Embed Size (px)
DESCRIPTION
Slide sull'approccio hacker alla sicurezza, passando da lockpicking, biometria e penetration test fantasiosi
Citation preview
Alessio L.R. [email protected]: mayhemsppFaceBook: alessio.pennasilico
Roma, 7 Aprile 2011
All your bases belong to us!
All your bases belong to us! [email protected]
$ whois mayhem
Board of Directors:CLUSIT, Associazione Informatici Professionisti (AIP/OPSI),
Associazione Italiana Professionisti Sicurezza Informatica (AIPSI), Italian Linux Society (ILS), OpenBSD Italian User Group,
Hacker’s Profiling Project
2
Security Evangelist @
All your bases belong to us! [email protected]
Hacker?
The Tech Model Railroad club is an MIT student activity founded during the 1946-1947 school year, making
this our 60th year, and making TMRC one of the oldest clubs at MIT.
The Tech Model Railroad Club (TMRC) caters to model railroaders, railfans, and hackers alike. Our activities involve all aspects of model railroading, including the
application of computer technology and timetable passenger and card-order freight operation.
3
Hacking?
All your bases belong to us! [email protected]
Quanto ci vuole?
http://www.youtube.com/watch?v=pgE1YJWQzTA
6
All your bases belong to us! [email protected]
Come funziona?
http://www.youtube.com/watch?v=_sQ9gcjtLQM7
All your bases belong to us! [email protected]
Per tutte le serrature?
http://www.youtube.com/watch?v=g0Zw4JI4cxs&feature=related
8
All your bases belong to us! [email protected]
Biometria
Uso cosciente?
“Qualcosa che si possiede”
Change Password
10
All your bases belong to us! [email protected]
Social Engineering
è più facile decriptare
una password
o chiederla?
11
All your bases belong to us! [email protected]
Facebook Hacking
“The social reconnaissance enabled us to identify 1402 employees 906 of which used facebook.”
[…]“We also populated the profile with information about our experiences at work by using combined
stories that we collected from real employee facebook profiles.”
http://snosoft.blogspot.com/2009/02/facebook-from-hackers-perspective.html
12
All your bases belong to us! [email protected]
Fiducia
“Upon completion we joined our customer's facebook group. Joining wasn't an issue and
our request was approved in a matter of hours. Within twenty minutes of being
accepted as group members, legitimate customer employees began requesting our
friendship. […] Our friends list grew very quickly and included managers, executives, secretaries, interns, and even contractors.”
13
All your bases belong to us! [email protected]
Risultati
“We used those credentials to access the web-vpn which in turn gave us access to the
network. As it turns out those credentials also allowed us to access the majority of systems on the network including the Active Directory server, the mainframe, pump control systems,
the checkpoint firewall console, etc.”
14
All your bases belong to us! [email protected]
Come mi proteggo?
(Pen)Test
Analisi (efficacia? deterrente?)
Formazione
15
Conclusioni
All your bases belong to us! [email protected]
Conclusioni
Non fidarci di misure di sicurezza
il cui scopo è farci sentire sicuri
non quello di proteggerci
17
All your bases belong to us! [email protected]
Conclusioni
Dobbiamo rifuggire la pigrizia mentale
Chi vuole i nostri dati lo farà per certo
18
Alessio L.R. [email protected]: mayhemsppFaceBook: alessio.pennasilico
Roma, 7 Aprile 2011
Domande?
These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution-ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :)
Grazie per l’attenzione!
