Tisa social and mobile security

Advanced Social Network and Mobile Attack

Nipon Nachin, Consulting Manager

ITIL Expert, CISSP, GIAC GFCA, CISA, CISM, CSSLP, AMBCI, IRCA ISMS, ITSMS, BCMS Provisional Auditor, SSCP, Security+

Prathan Phongthiproek, Red-Team Manager

eCPPT, E|CSA, C|EH, CIW Security Analyst, CPTS, CWNP, CWSP, Security+, ITIL-F

ACIS Professional Center

Social Network

Source: 2008 CSI Computer Crime & Security Survey2

RSS feed

Social Network Threats

1) Malware Spam

2) Drive-By-Download

3) Malicious Applications

4) Session Hijacking

Malware Spam

1) Osama execution video scam

2) Enable dislike button

3) Top 10 profile spies

Malware Spam

Drive-By-Download

1) Malicious URL Shorten

2) Internet Explorer / Mozilla Firefox / Safari / Chrome Vulnerabilities

3) Web Browsers Toolbar

4) Adobe products vulnerabilities; **Flash, PDF, Etc

5) ActiveX and Java Applets

Drive-By-Download

Victim

(4) Download exploit

(1) Client visit the landing page

(2) Redirect to get exploit

(3) Redirect to get exploit

Drive-By-Download

Spyware

Viruses

Trojans

Potentially

unwanted

applications

Adware

Unwanted/

offensive

content

Phishing

Drive-By-Download

Malicious Facebook Applications

Source: 2008 CSI Computer Crime & Security Survey

Sessions Hijacking

Sessions Hijacking with Firesheep

1) For now, Unable to attack Facebook **Have to Modify source code

2) Only support over HTTP

- Hotmail, Twitter, Facebook, Etc

3) Sniff on-the-Fly (Wifi Hotspot)

4) Over Network, Have to ARP poisoning

Sessions Hijacking

Sessions Hijacking Over HTTPS

1) Using SSLStrip for kill SSL sessions

2) Rouge Access point or Arp poisoning on the wire

Sessions Hijacking Over HTTPS

Mobile Threats

BlackBerry

Mobile Safari Still Vulnerable To Pwn2Own Exploit

Mobile Web Browsers

Common problem: bad security UX

Android Content Provider File Disclosure

Google Latitude Zero Day Attack

Google Latitude Zero Day Attack - Example

https://www.google.com/accounts/ServiceLoginAuth?Username=morphuesor@gmail.com&password=xxxxxx&s=sss=&xxx=dddddd

Google Latitude Zero Day Attack on iPhone

Google Latitude Zero Day Attack

FlexiSPY BlackBerry Spy Phone

FlexiSPY Apple iPhone Spyphone

Spyphone – ดักฟังการสนทนา

28th – 29th June 2011, Grand Millennium Sukhumvit, Bangkok

Please contact : varapong@acisonline.net

http://www.TISA.or.th

Tisa social and mobile security

Technology

120126 Tisa Itcs

TISA Times 16 June 2016

TISA Times 31 October 2014

TISA Times 1 May 2015

Paper Tisa laser system

TISA Times 28 August 2015

TiSA VS ClimATe ACTion - PSI...3 TiSA VS CLIMATE ACTION Foreword Energy is possibly the global economy’s most strategic sector given its implications for national security, economic

TiSA Energy Related Services 2

TISA Times, 13 June 2013

Ki Tisa Mid Week Update

TISA Workshop: Visualising Data

Xtra-seal Tisa Catalogo

Mobile Strategy Partners Mobile Security

TISA 2016 05 18 JUSO kurz - cedricwermuth.ch · Latest news 07.09.2015 • Uruguay abandons TISA negotiations! 65. TTIP, CETA, TISA – Wieso tun sie das? „Ein Freihandelsabkommen

Converged. Holistic. Borderless. · Unisys Mobile Security Mobile Environment Management Mobile Assessments & Consulting Mobile Security Mobile App Development Mobile Infrastructure

REVE ANTIVIRUS MOBILE SECURITY · Download REVE Mobile Security from Google Play Store. 10.10 PM REVE Antivirus Mobile Security REVE ANTIVIRUS 3+ INSTALL Best Mobile Security and

Top 5 myths of it security in the light of current events tisa pro talk 4 2554

TISA Times 28 November 2014

Secure Mobile Complete mobile security

TISA Times 27 November 2015