This presentation covers a lot of topics related to personal internet security. Among the topics that are covered are:
- Password Management and how to create strong passwords
- Two factor authentication and bio-metrics
- Social Engineering and Personalized Attacks
- Online Trackers
- Instant Messaging Apps
- WIFI Security
- Mobile Security
- Online Payments
2. Who am I
Professional Ethical Hacker for 8 Years
Internationally recognized speaker
AppSec San Francisco 2015
Microsoft Innovation Day
Cairo Security Camp
Certified in Cryptography from Stanford University and Maryland University
MBA in International Business & Bachelor in Computer Engineering
Multiple international awards
5th Worldwide in Aspen Case Competition, NY 2014
1st Worldwide in AppSec hacking competition, NY 2013
World Wanderer
3. Why should you care
How many friends got one of their Facebook/email accounts
hacked?
Should you worry of being the next target?
Honan from Wired
Wiped Hard Drive
Gmail account deleted
Twitter account compromised
iCloud accounts compromised
Amazon account compromised
Yeah but Honan is famous; Do hackers target normal people?
Have I been pwned?
4. Hackers’ Motives
Do you remember the shutdown warning virus in
the 90s?
What hackers really want?
What is more expensive in the blackmarket:
A stolen credit card account
A stolen Facebook account
5. Passwords!! No Not Again
Use upper case, lower case, numbers, special character
@JDI!(jdk82@)($DDL
this sounds like a good password, Is it feasible for a normal human being to
remember this?
Is your Corporate forces you to change it every month, quarter or half year
Actually I’ll ask you to do the same for your personal sites
Is this achievable?
6. How to create a strong password
What’s your favorite song?
I swear to you, I will always be there for you
1 sw3@r t0 y0u, 1 w1ll @lw@ys b3 th3r3 f0r y0u
1sw3@rt0y0u1w1ll@lw@ysb3th3r3f0ry0u
Who can break that?
Meet me at home honey
M33t m3 @ h0m3 h0n3y
M33tm3@h0m3h0n3y
Do you speak another language? (even better)
7. Passwords Bucket – Should I trust them?
LastPass
1Password
mPassword
8. Two factor authentication & biometrics
Every major site is supporting this now (Facebook, Gmail, Hotmail, Twitter,..)
Is iPhone Fingerprint Authentication really secure?
What about Face Recognition?
9. Security Questions
It’s all about the weakest link
What’s your favorite color? (you really think this is secure)
10. Password recovery email
That’s the email to recover your password for your original email
Create a total random email
fueu13898hfbb@gmail.com
Username and password in a secure spot
11. Social Engineering and Personalized
Attacks
It’s easy to know a lot about you:
Your pictures
Your friends
Your favorite spots
Your family
Your dog
Your hobbies
Your writing style
Is there anything a hacker wouldn’t know about you?
Why would a hacker care about that?
12. Don’t TRUST
Facebook Friend Request
Hackers know that you look at friends in common.
Hackers know that you would more likely accept a friend request
from a female (regardless of whether you are a man or a woman).
Hackers can imitate a friend profile (then change it later)
Click “Accept” and your life could change forever.
Don’t show your birthday date (I know you love the wishes).
Pressing Links
What could happen if I pressed a link?
Email Attachment – you should have known this one already
13. Online Trackers
How did Facebook advertisers know about my travel plans?
Amazon started showing kitchen accessories right after I bought a new
kitchen!
Does Facebook really know every other website I visit?
Can I really stop them from tracking me?
Ad Block
No Follow
NoScript
15. What about instant messaging?
Is my Whatsapp messages secure?
What about Facebook Messenger, Snapchat
16. Did you hear about CryptoLocker
A Trojan that encrypts all your
hard disk
Pay $300 (or more) to recover
your files
17. WIFI Security
Come on, not this also
What hackers can do with this?
How can I protect my WIFI?
WPA2 (come on, don’t go technical)
Strong Password
Router Management Page
18. Mobile Security
Do you use Swype or use pattern to unlock your phone?
How do you evaluate apps before installing?
Who is more secure Android or iOS?
What’s your countermeasures if your phone was lost or stolen?
19. Online Payments
Everybody is buying something online now
Souq.com
Mobile games
Utilities (ADSL, Electricity Bill, ..etc)
Who should I trust?
What’s the most secure way to do online payments?
20. More security measures
Encrypt your hard disk
Frequently backup your data
Update your anti-virus regularly
Don’t use pirated software
Use Tor for secure browsing
Use dedicated VPN
The annoying hackers are still there but way less
Most of the hackers now have financial motives
Cyber-war between countries
Sony Movie Studio $500 million
Sony Entertainment $170 million