Week 08 : Security awareness and hacking

Slides:



Advertisements
Similar presentations
How to protect yourself, your computer, and others on the internet
Advertisements

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Security Risks. Introduction There are many security risks that can affect computers. How many of the following have you heard of before? We are going.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Internet Phishing Not the kind of Fishing you are used to.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Cyber X-Force-SMS alert system for threats.
Threats To A Computer Network
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
Quiz Review.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
How It Applies In A Virtual World
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Threats to I.T Internet security By Cameron Mundy.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Internet safety By Lydia Snowden.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Session Hijacking & ARP Poisoning Why web security depends on communications security and how TLS everywhere is the only solution.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber Crimes.
Viruses.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Staying Safe Online Keep your Information Secure.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
IT security By Tilly Gerlack.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
Internet and Social Media Security. Outline Statistics Facebook Hacking and Security Data Encryption Cell Phone Hacking.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
CCT355H5 F Presentation: Phishing November Jennifer Li.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Topic 5: Basic Security.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
INTRODUCTION & QUESTIONS.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
By Collin Donaldson Man in the Middle Attack: Password Sniffing and Cracking.
Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.
How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.
IT Security  .
ISYM 540 Current Topics in Information System Management
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
Teaching Computing to GCSE
Risk of the Internet At Home
Network Security: DNS Spoofing, SQL Injection, ARP Poisoning
HOW DO I KEEP MY COMPUTER SAFE?
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
Presentation transcript:

Week 08 : Security awareness and hacking PCB - Knowledge Sharing session

White hat vs Black hat hacking The good guys are "white hats," who identify weaknesses in systems so they can be fixed. "Black hats" are the ones who take advantage of weaknesses in systems.

3 main threats of the interweb * Just to list of some generic examples Hacking Man in the middle attack Key loggers DDoS (Distributed Denial of Service) Phishing Websites Email Spoofing (Identity Theft) Email Spoofing IP Spoofing/Gateway poisoning

Hacking : Man in the middle attack In some cases, users may be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any unencrypted information. In other cases, a user may be able to obtain information from the attack, but have to unencrypt the information before it can be read. The attacker intercepts some or all traffic coming from the computer, collects the data, and then forwards it to the destination the user was originally intending to visit.

Hacking : Man in the middle attack Watch the video below for a simulation of a MITM attack I’ve done on an unencrypted e-commerce website Initial chargeable figure was RM 43.00 but I could alter it to RM1.00 upon checkout http://www.youtube.com/watch?v=yGF4FQb9rHQ DISCLAIMER : No animals, property, human or interest was jeopardized during this process of “simulating” the scenario as the video below that depicts the MITM by Jermaine Cheah Penn Hon

Hacking : Man in the middle attack Prevention Only buy with trusted/reputable sites Only use trusted computers to perform online transactions Make sure you are not on a public untrusted network

Hacking : Key Logging … is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. 2 main types of key logging : Hardware based and software based

Hacking : Key Logging Hardware KeyLoggers

Hacking : Key Logging Software KeyLoggers Listener via Webpages field Background services Webcam hijacking

Hacking : Key Logging Prevention Use One-Time-Password (OTP) Use 2D password (Perhaps google authenticator) Change your password more often with higher complexity Cover your laptop webcam when not in use Only use trusted PC for sensitive transactions Use trusted anti-keylogging softwares like http://www.qfxsoftware.com/ (KeyScrambler)

Hacking : DDoS …is an attempt to make a machine or network resource unavailable to its intended users. A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are 2 general forms of DoS attacks: those that crash services and those that flood services.

Hacking : DDoS (Famous Cases) February, 2000: Mafiaboy Vs. Yahoo, CNN, eBay, Dell, & Amazon First largest DDoS in history Done by "Mafiaboy," a.k.a. 15-year-old Michael Calce Took down Yahoo, CNN, eBay, Dell, and Amazon picked up by Canadian police—while watching Goodfellas, allegedly—and plead guilty for hacking. 8months in a juvenile detention center and forced to donate $250 to charity. November 2008: Unknown Vs. Microsoft Windows (& the World)  Conficker worm exploited vulnerabilities in a number of Microsoft operating systems Infected PC would be turned into a botnet / zombie machine infected millions of computers and business networks in countries around the world, Protect yourself with this Conficker Removal Tool.

Hacking : DDoS Preventions Update antivirus Update Operation System fix Be more inclined with security news Avoid downloading media, softwares and files from untrusted sources Perform periodic scans on your machine

Phishing - Email Phishing email messages are designed to steal your identity. They ask for personal data, or direct you to websites or phone numbers to call where they ask you to provide personal data.

Phishing - Email What does a phishing email message look like? Usually spoofing bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site. They might appear to be from someone you in your email address book. They might ask phone call. Phone phishing scams direct you to call a phone number where a person or an audio response unit waits to take your account number, personal identification number you to make a, password, or other valuable personal data. They might include official-looking logos and other identifying information taken directly from legitimate websites, and they might include convincing details about your personal history that scammers found on your social networking pages. They might include links to spoofed websites where you are asked to enter personal information.

Phishing – Email Prevention Do not be greedy Again, do not be greedy Check links before proceeding Subscribe to phishing report list Do not simply disclose personal information Secured and reputable services will not ask you so verify yourself via email

Phishing - Website Phishing websites look legitimate and users would naturally enter their credentials and eventually fall into the trap of phishing. < A facebook phishing site

Phishing – Website Prevention Do not be greedy Again, do not be greedy Check links before proceeding Subscribe to phishing report list Do not simply disclose personal information Secured and reputable services will not ask you so verify yourself via email Do not login whilst using public open networks Phishing sites might even show your legitimate URL

Spoofing - email Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Spoofing – Website/IP/DNS

Spoofing – Website/IP/DNS Essentially, preliminary spoofing would display a misleading URL or so but it is still noticeable. More intermediate hackers could use methods like ARP poisoning, DNS spoofing and IP spoofing techniques to even forge SSL certs and URLs. ARP Poisoning - is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network.

Spoofing – Website/IP/DNS So, imagine u are looking at https://www.maybank2u.com.my/ but it is actually not an actual M2u site.

Spoofing – Website/IP/DNS Try to avoid using public networks Periodically perform scan on your PC to eliminate malicious agents Tether your mobile 3G for internet banking if you are on the go Phone cell spoofing is highly unlikely

That’s it! Thanks for your kind attention and please stay tuned for the Week 7 session next week. Good day! Prepared by : Jermaine

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.