SlideShare uma empresa Scribd logo

Hello, My Name Is Host Name Endgrain Rad Kaminsky

Transferir como PPT, PDF
T
Tifanija

DEFCON 2009 Presentation by Endgrain, Tiffany Rad, Dan Kaminsky

1 de 19
Hello, My Name is Host Name Endgrain Dan Kaminsky Tiffany Rad
Presenters ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Discovery ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What information does a domain name divulge? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Vulnerability ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Weaknesses ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What if... ,[object Object],[object Object],[object Object],[object Object],[object Object]
Unanswered questions ,[object Object],[object Object],[object Object],[object Object],[object Object]
Network Analysis Tool ,[object Object],[object Object],[object Object]
How Host Names are Used at Many Universities ,[object Object],[object Object]
Legal Issues: Privacy, Personal and Online Security ,[object Object],[object Object],[object Object]
Pressure from Anti-Piracy Counter-measures? ,[object Object],[object Object]
Privacy and Personal Safety Concerns ,[object Object],[object Object],[object Object],[object Object]
DMCA and RIAA Influences? ,[object Object],[object Object],[object Object]
Digital Millennium Copyright Act ,[object Object],[object Object],[object Object],[object Object],[object Object]
Privacy of Personally Identifying Information ,[object Object],[object Object],[object Object]
Have the RIAA Legal Threats Encouraged These Security and Privacy Vulnerabilities? ,[object Object],[object Object],[object Object],[object Object]
Contact ,[object Object],[object Object],[object Object]

Recomendados

Unit 5
Unit 5Unit 5
Unit 5iarthur
 
Malicious-URL Detection using Logistic Regression Technique
Malicious-URL Detection using Logistic Regression TechniqueMalicious-URL Detection using Logistic Regression Technique
Malicious-URL Detection using Logistic Regression TechniqueDr. Amarjeet Singh
 
The Impact of Frequent Use Email When Creating Account at the Websites on the...
The Impact of Frequent Use Email When Creating Account at the Websites on the...The Impact of Frequent Use Email When Creating Account at the Websites on the...
The Impact of Frequent Use Email When Creating Account at the Websites on the...ijcsit
 
The Internet
The InternetThe Internet
The Internetk8ierobinson
 
igbo tochukwu CV
igbo tochukwu CVigbo tochukwu CV
igbo tochukwu CVTochukwu Igbo
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
Web 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppWeb 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppAndy Denmark
 
Lesson 2 Rules of Netiquette
Lesson 2 Rules of NetiquetteLesson 2 Rules of Netiquette
Lesson 2 Rules of NetiquetteACLC Antipolo
 

Recomendados

Unit 5
Unit 5Unit 5
Unit 5iarthur
 
Malicious-URL Detection using Logistic Regression Technique
Malicious-URL Detection using Logistic Regression TechniqueMalicious-URL Detection using Logistic Regression Technique
Malicious-URL Detection using Logistic Regression TechniqueDr. Amarjeet Singh
 
The Impact of Frequent Use Email When Creating Account at the Websites on the...
The Impact of Frequent Use Email When Creating Account at the Websites on the...The Impact of Frequent Use Email When Creating Account at the Websites on the...
The Impact of Frequent Use Email When Creating Account at the Websites on the...ijcsit
 
The Internet
The InternetThe Internet
The Internetk8ierobinson
 
igbo tochukwu CV
igbo tochukwu CVigbo tochukwu CV
igbo tochukwu CVTochukwu Igbo
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
Web 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppWeb 2.0: Making Email a Useful Web App
Web 2.0: Making Email a Useful Web AppAndy Denmark
 
Lesson 2 Rules of Netiquette
Lesson 2 Rules of NetiquetteLesson 2 Rules of Netiquette
Lesson 2 Rules of NetiquetteACLC Antipolo
 
Social Networking Security Issues
Social Networking Security IssuesSocial Networking Security Issues
Social Networking Security IssuesMangesh Gunjal
 
2008 10 21 Top Ten Tech Tools Agents E Xtension
2008 10 21 Top Ten Tech Tools Agents E Xtension2008 10 21 Top Ten Tech Tools Agents E Xtension
2008 10 21 Top Ten Tech Tools Agents E Xtensiondkp205
 
Predicting cyber bullying on t witter using machine learning
Predicting cyber bullying on t witter using machine learningPredicting cyber bullying on t witter using machine learning
Predicting cyber bullying on t witter using machine learningMirXahid1
 
Web use and misuse
Web use and misuseWeb use and misuse
Web use and misusehernan2025
 
Basics Of Internet
Basics Of InternetBasics Of Internet
Basics Of InternetGurus Online
 
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...IOSR Journals
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Marco Balduzzi
 
Operational audit
Operational auditOperational audit
Operational auditLewis Appleton
 
The Net is Dangerous
The Net is DangerousThe Net is Dangerous
The Net is DangerousGihan Dias
 
02 Educators Role
02 Educators Role02 Educators Role
02 Educators RoleJana Baxter
 
Internet research
Internet researchInternet research
Internet researchLaurence Yap M.A. (UM) CHRM
 
Ict u5
Ict u5Ict u5
Ict u5Dr. C.V. Suresh Babu
 
Detection of cyber-bullying
Detection of cyber-bullying Detection of cyber-bullying
Detection of cyber-bullying Ziar Khan
 
L26 communication services
L26 communication servicesL26 communication services
L26 communication servicesheidirobison
 
Detecting the presence of cyberbullying using computer software
Detecting the presence of cyberbullying using computer softwareDetecting the presence of cyberbullying using computer software
Detecting the presence of cyberbullying using computer softwareAshish Arora
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric IdentityEduserv Foundation
 
Web Passwords
Web PasswordsWeb Passwords
Web PasswordsAung Khant
 
Blogs, Twitter, wikis and other web-based tools workshop
Blogs, Twitter, wikis and other web-based tools workshopBlogs, Twitter, wikis and other web-based tools workshop
Blogs, Twitter, wikis and other web-based tools workshopjennyevans
 
FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1
FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1
FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1charafs
 
Patrick Blancheton
Patrick BlanchetonPatrick Blancheton
Patrick Blanchetoncharafs
 

Mais conteúdo relacionado

Mais procurados

Social Networking Security Issues
Social Networking Security IssuesSocial Networking Security Issues
Social Networking Security IssuesMangesh Gunjal
 
2008 10 21 Top Ten Tech Tools Agents E Xtension
2008 10 21 Top Ten Tech Tools Agents E Xtension2008 10 21 Top Ten Tech Tools Agents E Xtension
2008 10 21 Top Ten Tech Tools Agents E Xtensiondkp205
 
Predicting cyber bullying on t witter using machine learning
Predicting cyber bullying on t witter using machine learningPredicting cyber bullying on t witter using machine learning
Predicting cyber bullying on t witter using machine learningMirXahid1
 
Web use and misuse
Web use and misuseWeb use and misuse
Web use and misusehernan2025
 
Basics Of Internet
Basics Of InternetBasics Of Internet
Basics Of InternetGurus Online
 
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...IOSR Journals
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Marco Balduzzi
 
The Net is Dangerous
The Net is DangerousThe Net is Dangerous
The Net is DangerousGihan Dias
 
02 Educators Role
02 Educators Role02 Educators Role
02 Educators RoleJana Baxter
 
Detection of cyber-bullying
Detection of cyber-bullying Detection of cyber-bullying
Detection of cyber-bullying Ziar Khan
 
L26 communication services
L26 communication servicesL26 communication services
L26 communication servicesheidirobison
 
Detecting the presence of cyberbullying using computer software
Detecting the presence of cyberbullying using computer softwareDetecting the presence of cyberbullying using computer software
Detecting the presence of cyberbullying using computer softwareAshish Arora
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric IdentityEduserv Foundation
 
Blogs, Twitter, wikis and other web-based tools workshop
Blogs, Twitter, wikis and other web-based tools workshopBlogs, Twitter, wikis and other web-based tools workshop
Blogs, Twitter, wikis and other web-based tools workshopjennyevans
 

Mais procurados (20)

Social Networking Security Issues
Social Networking Security IssuesSocial Networking Security Issues
Social Networking Security Issues
 
2008 10 21 Top Ten Tech Tools Agents E Xtension
2008 10 21 Top Ten Tech Tools Agents E Xtension2008 10 21 Top Ten Tech Tools Agents E Xtension
2008 10 21 Top Ten Tech Tools Agents E Xtension
 
Predicting cyber bullying on t witter using machine learning
Predicting cyber bullying on t witter using machine learningPredicting cyber bullying on t witter using machine learning
Predicting cyber bullying on t witter using machine learning
 
Web use and misuse
Web use and misuseWeb use and misuse
Web use and misuse
 
Basics Of Internet
Basics Of InternetBasics Of Internet
Basics Of Internet
 
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)
 
Operational audit
Operational auditOperational audit
Operational audit
 
The Net is Dangerous
The Net is DangerousThe Net is Dangerous
The Net is Dangerous
 
02 Educators Role
02 Educators Role02 Educators Role
02 Educators Role
 
Internet research
Internet researchInternet research
Internet research
 
Ict u5
Ict u5Ict u5
Ict u5
 
Detection of cyber-bullying
Detection of cyber-bullying Detection of cyber-bullying
Detection of cyber-bullying
 
L26 communication services
L26 communication servicesL26 communication services
L26 communication services
 
Detecting the presence of cyberbullying using computer software
Detecting the presence of cyberbullying using computer softwareDetecting the presence of cyberbullying using computer software
Detecting the presence of cyberbullying using computer software
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric Identity
 
Web Passwords
Web PasswordsWeb Passwords
Web Passwords
 
Blogs, Twitter, wikis and other web-based tools workshop
Blogs, Twitter, wikis and other web-based tools workshopBlogs, Twitter, wikis and other web-based tools workshop
Blogs, Twitter, wikis and other web-based tools workshop
 

Destaque

FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1
FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1
FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1charafs
 
Patrick Blancheton
Patrick BlanchetonPatrick Blancheton
Patrick Blanchetoncharafs
 
Conversational Riffs by Neil Denny
Conversational Riffs by Neil DennyConversational Riffs by Neil Denny
Conversational Riffs by Neil DennyNeil Denny
 
Presentation Edna2009 En Paris2 0 V1
Presentation Edna2009 En Paris2 0 V1Presentation Edna2009 En Paris2 0 V1
Presentation Edna2009 En Paris2 0 V1charafs
 
Why calls for change do not work
Why calls for change do not workWhy calls for change do not work
Why calls for change do not workNeil Denny
 
Delicious Discomfort in Not Knowing
Delicious Discomfort in Not KnowingDelicious Discomfort in Not Knowing
Delicious Discomfort in Not KnowingNeil Denny
 
Choose Collaborative Law.
Choose Collaborative Law.Choose Collaborative Law.
Choose Collaborative Law.Neil Denny
 

Destaque (7)

FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1
FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1
FréDéRic Degouzon Presentation Edna2009 En Paris2 0 V1
 
Patrick Blancheton
Patrick BlanchetonPatrick Blancheton
Patrick Blancheton
 
Conversational Riffs by Neil Denny
Conversational Riffs by Neil DennyConversational Riffs by Neil Denny
Conversational Riffs by Neil Denny
 
Presentation Edna2009 En Paris2 0 V1
Presentation Edna2009 En Paris2 0 V1Presentation Edna2009 En Paris2 0 V1
Presentation Edna2009 En Paris2 0 V1
 
Why calls for change do not work
Why calls for change do not workWhy calls for change do not work
Why calls for change do not work
 
Delicious Discomfort in Not Knowing
Delicious Discomfort in Not KnowingDelicious Discomfort in Not Knowing
Delicious Discomfort in Not Knowing
 
Choose Collaborative Law.
Choose Collaborative Law.Choose Collaborative Law.
Choose Collaborative Law.
 

Semelhante a Hello, My Name Is Host Name Endgrain Rad Kaminsky

Techno Security 2009 Presentation-Myrtle Beach
Techno Security 2009 Presentation-Myrtle BeachTechno Security 2009 Presentation-Myrtle Beach
Techno Security 2009 Presentation-Myrtle Beachelgolfo
 
The World Wide Web CSCE 101 – Spring 2010
The World Wide Web CSCE 101 – Spring 2010The World Wide Web CSCE 101 – Spring 2010
The World Wide Web CSCE 101 – Spring 2010webhostingguy
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving servicesCloudMask inc.
 
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Dr. Khaled Bakro
 
Ch04 Footprinting and Social Engineering
Ch04 Footprinting and Social EngineeringCh04 Footprinting and Social Engineering
Ch04 Footprinting and Social Engineeringphanleson
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
DBSecurity-Overview.ppt
DBSecurity-Overview.pptDBSecurity-Overview.ppt
DBSecurity-Overview.pptuzairAsif268
 
When Worlds Collide: Ethics and Technology for Lawyers
When Worlds Collide: Ethics and Technology for LawyersWhen Worlds Collide: Ethics and Technology for Lawyers
When Worlds Collide: Ethics and Technology for Lawyersrtrautz
 
An assesment of Cybersecurity challenge in Arusha
An assesment of Cybersecurity challenge in ArushaAn assesment of Cybersecurity challenge in Arusha
An assesment of Cybersecurity challenge in ArushaIsmail Settenda
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling BlindspotBrian A. McHenry
 
Protect Yourself From Internet Pests
Protect Yourself From Internet PestsProtect Yourself From Internet Pests
Protect Yourself From Internet Pestspeterhitch
 

Semelhante a Hello, My Name Is Host Name Endgrain Rad Kaminsky (20)

The Internet
The InternetThe Internet
The Internet
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 
Techno Security 2009 Presentation-Myrtle Beach
Techno Security 2009 Presentation-Myrtle BeachTechno Security 2009 Presentation-Myrtle Beach
Techno Security 2009 Presentation-Myrtle Beach
 
The World Wide Web CSCE 101 – Spring 2010
The World Wide Web CSCE 101 – Spring 2010The World Wide Web CSCE 101 – Spring 2010
The World Wide Web CSCE 101 – Spring 2010
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving services
 
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
 
Ch04 Footprinting and Social Engineering
Ch04 Footprinting and Social EngineeringCh04 Footprinting and Social Engineering
Ch04 Footprinting and Social Engineering
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspace
 
AUP.ppt
AUP.pptAUP.ppt
AUP.ppt
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
DBSecurity-Overview.ppt
DBSecurity-Overview.pptDBSecurity-Overview.ppt
DBSecurity-Overview.ppt
 
Network security
Network security Network security
Network security
 
When Worlds Collide: Ethics and Technology for Lawyers
When Worlds Collide: Ethics and Technology for LawyersWhen Worlds Collide: Ethics and Technology for Lawyers
When Worlds Collide: Ethics and Technology for Lawyers
 
An assesment of Cybersecurity challenge in Arusha
An assesment of Cybersecurity challenge in ArushaAn assesment of Cybersecurity challenge in Arusha
An assesment of Cybersecurity challenge in Arusha
 
Cyber ethics
Cyber ethicsCyber ethics
Cyber ethics
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling Blindspot
 
Internet And Google
Internet And GoogleInternet And Google
Internet And Google
 
P2p
P2pP2p
P2p
 
Protect Yourself From Internet Pests
Protect Yourself From Internet PestsProtect Yourself From Internet Pests
Protect Yourself From Internet Pests
 

Hello, My Name Is Host Name Endgrain Rad Kaminsky

  • 1. Hello, My Name is Host Name Endgrain Dan Kaminsky Tiffany Rad
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.

Notas do Editor

  1. While the research is specific to USM, we discovered similar setups at other universities. Presentation is not meant to target out any specific person or organization
  2. Dorm configuration adds “dorm” subdomain, giving away another piece of information to anyone who wants to get it. IT staff configuration shows that even for their own employees – USM either doesn't realize that they're exposing personal information or they just don't think that it's an issue. Websites, emails, file sharing, IRC... anything where communication exposes your IP.
  3. maine.edu is unavoidable. Usm sub-domain also rather needed. Dorm vs. wireless sub-domains give relative physical location and prior knowledge or a little research can give a more accurate physical location. Split campus – dorms in Gorham and most classes (wireless) are in Portland. FULL NAME – Why is it necesssary? Laziness or ease of administration? Bottom line: mention other universites.
  4. Wanted to know how people were granted access on the network. How to keep out public and allow easy use by students? Still don't know the details about how the DHCP server interfaces with the DB or whether it's built into the DHCP server.
  5. Using MAC addresses as a unique identifier is OK but it's not OK to assume that MAC addresses cannot be changed. Why aren't user's identities shielded by edge devices such as routers? Is there a reason that each user has their own external IP? MAC addresses aren't locked to one physical port on the network switches. Users can roam with their devices, even when using the Ethernet network. Student and faculty are constantly moving from network to network with their devices.
  6. It didn't take much to realize how this access control model could be circumvented. Can easily assume the identity of another user and perform otherwise suspicious or illegal activities.
  7. Are universities rolling their own software that generates user host names from full names or is there a piece of software that comes with the feature? Is it a coincidence that many universities around the country are using similar naming conventions or have they been suggested to do so? Is there some acceptable reason for every user to have an Internet routable IP address?