SlideShare ist ein Scribd-Unternehmen logo

E Crime Mid Year Meeting London

H
Hartj
1 von 25
Don’t be blinded by The Light Jason Hart CISSP CISM SVP CRYPTOCard
About Me
Legal Disclaimer ALWAYS GET PERMISSION IN WRITING. – Performing “scans” against networked systems without permission is illegal. Password cracking too – You are responsible for your own actions! – If you go to jail because of this material it’s not my fault, although I would appreciate it if you dropped me a postcard. – This presentation references tools and URLs - use them at your own risk!
Accepted Security Principles • Confidentiality HOW DO I • Integrity ACHIEVE THIS IN A CLOUDY WORLD? • Availability • Accountability • Auditability
Welcome to the 3rd Age of Hacking (It’s Easier) • 1st Age: Servers • Servers • FTP, Telnet, Mail, Web. • These were the things that consumed bytes from a bad guy • The hack left a foot print • 2nd Age: Browsers: • Javascript, ActiveX, Java, Image Formats, DOMs • These are the things that are getting locked down – Slowly – Incompletely • 3rd Age: Passwords: - Simplest and getting easier • Gaining someone's password is the skeleton key to their life and your business • Totally invisible – no trace
Cyber Crime – Cloud Attack Welcome to the Future of Hacking • Channels: web, mail, open services • Targeted attacks on premium resources • Carpet bombing for most attacks • Secondary infections through controlled outposts
Authentication Mechanisms • HTTP Authentication – Basic Authentication – Digest Authentication • Integrated Windows (NTLM) Authentication • Certificate-Based Authentication • Forms-based Authentication
Password Surfing ☺ "login: *" "password: *" filetype:xls • This returns xls files containing login names and passwords.
Auto Meta Data Mining • Automated doc search via Google/Bing • Specify domains to target • Automated download and analysis of docs
The Weapons Key loggers both software and hardware So easy And many more
ToR • ToR is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet and is being used by Governments World Wide
100 Government & Embassy Passwords I uncovered last year on a hacking forum – reported to Hi Tech Crime Unit Indian Embassy in Oman 65.109.245.38 da da01877y Kazakhstan Embassy in Russia 81.176.67.157 akmaral@kazembassy.ru 86rb43 Kyrgyztan Embassy in Iran 212.42.96.15 embiran asdfgh Uzbekistan Consulate in France 57.66.151.179 Parij_C p2a2r0i9j Kazakhstan Embassy in Russia 81.176.67.157 alla@kazembassy.ru vhs35 Kyrgyztan Embassy in kazakhstan 212.42.96.15 kaz_emb W34#eEDd Kazakhstan Embassy in212.34.224.157 m0006614 Berlin_C b5a6h7o8r9 dol57 Uzbekistan Consulate in Germany 57.66.151.179 Indian Embassy in Italy Russia 81.176.67.157 askarest@kazembassy.ru srpq86m Uzbekistan Embassy in Russia57.66.151.179 Dehli_C i1n9d5u6 Kazakhstan Consulate in India 81.176.67.157 b.kuatbekova@kazembassy.ru bk145 Indian Embassy in Belgium 212.100.160.114 commercial@indembassy.be india01 Uzbekistan Consulate in New York 57.66.151.179 Nyu_York_UN t2r7d31ln8 Kazakhstan Embassy in Russia 81.176.67.157 baimenche@kazembassy.ru 1956 Mongolian Embassy in USA 209.213.221.249 esyam@mongolianembassy.us temp Uzbekistan Consulate in South Korea 57.66.151.179 Seul_C s1e7u0l7c Kazakhstan Embassy in Russia 81.176.67.157 den@kazembassy.ru bek70 Mongolian Embassy in USA 209.213.221.249 j.mendee@mongolianembassy.us temp Uzbekistan Consulate in USA 57.66.151.179 Vashington_c s7a9s5h3a1 Kazakhstan Embassy in Russia 81.176.67.157 emo@kazembassy.ru art35 Mongolian Embassy in USA 209.213.221.249 n.tumenbayar@mongolianembassy.us temp Uzbekistan Embassy in Afghanistan 57.66.151.179 AfghanQ a1f2g3h4a5n6q Kazakhstan Embassy in Russia 81.176.67.157 galikhin@kazembassy.ru aGC4jyfPassword UK Visa Application Centre in Nepal 208.109.119.54 vfsuknepal@vfs-uk-np.com The Office ofEmbassy in Afghanistantlc@dalailama.com tsephell Uzbekistan Dalai Lama 65.19.137.2 57.66.151.179 afghanm a1f1g0h1a0n2m
LIVE e-
Next Generation Social Engineering • http://twitter.com/#search?q=New%20Job%20Role • http://twitter.com/#search?q=Hacked%20Password
Simple Iphone User Attack …. User www Hacker
What is the Solution?
What’s the solution Some options are more secure than others • Create a password policy • Improve your password security • Implement Two-Factor Authentication
Solving the password problem User productivity requires simple, flexible, continuous and secure access to information Internal people Branch Offices PDA Users Remote Users 3rd Party Access Users and their workspaces Password Solution to password problem Two-factor authentication – a unique identity for every user, every time they log in, using: something they know + something they have Your Cloud Business processes, applications and company assets
Jason Hart CISSP CISM Blog: www.twofactor.blogspot.com Jason.Hart@CRYPTOCard.com Thank you

Empfohlen

Web security presentation
Web security presentationWeb security presentation
Web security presentationJohn Staveley
 
Training your German Shepherd Before It Trains You
Training your German Shepherd Before It Trains YouTraining your German Shepherd Before It Trains You
Training your German Shepherd Before It Trains Youvern43lloyd
 
Foursquare
FoursquareFoursquare
FoursquareAykut Aktas
 
Training German Shepherds, Gaining Respect from the Beginning
Training German Shepherds, Gaining Respect from the BeginningTraining German Shepherds, Gaining Respect from the Beginning
Training German Shepherds, Gaining Respect from the Beginningvern43lloyd
 
English easy
English easyEnglish easy
English easyjairopay
 
Using Market Research to Drive Retail Results
Using Market Research to Drive Retail ResultsUsing Market Research to Drive Retail Results
Using Market Research to Drive Retail ResultsWinston Ledet
 
Techniques on Training Your German shepherd
Techniques on Training Your German shepherd Techniques on Training Your German shepherd
Techniques on Training Your German shepherd vern43lloyd
 
Presentation36
Presentation36Presentation36
Presentation36vern43lloyd
 

Empfohlen

Web security presentation
Web security presentationWeb security presentation
Web security presentationJohn Staveley
 
Training your German Shepherd Before It Trains You
Training your German Shepherd Before It Trains YouTraining your German Shepherd Before It Trains You
Training your German Shepherd Before It Trains Youvern43lloyd
 
Foursquare
FoursquareFoursquare
FoursquareAykut Aktas
 
Training German Shepherds, Gaining Respect from the Beginning
Training German Shepherds, Gaining Respect from the BeginningTraining German Shepherds, Gaining Respect from the Beginning
Training German Shepherds, Gaining Respect from the Beginningvern43lloyd
 
English easy
English easyEnglish easy
English easyjairopay
 
Using Market Research to Drive Retail Results
Using Market Research to Drive Retail ResultsUsing Market Research to Drive Retail Results
Using Market Research to Drive Retail ResultsWinston Ledet
 
Techniques on Training Your German shepherd
Techniques on Training Your German shepherd Techniques on Training Your German shepherd
Techniques on Training Your German shepherd vern43lloyd
 
Presentation36
Presentation36Presentation36
Presentation36vern43lloyd
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleJarrod Overson
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2Dan Kaminsky
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
black hat deephish
black hat deephishblack hat deephish
black hat deephishAlejandro Correa Bahnsen, PhD
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspacezapp0
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Splunk
 
The Life of Breached Data & The Dark Side of Security
The Life of Breached Data & The Dark Side of SecurityThe Life of Breached Data & The Dark Side of Security
The Life of Breached Data & The Dark Side of SecurityJarrod Overson
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat Security Conference
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windowsarpit06055
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigationMehedi Hasan
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a BudgetCISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budgetchrissanders88
 
ANKIT RASUMA
ANKIT RASUMAANKIT RASUMA
ANKIT RASUMAAnkit Sethi
 
Ethical hacking 101 - Singapore RSA 2019
Ethical hacking 101 - Singapore RSA 2019Ethical hacking 101 - Singapore RSA 2019
Ethical hacking 101 - Singapore RSA 2019Paul Haskell-Dowland
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Kirill Ermakov
 

Weitere ähnliche Inhalte

Ähnlich wie E Crime Mid Year Meeting London

The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleJarrod Overson
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspacezapp0
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Splunk
 
The Life of Breached Data & The Dark Side of Security
The Life of Breached Data & The Dark Side of SecurityThe Life of Breached Data & The Dark Side of Security
The Life of Breached Data & The Dark Side of SecurityJarrod Overson
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat Security Conference
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windowsarpit06055
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigationMehedi Hasan
 
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a BudgetCISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budgetchrissanders88
 
Ethical hacking 101 - Singapore RSA 2019
Ethical hacking 101 - Singapore RSA 2019Ethical hacking 101 - Singapore RSA 2019
Ethical hacking 101 - Singapore RSA 2019Paul Haskell-Dowland
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Kirill Ermakov
 

Ähnlich wie E Crime Mid Year Meeting London (20)

The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
black hat deephish
black hat deephishblack hat deephish
black hat deephish
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?
 
The Life of Breached Data & The Dark Side of Security
The Life of Breached Data & The Dark Side of SecurityThe Life of Breached Data & The Dark Side of Security
The Life of Breached Data & The Dark Side of Security
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.
 
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a BudgetCISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
 
ANKIT RASUMA
ANKIT RASUMAANKIT RASUMA
ANKIT RASUMA
 
Ethical hacking 101 - Singapore RSA 2019
Ethical hacking 101 - Singapore RSA 2019Ethical hacking 101 - Singapore RSA 2019
Ethical hacking 101 - Singapore RSA 2019
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...
 

E Crime Mid Year Meeting London

  • 1. Don’t be blinded by The Light Jason Hart CISSP CISM SVP CRYPTOCard
  • 3. Legal Disclaimer ALWAYS GET PERMISSION IN WRITING. – Performing “scans” against networked systems without permission is illegal. Password cracking too – You are responsible for your own actions! – If you go to jail because of this material it’s not my fault, although I would appreciate it if you dropped me a postcard. – This presentation references tools and URLs - use them at your own risk!
  • 4. Accepted Security Principles • Confidentiality HOW DO I • Integrity ACHIEVE THIS IN A CLOUDY WORLD? • Availability • Accountability • Auditability
  • 5. Welcome to the 3rd Age of Hacking (It’s Easier) • 1st Age: Servers • Servers • FTP, Telnet, Mail, Web. • These were the things that consumed bytes from a bad guy • The hack left a foot print • 2nd Age: Browsers: • Javascript, ActiveX, Java, Image Formats, DOMs • These are the things that are getting locked down – Slowly – Incompletely • 3rd Age: Passwords: - Simplest and getting easier • Gaining someone's password is the skeleton key to their life and your business • Totally invisible – no trace
  • 6. Cyber Crime – Cloud Attack Welcome to the Future of Hacking • Channels: web, mail, open services • Targeted attacks on premium resources • Carpet bombing for most attacks • Secondary infections through controlled outposts
  • 7. Authentication Mechanisms • HTTP Authentication – Basic Authentication – Digest Authentication • Integrated Windows (NTLM) Authentication • Certificate-Based Authentication • Forms-based Authentication
  • 8.
  • 9.
  • 10. Password Surfing ☺ "login: *" "password: *" filetype:xls • This returns xls files containing login names and passwords.
  • 11.
  • 12.
  • 13. Auto Meta Data Mining • Automated doc search via Google/Bing • Specify domains to target • Automated download and analysis of docs
  • 14. The Weapons Key loggers both software and hardware So easy And many more
  • 15.
  • 16. ToR • ToR is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet and is being used by Governments World Wide
  • 17. 100 Government & Embassy Passwords I uncovered last year on a hacking forum – reported to Hi Tech Crime Unit Indian Embassy in Oman 65.109.245.38 da da01877y Kazakhstan Embassy in Russia 81.176.67.157 akmaral@kazembassy.ru 86rb43 Kyrgyztan Embassy in Iran 212.42.96.15 embiran asdfgh Uzbekistan Consulate in France 57.66.151.179 Parij_C p2a2r0i9j Kazakhstan Embassy in Russia 81.176.67.157 alla@kazembassy.ru vhs35 Kyrgyztan Embassy in kazakhstan 212.42.96.15 kaz_emb W34#eEDd Kazakhstan Embassy in212.34.224.157 m0006614 Berlin_C b5a6h7o8r9 dol57 Uzbekistan Consulate in Germany 57.66.151.179 Indian Embassy in Italy Russia 81.176.67.157 askarest@kazembassy.ru srpq86m Uzbekistan Embassy in Russia57.66.151.179 Dehli_C i1n9d5u6 Kazakhstan Consulate in India 81.176.67.157 b.kuatbekova@kazembassy.ru bk145 Indian Embassy in Belgium 212.100.160.114 commercial@indembassy.be india01 Uzbekistan Consulate in New York 57.66.151.179 Nyu_York_UN t2r7d31ln8 Kazakhstan Embassy in Russia 81.176.67.157 baimenche@kazembassy.ru 1956 Mongolian Embassy in USA 209.213.221.249 esyam@mongolianembassy.us temp Uzbekistan Consulate in South Korea 57.66.151.179 Seul_C s1e7u0l7c Kazakhstan Embassy in Russia 81.176.67.157 den@kazembassy.ru bek70 Mongolian Embassy in USA 209.213.221.249 j.mendee@mongolianembassy.us temp Uzbekistan Consulate in USA 57.66.151.179 Vashington_c s7a9s5h3a1 Kazakhstan Embassy in Russia 81.176.67.157 emo@kazembassy.ru art35 Mongolian Embassy in USA 209.213.221.249 n.tumenbayar@mongolianembassy.us temp Uzbekistan Embassy in Afghanistan 57.66.151.179 AfghanQ a1f2g3h4a5n6q Kazakhstan Embassy in Russia 81.176.67.157 galikhin@kazembassy.ru aGC4jyfPassword UK Visa Application Centre in Nepal 208.109.119.54 vfsuknepal@vfs-uk-np.com The Office ofEmbassy in Afghanistantlc@dalailama.com tsephell Uzbekistan Dalai Lama 65.19.137.2 57.66.151.179 afghanm a1f1g0h1a0n2m
  • 19.
  • 20. Next Generation Social Engineering • http://twitter.com/#search?q=New%20Job%20Role • http://twitter.com/#search?q=Hacked%20Password
  • 21. Simple Iphone User Attack …. User www Hacker
  • 22. What is the Solution?
  • 23. What’s the solution Some options are more secure than others • Create a password policy • Improve your password security • Implement Two-Factor Authentication
  • 24. Solving the password problem User productivity requires simple, flexible, continuous and secure access to information Internal people Branch Offices PDA Users Remote Users 3rd Party Access Users and their workspaces Password Solution to password problem Two-factor authentication – a unique identity for every user, every time they log in, using: something they know + something they have Your Cloud Business processes, applications and company assets
  • 25. Jason Hart CISSP CISM Blog: www.twofactor.blogspot.com Jason.Hart@CRYPTOCard.com Thank you