SlideShare uma empresa Scribd logo

B-sides Las Vegas - social network security

Transferir como PPT, PDF
D
Damon Cortesi

A presentation I gave at the first b-sides Las Vegas security conference showing the security challenges we face going forward in the era of open-by-default social networking.

Tecnologia
1 de 59
Twitter API Hacks Unicorns Hacks Unicorns ,[object Object],[object Object],Social Networking, Raping the Twitter API, the Age Before Firewalls/Unicorns and the Pitfalls of Rapid Application Development -- Crowd-sourced version. ;)
@dacort
A Twistory of Security #fail Security #fail
April 2008 ,[object Object]
July 2008 ,[object Object]
 
Fix ,[object Object],[object Object],[object Object]
#FAIL ,[object Object]
 
November 2008 ,[object Object]
 
Password Security 5 Minutes Later
December 2008 ,[object Object]
December 2008 ,[object Object],[object Object]
Retrieve Username $.getJSON(&quot; http://twitter.com /statuses/user_timeline?count=1&callback=? &quot;, function(data) { alert(&quot;Username is: &quot; + data[0].user.screen_name ) }); {&quot;text&quot;:&quot;Pretty sure humans have kneecaps so we can slam them into tables. *ow*&quot;,&quot;truncated&quot;:false, &quot;user&quot; :{&quot;following&quot;:null,&quot;time_zone&quot;:&quot;Pacific Time (US & Canada)&quot;,&quot;description&quot;:&quot;Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http:tweetstats.com and http:ratemytalk.com).&quot;, &quot;screen_name&quot;:&quot;dacort&quot; ,&quot;utc_offset&quot;:-28800,&quot;profile_sidebar_border_color&quot;:&quot;87bc44&quot;,&quot;notifications&quot;:null,&quot;created_at&quot;:&quot;Thu Dec 21 07:14:05 +0000 2006&quot;,&quot;profile_text_color&quot;:&quot;000000&quot;,&quot;url&quot;:&quot;http:dcortesi.com&quot;,&quot;name&quot;:&quot;Damon Cortesi&quot;,&quot;statuses_count&quot;:21385,&quot;profile_background_image_url&quot;:&quot;http:static.twitter.comimagesthemestheme1bg.gif&quot;,&quot;followers_count&quot;:4441,&quot;protected&quot;:false,&quot;profile_link_color&quot;:&quot;A100FF&quot;,&quot;profile_background_tile&quot;:false,&quot;friends_count&quot;:1775,&quot;profile_background_color&quot;:&quot;000000&quot;,&quot;verified&quot;:false,&quot;favourites_count&quot;:202,&quot;profile_image_url&quot;:&quot;http:s3.amazonaws.comtwitter_productionprofile_images90802743Famous_Glasses_normal.jpg&quot;,&quot;location&quot;:&quot;Seattle, WA&quot;,&quot;id&quot;:99723,&quot;profile_sidebar_fill_color&quot;:&quot;e0ff92&quot;},&quot;in_reply_to_status_id&quot;:null,&quot;created_at&quot;:&quot;Mon Jul 27 21:37:53 +0000 2009&quot;,&quot;in_reply_to_user_id&quot;:null,&quot;favorited&quot;:false,&quot;in_reply_to_screen_name&quot;:null,&quot;id&quot;:2877957719,&quot;source&quot;:&quot;<a href=amp;quot;http: www.atebits.com amp;quot;>Tweetie<a>&quot;}
Courtesy of @harper
January 2009 ,[object Object],[object Object],[object Object],[object Object],[object Object]
March 2009 ,[object Object],[object Object],[object Object]
April 2009 ,[object Object],[object Object],[object Object]
April 2009 ,[object Object],[object Object],[object Object]
 
April 2009 ,[object Object],[object Object],[object Object],[object Object]
Saturday, April 11 Sunday, April 12
Monday, April 13 Friday, April 17
 
July 2009 ,[object Object]
Cloud Services ,[object Object],[object Object],[object Object],[object Object],[object Object]
Cloud vs ? ,[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Before I continue... ,[object Object],[object Object],[object Object],[object Object]
Not just Twitter ,[object Object],[object Object],[object Object],[object Object],[object Object]
Phishing ,[object Object],[object Object],[object Object],[object Object],[object Object]
Malware || Misinformation ,[object Object]
Too easy...
But wait, there’s more
And MORE!
Users - #twitterpornname ,[object Object],[object Object]
Oh, Shorteners...
 
TinyURL @rafallos
Third Parties ,[object Object],[object Object],[object Object]
Not just Twitter ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
OAuth Will Save us All
Not really... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Again, Not just Twitter “ What Other Users Can See via the Facebook Platform” “ When a friend of yours allows an application to access their information, that application may also access any information about you that your friend can already see.”
#FAIL ,[object Object],[object Object],[object Object],[object Object],[object Object]
In ur Cookies
The rest of Web 2.0 ,[object Object]
Info Disclosure ,[object Object],[object Object]
Poor Design ,[object Object],[object Object],[object Object],[object Object]
Geo-Loc SQLi ,[object Object],[object Object],[object Object],[object Object],[object Object]
Web 2.0 Frameworks ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
Web 2.0 Frameworks ,[object Object],[object Object],[object Object],[object Object],[object Object]
RESTful APIs ,[object Object],[object Object]
Why? ,[object Object],[object Object],[object Object],[object Object]
Disclosure... ,[object Object],[object Object]
Web Disclosure ,[object Object],[object Object],[object Object],[object Object],[object Object]
Solutions? ,[object Object],[object Object],[object Object]

Recomendados

Year 7 - Week 5 esafety
Year 7 - Week 5 esafetyYear 7 - Week 5 esafety
Year 7 - Week 5 esafetyteachesict
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
obtain additional security
obtain additional security obtain additional security
obtain additional security snobbishmishap958
 
Social Networking Presentation
Social Networking PresentationSocial Networking Presentation
Social Networking PresentationDerwin Kitch
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014B2BPlanner Ltd.
 
Twarfing: Malicious Tweets
Twarfing: Malicious TweetsTwarfing: Malicious Tweets
Twarfing: Malicious TweetsCostin Raiu
 
Border crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsBorder crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsErnest Staats
 

Recomendados

Year 7 - Week 5 esafety
Year 7 - Week 5 esafetyYear 7 - Week 5 esafety
Year 7 - Week 5 esafetyteachesict
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
obtain additional security
obtain additional security obtain additional security
obtain additional security snobbishmishap958
 
Social Networking Presentation
Social Networking PresentationSocial Networking Presentation
Social Networking PresentationDerwin Kitch
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014B2BPlanner Ltd.
 
Twarfing: Malicious Tweets
Twarfing: Malicious TweetsTwarfing: Malicious Tweets
Twarfing: Malicious TweetsCostin Raiu
 
Border crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsBorder crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsErnest Staats
 
hire a hacker
hire a hackerhire a hacker
hire a hackerhackany1
 
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Jbyte
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Hacker halted2
Hacker halted2Hacker halted2
Hacker halted2samsniderheld
 
Internet for everyone
Internet for everyoneInternet for everyone
Internet for everyoneAshesh R
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHPAllan Shone
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Michele Butcher-Jones
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browserkevpatel
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²Salah Benzakour
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesPECB
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014sabinovates
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hackingth3prodevelopper
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteDeola Kayode
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 
朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013CP Yen Foundation 朝邦文教基金會
 
Greeks
GreeksGreeks
Greeksttoney
 

Mais conteúdo relacionado

Mais procurados

hire a hacker
hire a hackerhire a hacker
hire a hackerhackany1
 
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Jbyte
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Internet for everyone
Internet for everyoneInternet for everyone
Internet for everyoneAshesh R
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHPAllan Shone
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Michele Butcher-Jones
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browserkevpatel
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²Salah Benzakour
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesPECB
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014sabinovates
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hackingth3prodevelopper
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteDeola Kayode
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 

Mais procurados (20)

hire a hacker
hire a hackerhire a hacker
hire a hacker
 
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Web Aplication Vulnerabilities
Web Aplication Vulnerabilities
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP Meetup
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Hacker halted2
Hacker halted2Hacker halted2
Hacker halted2
 
Internet for everyone
Internet for everyoneInternet for everyone
Internet for everyone
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHP
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browser
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
 
What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small Businesses
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
 
WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hacking
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press website
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of Security
 

Destaque

Greeks
GreeksGreeks
Greeksttoney
 
Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010Daniel Feldt
 
Amit Golchha_CV
Amit Golchha_CVAmit Golchha_CV
Amit Golchha_CVamitjain
 
509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdl509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdlSHAPE Society
 
Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?tonyosailing
 
Welfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare ReformWelfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare ReformMark
 
Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011Michael Severy
 
Trading not for profits
Trading not for profitsTrading not for profits
Trading not for profitstonyosailing
 
LCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 yearsLCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 yearstonyosailing
 
Welfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to WorkWelfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to WorkMark
 
Social Media's Impact on Your Job Search
Social Media's Impact on Your Job SearchSocial Media's Impact on Your Job Search
Social Media's Impact on Your Job SearchMichael Severy
 
Trabajo sociales
Trabajo socialesTrabajo sociales
Trabajo socialesmbeam
 
Survey Results - Your Me
Survey Results - Your MeSurvey Results - Your Me
Survey Results - Your MeMark
 

Destaque (20)

朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013
 
Greeks
GreeksGreeks
Greeks
 
Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010
 
Amit Golchha_CV
Amit Golchha_CVAmit Golchha_CV
Amit Golchha_CV
 
509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdl509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdl
 
Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?
 
Welfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare ReformWelfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare Reform
 
Twitter Awesomeness
Twitter AwesomenessTwitter Awesomeness
Twitter Awesomeness
 
Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011
 
Trading not for profits
Trading not for profitsTrading not for profits
Trading not for profits
 
朝邦對話新訊息 August cpyf dialogue newsletter
朝邦對話新訊息 August cpyf dialogue newsletter朝邦對話新訊息 August cpyf dialogue newsletter
朝邦對話新訊息 August cpyf dialogue newsletter
 
CPYF november 2010 newsletter: Innovations Start Small
CPYF november 2010 newsletter: Innovations Start SmallCPYF november 2010 newsletter: Innovations Start Small
CPYF november 2010 newsletter: Innovations Start Small
 
STeLA Progress Report (2010/06/12)
STeLA Progress Report (2010/06/12)STeLA Progress Report (2010/06/12)
STeLA Progress Report (2010/06/12)
 
STeLA Progress Report (2010-06-05)
STeLA Progress Report (2010-06-05)STeLA Progress Report (2010-06-05)
STeLA Progress Report (2010-06-05)
 
LCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 yearsLCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 years
 
072 ct angiography
072 ct angiography072 ct angiography
072 ct angiography
 
Welfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to WorkWelfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to Work
 
Social Media's Impact on Your Job Search
Social Media's Impact on Your Job SearchSocial Media's Impact on Your Job Search
Social Media's Impact on Your Job Search
 
Trabajo sociales
Trabajo socialesTrabajo sociales
Trabajo sociales
 
Survey Results - Your Me
Survey Results - Your MeSurvey Results - Your Me
Survey Results - Your Me
 

Semelhante a B-sides Las Vegas - social network security

StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...Start Pad
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecurityDeja vu Security
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001Miguel Ibarra
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Monique Jones
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Beneluxxsist10
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Cenzic
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaGilles Sgro
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPIJie Liau
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Jeremiah Grossman
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
Hotspot: Openness and API's
Hotspot: Openness and API'sHotspot: Openness and API's
Hotspot: Openness and API'sMartijn Pannevis
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopErnest Staats
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsCenzic
 
091209 Mc Afee Roundtable
091209 Mc Afee Roundtable091209 Mc Afee Roundtable
091209 Mc Afee RoundtableHarvard PR
 

Semelhante a B-sides Las Vegas - social network security (20)

StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu Security
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Benelux
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPI
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
Hotspot: Openness and API's
Hotspot: Openness and API'sHotspot: Openness and API's
Hotspot: Openness and API's
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
 
091209 Mc Afee Roundtable
091209 Mc Afee Roundtable091209 Mc Afee Roundtable
091209 Mc Afee Roundtable
 

Último

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Último (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

B-sides Las Vegas - social network security

  • 1.
  • 3. A Twistory of Security #fail Security #fail
  • 4.
  • 5.
  • 6.  
  • 7.
  • 8.
  • 9.  
  • 10.
  • 11.  
  • 12. Password Security 5 Minutes Later
  • 13.
  • 14.
  • 15. Retrieve Username $.getJSON(&quot; http://twitter.com /statuses/user_timeline?count=1&callback=? &quot;, function(data) { alert(&quot;Username is: &quot; + data[0].user.screen_name ) }); {&quot;text&quot;:&quot;Pretty sure humans have kneecaps so we can slam them into tables. *ow*&quot;,&quot;truncated&quot;:false, &quot;user&quot; :{&quot;following&quot;:null,&quot;time_zone&quot;:&quot;Pacific Time (US & Canada)&quot;,&quot;description&quot;:&quot;Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http:tweetstats.com and http:ratemytalk.com).&quot;, &quot;screen_name&quot;:&quot;dacort&quot; ,&quot;utc_offset&quot;:-28800,&quot;profile_sidebar_border_color&quot;:&quot;87bc44&quot;,&quot;notifications&quot;:null,&quot;created_at&quot;:&quot;Thu Dec 21 07:14:05 +0000 2006&quot;,&quot;profile_text_color&quot;:&quot;000000&quot;,&quot;url&quot;:&quot;http:dcortesi.com&quot;,&quot;name&quot;:&quot;Damon Cortesi&quot;,&quot;statuses_count&quot;:21385,&quot;profile_background_image_url&quot;:&quot;http:static.twitter.comimagesthemestheme1bg.gif&quot;,&quot;followers_count&quot;:4441,&quot;protected&quot;:false,&quot;profile_link_color&quot;:&quot;A100FF&quot;,&quot;profile_background_tile&quot;:false,&quot;friends_count&quot;:1775,&quot;profile_background_color&quot;:&quot;000000&quot;,&quot;verified&quot;:false,&quot;favourites_count&quot;:202,&quot;profile_image_url&quot;:&quot;http:s3.amazonaws.comtwitter_productionprofile_images90802743Famous_Glasses_normal.jpg&quot;,&quot;location&quot;:&quot;Seattle, WA&quot;,&quot;id&quot;:99723,&quot;profile_sidebar_fill_color&quot;:&quot;e0ff92&quot;},&quot;in_reply_to_status_id&quot;:null,&quot;created_at&quot;:&quot;Mon Jul 27 21:37:53 +0000 2009&quot;,&quot;in_reply_to_user_id&quot;:null,&quot;favorited&quot;:false,&quot;in_reply_to_screen_name&quot;:null,&quot;id&quot;:2877957719,&quot;source&quot;:&quot;<a href=amp;quot;http: www.atebits.com amp;quot;>Tweetie<a>&quot;}
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.  
  • 22.
  • 23. Saturday, April 11 Sunday, April 12
  • 24. Monday, April 13 Friday, April 17
  • 25.  
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 37.
  • 39.  
  • 41.
  • 42.
  • 43. OAuth Will Save us All
  • 44.
  • 45. Again, Not just Twitter “ What Other Users Can See via the Facebook Platform” “ When a friend of yours allows an application to access their information, that application may also access any information about you that your friend can already see.”
  • 46.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.  
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.

Notas do Editor

  1. Twitter has had a great history of #fail’s, and I’ve been there to screencap a lot of ‘em.
  2. July is when I quite my job and entered the self-employed world. I had some extra time on my hands...
  3. Obama, Britney Spears, etc - 33 total.
  4. Twitter has had a great history of #fail’s, and I’ve been there to screencap a lot of ‘em.