1 / 34

david.jacoby@kaspersky Senior Security Researcher – GReAT – Kaspersky Lab

Hacked? Pwn3d? WTF?!. CATWALK 2012, Karlskrona, Sweden. david.jacoby@kaspersky.com Senior Security Researcher – GReAT – Kaspersky Lab. David Jacoby. Senior Security Researcher Nordic & Benelux Global Research and Analysis Team Malware on Unix/Linux and alternative system

dante
Download Presentation

david.jacoby@kaspersky Senior Security Researcher – GReAT – Kaspersky Lab

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hacked? Pwn3d? WTF?! CATWALK 2012, Karlskrona, Sweden • david.jacoby@kaspersky.com Senior Security Researcher – GReAT – Kaspersky Lab

  2. David Jacoby Senior Security Researcher Nordic & Benelux Global Research and Analysis Team Malware on Unix/Linux and alternative system Web ApplicationSecurity / Penetration testing Vulnerability and Threat Management

  3. KNOWN INCIDENTS

  4. KNOWN INCIDENTS 1983 KEVIN POULSEN Kevin Poulsen, hacked into Arpanet, the precursor to the Internet was hacked into. Arpanet was a global network of computers, and Poulsen took advantage of a loophole in its architecture to gain temporary control of the US-wide network.

  5. KNOWN INCIDENTS 1990 KEVIN MITNICK Kevin Mitnick broke into the computer systems of the world's top technology and telecommunications companies Nokia, Fujitsu, Motorola, and Sun Microsystems.

  6. KNOWN INCIDENTS 1993 MASTERS OF DECEPTION The group hacked into the National Security Agency, AT&T, and Bank of America. It created a system that let them bypass long-distance phone call systems, and gain access to private lines.

  7. KNOWN INCIDENTS 2000 MAFIABOY MafiaBoy, hacked into some of the largest sites in the world, including eBay, Amazon and Yahoo. He gained access to 75 computers in 52 networks, and ordered a Denial of Service attack on them.

  8. KNOWN INCIDENTS 2011 ANONYMOUS & LULZSEC The movement "AntiSec" hacked into for example: PBS, Sony, HB Gary, SEGA, AT&T, Stratfor, LockheedMartin, The Sun, Nintendo, NATO, PlaystationNetwork and probably more.

  9. WHAT DID WE LEARN? • WHAT HAVE WE LEARNED?

  10. WHAT DID WE LEARN?

  11. WHAT DID WE LEARN?

  12. WHAT DID WE LEARN?

  13. DIARY OF A SECURITY GEEK

  14. DIARY OF A SECURITY GEEK

  15. DIARY OF A SECURITY GEEK

  16. DIARY OF A SECURITY GEEK

  17. DIARY OF A SECURITY GEEK

  18. DIARY OF A SECURITY GEEK

  19. DIARY OF A SECURITY GEEK

  20. WHY ARE WE GETTING HACKED? SOME OF MY THOUGHTS

  21. PRIORITIZING • WHAT IS OUR PRIORITY? • We focus on the wrongthings today! • We’d rather buy products and services than work with what we have! • Are we trying to be compliant or secure? • Who are we educating and why?

  22. AWARENESS • WHAT ARE WE PROTECTING? • We need to know what information we are protecting! • Are we even aware of our own threats? • Are we looking for Threats or Vulnerabilities? • How does the threats actually affectour organization?

  23. HOW DOES VULNERABILITIES AFFECT US? • HOW DOES VULNERABILITIES AFFECT US?

  24. HOW DOES VULNERABILITIES AFFECT US? • WE WANT TO BE SECURE!

  25. HOW DOES VULNERABILITIES AFFECT US? • VULNERABILITIES

  26. HOW DOES VULNERABILITIES AFFECT US? • WHEN WE TRY TO EXPLAIN

  27. HOW DOES VULNERABILITIES AFFECT US? • WHEN WE GET HACKED! • BAD GUYS DOES THIS:

  28. HOW DOES VULNERABILITIES AFFECT US? • WHEN WE GET HACKED! • WE DO THIS:

  29. HOW DOES VULNERABILITIES AFFECT US?

  30. HOW DOES VULNERABILITIES AFFECT US?

  31. HOW DOES VULNERABILITIES AFFECT US? WHAT ARE WE TRYING TO PROTECT? + OUR WORST CASE SCENARIO!

  32. HOW DOES VULNERABILITIES AFFECT US? COMMON TYPES OF VULNERABILITIES • SQL INJECTION • CROSS SITE SCRIPTING/FORGERY • REMOTE/LOCAL CODE EXECUTION • REMOTE/LOCAL COMMAND EXECUTION • PRIVILEDGE ESCALATION • DENIAL OF SERVICE

  33. HOW DOES VULNERABILITIES AFFECT US? THUMBS UP!

  34. What are we actually fighting? Secret diary of a security geek! David Jacoby, Senior Security Researcher, Kaspersky Lab

More Related