O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

Hyper Island - 2012

Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Carregando em…3
×

Confira estes a seguir

1 de 51 Anúncio

Mais Conteúdo rRelacionado

Diapositivos para si (14)

Semelhante a Hyper Island - 2012 (20)

Anúncio

Mais recentes (20)

Hyper Island - 2012

  1. 1. EVIL DATA MINING FOR FUN AND PROFIT!
  2. 2. Contents ● Web Scraping ● Quick and Dirty SQL Injections ● iPhones, WiFi and Evil Twins ● Hacking Neighbours ● Port scanning on Steroids
  3. 3. Introduction ● Fredrik Nordberg Almroth (@Almroot) Head application engineer and co-founder @ detectify.com IT-security guy Hacked Google. Twice. ● Johan Edholm (@norrskal) Server administrator and co-founder @ detectify.com Worked with IT security analytics and anti-scraping Studied system and network management in Linux
  4. 4. What is Detectify? Detectify is an automated vulnerability scanner.
  5. 5. ● You sign up using beta code.
  6. 6. ● You press start! ● Detectify emulates a hacking attack.
  7. 7. ● You get a report regarding your vulnerabilities.
  8. 8. ● Detectify is currently in closed beta! ● You may try it for free using the beta code: HyperMine ● http://detectify.com/ ● We love feedback! :)
  9. 9. What is data mining? ● Data mining is mostly associated with statistics and machine learning. ● ...or discovery of patterns (intelligence) in large datasets... ● No fancy algorithms! Just real life examples.
  10. 10. Web scraping ● Grab content from websites ● Host somewhere else ● Study the data ● Sell the data
  11. 11. Web scraping ● Manual copy-paste
  12. 12. Web scraping
  13. 13. Web scraping ● Googlebot
  14. 14. Web scraping ● Bad scrapers ○ Downloadable or online tools ○ Homemade scripts ○ HTTP rewriters
  15. 15. Web scraping ● Homemade scripts ○ Made for one site/purpose ○ No hacking ○ May be against ToS ○ Probably legal
  16. 16. Web scraping ● Sosseblaskan.se ○ Copy of aftonbladet (rewrite) ○ A joke ○ Not ads for aftonbladet ○ Not phishing ○ Illegal
  17. 17. SQL ● Structured Query Language ● Used to talk with databases. MySQL, PostgreSQL, etc...
  18. 18. How it's used ● Websites use databases to maintain data. ● The SQL queries often contain user-data. ● You search on a website for a few keywords. ● The odds of it being done by some SQL dialect is huge.
  19. 19. What could possibly go wrong? ● User supplied data may alter the SQL query. ● Example: SELECT title FROM blog WHERE title = '$search_keywords'; ● If the searched data contain a quote, the SQL query will break. ● Attackers may gain other data than just the "blog title". ● Usernames, passwords, emails, credit-cards...
  20. 20. SQL Injections
  21. 21. ● Devastating attack. ● Worst part. It's really common. ● Remember Sony last year?
  22. 22. ● Victims 2012. ○ eHarmony ○ last.fm ○ Yahoo! ○ Android Forums ○ Billabong ○ Formspring ○ nVidia ○ Gamigo ○ ...List goes on...
  23. 23. ● Thousands of sites attacked daily. ● Incredibly easy to get going. ● Loads of guides and tools on the internet. ● Devastating for the vulnerable organizations.
  24. 24. LIVE DEMO! (This is the time we'll stand here and struggle with the equipment.)
  25. 25. Fun with WLAN ● Create an evil twin ● Jasager
  26. 26. Evil twin ● You connect to eg. "espresso house free" ● iPhone will save and remember that network ● When you come back it will automatically connect
  27. 27. Evil twin ● Someone creates a network called "espresso house free" ● Your phone will automatically connect
  28. 28. What if the attacker don't know which networks you've been connected to?
  29. 29. Jasager
  30. 30. Fun with WLAN ● Works on everything ○ Windows, linux, Mac, Android, iPhone etc ● Can be monitored ○ See which networks you are looking for and in which order
  31. 31. Fun with WLAN WiGLE.net
  32. 32. IT-Security @ Home ● Devices on local networks. ○ Routers ○ Printers ○ Heat Pumps ○ Laptops ○ PC's ○ Tablets ○ Cellphones ○ XBOX'es ○ ...etc...
  33. 33. Telecom operator ComHem provide "Tre-hål-i-väggen"
  34. 34. ● Routers may act as switches ● IP Forwarding ● You can see your neighbours devices
  35. 35. ● Portscan! ● A port scanner finds open services on IP- addresses. ● nmap
  36. 36. ● Find vulnerability or ● Weak (default) password or ● No password! Protip: http://www.routerpasswords.com/
  37. 37. GAME OVER
  38. 38. Conclusion You can with ease gain access to your neighbours data.
  39. 39. Speaking of portscanning... ● Spring 2010, the "spoon" project. ● Got interested in packet crafting. ● 3000 packets/second
  40. 40. ● Sweden got 25.000.000 allocated IPv4-addresses. ● ...Results in a timeframe of 2 hours and 20 min to scan. ● Resolve all servers on a given port in a Sweden. ● Could of course be applied to any country.
  41. 41. ● Early 2011, "spoon2". ● 30000 packets/second. Ten times as fast! ● From 2½ hour, to approximate 15 minutes. ● Same result.
  42. 42. ● Imagine a company. Like ACME Corp. ● 10 servers running "spoon2". ● Get a fresh map of Sweden every 90 second. ● 100 servers, every 9'th second second.
  43. 43. ● ACME Corp got potential to become a global "pingdom". ● Results in large scale data mining. ● Would require loads of clever algorithms and infrastructure to maintain it all though.
  44. 44. shodanhq.com ● The firm shodanhq already crawls countries for open services. ● Identified ~438.000 web servers in Sweden alone. ● Mostly devices found on local networks. (routers / printers). ● No security. Loads of vulnerable devices.
  45. 45. ● Eavesdrop your neighbour? No problem. ● Why bother? ● Can be applied to a whole country.
  46. 46. Summary ● Web Scraping ● Quick and Dirty SQL Injections ● iPhones, WiFi and Evil Twins ● Hacking Neighbours ● Port scanning on Steroids
  47. 47. Q&A Hack the planet! http://detectify.com/
  48. 48. References ● http://www.theta44.org/karma/aawns.pdf ● http://timtux.net/posts/10-Vad-delar-du-ut-IT-skerhet-i-hemmet ● http://krebsonsecurity.com/2010/06/wi-fi-street-smarts-iphone-edition/ ● http://nmap.org/6/ ● http://www.ietf.org/rfc/rfc793.txt ● http://www.ietf.org/rfc/rfc791.txt ● http://www.ietf.org/rfc/rfc1323.txt ● http://www.zdnet.com/sql-injection-attacks-up-69-7000001742/

×