3. Hackersare getting more
Sophisticated… and more Effective!
“Stay secure my friends!”
• Cyber Security is a individual problem, not
a technical problem – you have to solve it
as one
• Hackers run successful international
enterprises, leveraging an agile and
adaptable business model
• They benefit from your lack of attention to
cyber security and poor investment in
protecting your data – the statistics say it’s
working for them – and not for us
• They train to hack you for a living – that’s
all they do and they’re very good at it
• You train in running your lifestyle and not in
protecting it – they win
4.
5. Map of the Internet
No borders
Who’s laws apply?
Where is that web server?
Where did that email come from?
9. “When you upload…you give Google (and those we
work with) a worldwide license to use, host, store,
reproduce, modify, create derivative
works…communicate, publish, publically perform,
publically display, and distribute…”
10. HACKERS use “Brute-
Force” Password
Crackers
• Bad passwords
• Good passwords
• Cracked 2700 “bad”
passwords in 30 seconds
• Crack Program ran for 48
hours more and did not
crack the 250 remaining
“good” passwords
11. Good and Bad Passwords
BAD:
OK:
BEST:
Reduce your risk: Use
two-factor
authentication
Use a Password Manager:
Last Pass 3.0
Dashlane 3
Intuitive Password 2.9
12. • “click here” emails
Personal Associate Connections
Social Engineering: “Urgent Game Change! Please see
Tommy's new soccer schedule!! Download the .pdf!”
15. Link from Facebook orTwitter
“READTHIS!”
Link to
HACKER site
Malicious
Software
Private
Information
16.
17. JP Morgan Chase hacker got customer emails – “76 million
households” and “7 million small businesses”
Chase Instructions to Clients the week after:
1. Change online and mobile app passwords
2. Watch accounts like a hawk…use text alerts.
3. If you notice unusual activity, contact bank immediately and
request new debit or credit card.
4. You’re likely to get email supposedly coming from Chase. If
you get any email that asks you to click a link or download a
file, it's a scam just delete it.
18. • Fake emails seeking to get credentials
• Financial assets: 76% of targets
• Targeted by individual name
• Just at Work????
Red Flag Words: account locked,
suspended, verification required,
suspicious transaction, protect your
computer, funds due to you
Source: Symantec study 2007
Countermeasure:
• Don’t click on emailed links
and attachments
• ONE careless person can
compromise the whole
family
• Keep a careful eye on the
email address, look for
swapped letters
• Pay attention to misspellings
in the email body – could be
an indicator
• Don’t remove visible
extensions in settings
• Pass – code or 2 factor
verification before clicking or
sending a link
22. Home
WPA2
And MAC address filtering
Check to see who is connected
Bad 1
• Connects to your wireless network
• Consumes your bandwidth
Bad 2
• Connects to your wireless network
• Watches your network traffic
• Sniffs passwords when possible
23. Only 63% of polled
Americans maintain
updated Anti-Virus
and Firewall settings
at homeannual Travelers Consumer Risk Index
24. “Who are you talking to?”
Net Nanny
WebWatcher
McAfee Safe Eyes
Countermeasure:
• Supervision
• Filtering Software
• Managed user accounts
• GET THEM INVOLVED
25. Countermeasure:
• Use an online profile vs a real
life profile
• Take time to configure –
avoid defaults
• Check “Location”
permissions
• Keep personal information
personal
• Be aware of PII surveys and
posts
• Know what action to take if
you see abuse
• Know who your friends are
and manage your friends list
• Be honest if you’re
uncomfortable
26. Countermeasure:
• Use a pre-paid cc for online
purchases
• Check for https
• PayPal??
• Careful consideration during
high traffic shopping days
28. What can go wrong?
“Starbucks”
“Free-airport-wifi”
Rogue Hotspot Hacker
intercepts
your data
Recent FBI / InfraGard briefing
provided strong insights into
“Free Wifi” spots in San Diego County!
29. Countermeasure:
• Use cell phone network for
sensitive data
• 3g, 4g, LTE
• Make sure to turn BT and
WiFi off when not needed!
30. many products are not securable by
architecture – who is wearing a smart watch?