SlideShare a Scribd company logo

B-sides Las Vegas - social network security

Download as PPT, PDF
D
Damon Cortesi

A presentation I gave at the first b-sides Las Vegas security conference showing the security challenges we face going forward in the era of open-by-default social networking.

Technology
1 of 59
Twitter API Hacks Unicorns Hacks Unicorns ,[object Object],[object Object],Social Networking, Raping the Twitter API, the Age Before Firewalls/Unicorns and the Pitfalls of Rapid Application Development -- Crowd-sourced version. ;)
@dacort
A Twistory of Security #fail Security #fail
April 2008 ,[object Object]
July 2008 ,[object Object]
 
Fix ,[object Object],[object Object],[object Object]
#FAIL ,[object Object]
 
November 2008 ,[object Object]
 
Password Security 5 Minutes Later
December 2008 ,[object Object]
December 2008 ,[object Object],[object Object]
Retrieve Username $.getJSON(&quot; http://twitter.com /statuses/user_timeline?count=1&callback=? &quot;, function(data) { alert(&quot;Username is: &quot; + data[0].user.screen_name ) }); {&quot;text&quot;:&quot;Pretty sure humans have kneecaps so we can slam them into tables. *ow*&quot;,&quot;truncated&quot;:false, &quot;user&quot; :{&quot;following&quot;:null,&quot;time_zone&quot;:&quot;Pacific Time (US & Canada)&quot;,&quot;description&quot;:&quot;Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http:tweetstats.com and http:ratemytalk.com).&quot;, &quot;screen_name&quot;:&quot;dacort&quot; ,&quot;utc_offset&quot;:-28800,&quot;profile_sidebar_border_color&quot;:&quot;87bc44&quot;,&quot;notifications&quot;:null,&quot;created_at&quot;:&quot;Thu Dec 21 07:14:05 +0000 2006&quot;,&quot;profile_text_color&quot;:&quot;000000&quot;,&quot;url&quot;:&quot;http:dcortesi.com&quot;,&quot;name&quot;:&quot;Damon Cortesi&quot;,&quot;statuses_count&quot;:21385,&quot;profile_background_image_url&quot;:&quot;http:static.twitter.comimagesthemestheme1bg.gif&quot;,&quot;followers_count&quot;:4441,&quot;protected&quot;:false,&quot;profile_link_color&quot;:&quot;A100FF&quot;,&quot;profile_background_tile&quot;:false,&quot;friends_count&quot;:1775,&quot;profile_background_color&quot;:&quot;000000&quot;,&quot;verified&quot;:false,&quot;favourites_count&quot;:202,&quot;profile_image_url&quot;:&quot;http:s3.amazonaws.comtwitter_productionprofile_images90802743Famous_Glasses_normal.jpg&quot;,&quot;location&quot;:&quot;Seattle, WA&quot;,&quot;id&quot;:99723,&quot;profile_sidebar_fill_color&quot;:&quot;e0ff92&quot;},&quot;in_reply_to_status_id&quot;:null,&quot;created_at&quot;:&quot;Mon Jul 27 21:37:53 +0000 2009&quot;,&quot;in_reply_to_user_id&quot;:null,&quot;favorited&quot;:false,&quot;in_reply_to_screen_name&quot;:null,&quot;id&quot;:2877957719,&quot;source&quot;:&quot;<a href=amp;quot;http: www.atebits.com amp;quot;>Tweetie<a>&quot;}
Courtesy of @harper
January 2009 ,[object Object],[object Object],[object Object],[object Object],[object Object]
March 2009 ,[object Object],[object Object],[object Object]
April 2009 ,[object Object],[object Object],[object Object]
April 2009 ,[object Object],[object Object],[object Object]
 
April 2009 ,[object Object],[object Object],[object Object],[object Object]
Saturday, April 11 Sunday, April 12
Monday, April 13 Friday, April 17
 
July 2009 ,[object Object]
Cloud Services ,[object Object],[object Object],[object Object],[object Object],[object Object]
Cloud vs ? ,[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Before I continue... ,[object Object],[object Object],[object Object],[object Object]
Not just Twitter ,[object Object],[object Object],[object Object],[object Object],[object Object]
Phishing ,[object Object],[object Object],[object Object],[object Object],[object Object]
Malware || Misinformation ,[object Object]
Too easy...
But wait, there’s more
And MORE!
Users - #twitterpornname ,[object Object],[object Object]
Oh, Shorteners...
 
TinyURL @rafallos
Third Parties ,[object Object],[object Object],[object Object]
Not just Twitter ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
OAuth Will Save us All
Not really... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Again, Not just Twitter “ What Other Users Can See via the Facebook Platform” “ When a friend of yours allows an application to access their information, that application may also access any information about you that your friend can already see.”
#FAIL ,[object Object],[object Object],[object Object],[object Object],[object Object]
In ur Cookies
The rest of Web 2.0 ,[object Object]
Info Disclosure ,[object Object],[object Object]
Poor Design ,[object Object],[object Object],[object Object],[object Object]
Geo-Loc SQLi ,[object Object],[object Object],[object Object],[object Object],[object Object]
Web 2.0 Frameworks ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
Web 2.0 Frameworks ,[object Object],[object Object],[object Object],[object Object],[object Object]
RESTful APIs ,[object Object],[object Object]
Why? ,[object Object],[object Object],[object Object],[object Object]
Disclosure... ,[object Object],[object Object]
Web Disclosure ,[object Object],[object Object],[object Object],[object Object],[object Object]
Solutions? ,[object Object],[object Object],[object Object]

Recommended

Year 7 - Week 5 esafety
Year 7 - Week 5 esafetyYear 7 - Week 5 esafety
Year 7 - Week 5 esafetyteachesict
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
obtain additional security
obtain additional security obtain additional security
obtain additional security snobbishmishap958
 
Social Networking Presentation
Social Networking PresentationSocial Networking Presentation
Social Networking PresentationDerwin Kitch
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014B2BPlanner Ltd.
 
Twarfing: Malicious Tweets
Twarfing: Malicious TweetsTwarfing: Malicious Tweets
Twarfing: Malicious TweetsCostin Raiu
 
Border crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsBorder crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsErnest Staats
 

Recommended

Year 7 - Week 5 esafety
Year 7 - Week 5 esafetyYear 7 - Week 5 esafety
Year 7 - Week 5 esafetyteachesict
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
obtain additional security
obtain additional security obtain additional security
obtain additional security snobbishmishap958
 
Social Networking Presentation
Social Networking PresentationSocial Networking Presentation
Social Networking PresentationDerwin Kitch
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014B2BPlanner Ltd.
 
Twarfing: Malicious Tweets
Twarfing: Malicious TweetsTwarfing: Malicious Tweets
Twarfing: Malicious TweetsCostin Raiu
 
Border crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsBorder crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsErnest Staats
 
hire a hacker
hire a hackerhire a hacker
hire a hackerhackany1
 
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Jbyte
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Hacker halted2
Hacker halted2Hacker halted2
Hacker halted2samsniderheld
 
Internet for everyone
Internet for everyoneInternet for everyone
Internet for everyoneAshesh R
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHPAllan Shone
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Michele Butcher-Jones
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browserkevpatel
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²Salah Benzakour
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesPECB
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014sabinovates
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hackingth3prodevelopper
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteDeola Kayode
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 
朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013CP Yen Foundation 朝邦文教基金會
 
Greeks
GreeksGreeks
Greeksttoney
 

More Related Content

What's hot

hire a hacker
hire a hackerhire a hacker
hire a hackerhackany1
 
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Jbyte
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Internet for everyone
Internet for everyoneInternet for everyone
Internet for everyoneAshesh R
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHPAllan Shone
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Michele Butcher-Jones
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browserkevpatel
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²Salah Benzakour
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesPECB
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014sabinovates
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hackingth3prodevelopper
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteDeola Kayode
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 

What's hot (20)

hire a hacker
hire a hackerhire a hacker
hire a hacker
 
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Web Aplication Vulnerabilities
Web Aplication Vulnerabilities
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP Meetup
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Hacker halted2
Hacker halted2Hacker halted2
Hacker halted2
 
Internet for everyone
Internet for everyoneInternet for everyone
Internet for everyone
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHP
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browser
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
 
What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small Businesses
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
 
WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hacking
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press website
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of Security
 

Viewers also liked

Greeks
GreeksGreeks
Greeksttoney
 
Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010Daniel Feldt
 
Amit Golchha_CV
Amit Golchha_CVAmit Golchha_CV
Amit Golchha_CVamitjain
 
509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdl509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdlSHAPE Society
 
Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?tonyosailing
 
Welfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare ReformWelfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare ReformMark
 
Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011Michael Severy
 
Trading not for profits
Trading not for profitsTrading not for profits
Trading not for profitstonyosailing
 
LCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 yearsLCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 yearstonyosailing
 
Welfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to WorkWelfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to WorkMark
 
Social Media's Impact on Your Job Search
Social Media's Impact on Your Job SearchSocial Media's Impact on Your Job Search
Social Media's Impact on Your Job SearchMichael Severy
 
Trabajo sociales
Trabajo socialesTrabajo sociales
Trabajo socialesmbeam
 
Survey Results - Your Me
Survey Results - Your MeSurvey Results - Your Me
Survey Results - Your MeMark
 

Viewers also liked (20)

朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013
 
Greeks
GreeksGreeks
Greeks
 
Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010
 
Amit Golchha_CV
Amit Golchha_CVAmit Golchha_CV
Amit Golchha_CV
 
509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdl509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdl
 
Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?
 
Welfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare ReformWelfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare Reform
 
Twitter Awesomeness
Twitter AwesomenessTwitter Awesomeness
Twitter Awesomeness
 
Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011
 
Trading not for profits
Trading not for profitsTrading not for profits
Trading not for profits
 
朝邦對話新訊息 August cpyf dialogue newsletter
朝邦對話新訊息 August cpyf dialogue newsletter朝邦對話新訊息 August cpyf dialogue newsletter
朝邦對話新訊息 August cpyf dialogue newsletter
 
CPYF november 2010 newsletter: Innovations Start Small
CPYF november 2010 newsletter: Innovations Start SmallCPYF november 2010 newsletter: Innovations Start Small
CPYF november 2010 newsletter: Innovations Start Small
 
STeLA Progress Report (2010/06/12)
STeLA Progress Report (2010/06/12)STeLA Progress Report (2010/06/12)
STeLA Progress Report (2010/06/12)
 
STeLA Progress Report (2010-06-05)
STeLA Progress Report (2010-06-05)STeLA Progress Report (2010-06-05)
STeLA Progress Report (2010-06-05)
 
LCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 yearsLCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 years
 
072 ct angiography
072 ct angiography072 ct angiography
072 ct angiography
 
Welfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to WorkWelfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to Work
 
Social Media's Impact on Your Job Search
Social Media's Impact on Your Job SearchSocial Media's Impact on Your Job Search
Social Media's Impact on Your Job Search
 
Trabajo sociales
Trabajo socialesTrabajo sociales
Trabajo sociales
 
Survey Results - Your Me
Survey Results - Your MeSurvey Results - Your Me
Survey Results - Your Me
 

Similar to B-sides Las Vegas - social network security

StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...Start Pad
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecurityDeja vu Security
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001Miguel Ibarra
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Monique Jones
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Beneluxxsist10
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Cenzic
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaGilles Sgro
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPIJie Liau
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Jeremiah Grossman
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
Hotspot: Openness and API's
Hotspot: Openness and API'sHotspot: Openness and API's
Hotspot: Openness and API'sMartijn Pannevis
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopErnest Staats
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsCenzic
 
091209 Mc Afee Roundtable
091209 Mc Afee Roundtable091209 Mc Afee Roundtable
091209 Mc Afee RoundtableHarvard PR
 

Similar to B-sides Las Vegas - social network security (20)

StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu Security
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Benelux
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPI
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
Hotspot: Openness and API's
Hotspot: Openness and API'sHotspot: Openness and API's
Hotspot: Openness and API's
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
 
091209 Mc Afee Roundtable
091209 Mc Afee Roundtable091209 Mc Afee Roundtable
091209 Mc Afee Roundtable
 

Recently uploaded

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

B-sides Las Vegas - social network security

  • 1.
  • 3. A Twistory of Security #fail Security #fail
  • 4.
  • 5.
  • 6.  
  • 7.
  • 8.
  • 9.  
  • 10.
  • 11.  
  • 12. Password Security 5 Minutes Later
  • 13.
  • 14.
  • 15. Retrieve Username $.getJSON(&quot; http://twitter.com /statuses/user_timeline?count=1&callback=? &quot;, function(data) { alert(&quot;Username is: &quot; + data[0].user.screen_name ) }); {&quot;text&quot;:&quot;Pretty sure humans have kneecaps so we can slam them into tables. *ow*&quot;,&quot;truncated&quot;:false, &quot;user&quot; :{&quot;following&quot;:null,&quot;time_zone&quot;:&quot;Pacific Time (US & Canada)&quot;,&quot;description&quot;:&quot;Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http:tweetstats.com and http:ratemytalk.com).&quot;, &quot;screen_name&quot;:&quot;dacort&quot; ,&quot;utc_offset&quot;:-28800,&quot;profile_sidebar_border_color&quot;:&quot;87bc44&quot;,&quot;notifications&quot;:null,&quot;created_at&quot;:&quot;Thu Dec 21 07:14:05 +0000 2006&quot;,&quot;profile_text_color&quot;:&quot;000000&quot;,&quot;url&quot;:&quot;http:dcortesi.com&quot;,&quot;name&quot;:&quot;Damon Cortesi&quot;,&quot;statuses_count&quot;:21385,&quot;profile_background_image_url&quot;:&quot;http:static.twitter.comimagesthemestheme1bg.gif&quot;,&quot;followers_count&quot;:4441,&quot;protected&quot;:false,&quot;profile_link_color&quot;:&quot;A100FF&quot;,&quot;profile_background_tile&quot;:false,&quot;friends_count&quot;:1775,&quot;profile_background_color&quot;:&quot;000000&quot;,&quot;verified&quot;:false,&quot;favourites_count&quot;:202,&quot;profile_image_url&quot;:&quot;http:s3.amazonaws.comtwitter_productionprofile_images90802743Famous_Glasses_normal.jpg&quot;,&quot;location&quot;:&quot;Seattle, WA&quot;,&quot;id&quot;:99723,&quot;profile_sidebar_fill_color&quot;:&quot;e0ff92&quot;},&quot;in_reply_to_status_id&quot;:null,&quot;created_at&quot;:&quot;Mon Jul 27 21:37:53 +0000 2009&quot;,&quot;in_reply_to_user_id&quot;:null,&quot;favorited&quot;:false,&quot;in_reply_to_screen_name&quot;:null,&quot;id&quot;:2877957719,&quot;source&quot;:&quot;<a href=amp;quot;http: www.atebits.com amp;quot;>Tweetie<a>&quot;}
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.  
  • 22.
  • 23. Saturday, April 11 Sunday, April 12
  • 24. Monday, April 13 Friday, April 17
  • 25.  
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 37.
  • 39.  
  • 41.
  • 42.
  • 43. OAuth Will Save us All
  • 44.
  • 45. Again, Not just Twitter “ What Other Users Can See via the Facebook Platform” “ When a friend of yours allows an application to access their information, that application may also access any information about you that your friend can already see.”
  • 46.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.  
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.

Editor's Notes

  1. Twitter has had a great history of #fail’s, and I’ve been there to screencap a lot of ‘em.
  2. July is when I quite my job and entered the self-employed world. I had some extra time on my hands...
  3. Obama, Britney Spears, etc - 33 total.
  4. Twitter has had a great history of #fail’s, and I’ve been there to screencap a lot of ‘em.