The Accidental Abyss

download The Accidental Abyss

If you can't read please download the document

  • date post

  • Category


  • view

  • download


Embed Size (px)


The Accidental Abyss. Kelly FitzGerald Manager, Product Security. 1. 1. Begin At The Beginning. Kelly FitzGerald @Symantec Since 2003 Worked on: Consumer, Enterprise and Product Security Spend a lot of time at hacker conferences and hacker drinkups Manage internal pen test personal - PowerPoint PPT Presentation

Transcript of The Accidental Abyss

The Accidental AbyssKelly FitzGeraldManager, Product SecurityCutting Edge 2012-13, Mountain View1111Begin At The BeginningKelly FitzGerald@Symantec Since 2003Worked on: Consumer, Enterprise and Product Security

Spend a lot of time at hacker conferences and hacker drinkups Manage internal pen test personal Facilitator for the Cryptography Review BoardSerious Nerd

Cutting Edge 2012-132

How The Idea For The Talk Was BornCutting Edge 2012-133

Smart, Selfless, Lady

Cutting Edge 2012-134

Cutting Edge 2012-135

LIARToo Cool For School

Cutting Edge 2012-136

Cutting Edge 2012-137

Still Lying

Cutting Edge 2012-138

Bob Smith: Cheap Guy

Cutting Edge 2012-139Why Is This Guy Cheap

Cutting Edge 2012-1310

A Smart Man Keeps a Secret Budget

Cutting Edge 2012-1311All Your Base Belong to MeCutting Edge 2012-1312

Social Security #sBank Account NumbersEmployee IDBetter Learning Through TelevisionCutting Edge 2012-1313 College Preparatory SchoolGraduated Last Class as of 2011

Weve got his Social Security Number..What can we do illegally?

What information do we learn legally?AAA-GG-SSSSArea you are in when you filed itAll 3 Social Security Numbers are allotted to California.

When do you get it?Born Before 1986, you got it around 14Born Between 1986-1990 you get it by 5Post 1990 you get it at birth

Cutting Edge 2012-1314

Oh Hey, Isnt Your Social 549-Uhhhhh.. Silly Me!545-XX-XXXX - California 546-XX-XXXX - California 602-XX-XXXX - California 603-XX-XXXX - California 604-XX-XXXX - California 605-XX-XXXX - California 606-XX-XXXX - California 607-XX-XXXX - California 608-XX-XXXX - California 609-XX-XXXX - California 610-XX-XXXX - California 611-XX-XXXX - California 612-XX-XXXX - California 613-XX-XXXX - California 614-XX-XXXX - California 615-XX-XXXX - California 616-XX-XXXX - California 617-XX-XXXX - California 618-XX-XXXX - California 619-XX-XXXX - California 620-XX-XXXX - California 621-XX-XXXX - California 622-XX-XXXX - California 623-XX-XXXX - California 624-XX-XXXX - California 625-XX-XXXX - California 626-XX-XXXX - California Cutting Edge 2012-1315

547-XX-XXXX - California 548-XX-XXXX - California 549-XX-XXXX - California 550-XX-XXXX - California 551-XX-XXXX - California 552-XX-XXXX - California 553-XX-XXXX - California 554-XX-XXXX - California 555-XX-XXXX - California 556-XX-XXXX - California 557-XX-XXXX - California 558-XX-XXXX - California 559-XX-XXXX - California 560-XX-XXXX - California 561-XX-XXXX - California 562-XX-XXXX - California 563-XX-XXXX - California 564-XX-XXXX - California 565-XX-XXXX - California 566-XX-XXXX - California 567-XX-XXXX - California 568-XX-XXXX - California 569-XX-XXXX - California 570-XX-XXXX - California 571-XX-XXXX - California 572-XX-XXXX - California 573-XX-XXXX - California

What Do We KnowAt 14 Bob was living in CA(since it appears he is born before 1986)Both of his children were living in CA when they got their cardsThey still live in Oakland, California(as per the show)He ran the School

Hes frugalCutting Edge 2012-1316Spokeo, SpokeoCutting Edge 2012-1317

What Do Credit Cards and Car Salesman Think?Cutting Edge 2012-1318

Reconaissance Get the email, Get the gold.Single Signon helps my recondIf you can get their main non-work email you can probably puzzle out all of their other accounts(facebook, amazon)Spokeo revealed Bobs as Bob7@gmail.comOn the internet he is Bob7 everywhere

Cutting Edge 2012-1319Cutting Edge 2012-1320Pandora: What kind of stuff is he into?

Cutting Edge 2012-1321

Bob SmithMajor PII leak through a TV ShowI just used boring infoName, Job, LocationI constructed a detailed dossier of:What music he likesWhere he livesHis Facebook pageHis preferences in general

Cutting Edge 2012-1322Masterclass

Cutting Edge 2012-1323Where to Use These Skills?

Cutting Edge 2012-1324

Goal 1: Get Primary Social Email/HandleWhat you usually know about your targetNameRough Idea of AgeRough Idea of LocationCutting Edge 2012-1325

Go Facebook YourselfCutting Edge 2012-1326

Youre Timeline SummaryCutting Edge 2012-1327

Cutting Edge 2012-1328Cutting Edge 2012-1329

Cutting Edge 2012-1330Wolfram Alpha Self-Analytics: WolframAlpha.comCutting Edge 2012-1331

Information is PowerFB chooses which posts to show you in your feed based on a variety of factors.Someone commenting regularly will stay in your feedSomeone gazing at your page regularly and expanding your posts also seems to get them to have increased play in your feed.

Anybody notice anything else?Cutting Edge 2012-1332

Tips for Looking at StrangersHunt for non-friends to your hearts content. They likely will never know.Profile pictures are generally unlocked. Pictures frequently unlocked.Friends lists are also frequently unlockedFamilySpouseFriendsLook at the backgrounds in photos. Surroundings, books, reflections in glass, computer monitors. Cutting Edge 2012-1333Date SmarterCutting Edge 2012-1334

Oh Jeff! Change Up The HeadshotsCutting Edge 2012-1335

A Man With Some Fame!Cutting Edge 2012-1336

TinEye and Google Googles

Cutting Edge 2012-1337Google GooglesCutting Edge 2012-1338

Ohhh Watch Out!! TrueDater.comCutting Edge 2012-1339

DefinatelyNotKellyCutting Edge 2012-1340

Cutting Edge 2012-1341

LinkedIn: Interesting, But Not Very AnonymousMost people dont pay LinkedIn memberships($20-$75/month)If you are logged out you can only look at 1-2 profiles before LinkedIn cuts you off.As an anonymous unpaid member, you arent so anonymous.You arent able to see who looked at your profileYou Show up as Someone

Cutting Edge 2012-1342

Targeted Gifts and Great ConversationsCutting Edge 2012-1343

To Thy Own Frenemy Be TrueCutting Edge 2012-1344

Not So Friendly Skies

Cutting Edge 2012-1345Flying is Private, Right?Cutting Edge 2012-1346

United Upgrade ListCutting Edge 2012-1347

I Can See You: PlanefinderCutting Edge 2012-1348

The Dark Side: Not illegal, but it might not feel right.Cutting Edge 2012-1349

Zillow; Trulia; Spokeo; BlockshopperCutting Edge 2012-1350

Mugshots: Book Em DanoCutting Edge 2012-1351

Finding Criminals Can Be ToughCutting Edge 2012-1352

San Bernardino Criminal SearchCutting Edge 2012-1353

Megans Law: Offender Lite AppCutting Edge 2012-1354

SearchDiggity: Free Tool From Stach and LiuCutting Edge 2012-1355

Should All This Information Be AccessibleCutting Edge 2012-1356Should what you do at 16 still be with you at 40?The generation that is about to graduate grew up with the internet since 4 or 5.Would you want to justify your purchases and posts from 20 years ago?

What Can I do?Do sensitive things on other accountsDont use Oauth for touchy situationsRemove yourself from SpokeoPeriodically Google yourselfTrack old accounts and delete onesCutting Edge 2012-1357Questions???Cutting Edge 2012-1358