Tisa-Social Network and Mobile Security

Advanced Social Network and Mobile Attack

Nipon Nachin, Consulting Manager

ITIL Expert, CISSP, GIAC GFCA, CISA, CISM, CSSLP, AMBCI, IRCA ISMS, ITSMS, BCMS Provisional Auditor, SSCP, Security+

Prathan Phongthiproek, Red-Team Manager

eCPPT, E|CSA, C|EH, CIW Security Analyst, CPTS, CWNP, CWSP, Security+, ITIL-F

ACIS Professional Center

Social Network

Source: 2008 CSI Computer Crime & Security Survey2

RSS feed

Social Network Threats

1) Malware Spam

2) Drive-By-Download

3) Malicious Applications

4) Session Hijacking

Malware Spam

1) Osama execution video scam

2) Enable dislike button

3) Top 10 profile spies

Malware Spam

Drive-By-Download

1) Malicious URL Shorten

2) Internet Explorer / Mozilla Firefox / Safari / Chrome Vulnerabilities

3) Web Browsers Toolbar

4) Adobe products vulnerabilities; **Flash, PDF, Etc

5) ActiveX and Java Applets

Drive-By-Download

Victim

(4) Download exploit

(1) Client visit the landing page

(2) Redirect to get exploit

(3) Redirect to get exploit

Drive-By-Download

Spyware

Viruses

Trojans

Potentially

unwanted

applications

Adware

Unwanted/

offensive

content

Phishing

Drive-By-Download

Malicious Facebook Applications

Source: 2008 CSI Computer Crime & Security Survey

Sessions Hijacking

Sessions Hijacking with Firesheep

1) For now, Unable to attack Facebook **Have to Modify source code

2) Only support over HTTP

- Hotmail, Twitter, Facebook, Etc

3) Sniff on-the-Fly (Wifi Hotspot)

4) Over Network, Have to ARP poisoning

Sessions Hijacking

Sessions Hijacking Over HTTPS

1) Using SSLStrip for kill SSL sessions

2) Rouge Access point or Arp poisoning on the wire

Sessions Hijacking Over HTTPS

Mobile Threats

BlackBerry

Mobile Safari Still Vulnerable To Pwn2Own Exploit

Mobile Web Browsers

Common problem: bad security UX

Android Content Provider File Disclosure

Google Latitude Zero Day Attack

Google Latitude Zero Day Attack - Example

https://www.google.com/accounts/ServiceLoginAuth?Username=morphuesor@gmail.com&password=xxxxxx&s=sss=&xxx=dddddd

Google Latitude Zero Day Attack on iPhone

Google Latitude Zero Day Attack

FlexiSPY BlackBerry Spy Phone

FlexiSPY Apple iPhone Spyphone

Spyphone – ดักฟังการสนทนา

28th – 29th June 2011, Grand Millennium Sukhumvit, Bangkok

Please contact : varapong@acisonline.net

http://www.TISA.or.th

Tisa-Social Network and Mobile Security

Technology

Transcript of Tisa-Social Network and Mobile Security

Paper Tisa laser system

REVE ANTIVIRUS MOBILE SECURITY · Download REVE Mobile Security from Google Play Store. 10.10 PM REVE Antivirus Mobile Security REVE ANTIVIRUS 3+ INSTALL Best Mobile Security and

catalogo tisa

TISA Times 30 January 2015

CASS Best Practice Guide - TISA

Xtra-seal Tisa Catalogo

Top 5 myths of it security in the light of current events tisa pro talk 4 2554

Black Seaelcaminosantiago.com/PDF/Map_Europe_Eastern_Layered.pdfVolga Sava Oka Dnieper Tisa Ems Elbe Oka Euphrates Karasu Don Tisa Prypyat a Drava Desna Sava Tisa Bug Suchona Mura

Ki Tisa biblestudyresourcecenter.com. Ki Tisa Exodus 30:11 – 34:35 Haftarah: Ezekiel 36:16-38 Gospel: Matthew 9:35 – 11:1 Ki Tisa = “When you take” The.

TISA Times 17 December 2015

Secure Mobile Complete mobile security

Mobile Strategy Partners Mobile Security

TRITON Mobile Security Help - ForcepointTRITON Mobile Security Help | Mobile Security Solutions Welcome to Websense ® TRITON® Mobile Security. Mobile Se curity is a cloud-based service

Daljinar Tisa Srbija.pdf

Parshas Ki Tisa - English

TISA Times, 13 June 2013

TeX - TISA

TISA Times 1 May 2015

Tisa mobile forensic

TiSA VS ClimATe ACTion - PSI...3 TiSA VS CLIMATE ACTION Foreword Energy is possibly the global economy’s most strategic sector given its implications for national security, economic