OLD SCHOOL - anti virus - IDS, firewall, scanners - encryption, DMZ, password enforcement - data protection & security governance - some other commercial bullshit bingo - social engineering
NEW SCHOOL - social engineering and hacking - id theft (banks) - phishing, spoofing, vishing, brandjacking - spam, bot networks, malware, pharming - XSS (twitter) - private data harvesting (facebook)
Security Menace History 1.0 – FUN - Virus, Stealing Information 2.0 – MONEY - Worms, Trojans, Virus 3.0 – MONEY 2.0 - DDoS, Trojans, ID Theft 4.0 – MARKETING FarmVille, Mafia Wars, Data Theft
Security is (now) personal 1.0 - Direct - One-on-One - Hardware/Software 2.0 - Cloud - Distributed - Social - Personal
Firewall History 1 Gen – Packet Filter 2 Gen – Application Layer 3 Gen – Stateful Filter 4 Gen – Semantic 5 Gen – Personal
Security got smaller and distributed USB PEN SD Card Phone Smartphone Cloud SaaS IaaS NaaS DaaS ...
Phones ... - 15 years of pure unsecurity and few exploits - mobile is the most personal and private item we own - phones are now computers, the personal kind - they even run full operating systems
What's in ... - phone calls; - addressbook; - emails; - sms; - mms; - browser history; - pictures and some documents; - calendar; - gps tracking data; - shop details; - credit card info; - other sync evilness
GSM Cracked - A51 Rainbowtable cracking software (reflextor.com/trac/a51) - GSM interception software (airprobe.org) - Software defined radio (gnuradio.org) - Cheap radion software (ettus.com/products)
2010 - UTMS cracked (on paper) - Sandwich attack - MMS Remote Exploit - iPhone SMS Remote Exploit - Bluetooth Spamming and Attacks (bluesnarfing, bluebug, bluebugging) -$18 bluetooth sniffer - Bluetooth audio flow to headset interception - Over the air wire tapping - ... and what about flash ? :)
Future (risks?) - Spyware disguised as apps (cydia iphone appstore, android apps) - Virus/Worm/Botnet - iphone; vodafone memory card spyware bug on android phones - Tinyurl problems (?) - Social phishing from fake call centers - Data Leaks - Startups with little security concerns
New world out (t)here - Earth calling security, hello ? - Fresh new start (cloud, distributed, mobile, web) - Think global - Same old-school practices apply; new skills - SME/SMB - Security as a Service
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.