Your SlideShare is downloading. ×

Security is sexy again

1,073

Published on

presented at @IDC Security Information event

presented at @IDC Security Information event

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,073
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security is sexy again ------ no, not that kind of sexy by Vitor Domingos @ IDC -Information Security
  • 2.  
  • 3.  
  • 4.  
  • 5.  
  • 6. Vitor Domingos [email_address] http://vitordomingos.com - cloud computing & security consultant - thenextweb.com editor - mobilemonday founder - videocaster - ex failed entrepreneur - ex ITIJ / MJ - ex CGD - ex forumB2B - ex Maxitel - ex Jazztel
  • 7. VERY IMPORTANT AGENDA - First - Second - Third
  • 8.  
  • 9.  
  • 10.  
  • 11. OLD SCHOOL - anti virus - IDS, firewall, scanners - encryption, DMZ, password enforcement - data protection & security governance - some other commercial bullshit bingo - social engineering
  • 12.  
  • 13.  
  • 14. NEW SCHOOL - social engineering and hacking - id theft (banks) - phishing, spoofing, vishing, brandjacking - spam, bot networks, malware, pharming - XSS (twitter) - private data harvesting (facebook)
  • 15.  
  • 16.  
  • 17.  
  • 18.  
  • 19. Security Menace History 1.0 – FUN - Virus, Stealing Information 2.0 – MONEY - Worms, Trojans, Virus 3.0 – MONEY 2.0 - DDoS, Trojans, ID Theft 4.0 – MARKETING FarmVille, Mafia Wars, Data Theft
  • 20. Security is (now) personal 1.0 - Direct - One-on-One - Hardware/Software 2.0 - Cloud - Distributed - Social - Personal
  • 21. Firewall History 1 Gen – Packet Filter 2 Gen – Application Layer 3 Gen – Stateful Filter 4 Gen – Semantic 5 Gen – Personal
  • 22. Security got smaller and distributed USB PEN SD Card Phone Smartphone Cloud SaaS IaaS NaaS DaaS ...
  • 23.  
  • 24. Phones ... - 15 years of pure unsecurity and few exploits - mobile is the most personal and private item we own - phones are now computers, the personal kind - they even run full operating systems
  • 25. What's in ... - phone calls; - addressbook; - emails; - sms; - mms; - browser history; - pictures and some documents; - calendar; - gps tracking data; - shop details; - credit card info; - other sync evilness
  • 26.  
  • 27. GSM Cracked - A51 Rainbowtable cracking software (reflextor.com/trac/a51) - GSM interception software (airprobe.org) - Software defined radio (gnuradio.org) - Cheap radion software (ettus.com/products)
  • 28.  
  • 29. 2010 - UTMS cracked (on paper) - Sandwich attack - MMS Remote Exploit - iPhone SMS Remote Exploit - Bluetooth Spamming and Attacks (bluesnarfing, bluebug, bluebugging) -$18 bluetooth sniffer - Bluetooth audio flow to headset interception - Over the air wire tapping - ... and what about flash ? :)
  • 30.  
  • 31.  
  • 32. Future (risks?) - Near Field Communications 2008: hacking NFC phones, URI spoofing, NDEF worm; 2010: Nokia announces that all phones will be NFC ready - Mobile javascript in the browser (2000 called and they want to block javascript all again) - Phone SSL, VPN - Location Based something - gowalla//forsquare problems
  • 33. Future (risks?) - Spyware disguised as apps (cydia iphone appstore, android apps) - Virus/Worm/Botnet - iphone; vodafone memory card spyware bug on android phones - Tinyurl problems (?) - Social phishing from fake call centers - Data Leaks - Startups with little security concerns
  • 34. New world out (t)here - Earth calling security, hello ? - Fresh new start (cloud, distributed, mobile, web) - Think global - Same old-school practices apply; new skills - SME/SMB - Security as a Service
  • 35.  
  • 36.  
  • 37.  

×