SlideShare ist ein Scribd-Unternehmen logo

WiFi Insecurity2013

Kurt Baumgartner
Kurt Baumgartner

Brief presentation on wifi security risk in 2013.

Technologie
1 von 10
Wifi Insecurity 2013 Risks and Usage Kurt Baumgartner @k_sec Principal Security Researcher Global Research and Analysis Team
Wifi Insecurity 2013 Usage and Risks Credit: wigle.net , 2013.08.29 • WiFi • Absolutely ubiquitous • Demonstrably insecure
Wifi Availability Who cares? 15%-20% WiFi is “unprotected” Credit: wigle.net , 2013.08.29
Wifi Availability Does WPA2 really matter? Session hijacking, complete compromise • • Banking / Retail cc Credit: www.immunityinc.com/images/silica/new_wifimonitor_edited.png
Wifi Attacker’s Toolset 2013 Getting in – is anything new? • Evil Twin == ARPSpoof, DHCP spoofing • Aircrack-ng handshake collector, WPS PIN defaults and Reaver brute forcing • Cloud based cracking, ocl-Hashcat-plus • 55 is the new 15! • Performance improvements by orders of magnitude • Certificate forging, SSLStrip, HTML Injection and Sidejacking • Cookie theft and replay • System Compromise and DNS Hijacking
Connecting to Public Wifi Confident connections • VPN (and/or SSH) • Pay attention to your browser!
Connecting to Public Wifi Confident connections
Connecting to Public Wifi Confident connections
Thank You Kurt Baumgartner, @k_sec Principal Security Researcher Global Research and Analysis Team

Empfohlen

Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius VigilSavvius, Inc
 
Long Term Reporting with Savvius and Splunk
Long Term Reporting with Savvius and SplunkLong Term Reporting with Savvius and Splunk
Long Term Reporting with Savvius and SplunkSavvius, Inc
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceSkybox Security
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewSkybox Security
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 
Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Regis Allen
 

Empfohlen

Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius VigilSavvius, Inc
 
Long Term Reporting with Savvius and Splunk
Long Term Reporting with Savvius and SplunkLong Term Reporting with Savvius and Splunk
Long Term Reporting with Savvius and SplunkSavvius, Inc
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceSkybox Security
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewSkybox Security
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 
Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!Regis Allen
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private NetworksSwiftTech Solutions, Inc.
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityCisco Security
 
Data protection on demand in hybrid it
Data protection on demand in hybrid itData protection on demand in hybrid it
Data protection on demand in hybrid itHybrid IT Europe
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityMarketingArrowECS_CZ
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessIvan Dwyer
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...Skybox Security
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewSkybox Security
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Symantec
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - MagnifierJisc
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataCloudflare
 
Harnessing the Power of Metadata for Security
Harnessing the Power of Metadata for SecurityHarnessing the Power of Metadata for Security
Harnessing the Power of Metadata for SecurityJohn Pollack
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Fpweb
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Jisc
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
Ashwin Resume
Ashwin ResumeAshwin Resume
Ashwin ResumeAshwin Vijay
 
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshopPriyanka Aash
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxssuserfb92ae
 
Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)subtitle
 

Weitere ähnliche Inhalte

Was ist angesagt?

Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityCisco Security
 
Data protection on demand in hybrid it
Data protection on demand in hybrid itData protection on demand in hybrid it
Data protection on demand in hybrid itHybrid IT Europe
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityMarketingArrowECS_CZ
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessIvan Dwyer
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...Skybox Security
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewSkybox Security
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Symantec
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - MagnifierJisc
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataCloudflare
 
Harnessing the Power of Metadata for Security
Harnessing the Power of Metadata for SecurityHarnessing the Power of Metadata for Security
Harnessing the Power of Metadata for SecurityJohn Pollack
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Fpweb
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Jisc
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshopPriyanka Aash
 

Was ist angesagt? (20)

Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networks
 
Midsize Business Solutions: Cybersecurity
Midsize Business Solutions: CybersecurityMidsize Business Solutions: Cybersecurity
Midsize Business Solutions: Cybersecurity
 
Data protection on demand in hybrid it
Data protection on demand in hybrid itData protection on demand in hybrid it
Data protection on demand in hybrid it
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
 
How Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & AccessHow Zero Trust Changes Identity & Access
How Zero Trust Changes Identity & Access
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - Magnifier
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
 
Harnessing the Power of Metadata for Security
Harnessing the Power of Metadata for SecurityHarnessing the Power of Metadata for Security
Harnessing the Power of Metadata for Security
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
Solving access for hybrid it Axians (introducing pulse secure) - Networkshop44
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
Ashwin Resume
Ashwin ResumeAshwin Resume
Ashwin Resume
 
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop
 

Ähnlich wie WiFi Insecurity2013

CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxssuserfb92ae
 
Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)subtitle
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 
Databook 2018 ver2
Databook 2018 ver2Databook 2018 ver2
Databook 2018 ver2DrayTek
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyDeep Ranjan Deb
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft AzureresponsiveX
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksNTS UK - Part of Capita
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01Sergiy Pitel
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor DamianITCamp
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentestingYunfei Yang
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudAlert Logic
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Ryan Orsi
 
Cisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by MerakiCisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by MerakiRowell Dionicio
 
Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...Adewole Shitta-bey
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud SecurityTudor Damian
 
Session810 ken huang
Session810 ken huangSession810 ken huang
Session810 ken huangKen Huang
 

Ähnlich wie WiFi Insecurity2013 (20)

CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)Meraki overview 2011 general (2) (1)
Meraki overview 2011 general (2) (1)
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 
Databook 2018 ver2
Databook 2018 ver2Databook 2018 ver2
Databook 2018 ver2
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technology
 
Barracuda in Microsoft Azure
Barracuda in Microsoft AzureBarracuda in Microsoft Azure
Barracuda in Microsoft Azure
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager Networks
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the Cloud
 
Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)Trusted Wireless Environment (TWE)
Trusted Wireless Environment (TWE)
 
Cisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by MerakiCisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by Meraki
 
Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...Security concerns of cloud migration and its implications on cloud-enabled bu...
Security concerns of cloud migration and its implications on cloud-enabled bu...
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
 
Sprite guard on line brochure
Sprite guard on line brochureSprite guard on line brochure
Sprite guard on line brochure
 
BGP Anomaly Detection
BGP Anomaly DetectionBGP Anomaly Detection
BGP Anomaly Detection
 
Session810 ken huang
Session810 ken huangSession810 ken huang
Session810 ken huang
 

Mehr von Kurt Baumgartner

Billington 2013 IceFog APT
Billington 2013 IceFog APTBillington 2013 IceFog APT
Billington 2013 IceFog APTKurt Baumgartner
 
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT ToolsetKurt Baumgartner
 
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red OctoberNot-so Passive Sonar - Red October
Not-so Passive Sonar - Red OctoberKurt Baumgartner
 
Kurt baumgartner lan_deskse2012
Kurt baumgartner lan_deskse2012Kurt baumgartner lan_deskse2012
Kurt baumgartner lan_deskse2012Kurt Baumgartner
 

Mehr von Kurt Baumgartner (8)

Billington 2013 IceFog APT
Billington 2013 IceFog APTBillington 2013 IceFog APT
Billington 2013 IceFog APT
 
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
 
Not-so Passive Sonar - Red October
Not-so Passive Sonar - Red OctoberNot-so Passive Sonar - Red October
Not-so Passive Sonar - Red October
 
Kurt baumgartner lan_deskse2012
Kurt baumgartner lan_deskse2012Kurt baumgartner lan_deskse2012
Kurt baumgartner lan_deskse2012
 
The ROP Pack
The ROP PackThe ROP Pack
The ROP Pack
 
AntiRE en Masse
AntiRE en MasseAntiRE en Masse
AntiRE en Masse
 
Recent Rogueware
Recent RoguewareRecent Rogueware
Recent Rogueware
 
Storm Worm - Malware 2.0
Storm Worm - Malware 2.0Storm Worm - Malware 2.0
Storm Worm - Malware 2.0
 

Kürzlich hochgeladen

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

Kürzlich hochgeladen (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

WiFi Insecurity2013

  • 1. Wifi Insecurity 2013 Risks and Usage Kurt Baumgartner @k_sec Principal Security Researcher Global Research and Analysis Team
  • 2. Wifi Insecurity 2013 Usage and Risks Credit: wigle.net , 2013.08.29 • WiFi • Absolutely ubiquitous • Demonstrably insecure
  • 3. Wifi Availability Who cares? 15%-20% WiFi is “unprotected” Credit: wigle.net , 2013.08.29
  • 4. Wifi Availability Does WPA2 really matter? Session hijacking, complete compromise • • Banking / Retail cc Credit: www.immunityinc.com/images/silica/new_wifimonitor_edited.png
  • 5. Wifi Attacker’s Toolset 2013 Getting in – is anything new? • Evil Twin == ARPSpoof, DHCP spoofing • Aircrack-ng handshake collector, WPS PIN defaults and Reaver brute forcing • Cloud based cracking, ocl-Hashcat-plus • 55 is the new 15! • Performance improvements by orders of magnitude • Certificate forging, SSLStrip, HTML Injection and Sidejacking • Cookie theft and replay • System Compromise and DNS Hijacking
  • 6. Connecting to Public Wifi Confident connections • VPN (and/or SSH) • Pay attention to your browser!
  • 7. Connecting to Public Wifi Confident connections
  • 8. Connecting to Public Wifi Confident connections
  • 9.
  • 10. Thank You Kurt Baumgartner, @k_sec Principal Security Researcher Global Research and Analysis Team