Tisa-Social Network and Mobile Security

631 views
491 views

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
631
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Tisa-Social Network and Mobile Security

  1. 1. Advanced Social Network and Mobile AttackNipon Nachin, Consulting ManagerITIL Expert, CISSP, GIAC GFCA, CISA, CISM, CSSLP, AMBCI, IRCA ISMS, ITSMS, BCMS ProvisionalAuditor, SSCP, Security+Prathan Phongthiproek, Red-Team ManagereCPPT, E|CSA, C|EH, CIW Security Analyst, CPTS, CWNP, CWSP, Security+, ITIL-FACIS Professional Center
  2. 2. Social Network RSS feedSource: 2008 CSI Computer Crime & Security Survey2
  3. 3. Social Network Threats 1) Malware Spam 2) Drive-By-Download 3) Malicious Applications 4) Session HijackingSource: 2008 CSI Computer Crime & Security Survey3
  4. 4. Malware Spam 1) Osama execution video scam 2) Enable dislike button 3) Top 10 profile spiesSource: 2008 CSI Computer Crime & Security Survey4
  5. 5. Malware SpamSource: 2008 CSI Computer Crime & Security Survey5
  6. 6. Drive-By-Download 1) Malicious URL Shorten 2) Internet Explorer / Mozilla Firefox / Safari / Chrome Vulnerabilities 3) Web Browsers Toolbar 4) Adobe products vulnerabilities; **Flash, PDF, Etc 5) ActiveX and Java AppletsSource: 2008 CSI Computer Crime & Security Survey6
  7. 7. Drive-By-DownloadSource: 2008 CSI Computer Crime & Security Survey7
  8. 8. Drive-By-Download (1) Client visit the landing page (2) Redirect to get exploit (3) Redirect to get exploit Victim (4) Download exploitSource: 2008 CSI Computer Crime & Security Survey8
  9. 9. Drive-By-Download Spyware Adware Viruses Unwanted/ offensive Trojans content Potentially unwanted Worms applications PhishingSource: 2008 CSI Computer Crime & Security Survey9
  10. 10. Drive-By-DownloadSource: 2008 CSI Computer Crime & Security Survey1
  11. 11. Malicious Facebook ApplicationsSource: 2008 CSI Computer Crime & Security Survey
  12. 12. Malicious Facebook ApplicationsSource: 2008 CSI Computer Crime & Security Survey
  13. 13. Malicious Facebook ApplicationsSource: 2008 CSI Computer Crime & Security Survey
  14. 14. Sessions HijackingSource: 2008 CSI Computer Crime & Security Survey
  15. 15. Sessions Hijacking with Firesheep 1) For now, Unable to attack Facebook **Have to Modify source code 2) Only support over HTTP - Hotmail, Twitter, Facebook, Etc 3) Sniff on-the-Fly (Wifi Hotspot) 4) Over Network, Have to ARP poisoningSource: 2008 CSI Computer Crime & Security Survey
  16. 16. Sessions HijackingSource: 2008 CSI Computer Crime & Security Survey
  17. 17. Sessions Hijacking Over HTTPS 1) Using SSLStrip for kill SSL sessions 2) Rouge Access point or Arp poisoning on the wireSource: 2008 CSI Computer Crime & Security Survey
  18. 18. Sessions Hijacking Over HTTPS
  19. 19. Mobile ThreatsSource: 2008 CSI Computer Crime & Security Survey1
  20. 20. BlackBerry
  21. 21. Mobile Safari Still Vulnerable To Pwn2Own Exploit
  22. 22. Mobile Web Browsers Common problem: bad security UX
  23. 23. Android Content Provider File Disclosure
  24. 24. Google Latitude Zero Day Attack
  25. 25. Google Latitude Zero Day Attack
  26. 26. Google Latitude Zero Day Attack - Example https://www.google.com/accounts/ServiceLoginAuth?Username =morphuesor@gmail.com&password=xxxxxx&s=sss=&xxx=dd dddd
  27. 27. Google Latitude Zero Day Attack on iPhone
  28. 28. Google Latitude Zero Day Attack
  29. 29. FlexiSPY BlackBerry Spy Phone
  30. 30. FlexiSPY Apple iPhone Spyphone
  31. 31. Spyphone – ดักฟังการสนทนา 31
  32. 32. 28th – 29th June 2011, Grand Millennium Sukhumvit, Bangkok
  33. 33. http://www. TISA.or.th Copyright © 2009 TISA and its respective author (Thailand Information Security Association) Please contact : varapong@acisonline.net

×