Marketing and Social Media Masterclass - Twitter Chris Greenfield
1 21 September 2009 Things that go bump in the net Chris Email: [email protected] Twitter: ...
-
Upload
margaret-park -
Category
Documents
-
view
213 -
download
0
Transcript of 1 21 September 2009 Things that go bump in the net Chris Email: [email protected] Twitter: ...
![Page 1: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/1.jpg)
121 September 2009
Things that go bump in the net
Chris
Email: [email protected]: http://twitter.com/securityg33kwww: http://www.securityg33k.com/
bump
Slightly more random tweets: http://twitter.com/TheSuggmeister
![Page 2: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/2.jpg)
221 September 2009
Who am I?
Chris
![Page 3: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/3.jpg)
321 September 2009
![Page 4: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/4.jpg)
421 September 2009
Why am I here?
Some numbers:• 85 million records lost in 20081
• Viruses top 1 million (April 2008) 2
• £328.4m UK Phone, internet and mail order fraud (Card-not-present fraud) in 20083.
• £169.8m Counterfeit (skimmed / cloned) fraud in 20083.
![Page 5: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/5.jpg)
521 September 2009
And yet…
• The advice given to the average computer user remains roughly same– Install Anti-Virus (AV)– Make sure your firewall is turned on &
working– Chose good passwords– and don’t write them down– Regular software updates
• And it’s not working all that well
![Page 6: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/6.jpg)
621 September 2009
What are we going to talk about?
• Introduction• Risks • Things to watch out for
1. Viruses
2. 419 & other scams
3. Phishing & Vishing
4. Evil Twins
5. Facebook– Loss & Theft
![Page 7: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/7.jpg)
721 September 2009
Time Permitting
• Set up tips– Passwords– Installing / Setting up your PC– Setting up your router– Setting up wireless– Installing updates– Testing it all works– Keeping it secure-ish– Email Security– A word of physical security at home
Otherwise it’s available online at http://www.securityg33k.com/
![Page 8: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/8.jpg)
821 September 2009
Introduction
![Page 9: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/9.jpg)
921 September 2009
Where do you fit in?
Not Online
Online
I have nothing to hide
I take steps to protect my privacy
Worst
Best
Depends how you do it
Not as safe as you think
Most
Least MostTrust
Online presence
Online but not shopping / banking online
Online shopping/banking at trusted sites Facebook,
myspace, bebo, Twitter with
privacy controls
Facebook, myspace, bebo, Twitter without privacy controls
Limewire / Bit Torrent
Removed from electoral role, use aliases, PO-BOX for all mail, no
loyalty cards, use cash for every thing
Shopping with credit cards
Loyalty cards
Letting your cards go out of site
Blatant trust that your information will not be used against you at
some point
Online shopping anywhere
![Page 10: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/10.jpg)
10
21 September 2009
“Remember, best block no be there”
Mr. Miyagi (Pat Morita)
Karate Kid II
![Page 11: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/11.jpg)
11
21 September 2009
Not got anything to hide?
Do you really want anyone to know…• How much you paid for your house• Salary• School grades • Illnesses• Points on your license• Your family photos• When you’re going to be away on holiday?• Or when you’re down the pub
![Page 12: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/12.jpg)
12
21 September 2009
Risks
![Page 13: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/13.jpg)
13
21 September 2009
So you want to connect to the internet?
The Internet
![Page 14: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/14.jpg)
14
21 September 2009
Before you do…
Vulnerabilities
Threats
Value
![Page 15: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/15.jpg)
15
21 September 2009
Where do viruses come from?
![Page 16: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/16.jpg)
16
21 September 2009
Speed
![Page 17: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/17.jpg)
17
21 September 2009
So what?
![Page 18: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/18.jpg)
18
21 September 2009
Most likely scenario
• Your PC will get clogged up• You’ll probably get a lot of pop-up’s, some
with porn.• It’ll be quit a challenge to do anything
worthwhile without getting redirected to somewhere else.
• Anything you type might be being forwarded to the bad guys.
• Your PC will be completely unpredictable. Those family photos?
![Page 19: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/19.jpg)
19
21 September 2009
Worst case scenario
• Your bank account will be cleared out and it’ll take months to get it straightened out.
![Page 20: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/20.jpg)
20
21 September 2009
Who are these bad people & what do
they want?
![Page 21: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/21.jpg)
21
21 September 2009
![Page 22: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/22.jpg)
22
21 September 2009
The bad guys & their motivations
Author
National Interest
Personal Gain
Personal Fame
Curiosity
Script-Kiddy HobbyistHacker
Expert Specialist
Vandal
Thief
Spy
Trespasser
Published with kind permission from Dave Aucsmith
Sr. Director. Microsoft Institute for Advanced Technology in Governments
![Page 23: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/23.jpg)
23
21 September 2009
National Interest
Personal Gain
Personal Fame
Curiosity
HobbyistHacker
Expert SpecialistScript-Kiddy
Vandal
Spy
Trespasser
The bad guys & their motivations
Author
Tools created by experts now used by less skilled attackers and criminals
Thief
Published with kind permission from Dave Aucsmith
Sr. Director. Microsoft Institute for Advanced Technology in Governments
![Page 24: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/24.jpg)
24
21 September 2009
National Interest
Personal Gain
Personal Fame
Curiosity
HobbyistHacker
Expert Specialist
Largest area by volume
Largest area by $ lost
Script-Kiddy
Largest segment by $ spent on defense
Fastest growing Segment = crime
AuthorVandal
Thief
Spy
Trespasser
The bad guys & their motivations
Published with kind permission from Dave Aucsmith
Sr. Director. Microsoft Institute for Advanced Technology in Governments
![Page 25: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/25.jpg)
25
21 September 2009
Just how organized is organized crime?
Published with kind permission from Mikko Hypponen
Chief Research Officer. F-Secure Corporation
![Page 26: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/26.jpg)
26
21 September 2009
A Market
Published with kind permission from Mikko Hypponen
Chief Research Officer. F-Secure Corporation
![Page 27: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/27.jpg)
27
21 September 2009
Marketing
Play video
![Page 28: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/28.jpg)
28
21 September 2009
Assuming you’ve followed the usual
set up advice(see end of presentation)
![Page 29: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/29.jpg)
29
21 September 2009
Now things look a bit more like this…….
Vulnerabilities
Threats
Value
![Page 30: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/30.jpg)
30
21 September 2009
That’s it, right?
![Page 31: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/31.jpg)
31
21 September 2009
Wrong!
Things to watch out for…
![Page 32: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/32.jpg)
32
21 September 2009
1. Anti-Virus doesn’t stop everything
![Page 33: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/33.jpg)
33
21 September 2009
“Antivirus suites fail more often than not”
F-Secure Kaspersky McAfee Sunbelt SophosTrend Micro
Symantec
28% 18% 44% 26% 38% 34% 35%
Dr.Web AVG ESET F-Prot VirusBuster Norman
36% 31% 27% 23% 16% 23%
Average daily detection rate from 12/5/09 to 10/6/09
Source: http://www.cyveillance.com/web/docs/WP_CyberIntel_H1_2009.pdf
http://lastwatchdog.com/antivirus-suites-fail/
![Page 34: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/34.jpg)
34
21 September 2009
Yeah, but how do they infect me?
(or how to viruses get around anti-
virus?)
![Page 35: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/35.jpg)
35
21 September 2009
How do they do that?
Vulnerabilities
Threats
Value
![Page 36: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/36.jpg)
36
21 September 2009
Popular Searches
![Page 37: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/37.jpg)
37
21 September 2009
The old classic - Email attachments
Published with kind permission from Mikko Hypponen
Chief Research Officer. F-Secure Corporation
![Page 38: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/38.jpg)
38
21 September 2009
Cute yet a little bit rubbish web sites…
Published with kind permission from Mikko Hypponen
Chief Research Officer. F-Secure Corporation
![Page 39: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/39.jpg)
39
21 September 2009
How can I tell something bad has happened?
Maybe…. nothing
Or….
![Page 40: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/40.jpg)
40
21 September 2009
Your computer is infected with 182 viruses – click here to fix
Source: Washingtonpost.com
![Page 41: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/41.jpg)
41
21 September 2009
More scareware
Source: Washingtonpost.com
![Page 42: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/42.jpg)
42
21 September 2009
Even more scareware
…looks convincing doesn’t it?Source: Washingtonpost.com
![Page 43: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/43.jpg)
43
21 September 2009
What can I do?
1. Prevention…
• Buy & use the most up to date anti-virus you can.
• Use spyware software such as Malwarebytes.
• Don’t trust anti-virus alone.
• Mix up your browsing, maybe use Firefox?
• Do you really want to open that email attachment?
• Those cute eCards might not be so cute.
• Never, ever, click here to fix your virus issues.
• Take some time to read up how to set you computer up.
![Page 44: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/44.jpg)
44
21 September 2009
If you do get a virus
2. Cure
• Disconnect from the internet – take your cable out.
• I’d power off.
• Reboot into safemode
• Run anti-virus (again).
• Download and run Malwarebytes Antimalware & Superantispyware
• Some good information to print out at:– http://www.bleepingcomputer.com/virus-removal/remove-windo
ws-police-pro
– http://www.dslreports.com/forum/cleanup
• Reinstall ? (boot and nuke first).
![Page 45: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/45.jpg)
45
21 September 2009
2. Scams
![Page 46: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/46.jpg)
46
21 September 2009
Nigerian 419 scamsGood Day,
My name is Dr William Monroe, a staff in the Private Clients Section of a well-known bank, here in London, England. One of our accounts, with holding balance of £15,000,000 (Fifteen Million Pounds Sterling) has been dormant and last operated three years ago. From my investigations and confirmation, the owner of the said account, a foreigner by name John Shumejda died on the 4th of January 2002 in a plane crash in Birmingham.
Since then, nobody has done anything as regards the claiming of this money, as he has no family member that has any knowledge as to the existence of either the account or the funds; and also Information from the National Immigration also states that he was single on entry into the UK.
I have decided to find a reliable foreign partner to deal with. I therefore propose to do business with you, standing in as the next of kin of these funds from the deceased and funds released to you after necessary processes have been followed.
This transaction is totally free of risk and troubles as the fund is legitimate and does not originate from drug, money laundry, terrorism or any other illegal act.
On your interest, let me hear from you URGENTLY.
Best Regards,Dr William Monroe Financial Analysis and Remittance Manager[Phone Number Removed
![Page 47: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/47.jpg)
47
21 September 2009
Lonely?
![Page 48: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/48.jpg)
48
21 September 2009
What can I do?
1. Prevention…• Ignore it.• Check it out on .
– http://www.snopes.com/– http://www.hoax-slayer.com/– http://www.419eater.com/
• If you have to wire money to someone you don’t know via WesternUnion or Moneygram be very suspicious.
![Page 49: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/49.jpg)
49
21 September 2009
What can I do?
2. Cure• Contact your bank to stop transactions• Contact the police
![Page 50: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/50.jpg)
50
21 September 2009
3. Phishing & Vishing
![Page 51: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/51.jpg)
51
21 September 2009
Phishing Example
![Page 52: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/52.jpg)
52
21 September 2009
Phishing Example
![Page 53: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/53.jpg)
53
21 September 2009
Obvious Signs
• The link on the screen doesn’t match the link that you mouse over…
![Page 54: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/54.jpg)
54
21 September 2009
How it should work
https://images.mybank.com/
https://www.mybank.com/
BANK
1
3
4
2
https://mybank.com/travel-international/g2/foreign-currency.asp
![Page 55: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/55.jpg)
55
21 September 2009
XSS
https://images.mybank.com/
https://www.mybank.com/
1
3
5
2
https://mybank.com/item=.asp?id=%3scriptsomeotherstuff
http://badguy.com/
4BANK
& some bad stuff
![Page 56: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/56.jpg)
56
21 September 2009
What can I do?
1. Prevention…• Run the latest browser versions, some
detect this kind of thing.• Don’t click links to banks, ebay, facebook
whatever from emails.• Type in the URL to your bank and
navigate to the page.• If a link looks suspicious, don’t click it.
![Page 57: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/57.jpg)
57
21 September 2009
What can I do?
2. Cure• Contact your bank• Maybe contact the police
![Page 58: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/58.jpg)
58
21 September 2009
Safer Online Purchases
• Credit card rather than debit card
![Page 59: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/59.jpg)
59
21 September 2009
Vishing
“Hello, it’s Chris from MyBank. It seems that someone has attempted to use your card fraudulently…”
“…we just need to ask a few security questions to verify who you are”.
![Page 60: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/60.jpg)
60
21 September 2009
What can I do?
1. Prevention…• Limit the amount of times you publish your
phone number.• Take down the fraud numbers for your bank
in advance – store them in your mobile.• Never phone back the number they provide
you without making sure it’s valid.• Speak to your bank about what they will
and will not ask you. Most will not request you full password
![Page 61: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/61.jpg)
61
21 September 2009
What can I do?
2. Cure• Contact your bank on a number you verify.• Maybe contact the police
![Page 62: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/62.jpg)
62
21 September 2009
4. The Evil Twin
![Page 63: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/63.jpg)
63
21 September 2009
Not this Evil Twin
![Page 64: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/64.jpg)
64
21 September 2009
Wireless - Be Aware of Evil Twins
BT Openzone
Free Public Wifi
![Page 65: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/65.jpg)
65
21 September 2009
Wireless - Be Aware of Evil Twins
Good: BT Openzone
Evil: Free Public WiFi
The Internet
![Page 66: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/66.jpg)
66
21 September 2009
What can I do?
1. Prevention…• Careful what you connect to. Make sure
you have the name right.• Perhaps not a good place to do your
banking.• Think about using TOR.
![Page 67: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/67.jpg)
67
21 September 2009
What can I do?
2. Cure…• Assume everything you did was captured
by a bad-guy and act accordingly– Cancel bank transactions.– Change your passwords.
![Page 68: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/68.jpg)
68
21 September 2009
5. Facebook
![Page 69: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/69.jpg)
69
21 September 2009
Facebook Issues
![Page 70: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/70.jpg)
70
21 September 2009
Who do you want to see your profile?
![Page 71: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/71.jpg)
71
21 September 2009
What can I do?1. Prevention…• Use a different email address to your usual
one.• Don’t make your profile public.• Don’t publish address, phone details etc.• Maybe don’t publish your real date of birth.• Remember. If it’s published electronically,
the cat *IS* out of the bag. Think before you post
• Read and implement privacy settings
![Page 72: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/72.jpg)
72
21 September 2009
What can I do?
![Page 73: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/73.jpg)
73
21 September 2009
And finally…
• Those fun applications
![Page 74: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/74.jpg)
74
21 September 2009
What can I do?
2. Cure• Change password etc.• See facebook help
![Page 75: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/75.jpg)
75
21 September 2009
6. Theft
![Page 76: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/76.jpg)
76
21 September 2009
What if someone steals my PC?
![Page 77: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/77.jpg)
77
21 September 2009
What can I do?1. Prevention…• Be aware of the area. Generally don’t
leave it in the car.• Don’t ask someone to look after your
laptop while you go to the bathroom.• It’s valuable – treat it as such.• Encryption is freely available
– Truecrypt
• Backup often– External disks are inexpensive
![Page 78: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/78.jpg)
78
21 September 2009
What can I do?
2. Cure…• Inform police• Inform your company / company security
departments.• If it’s not encrypted, change passwords to
everything.• If you used it for banking, inform the bank.
![Page 79: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/79.jpg)
79
21 September 2009
And if we have time..
![Page 80: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/80.jpg)
80
21 September 2009
Set up tips
![Page 81: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/81.jpg)
81
21 September 2009
Bluetooth
• Don’t use a bluetooth keyboard
![Page 82: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/82.jpg)
82
21 September 2009
A word on passwords
• Don’t think “they will never guess I’m using the word password”….
• …”They” are usually automated
![Page 83: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/83.jpg)
83
21 September 2009
Some password tips
• UPPER and lowercase characters• Use some numbers (not just at the end)• Use some symbols ($#%_-+@ )• 14 or more characters• Passphrase “The Lazy Brown Fox”• Don’t use the same password for every
account• You could write them down (safe-ish-ly)
![Page 84: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/84.jpg)
84
21 September 2009
![Page 85: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/85.jpg)
85
21 September 2009
Initial PC install
• If it’s second hand - Wipe / Erase disks
• Clean Factory Install
• Use Strong Passwords
• Configure / Enable Firewall
• Install A/V from install CD’s (if you can)
• Latest versions with behaviour based rules
• Symantec (Norton), McAfee, Kaspersky, ESET.
![Page 86: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/86.jpg)
86
21 September 2009
Configure router
• Don’t connect it to the internet until you’re ready
• Change default administrator account passwords. They’re well known.
• Set a strong password
• Disable things you don’t use
• Don’t start with wireless – just yet
![Page 87: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/87.jpg)
87
21 September 2009
Configure wireless on the router
• Don’t use WEP
• Do use WPA or WPA2
• MAC filtering
• Consider using a random key generator, such as this one http://darkvoice.dyndns.org/wlankeygen, to generate the key
• Disable SSID broadcasting
• Non-Overlapping Channels 1, 5, 9, 13
• Switch off wireless when you’re not using it
![Page 88: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/88.jpg)
88
21 September 2009
Install Updates
• Anti-Virus
• Windows Auto-Update
• Other
• Firefox
• iTunes
• Quicktime
![Page 89: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/89.jpg)
89
21 September 2009
Test connection
https://www.grc.com/x/ne.dll?bh0bkyd2
![Page 90: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/90.jpg)
90
21 September 2009 90
![Page 91: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/91.jpg)
91
21 September 2009
![Page 92: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/92.jpg)
92
21 September 2009
![Page 93: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/93.jpg)
93
21 September 2009
Wrong
• You have to keep it secure– Auto updates– Routinely Check firewall is configured– Periodically Check AntiVirus logs– Reinstall completely periodically
• AV / Firewall doesn’t stop everything
• You need to be a little paranoid online. They REALLY are out to get you.
![Page 94: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/94.jpg)
94
21 September 2009
Email Issues
• Name• How many accounts• settings
• Mostly clear text
• Web mail interaction also clear text
• So anyone can read it
![Page 95: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/95.jpg)
95
21 September 2009
What can I do?
• Name• How many accounts• Settings
– Gmail – always https
![Page 96: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/96.jpg)
96
21 September 2009
Final word on Home security
Buy and use• Decent Locks for doors & window• Shredders• Safes• Alarms
Neighbours
![Page 97: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/97.jpg)
97
21 September 2009
![Page 98: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/98.jpg)
98
21 September 2009
Risk
Risk is very unlikely to be 0. Ever.
![Page 99: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/99.jpg)
99
21 September 2009
RISKRisk
Threat x VulnerabilityRisk = x Value
Countermeasures
![Page 100: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/100.jpg)
100
21 September 2009
![Page 101: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/101.jpg)
101
21 September 2009
Malware by OS
Operating Systembackdoors,
rootkitsviruses &
wormstrojans
OS/X 14 9 11
FreeBSD 33 10 0
Unix 76 118 3
SunOS/Solaris 99 17 3
Linux 942 136 88
Windows 501515 40188 1232798
![Page 102: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/102.jpg)
102
21 September 2009
![Page 103: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/103.jpg)
103
21 September 2009
Cost of Fraud in the UKCard Fraud Type – on UK issued
credit and debit cards2004 2005 2006 2007 2008 +/- (07/08)
Phone, internet and mail order fraud (Card-not-present fraud)
£150.8m £183.2m £212.7m £290.5m £328.4m +13%
Counterfeit (skimmed/cloned)fraud £129.7m £96.8m £98.6m £144.3m £169.8m +18%
Fraud on lost or stolen cards £114. 4m £89.0m £68.5m £56.2m £54.1m -4%
Card ID theft £36.9m £30.5m £31.9m £34.1m £47.4m +39%
Mail non-receipt £72.9m £40.0m £15.4 m £10.2m £10.2m 0%
http://www.apacs.org.uk/09_03_19.htm
![Page 104: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/104.jpg)
104
21 September 2009
Records being lost all the timeDate Type Incident Records Organization05-09-2009 Hack customers credit card details lost from hacked server 52,000 Mitsubishi Corp
02-09-2009 Lost Laptop Missing laptop contains names, Social Security numbers and dates of birth of 38,000
38,000 Naval Hospital Pensacola
01-09-2009 Unknown A file containing students names and Social Security numbers reported missing
100 Bluegrass Community & Technical College
29-08-2009 Stolen Laptop Stolen laptops contain private and medical details of more than
7,000 Birmingham NHS (Trulife)
28-09-2009 Lost Tape Cuyahoga County officials are searching for a box that fell off a truck and contained personal information
300 Iron Mountain, Cuyahoga county, Ohio
28-08-2009 Disposal Document
Unknown number of employee records containing names, addresses, Social Security numbers and dates of birth thrown in trash
Unknown Fasco Machine Company
26-08-2009 Disposal Document
Employee files found in trash contained personal details including names and Social Security numbers
100 Guardsmark
25-08-2009 Disposal Document
Unknown number of confidential files dumped on street contained names and bank details
Unknown Worthing Borough Council
21-08-2009 Hack Hacked server exposes 20 years worth of students Social Security numbers
Unknown University of Massachusetts at Amherst (UMASS)
20-08-2009 Web Social Security numbers and some birth dates of 6,675 exposed through file transfer program
6,675 Boston University Army Reserver Officers Training Corp
20-08-2009 Disposal Document
Dumped medical files exposes 623 patients names, Social Security numbers, dates of birth and medical details
623 Prompt Med
19-08-2009 Hack Credit card numbers, expiration dates, and guest names on computer systems accessed without authorization
Unknown Radisson Hotels & Resorts
![Page 105: 1 21 September 2009 Things that go bump in the net Chris Email: chris@securityg33k.com Twitter: www: securityg33k.com](https://reader038.fdocuments.in/reader038/viewer/2022110321/56649cdb5503460f949a5f2e/html5/thumbnails/105.jpg)
105
21 September 2009
Understanding the Landscape
Author
National Interest
Personal Gain
Personal Fame
Curiosity
Script-Kiddy HobbyistHacker
Expert Specialist
Vandal
Thief
Spy
Trespasser
Published with kind permission from Dave Aucsmith
Sr. Director. Microsoft Institute for Advanced Technology in Governments