All your bases belong to us

725 views

Published on

Slide sull'approccio hacker alla sicurezza, passando da lockpicking, biometria e penetration test fantasiosi

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
725
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

All your bases belong to us

  1. 1. All your bases belong to us!Alessio L.R. Pennasilico Roma, 7 Aprile 2011mayhem@alba.sttwitter: mayhemsppFaceBook: alessio.pennasilico
  2. 2. $ whois mayhem Security Evangelist @ Board of Directors: CLUSIT, Associazione Informatici Professionisti (AIP/OPSI), Associazione Italiana Professionisti Sicurezza Informatica (AIPSI), Italian Linux Society (ILS), OpenBSD Italian User Group, Hacker’s Profiling Project All your bases belong to us! mayhem@alba.st 2
  3. 3. Hacker? The Tech Model Railroad club is an MIT student activity founded during the 1946-1947 school year, making this our 60th year, and making TMRC one of the oldest clubs at MIT. The Tech Model Railroad Club (TMRC) caters to model railroaders, railfans, and hackers alike. Our activities involve all aspects of model railroading, including the application of computer technology and timetable passenger and card-order freight operation. All your bases belong to us! mayhem@alba.st 3
  4. 4. Hacking?
  5. 5. Lockpicking Quanto è facile aprire una serratura? All your bases belong to us! mayhem@alba.st 5
  6. 6. Quanto ci vuole? http://www.youtube.com/watch?v=pgE1YJWQzTA All your bases belong to us! mayhem@alba.st 6
  7. 7. Come funziona? http://www.youtube.com/watch?v=_sQ9gcjtLQM All your bases belong to us! mayhem@alba.st 7
  8. 8. Per tutte le serrature? http://www.youtube.com/watch?v=g0Zw4JI4cxs&feature=related All your bases belong to us! mayhem@alba.st 8
  9. 9. Dove sono le serrature? All your bases belong to us! mayhem@alba.st 9
  10. 10. Biometria Uso cosciente? “Qualcosa che si possiede” Change Password All your bases belong to us! mayhem@alba.st 10
  11. 11. Social Engineering è più facile decriptare una password o chiederla? All your bases belong to us! mayhem@alba.st 11
  12. 12. Facebook Hacking “The social reconnaissance enabled us to identify 1402 employees 906 of which used facebook.” […] “We also populated the profile with information about our experiences at work by using combined stories that we collected from real employee facebook profiles.” http://snosoft.blogspot.com/2009/02/facebook-from-hackers-perspective.html All your bases belong to us! mayhem@alba.st 12
  13. 13. Fiducia “Upon completion we joined our customers facebook group. Joining wasnt an issue and our request was approved in a matter of hours. Within twenty minutes of being accepted as group members, legitimate customer employees began requesting our friendship. […] Our friends list grew very quickly and included managers, executives, secretaries, interns, and even contractors.” All your bases belong to us! mayhem@alba.st 13
  14. 14. Risultati “We used those credentials to access the web- vpn which in turn gave us access to the network. As it turns out those credentials also allowed us to access the majority of systems on the network including the Active Directory server, the mainframe, pump control systems, the checkpoint firewall console, etc.” All your bases belong to us! mayhem@alba.st 14
  15. 15. Come mi proteggo? (Pen)Test Analisi (efficacia? deterrente?) Formazione All your bases belong to us! mayhem@alba.st 15
  16. 16. Conclusioni
  17. 17. Conclusioni Non fidarci di misure di sicurezza il cui scopo è farci sentire sicuri non quello di proteggerci All your bases belong to us! mayhem@alba.st 17
  18. 18. Conclusioni Dobbiamo rifuggire la pigrizia mentale Chi vuole i nostri dati lo farà per certo All your bases belong to us! mayhem@alba.st 18
  19. 19. These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution- ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :) Domande? Grazie per l’attenzione!Alessio L.R. Pennasilico Roma, 7 Aprile 2011mayhem@alba.sttwitter: mayhemsppFaceBook: alessio.pennasilico

×