Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering...
-
Upload
kenyon-pangburn -
Category
Documents
-
view
219 -
download
0
Transcript of Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering...
![Page 1: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/1.jpg)
Social Networking hacks
Austin Enfield
![Page 2: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/2.jpg)
Overview
Noted Hacks Session Hijacking Social Engineering Identity theft
![Page 3: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/3.jpg)
Noted Hacks
Linkedin hack Myspace hacker Samy Worm
![Page 4: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/4.jpg)
Hacked
6.4 million passwords stolen Uploaded to Russian language forum
http://www.wordtracker.com/attachments/LinkedIn-Logo.png
![Page 5: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/5.jpg)
Myspace Hack
Myspace Hacker Phishing and XSS
http://www.countryvillageresort.com/httpdocs/assets/images/myspace-logo.png
![Page 6: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/6.jpg)
The Samy Worm
• Samy Kamkar
• Over 1 million affected
• Shutdown Myspace October 4, 2005
• Added friends automaticaly
• Added “but most of all, samy is my hero” to heros section
http://richardvelazquez.files.wordpress.com/2010/10/myspace-primary_logo-blue_clean.jpg
![Page 7: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/7.jpg)
Samy Worm
• Grew Exponentially
• Shut down the site in <20 hours
• First web 2.0 worm
• Entered Plea agreement to the felony charge on January 31, 2007 Three years probation with no non work based computer use
90 days community service
undisclosed amount restitution payment
![Page 8: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/8.jpg)
Session Hijacking
• Phishing
• XSS
• sidejacking
• DroidSheep
• Firesheep
![Page 9: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/9.jpg)
FireSheep
• Firefox addon
• Oct 24, 2010
• Free open source
• Gui based Sidejacker
• Forced facebook and twitter to require HTTP secure
http://www.mozilla.org/en-US/press/image-library/firefox-wordmark-vertical.png
![Page 10: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/10.jpg)
Social Engineering
• Gain access to personal info by Posing as friend
• Use links in personal messages with redirects
• Identity theft
![Page 11: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/11.jpg)
Social-Engineer Toolkit (SET)
• Attacks the human element
• Part of standard penetration tests
• Preforms phishing, man in the middle
![Page 12: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/12.jpg)
Identity Theft
• 15 million victims a year
• Average of $3,500 in loss
• Stronger trend towards social engineering to gain information
![Page 13: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/13.jpg)
Identity Theft
• Common information found Full name (particularly your middle name) Date of birth (often required) Home town Relationship status School locations and graduation dates Pet names Other affiliations, interests and hobbies
![Page 14: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/14.jpg)
Prevention
• Education
• Don’t post anything personal
• Verify sources before giving any info
![Page 15: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/15.jpg)
Review
Noted Hacks Session Hijacking Social Engineering Identity theft
![Page 16: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/16.jpg)
Works Cited
• Butler, Eric. "FireSheep." Code Butler. N.p., 24 2010. Web. 3 Dec 2012. < http://codebutler.com/firesheep/>.
• . "Computer Based Social Engineering Tools: Social Engineer Toolkit (SET)." Social Engineering Framework. N.p., 13 2010. Web. 3 Dec 2012. < http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)>.
• Curry, Coleen. "6.4 Million Passwords Reportedly Stolen From LinkedIn Website." ABC News. ABC, 06 2012. Web. 3 Dec 2012. < http://abcnews.go.com/US/linkedin-hacked-64-million-user-passwords-reportedly-leaked/story?id=16508728>
• dipman44, . " hack anyones myspace(WORKING!!)." 2007. N.p., Online Posting to All-nettools forums. Web. 3 Dec. 2012. <http://www.all-nettools.com/forum/showthread.php?5753-hack-anyones-myspace(WORKING!!)>
• "How it Works." Myspace Hacker Pro. N.p.. Web. 3 Dec 2012. <http://myspacehackerpro.com/p/how-it-works/>
• . "Identity Theft Victim Statistics." IdentityTeft.info. N.p.. Web. 3 Dec 2012. <http://www.identitytheft.info/victims.asp&xgt;.
![Page 17: Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.](https://reader036.fdocuments.us/reader036/viewer/2022081512/56649cae5503460f949722a8/html5/thumbnails/17.jpg)
Works Cited cont.
• . "I'll never get caught. I'm Popular." namb. N.p., October 2005. Web. 3 Dec 2012. <http://namb.la/popular/>.
• Lewis, Kent. "How Social Media Networks Facilitate Identity Theft and Fraud ." Entrepreneurs' Organization. N.p.. Web. 3 Dec 2012. <http://www.eonetwork.org/knowledgebase/specialfeatures/pages/social-media-networks-facilitate-identity-theft-fraud.aspx >.
• McMillan, Robert. "MySpace Hacker Tells His Story." PCWorld. N.p., 20 2007. Web. 3 Dec 2012. <http://www.pcworld.com/article/139812/article.html>
• Roba, . "How to Hack Facebook: The Trick is Social Engineering." thought pick. N.p., 09 2009. Web. 3 Dec 2012. <http://blog.thoughtpick.com/2009/12/how-to-hack-facebook-the-trick-is-social-engineering.html>.
• . "Samy (computer worm)." Wikipedia. N.p., 27 2012. Web. 3 Dec 2012. <http://en.wikipedia.org/wiki/Samy_(computer_worm)>.
• . "Session hijacking." Wikipedia. N.p., 09 2012. Web. 3 Dec 2012. <http://en.wikipedia.org/wiki/Session_hijacking>.