This presentation covers a lot of topics related to personal internet security. Among the topics that are covered are: - Password Management and how to create strong passwords - Two factor authentication and bio-metrics - Social Engineering and Personalized Attacks - Online Trackers - Instant Messaging Apps - WIFI Security - Mobile Security - Online Payments

1. Personal Internet Security
Mostafa Siraj

2. Who am I
 Professional Ethical Hacker for 8 Years
 Internationally recognized speaker
 AppSec San Francisco 2015
 Microsoft Innovation Day
 Cairo Security Camp
 Certified in Cryptography from Stanford University and Maryland University
 MBA in International Business & Bachelor in Computer Engineering
 Multiple international awards
 5th Worldwide in Aspen Case Competition, NY 2014
 1st Worldwide in AppSec hacking competition, NY 2013
 World Wanderer

3. Why should you care
 How many friends got one of their Facebook/email accounts
hacked?
 Should you worry of being the next target?
 Honan from Wired
 Wiped Hard Drive
 Gmail account deleted
 Twitter account compromised
 iCloud accounts compromised
 Amazon account compromised
 Yeah but Honan is famous; Do hackers target normal people?
 Have I been pwned?

4. Hackers’ Motives
 Do you remember the shutdown warning virus in
the 90s?
 What hackers really want?
 What is more expensive in the blackmarket:
 A stolen credit card account
 A stolen Facebook account

5. Passwords!! No Not Again
 Use upper case, lower case, numbers, special character
 @JDI!(jdk82@)($DDL
 this sounds like a good password, Is it feasible for a normal human being to
remember this?
 Is your Corporate forces you to change it every month, quarter or half year
 Actually I’ll ask you to do the same for your personal sites 
 Is this achievable?

6. How to create a strong password
 What’s your favorite song?
 I swear to you, I will always be there for you
 1 sw3@r t0 y0u, 1 w1ll @lw@ys b3 th3r3 f0r y0u
 1sw3@rt0y0u1w1ll@lw@ysb3th3r3f0ry0u
 Who can break that?
 Meet me at home honey
 M33t m3 @ h0m3 h0n3y
 M33tm3@h0m3h0n3y
 Do you speak another language? (even better)

7. Passwords Bucket – Should I trust them?
 LastPass
 1Password
 mPassword

8. Two factor authentication & biometrics
 Every major site is supporting this now (Facebook, Gmail, Hotmail, Twitter,..)
 Is iPhone Fingerprint Authentication really secure?
 What about Face Recognition?

9. Security Questions
 It’s all about the weakest link
 What’s your favorite color? (you really think this is secure)

10. Password recovery email
 That’s the email to recover your password for your original email
 Create a total random email
 fueu13898hfbb@gmail.com
 Username and password in a secure spot

11. Social Engineering and Personalized
Attacks
 It’s easy to know a lot about you:
 Your pictures
 Your friends
 Your favorite spots
 Your family
 Your dog
 Your hobbies
 Your writing style
 Is there anything a hacker wouldn’t know about you?
 Why would a hacker care about that?

12. Don’t TRUST
 Facebook Friend Request
 Hackers know that you look at friends in common.
 Hackers know that you would more likely accept a friend request
from a female (regardless of whether you are a man or a woman).
 Hackers can imitate a friend profile (then change it later)
 Click “Accept” and your life could change forever.
 Don’t show your birthday date (I know you love the wishes).
 Pressing Links
 What could happen if I pressed a link?
 Email Attachment – you should have known this one already

13. Online Trackers
 How did Facebook advertisers know about my travel plans?
 Amazon started showing kitchen accessories right after I bought a new
kitchen!
 Does Facebook really know every other website I visit?
 Can I really stop them from tracking me?
 Ad Block
 No Follow
 NoScript

14. Location based services
 Everybody is following you
 What can you do about it?

15. What about instant messaging?
 Is my Whatsapp messages secure?
 What about Facebook Messenger, Snapchat

16. Did you hear about CryptoLocker
 A Trojan that encrypts all your
hard disk
 Pay $300 (or more) to recover
your files

17. WIFI Security
 Come on, not this also 
 What hackers can do with this?
 How can I protect my WIFI?
 WPA2 (come on, don’t go technical)
 Strong Password
 Router Management Page

18. Mobile Security
 Do you use Swype or use pattern to unlock your phone?
 How do you evaluate apps before installing?
 Who is more secure Android or iOS?
 What’s your countermeasures if your phone was lost or stolen?

19. Online Payments
 Everybody is buying something online now
 Souq.com
 Mobile games
 Utilities (ADSL, Electricity Bill, ..etc)
 Who should I trust?
 What’s the most secure way to do online payments?

20. More security measures
 Encrypt your hard disk
 Frequently backup your data
 Update your anti-virus regularly
 Don’t use pirated software
 Use Tor for secure browsing
 Use dedicated VPN

21. Questions