read Contacts: 8% (3,626)Send SMS: 4% (1,693)Receive SMS: 3% (1262)Record Audio: 2% (1100)Read SMS: 2% (832)Process Outgoing Calls: % (323)Use Credentials : 0.5% (248)
  • 22. Here’s Some Numbers…Third Party LibrariesTotal Third Party Libraries: ~83,000Top Shared Libraries com.admob 38% (18,426 apps ) org.apache 8% ( 3,684 apps ) com.google.android 6% ( 2,838 apps ) com.google.ads 6% ( 2,779 apps ) com.flurry 6% ( 2,762 apps ) com.mobclix 4% ( 2,055 apps ) com.millennialmedia 4% ( 1,758 apps) com.facebook 4% ( 1,707 apps)
  • 23. Of Course It’s Secure,It’s Got A Password On It!
  • 24. Passwords and Password Reuse Passwords STINK!• Passwords < 6 characters long ~30%• Passwords from limited alpha-numeric key set ~60%• Used names, slang words, dictionary words trivial passwords, consecutive digits, etc. ~50%• Not only a user problem• Secret questions – bad idea!• SQL Injection compromises up 43% year over year • HBGary, Xfactor, Fox.Com, PBS, FBI, Pron.com, … • Sony, Sony, Sony… oh.. Yeah.. SONY! • Password reuse?http://www.scmagazineus.com/hacker-attacks-against-retailers-up-43-percent/article/214125/
  • 25. The Golden Rule
  • 26. The Golden Rule
  • 27. In Summary Mobile The perimeter is dead Must secure from the data out Computing will be ubiquitous and hidden Social The perfect breeding ground for malware Passwords STINK! Cloud The path of data is uncontrollableYou can’t rely on permissions – It just won’t workSecuring ALL of your code is the only real defense
  • 28. Mobile + Social + Cloud =A New Security Paradigm Think Different
  • 29. Email: tshields@veracode.com @txs