SlideShare a Scribd company logo

SBC 2012 - Modern Trends in Authentication (Văn Hải Sơn)

Security Bootcamp
Security Bootcamp
Technology
1 of 10
SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 1 2 The trend of modern Authentication Văn Hải Sơn | Email: sonvh@misoft-hcm.com
SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 2 Contents 1. Authenticators 2 2. Fraud Threats 3. Man in The Browser 4. Mobile Authentication
SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 3 Authenticators  Something you know? (Password, thông tin cá nhân…)  Something you have?  SmartCard, USB… 2  OTP: SMS, Token…  Voice: Phone Factor  Something you is? (Biometric…)
SECURITY BOOTCAMP 2012 | Make yourself to be an expert! The Evolution of Fraud Threats 4 man-in-the-middle key loggers man-in-the-browser 2 DNS poisoning phishing SMS bypass spear-phishing mobile 1995 2005 2012 “script kiddies” & hackers organized crime
SECURITY BOOTCAMP 2012 | Make yourself to be an expert! What happened in the RSA breach? 5 Finance person Opens to see 2012 RAT program installed receives Recruitment plan with utilizing a junk email .xls file 2 Adobe Flash vulnerability NMAP scan of network to Poison Ivy malware collect sensitive is initiated information Split file, encrypt, ftp RSA is in the Collect data over a to headlines period of time good.mincesur.com
SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Man In The Browser 6 2 Intended communication Malware Tampered Communications Spear Phishing Fraudster Malicious Site
SECURITY BOOTCAMP 2012 | Make yourself to be an expert! How does MITB work? 1 User logs into 7 account Malware ‘wakes up’ 3 2 User initiates ACH 2 or Wire Transfer 7 User views transaction (which look In the background, fine) and 4 Malware intercepts & enters OTP modifies the user’s token request and sends it to the bank 6 Malware intercepts site’s 5 Bank receives malware’s request, transaction detail sends transaction details for review confirmation, modifies and requests one-time-passcode them to correspond to (OTP) user’s initial request 8 Malware passes the bank the OTP, and the malware-modified transaction is completed
SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Mobile Authentication 8  Voice Authentication  Special Token 2 Customised Logo on Lens Customised Button Colour Customised Casing Colour
SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Mobile Authentication  Out of Band 9 2
SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 10 2

Recommended

SBC 2012 - Windows Security (Lương Trung Thành)
SBC 2012 - Windows Security (Lương Trung Thành)SBC 2012 - Windows Security (Lương Trung Thành)
SBC 2012 - Windows Security (Lương Trung Thành)Security Bootcamp
 
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...Security Bootcamp
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)Security Bootcamp
 
SBC 2012 - Xây dựng cộng đồng an ninh không gian mạng (Lê Trung Nghĩa)
SBC 2012 - Xây dựng cộng đồng an ninh không gian mạng (Lê Trung Nghĩa)SBC 2012 - Xây dựng cộng đồng an ninh không gian mạng (Lê Trung Nghĩa)
SBC 2012 - Xây dựng cộng đồng an ninh không gian mạng (Lê Trung Nghĩa)Security Bootcamp
 
SBC 2012 - Information Gathering (Lương Trung Thành)
SBC 2012 - Information Gathering (Lương Trung Thành)SBC 2012 - Information Gathering (Lương Trung Thành)
SBC 2012 - Information Gathering (Lương Trung Thành)Security Bootcamp
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)Security Bootcamp
 
SBC 2012 - Linux Hardening (Mẫn Thắng)
SBC 2012 - Linux Hardening (Mẫn Thắng)SBC 2012 - Linux Hardening (Mẫn Thắng)
SBC 2012 - Linux Hardening (Mẫn Thắng)Security Bootcamp
 
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)Security Bootcamp
 

Recommended

SBC 2012 - Windows Security (Lương Trung Thành)
SBC 2012 - Windows Security (Lương Trung Thành)SBC 2012 - Windows Security (Lương Trung Thành)
SBC 2012 - Windows Security (Lương Trung Thành)Security Bootcamp
 
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...Security Bootcamp
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)Security Bootcamp
 
SBC 2012 - Xây dựng cộng đồng an ninh không gian mạng (Lê Trung Nghĩa)
SBC 2012 - Xây dựng cộng đồng an ninh không gian mạng (Lê Trung Nghĩa)SBC 2012 - Xây dựng cộng đồng an ninh không gian mạng (Lê Trung Nghĩa)
SBC 2012 - Xây dựng cộng đồng an ninh không gian mạng (Lê Trung Nghĩa)Security Bootcamp
 
SBC 2012 - Information Gathering (Lương Trung Thành)
SBC 2012 - Information Gathering (Lương Trung Thành)SBC 2012 - Information Gathering (Lương Trung Thành)
SBC 2012 - Information Gathering (Lương Trung Thành)Security Bootcamp
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)Security Bootcamp
 
SBC 2012 - Linux Hardening (Mẫn Thắng)
SBC 2012 - Linux Hardening (Mẫn Thắng)SBC 2012 - Linux Hardening (Mẫn Thắng)
SBC 2012 - Linux Hardening (Mẫn Thắng)Security Bootcamp
 
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)Security Bootcamp
 
SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)
SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)
SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)Security Bootcamp
 
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)Security Bootcamp
 
SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)Security Bootcamp
 
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...Security Bootcamp
 
Cuestionario para implementacion de aplicativo movil (respuestas) respuest...
Cuestionario para implementacion de aplicativo movil (respuestas) respuest...Cuestionario para implementacion de aplicativo movil (respuestas) respuest...
Cuestionario para implementacion de aplicativo movil (respuestas) respuest...Novato de la Weeb Fox Weeb
 
Listado aspirantes admitidos
Listado aspirantes admitidosListado aspirantes admitidos
Listado aspirantes admitidosAndres Duarte
 
Planestic
PlanesticPlanestic
Planesticyeimisahumada
 
Blue mars tutorial
Blue mars tutorialBlue mars tutorial
Blue mars tutorialRay Terhorst
 
Convite
ConviteConvite
ConviteAntonio Marcos Nascimento
 
Revista Digital
Revista Digital Revista Digital
Revista Digital Andrea Patraca
 
Presentación1
Presentación1Presentación1
Presentación1Angelica Corona
 
Group Project - Venus&Mars
Group Project - Venus&MarsGroup Project - Venus&Mars
Group Project - Venus&Marsguestcece95f
 
Fedora instalacionç
Fedora instalacionçFedora instalacionç
Fedora instalacionçFlorita Shupingahua Tananta
 
SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)
SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)
SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)Security Bootcamp
 
Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfSecurity Bootcamp
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecuritySecurity Bootcamp
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewSecurity Bootcamp
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSecurity Bootcamp
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-gameSecurity Bootcamp
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrSecurity Bootcamp
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSecurity Bootcamp
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 

More Related Content

Viewers also liked

SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)
SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)
SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)Security Bootcamp
 
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)Security Bootcamp
 
SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)Security Bootcamp
 
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...Security Bootcamp
 
Cuestionario para implementacion de aplicativo movil (respuestas) respuest...
Cuestionario para implementacion de aplicativo movil (respuestas) respuest...Cuestionario para implementacion de aplicativo movil (respuestas) respuest...
Cuestionario para implementacion de aplicativo movil (respuestas) respuest...Novato de la Weeb Fox Weeb
 
Listado aspirantes admitidos
Listado aspirantes admitidosListado aspirantes admitidos
Listado aspirantes admitidosAndres Duarte
 
Blue mars tutorial
Blue mars tutorialBlue mars tutorial
Blue mars tutorialRay Terhorst
 
Group Project - Venus&Mars
Group Project - Venus&MarsGroup Project - Venus&Mars
Group Project - Venus&Marsguestcece95f
 
SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)
SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)
SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)Security Bootcamp
 

Viewers also liked (14)

SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)
SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)
SBC 2012 - Software Exploitation (Nguyễn Chấn Việt)
 
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
 
SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)
 
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
 
Cuestionario para implementacion de aplicativo movil (respuestas) respuest...
Cuestionario para implementacion de aplicativo movil (respuestas) respuest...Cuestionario para implementacion de aplicativo movil (respuestas) respuest...
Cuestionario para implementacion de aplicativo movil (respuestas) respuest...
 
Listado aspirantes admitidos
Listado aspirantes admitidosListado aspirantes admitidos
Listado aspirantes admitidos
 
Planestic
PlanesticPlanestic
Planestic
 
Blue mars tutorial
Blue mars tutorialBlue mars tutorial
Blue mars tutorial
 
Convite
ConviteConvite
Convite
 
Revista Digital
Revista Digital Revista Digital
Revista Digital
 
Presentación1
Presentación1Presentación1
Presentación1
 
Group Project - Venus&Mars
Group Project - Venus&MarsGroup Project - Venus&Mars
Group Project - Venus&Mars
 
Fedora instalacionç
Fedora instalacionçFedora instalacionç
Fedora instalacionç
 
SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)
SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)
SBC 2012 - SSL/TLS Attacks & Defenses (Lê Quốc Nhật Đông)
 

More from Security Bootcamp

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfSecurity Bootcamp
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecuritySecurity Bootcamp
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewSecurity Bootcamp
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSecurity Bootcamp
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrSecurity Bootcamp
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - publicSecurity Bootcamp
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuSecurity Bootcamp
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 costSecurity Bootcamp
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectorySecurity Bootcamp
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018Security Bootcamp
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksSecurity Bootcamp
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Security Bootcamp
 

More from Security Bootcamp (20)

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-game
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdr
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startup
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - public
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cu
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
 
Build SOC
Build SOC Build SOC
Build SOC
 
AD red vs blue
AD red vs blueAD red vs blue
AD red vs blue
 
Securitybox
SecurityboxSecuritybox
Securitybox
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
 
Api security-present
Api security-presentApi security-present
Api security-present
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

SBC 2012 - Modern Trends in Authentication (Văn Hải Sơn)

  • 1. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 1 2 The trend of modern Authentication Văn Hải Sơn | Email: sonvh@misoft-hcm.com
  • 2. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 2 Contents 1. Authenticators 2 2. Fraud Threats 3. Man in The Browser 4. Mobile Authentication
  • 3. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 3 Authenticators  Something you know? (Password, thông tin cá nhân…)  Something you have?  SmartCard, USB… 2  OTP: SMS, Token…  Voice: Phone Factor  Something you is? (Biometric…)
  • 4. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! The Evolution of Fraud Threats 4 man-in-the-middle key loggers man-in-the-browser 2 DNS poisoning phishing SMS bypass spear-phishing mobile 1995 2005 2012 “script kiddies” & hackers organized crime
  • 5. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! What happened in the RSA breach? 5 Finance person Opens to see 2012 RAT program installed receives Recruitment plan with utilizing a junk email .xls file 2 Adobe Flash vulnerability NMAP scan of network to Poison Ivy malware collect sensitive is initiated information Split file, encrypt, ftp RSA is in the Collect data over a to headlines period of time good.mincesur.com
  • 6. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Man In The Browser 6 2 Intended communication Malware Tampered Communications Spear Phishing Fraudster Malicious Site
  • 7. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! How does MITB work? 1 User logs into 7 account Malware ‘wakes up’ 3 2 User initiates ACH 2 or Wire Transfer 7 User views transaction (which look In the background, fine) and 4 Malware intercepts & enters OTP modifies the user’s token request and sends it to the bank 6 Malware intercepts site’s 5 Bank receives malware’s request, transaction detail sends transaction details for review confirmation, modifies and requests one-time-passcode them to correspond to (OTP) user’s initial request 8 Malware passes the bank the OTP, and the malware-modified transaction is completed
  • 8. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Mobile Authentication 8  Voice Authentication  Special Token 2 Customised Logo on Lens Customised Button Colour Customised Casing Colour
  • 9. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Mobile Authentication  Out of Band 9 2
  • 10. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 10 2