Personal Internet SecurityMostafa Siraj

Who am I

Professional Ethical Hacker for 8 Years Internationally recognized speaker

AppSec San Francisco 2015 Microsoft Innovation Day Cairo Security Camp

Certified in Cryptography from Stanford University and Maryland University MBA in International Business & Bachelor in Computer Engineering Multiple international awards

5th Worldwide in Aspen Case Competition, NY 2014 1st Worldwide in AppSec hacking competition, NY 2013

World Wanderer

Why should you care

How many friends got one of their Facebook/email accounts hacked?

Should you worry of being the next target? Honan from Wired

Wiped Hard Drive Gmail account deleted Twitter account compromised iCloud accounts compromised Amazon account compromised

Yeah but Honan is famous; Do hackers target normal people? Have I been pwned?

Hackers’ Motives

Do you remember the shutdown warning virus in the 90s?

What hackers really want? What is more expensive in the blackmarket:

A stolen credit card account A stolen Facebook account

Passwords!! No Not Again

Use upper case, lower case, numbers, special character @JDI!(jdk82@)($DDL this sounds like a good password, Is it feasible for a normal human being to

remember this? Is your Corporate forces you to change it every month, quarter or half

year Actually I’ll ask you to do the same for your personal sites Is this achievable?

How to create a strong password

What’s your favorite song? I swear to you, I will always be there for you 1 sw3@r t0 y0u, 1 w1ll @lw@ys b3 th3r3 f0r y0u 1sw3@rt0y0u1w1ll@lw@ysb3th3r3f0ry0u Who can break that?

Meet me at home honey M33t m3 @ h0m3 h0n3y M33tm3@h0m3h0n3y

Do you speak another language? (even better)

Passwords Bucket – Should I trust them? LastPass 1Password mPassword

Two factor authentication & biometrics Every major site is supporting this now (Facebook, Gmail, Hotmail,

Twitter,..) Is iPhone Fingerprint Authentication really secure? What about Face Recognition?

Security Questions

It’s all about the weakest link What’s your favorite color? (you really think this is secure)

Password recovery email

That’s the email to recover your password for your original email Create a total random email

fueu13898hfbb@gmail.com Username and password in a secure spot

Social Engineering and Personalized Attacks It’s easy to know a lot about you:

Your pictures Your friends Your favorite spots Your family Your dog Your hobbies Your writing style Is there anything a hacker wouldn’t know about you?

Why would a hacker care about that?

Don’t TRUST

Facebook Friend Request Hackers know that you look at friends in common. Hackers know that you would more likely accept a friend request

from a female (regardless of whether you are a man or a woman).

Hackers can imitate a friend profile (then change it later) Click “Accept” and your life could change forever.

Don’t show your birthday date (I know you love the wishes). Pressing Links

What could happen if I pressed a link? Email Attachment – you should have known this one already

Online Trackers

How did Facebook advertisers know about my travel plans? Amazon started showing kitchen accessories right after I bought a new

kitchen! Does Facebook really know every other website I visit? Can I really stop them from tracking me?

Ad Block No Follow NoScript

Location based services

Everybody is following you What can you do about it?

What about instant messaging? Is my Whatsapp messages secure? What about Facebook Messenger, Snapchat

Did you hear about CryptoLocker A Trojan that encrypts all your

hard disk Pay $300 (or more) to recover

your files

WIFI Security

Come on, not this also What hackers can do with this? How can I protect my WIFI?

WPA2 (come on, don’t go technical) Strong Password Router Management Page

Mobile Security

Do you use Swype or use pattern to unlock your phone? How do you evaluate apps before installing? Who is more secure Android or iOS? What’s your countermeasures if your phone was lost or stolen?

Online Payments

Everybody is buying something online now Souq.com Mobile games Utilities (ADSL, Electricity Bill, ..etc)

Who should I trust? What’s the most secure way to do online payments?

More security measures

Encrypt your hard disk Frequently backup your data Update your anti-virus regularly Don’t use pirated software Use Tor for secure browsing Use dedicated VPN

Questions