Presentation is loading. Please wait.

Presentation is loading. Please wait.

Week 08 : Security awareness and hacking

Published byEarl Eaton Modified over 8 years ago

Similar presentations

Presentation on theme: "Week 08 : Security awareness and hacking"— Presentation transcript:

1 Week 08 : Security awareness and hacking
PCB - Knowledge Sharing session

2 White hat vs Black hat hacking
The good guys are "white hats," who identify weaknesses in systems so they can be fixed. "Black hats" are the ones who take advantage of weaknesses in systems.

3 3 main threats of the interweb
* Just to list of some generic examples Hacking Man in the middle attack Key loggers DDoS (Distributed Denial of Service) Phishing Websites Spoofing (Identity Theft) Spoofing IP Spoofing/Gateway poisoning

4 Hacking : Man in the middle attack
In some cases, users may be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any unencrypted information. In other cases, a user may be able to obtain information from the attack, but have to unencrypt the information before it can be read. The attacker intercepts some or all traffic coming from the computer, collects the data, and then forwards it to the destination the user was originally intending to visit.

5 Hacking : Man in the middle attack
Watch the video below for a simulation of a MITM attack I’ve done on an unencrypted e-commerce website Initial chargeable figure was RM but I could alter it to RM1.00 upon checkout DISCLAIMER : No animals, property, human or interest was jeopardized during this process of “simulating” the scenario as the video below that depicts the MITM by Jermaine Cheah Penn Hon

6 Hacking : Man in the middle attack
Prevention Only buy with trusted/reputable sites Only use trusted computers to perform online transactions Make sure you are not on a public untrusted network

7 Hacking : Key Logging … is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. 2 main types of key logging : Hardware based and software based

8 Hacking : Key Logging Hardware KeyLoggers

9 Hacking : Key Logging Software KeyLoggers Listener via Webpages field
Background services Webcam hijacking

10 Hacking : Key Logging Prevention Use One-Time-Password (OTP)
Use 2D password (Perhaps google authenticator) Change your password more often with higher complexity Cover your laptop webcam when not in use Only use trusted PC for sensitive transactions Use trusted anti-keylogging softwares like (KeyScrambler)

11 Hacking : DDoS …is an attempt to make a machine or network resource unavailable to its intended users. A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are 2 general forms of DoS attacks: those that crash services and those that flood services.

12 Hacking : DDoS (Famous Cases)
February, 2000: Mafiaboy Vs. Yahoo, CNN, eBay, Dell, & Amazon First largest DDoS in history Done by "Mafiaboy," a.k.a. 15-year-old Michael Calce Took down Yahoo, CNN, eBay, Dell, and Amazon picked up by Canadian police—while watching Goodfellas, allegedly—and plead guilty for hacking. 8months in a juvenile detention center and forced to donate $250 to charity. November 2008: Unknown Vs. Microsoft Windows (& the World)  Conficker worm exploited vulnerabilities in a number of Microsoft operating systems Infected PC would be turned into a botnet / zombie machine infected millions of computers and business networks in countries around the world, Protect yourself with this Conficker Removal Tool.

13 Hacking : DDoS Preventions Update antivirus
Update Operation System fix Be more inclined with security news Avoid downloading media, softwares and files from untrusted sources Perform periodic scans on your machine

14 Phishing - Phishing messages are designed to steal your identity. They ask for personal data, or direct you to websites or phone numbers to call where they ask you to provide personal data.

15 Phishing - Email What does a phishing email message look like?
Usually spoofing bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site. They might appear to be from someone you in your address book. They might ask phone call. Phone phishing scams direct you to call a phone number where a person or an audio response unit waits to take your account number, personal identification number you to make a, password, or other valuable personal data. They might include official-looking logos and other identifying information taken directly from legitimate websites, and they might include convincing details about your personal history that scammers found on your social networking pages. They might include links to spoofed websites where you are asked to enter personal information.

16 Phishing – Email Prevention Do not be greedy Again, do not be greedy
Check links before proceeding Subscribe to phishing report list Do not simply disclose personal information Secured and reputable services will not ask you so verify yourself via

17 Phishing - Website Phishing websites look legitimate and users would naturally enter their credentials and eventually fall into the trap of phishing. < A facebook phishing site

18 Phishing – Website Prevention Do not be greedy Again, do not be greedy
Check links before proceeding Subscribe to phishing report list Do not simply disclose personal information Secured and reputable services will not ask you so verify yourself via Do not login whilst using public open networks Phishing sites might even show your legitimate URL

19 Spoofing - spoofing may occur in different forms, but all have a similar result: a user receives that appears to have originated from one source when it actually was sent from another source. spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

20 Spoofing – Website/IP/DNS

21 Spoofing – Website/IP/DNS
Essentially, preliminary spoofing would display a misleading URL or so but it is still noticeable. More intermediate hackers could use methods like ARP poisoning, DNS spoofing and IP spoofing techniques to even forge SSL certs and URLs. ARP Poisoning - is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network.

22 Spoofing – Website/IP/DNS
So, imagine u are looking at but it is actually not an actual M2u site.

23 Spoofing – Website/IP/DNS
Try to avoid using public networks Periodically perform scan on your PC to eliminate malicious agents Tether your mobile 3G for internet banking if you are on the go Phone cell spoofing is highly unlikely

24 That’s it! Thanks for your kind attention and please stay tuned for the Week 7 session next week. Good day! Prepared by : Jermaine

Download ppt "Week 08 : Security awareness and hacking"

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.

Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Security Risks. Introduction There are many security risks that can affect computers. How many of the following have you heard of before? We are going.

Security Risks. Introduction There are many security risks that can affect computers. How many of the following have you heard of before? We are going.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Threats To A Computer Network

Threats To A Computer Network
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Teach a man (person) to Phish Recognizing email scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
Quiz Review.

Quiz Review.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Similar presentations

Ads by Google