Personal internet security
-
Upload
mostafa-siraj -
Category
Internet
-
view
428 -
download
0
Transcript of Personal internet security
Personal Internet SecurityMostafa Siraj
Who am I
Professional Ethical Hacker for 8 Years Internationally recognized speaker
AppSec San Francisco 2015 Microsoft Innovation Day Cairo Security Camp
Certified in Cryptography from Stanford University and Maryland University MBA in International Business & Bachelor in Computer Engineering Multiple international awards
5th Worldwide in Aspen Case Competition, NY 2014 1st Worldwide in AppSec hacking competition, NY 2013
World Wanderer
Why should you care
How many friends got one of their Facebook/email accounts hacked?
Should you worry of being the next target? Honan from Wired
Wiped Hard Drive Gmail account deleted Twitter account compromised iCloud accounts compromised Amazon account compromised
Yeah but Honan is famous; Do hackers target normal people? Have I been pwned?
Hackers’ Motives
Do you remember the shutdown warning virus in the 90s?
What hackers really want? What is more expensive in the blackmarket:
A stolen credit card account A stolen Facebook account
Passwords!! No Not Again
Use upper case, lower case, numbers, special character @JDI!(jdk82@)($DDL this sounds like a good password, Is it feasible for a normal human being to
remember this? Is your Corporate forces you to change it every month, quarter or half
year Actually I’ll ask you to do the same for your personal sites Is this achievable?
How to create a strong password
What’s your favorite song? I swear to you, I will always be there for you 1 sw3@r t0 y0u, 1 w1ll @lw@ys b3 th3r3 f0r y0u 1sw3@rt0y0u1w1ll@lw@ysb3th3r3f0ry0u Who can break that?
Meet me at home honey M33t m3 @ h0m3 h0n3y M33tm3@h0m3h0n3y
Do you speak another language? (even better)
Passwords Bucket – Should I trust them? LastPass 1Password mPassword
Two factor authentication & biometrics Every major site is supporting this now (Facebook, Gmail, Hotmail,
Twitter,..) Is iPhone Fingerprint Authentication really secure? What about Face Recognition?
Security Questions
It’s all about the weakest link What’s your favorite color? (you really think this is secure)
Password recovery email
That’s the email to recover your password for your original email Create a total random email
[email protected] Username and password in a secure spot
Social Engineering and Personalized Attacks It’s easy to know a lot about you:
Your pictures Your friends Your favorite spots Your family Your dog Your hobbies Your writing style Is there anything a hacker wouldn’t know about you?
Why would a hacker care about that?
Don’t TRUST
Facebook Friend Request Hackers know that you look at friends in common. Hackers know that you would more likely accept a friend request
from a female (regardless of whether you are a man or a woman).
Hackers can imitate a friend profile (then change it later) Click “Accept” and your life could change forever.
Don’t show your birthday date (I know you love the wishes). Pressing Links
What could happen if I pressed a link? Email Attachment – you should have known this one already
Online Trackers
How did Facebook advertisers know about my travel plans? Amazon started showing kitchen accessories right after I bought a new
kitchen! Does Facebook really know every other website I visit? Can I really stop them from tracking me?
Ad Block No Follow NoScript
Location based services
Everybody is following you What can you do about it?
What about instant messaging? Is my Whatsapp messages secure? What about Facebook Messenger, Snapchat
Did you hear about CryptoLocker A Trojan that encrypts all your
hard disk Pay $300 (or more) to recover
your files
WIFI Security
Come on, not this also What hackers can do with this? How can I protect my WIFI?
WPA2 (come on, don’t go technical) Strong Password Router Management Page
Mobile Security
Do you use Swype or use pattern to unlock your phone? How do you evaluate apps before installing? Who is more secure Android or iOS? What’s your countermeasures if your phone was lost or stolen?
Online Payments
Everybody is buying something online now Souq.com Mobile games Utilities (ADSL, Electricity Bill, ..etc)
Who should I trust? What’s the most secure way to do online payments?
More security measures
Encrypt your hard disk Frequently backup your data Update your anti-virus regularly Don’t use pirated software Use Tor for secure browsing Use dedicated VPN
Questions