1 / 17

Social Networking hacks

Social Networking hacks. Austin Enfield. Overview. Noted Hacks Session Hijacking Social Engineering Identity theft. Noted Hacks. Linkedin hack Myspace hacker Samy Worm. Hacked. 6.4 million passwords stolen Uploaded to Russian language forum.

carol
Download Presentation

Social Networking hacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Social Networking hacks Austin Enfield

  2. Overview Noted Hacks Session Hijacking Social Engineering Identity theft

  3. Noted Hacks Linkedin hack Myspace hacker Samy Worm

  4. Hacked 6.4 million passwords stolen Uploaded to Russian language forum http://www.wordtracker.com/attachments/LinkedIn-Logo.png

  5. Myspace Hack Myspace Hacker Phishing and XSS http://www.countryvillageresort.com/httpdocs/assets/images/myspace-logo.png

  6. The Samy Worm • Samy Kamkar • Over 1 million affected • Shutdown Myspace October 4, 2005 • Added friends automaticaly • Added “but most of all, samy is my hero” to heros section http://richardvelazquez.files.wordpress.com/2010/10/myspace-primary_logo-blue_clean.jpg

  7. Samy Worm • Grew Exponentially • Shut down the site in <20 hours • First web 2.0 worm • Entered Plea agreement to the felony charge on January 31, 2007 • Three years probation with no non work based computer use • 90 days community service • undisclosed amount restitution payment

  8. Session Hijacking • Phishing • XSS • sidejacking • DroidSheep • Firesheep

  9. FireSheep • Firefox addon • Oct 24, 2010 • Free open source • Gui based Sidejacker • Forced facebook and twitter to require HTTP secure http://www.mozilla.org/en-US/press/image-library/firefox-wordmark-vertical.png

  10. Social Engineering • Gain access to personal info by Posing as friend • Use links in personal messages with redirects • Identity theft

  11. Social-Engineer Toolkit (SET) • Attacks the human element • Part of standard penetration tests • Preforms phishing, man in the middle

  12. Identity Theft • 15 million victims a year • Average of $3,500 in loss • Stronger trend towards social engineering to gain information

  13. Identity Theft • Common information found • Full name (particularly your middle name) • Date of birth (often required) • Home town • Relationship status • School locations and graduation dates • Pet names • Other affiliations, interests and hobbies

  14. Prevention • Education • Don’t post anything personal • Verify sources before giving any info

  15. Review • Noted Hacks • Session Hijacking • Social Engineering • Identity theft

  16. Works Cited • Butler, Eric. "FireSheep." Code Butler. N.p., 24 2010. Web. 3 Dec 2012. < http://codebutler.com/firesheep/>. • . "Computer Based Social Engineering Tools: Social Engineer Toolkit (SET)." Social Engineering Framework. N.p., 13 2010. Web. 3 Dec 2012. < http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)>. • Curry, Coleen. "6.4 Million Passwords Reportedly Stolen From LinkedIn Website." ABC News. ABC, 06 2012. Web. 3 Dec 2012. < http://abcnews.go.com/US/linkedin-hacked-64-million-user-passwords-reportedly-leaked/story?id=16508728> • dipman44, . " hack anyones myspace(WORKING!!)." 2007. N.p., Online Posting to All-nettools forums. Web. 3 Dec. 2012. <http://www.all-nettools.com/forum/showthread.php?5753-hack-anyones-myspace(WORKING!!)> • "How it Works." Myspace Hacker Pro. N.p.. Web. 3 Dec 2012. <http://myspacehackerpro.com/p/how-it-works/> • . "Identity Theft Victim Statistics." IdentityTeft.info. N.p.. Web. 3 Dec 2012. <http://www.identitytheft.info/victims.asp&xgt;.

  17. Works Cited cont. • . "I'll never get caught. I'm Popular." namb. N.p., October 2005. Web. 3 Dec 2012. <http://namb.la/popular/>. • Lewis, Kent. "How Social Media Networks Facilitate Identity Theft and Fraud ." Entrepreneurs' Organization. N.p.. Web. 3 Dec 2012. <http://www.eonetwork.org/knowledgebase/specialfeatures/pages/social-media-networks-facilitate-identity-theft-fraud.aspx >. • McMillan, Robert. "MySpace Hacker Tells His Story." PCWorld. N.p., 20 2007. Web. 3 Dec 2012. <http://www.pcworld.com/article/139812/article.html> • Roba, . "How to Hack Facebook: The Trick is Social Engineering." thought pick. N.p., 09 2009. Web. 3 Dec 2012. <http://blog.thoughtpick.com/2009/12/how-to-hack-facebook-the-trick-is-social-engineering.html>. • . "Samy (computer worm)." Wikipedia. N.p., 27 2012. Web. 3 Dec 2012. <http://en.wikipedia.org/wiki/Samy_(computer_worm)>. • . "Session hijacking." Wikipedia. N.p., 09 2012. Web. 3 Dec 2012. <http://en.wikipedia.org/wiki/Session_hijacking>.

More Related