11. OLD SCHOOL - anti virus - IDS, firewall, scanners - encryption, DMZ, password enforcement - data protection & security governance - some other commercial bullshit bingo - social engineering
12.
13.
14. NEW SCHOOL - social engineering and hacking - id theft (banks) - phishing, spoofing, vishing, brandjacking - spam, bot networks, malware, pharming - XSS (twitter) - private data harvesting (facebook)
15.
16.
17.
18.
19. Security Menace History 1.0 – FUN - Virus, Stealing Information 2.0 – MONEY - Worms, Trojans, Virus 3.0 – MONEY 2.0 - DDoS, Trojans, ID Theft 4.0 – MARKETING FarmVille, Mafia Wars, Data Theft
20. Security is (now) personal 1.0 - Direct - One-on-One - Hardware/Software 2.0 - Cloud - Distributed - Social - Personal
21. Firewall History 1 Gen – Packet Filter 2 Gen – Application Layer 3 Gen – Stateful Filter 4 Gen – Semantic 5 Gen – Personal
22. Security got smaller and distributed USB PEN SD Card Phone Smartphone Cloud SaaS IaaS NaaS DaaS ...
23.
24. Phones ... - 15 years of pure unsecurity and few exploits - mobile is the most personal and private item we own - phones are now computers, the personal kind - they even run full operating systems
25. What's in ... - phone calls; - addressbook; - emails; - sms; - mms; - browser history; - pictures and some documents; - calendar; - gps tracking data; - shop details; - credit card info; - other sync evilness
26.
27. GSM Cracked - A51 Rainbowtable cracking software (reflextor.com/trac/a51) - GSM interception software (airprobe.org) - Software defined radio (gnuradio.org) - Cheap radion software (ettus.com/products)
28.
29. 2010 - UTMS cracked (on paper) - Sandwich attack - MMS Remote Exploit - iPhone SMS Remote Exploit - Bluetooth Spamming and Attacks (bluesnarfing, bluebug, bluebugging) -$18 bluetooth sniffer - Bluetooth audio flow to headset interception - Over the air wire tapping - ... and what about flash ? :)
30.
31.
32. Future (risks?) - Near Field Communications 2008: hacking NFC phones, URI spoofing, NDEF worm; 2010: Nokia announces that all phones will be NFC ready - Mobile javascript in the browser (2000 called and they want to block javascript all again) - Phone SSL, VPN - Location Based something - gowalla//forsquare problems
33. Future (risks?) - Spyware disguised as apps (cydia iphone appstore, android apps) - Virus/Worm/Botnet - iphone; vodafone memory card spyware bug on android phones - Tinyurl problems (?) - Social phishing from fake call centers - Data Leaks - Startups with little security concerns
34. New world out (t)here - Earth calling security, hello ? - Fresh new start (cloud, distributed, mobile, web) - Think global - Same old-school practices apply; new skills - SME/SMB - Security as a Service