SlideShare una empresa de Scribd logo

B-sides Las Vegas - social network security

Descargar como PPT, PDF
D
Damon Cortesi

A presentation I gave at the first b-sides Las Vegas security conference showing the security challenges we face going forward in the era of open-by-default social networking.

Tecnología
1 de 59
Twitter API Hacks Unicorns Hacks Unicorns ,[object Object],[object Object],Social Networking, Raping the Twitter API, the Age Before Firewalls/Unicorns and the Pitfalls of Rapid Application Development -- Crowd-sourced version. ;)
@dacort
A Twistory of Security #fail Security #fail
April 2008 ,[object Object]
July 2008 ,[object Object]
 
Fix ,[object Object],[object Object],[object Object]
#FAIL ,[object Object]
 
November 2008 ,[object Object]
 
Password Security 5 Minutes Later
December 2008 ,[object Object]
December 2008 ,[object Object],[object Object]
Retrieve Username $.getJSON(&quot; http://twitter.com /statuses/user_timeline?count=1&callback=? &quot;, function(data) { alert(&quot;Username is: &quot; + data[0].user.screen_name ) }); {&quot;text&quot;:&quot;Pretty sure humans have kneecaps so we can slam them into tables. *ow*&quot;,&quot;truncated&quot;:false, &quot;user&quot; :{&quot;following&quot;:null,&quot;time_zone&quot;:&quot;Pacific Time (US & Canada)&quot;,&quot;description&quot;:&quot;Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http:tweetstats.com and http:ratemytalk.com).&quot;, &quot;screen_name&quot;:&quot;dacort&quot; ,&quot;utc_offset&quot;:-28800,&quot;profile_sidebar_border_color&quot;:&quot;87bc44&quot;,&quot;notifications&quot;:null,&quot;created_at&quot;:&quot;Thu Dec 21 07:14:05 +0000 2006&quot;,&quot;profile_text_color&quot;:&quot;000000&quot;,&quot;url&quot;:&quot;http:dcortesi.com&quot;,&quot;name&quot;:&quot;Damon Cortesi&quot;,&quot;statuses_count&quot;:21385,&quot;profile_background_image_url&quot;:&quot;http:static.twitter.comimagesthemestheme1bg.gif&quot;,&quot;followers_count&quot;:4441,&quot;protected&quot;:false,&quot;profile_link_color&quot;:&quot;A100FF&quot;,&quot;profile_background_tile&quot;:false,&quot;friends_count&quot;:1775,&quot;profile_background_color&quot;:&quot;000000&quot;,&quot;verified&quot;:false,&quot;favourites_count&quot;:202,&quot;profile_image_url&quot;:&quot;http:s3.amazonaws.comtwitter_productionprofile_images90802743Famous_Glasses_normal.jpg&quot;,&quot;location&quot;:&quot;Seattle, WA&quot;,&quot;id&quot;:99723,&quot;profile_sidebar_fill_color&quot;:&quot;e0ff92&quot;},&quot;in_reply_to_status_id&quot;:null,&quot;created_at&quot;:&quot;Mon Jul 27 21:37:53 +0000 2009&quot;,&quot;in_reply_to_user_id&quot;:null,&quot;favorited&quot;:false,&quot;in_reply_to_screen_name&quot;:null,&quot;id&quot;:2877957719,&quot;source&quot;:&quot;<a href=amp;quot;http: www.atebits.com amp;quot;>Tweetie<a>&quot;}
Courtesy of @harper
January 2009 ,[object Object],[object Object],[object Object],[object Object],[object Object]
March 2009 ,[object Object],[object Object],[object Object]
April 2009 ,[object Object],[object Object],[object Object]
April 2009 ,[object Object],[object Object],[object Object]
 
April 2009 ,[object Object],[object Object],[object Object],[object Object]
Saturday, April 11 Sunday, April 12
Monday, April 13 Friday, April 17
 
July 2009 ,[object Object]
Cloud Services ,[object Object],[object Object],[object Object],[object Object],[object Object]
Cloud vs ? ,[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Before I continue... ,[object Object],[object Object],[object Object],[object Object]
Not just Twitter ,[object Object],[object Object],[object Object],[object Object],[object Object]
Phishing ,[object Object],[object Object],[object Object],[object Object],[object Object]
Malware || Misinformation ,[object Object]
Too easy...
But wait, there’s more
And MORE!
Users - #twitterpornname ,[object Object],[object Object]
Oh, Shorteners...
 
TinyURL @rafallos
Third Parties ,[object Object],[object Object],[object Object]
Not just Twitter ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
OAuth Will Save us All
Not really... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Again, Not just Twitter “ What Other Users Can See via the Facebook Platform” “ When a friend of yours allows an application to access their information, that application may also access any information about you that your friend can already see.”
#FAIL ,[object Object],[object Object],[object Object],[object Object],[object Object]
In ur Cookies
The rest of Web 2.0 ,[object Object]
Info Disclosure ,[object Object],[object Object]
Poor Design ,[object Object],[object Object],[object Object],[object Object]
Geo-Loc SQLi ,[object Object],[object Object],[object Object],[object Object],[object Object]
Web 2.0 Frameworks ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
Web 2.0 Frameworks ,[object Object],[object Object],[object Object],[object Object],[object Object]
RESTful APIs ,[object Object],[object Object]
Why? ,[object Object],[object Object],[object Object],[object Object]
Disclosure... ,[object Object],[object Object]
Web Disclosure ,[object Object],[object Object],[object Object],[object Object],[object Object]
Solutions? ,[object Object],[object Object],[object Object]

Recomendados

Year 7 - Week 5 esafety
Year 7 - Week 5 esafetyYear 7 - Week 5 esafety
Year 7 - Week 5 esafetyteachesict
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
obtain additional security
obtain additional security obtain additional security
obtain additional security snobbishmishap958
 
Social Networking Presentation
Social Networking PresentationSocial Networking Presentation
Social Networking PresentationDerwin Kitch
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014B2BPlanner Ltd.
 
Twarfing: Malicious Tweets
Twarfing: Malicious TweetsTwarfing: Malicious Tweets
Twarfing: Malicious TweetsCostin Raiu
 
Border crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsBorder crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsErnest Staats
 

Recomendados

Year 7 - Week 5 esafety
Year 7 - Week 5 esafetyYear 7 - Week 5 esafety
Year 7 - Week 5 esafetyteachesict
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
obtain additional security
obtain additional security obtain additional security
obtain additional security snobbishmishap958
 
Social Networking Presentation
Social Networking PresentationSocial Networking Presentation
Social Networking PresentationDerwin Kitch
 
Home and Business Computer Security 2014
Home and Business Computer Security 2014Home and Business Computer Security 2014
Home and Business Computer Security 2014B2BPlanner Ltd.
 
Twarfing: Malicious Tweets
Twarfing: Malicious TweetsTwarfing: Malicious Tweets
Twarfing: Malicious TweetsCostin Raiu
 
Border crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsBorder crossing mobile social media life-saving security tips
Border crossing mobile social media life-saving security tipsErnest Staats
 
hire a hacker
hire a hackerhire a hacker
hire a hackerhackany1
 
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Jbyte
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Hacker halted2
Hacker halted2Hacker halted2
Hacker halted2samsniderheld
 
Internet for everyone
Internet for everyoneInternet for everyone
Internet for everyoneAshesh R
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHPAllan Shone
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Michele Butcher-Jones
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browserkevpatel
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²Salah Benzakour
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesPECB
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014sabinovates
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hackingth3prodevelopper
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteDeola Kayode
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 
朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013CP Yen Foundation 朝邦文教基金會
 
Greeks
GreeksGreeks
Greeksttoney
 

Más contenido relacionado

La actualidad más candente

hire a hacker
hire a hackerhire a hacker
hire a hackerhackany1
 
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Jbyte
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Internet for everyone
Internet for everyoneInternet for everyone
Internet for everyoneAshesh R
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHPAllan Shone
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Michele Butcher-Jones
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browserkevpatel
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²Salah Benzakour
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesPECB
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Esteban Bedoya
 
WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014sabinovates
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hackingth3prodevelopper
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteDeola Kayode
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 

La actualidad más candente (20)

hire a hacker
hire a hackerhire a hacker
hire a hacker
 
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities Web Aplication Vulnerabilities
Web Aplication Vulnerabilities
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP Meetup
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Hacker halted2
Hacker halted2Hacker halted2
Hacker halted2
 
Internet for everyone
Internet for everyoneInternet for everyone
Internet for everyone
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHP
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!
 
What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browser
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
 
What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²What The Fuck Is Web Squared - Web²
What The Fuck Is Web Squared - Web²
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small Businesses
 
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.Hacking with experts 3 (facebook hacking) by anurag dwivedi.
Hacking with experts 3 (facebook hacking) by anurag dwivedi.
 
WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014WP Security - Master Class #SMWLagos2014
WP Security - Master Class #SMWLagos2014
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hacking
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press website
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of Security
 

Destacado

Greeks
GreeksGreeks
Greeksttoney
 
Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010Daniel Feldt
 
Amit Golchha_CV
Amit Golchha_CVAmit Golchha_CV
Amit Golchha_CVamitjain
 
509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdl509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdlSHAPE Society
 
Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?tonyosailing
 
Welfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare ReformWelfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare ReformMark
 
Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011Michael Severy
 
Trading not for profits
Trading not for profitsTrading not for profits
Trading not for profitstonyosailing
 
LCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 yearsLCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 yearstonyosailing
 
Welfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to WorkWelfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to WorkMark
 
Social Media's Impact on Your Job Search
Social Media's Impact on Your Job SearchSocial Media's Impact on Your Job Search
Social Media's Impact on Your Job SearchMichael Severy
 
Trabajo sociales
Trabajo socialesTrabajo sociales
Trabajo socialesmbeam
 
Survey Results - Your Me
Survey Results - Your MeSurvey Results - Your Me
Survey Results - Your MeMark
 

Destacado (20)

朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013朝邦基金會 對話力課程及引導服務 2013
朝邦基金會 對話力課程及引導服務 2013
 
Greeks
GreeksGreeks
Greeks
 
Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010Demografi Movie Zine Feb 2010
Demografi Movie Zine Feb 2010
 
Amit Golchha_CV
Amit Golchha_CVAmit Golchha_CV
Amit Golchha_CV
 
509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdl509 chromosome 6p linked to high hdl
509 chromosome 6p linked to high hdl
 
Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?Making membership matter - are we a market or a movement?
Making membership matter - are we a market or a movement?
 
Welfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare ReformWelfare Reform Consultation Survey - Welfare Reform
Welfare Reform Consultation Survey - Welfare Reform
 
Twitter Awesomeness
Twitter AwesomenessTwitter Awesomeness
Twitter Awesomeness
 
Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011Social Media in the Job Search - #naca2011
Social Media in the Job Search - #naca2011
 
Trading not for profits
Trading not for profitsTrading not for profits
Trading not for profits
 
朝邦對話新訊息 August cpyf dialogue newsletter
朝邦對話新訊息 August cpyf dialogue newsletter朝邦對話新訊息 August cpyf dialogue newsletter
朝邦對話新訊息 August cpyf dialogue newsletter
 
CPYF november 2010 newsletter: Innovations Start Small
CPYF november 2010 newsletter: Innovations Start SmallCPYF november 2010 newsletter: Innovations Start Small
CPYF november 2010 newsletter: Innovations Start Small
 
STeLA Progress Report (2010/06/12)
STeLA Progress Report (2010/06/12)STeLA Progress Report (2010/06/12)
STeLA Progress Report (2010/06/12)
 
STeLA Progress Report (2010-06-05)
STeLA Progress Report (2010-06-05)STeLA Progress Report (2010-06-05)
STeLA Progress Report (2010-06-05)
 
LCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 yearsLCVS Strategic framework - our roadmap for the next 5 years
LCVS Strategic framework - our roadmap for the next 5 years
 
072 ct angiography
072 ct angiography072 ct angiography
072 ct angiography
 
Welfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to WorkWelfare Reform Consultation Survey - New Deal and Pathways to Work
Welfare Reform Consultation Survey - New Deal and Pathways to Work
 
Social Media's Impact on Your Job Search
Social Media's Impact on Your Job SearchSocial Media's Impact on Your Job Search
Social Media's Impact on Your Job Search
 
Trabajo sociales
Trabajo socialesTrabajo sociales
Trabajo sociales
 
Survey Results - Your Me
Survey Results - Your MeSurvey Results - Your Me
Survey Results - Your Me
 

Similar a B-sides Las Vegas - social network security

StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...Start Pad
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecurityDeja vu Security
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001Miguel Ibarra
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Monique Jones
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Beneluxxsist10
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Cenzic
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaGilles Sgro
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPIJie Liau
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Jeremiah Grossman
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
Hotspot: Openness and API's
Hotspot: Openness and API'sHotspot: Openness and API's
Hotspot: Openness and API'sMartijn Pannevis
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopErnest Staats
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsCenzic
 
091209 Mc Afee Roundtable
091209 Mc Afee Roundtable091209 Mc Afee Roundtable
091209 Mc Afee RoundtableHarvard PR
 

Similar a B-sides Las Vegas - social network security (20)

StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu Security
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)Seguridad Corporativa Con Internet Explorer 8(1)
Seguridad Corporativa Con Internet Explorer 8(1)
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Benelux
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPI
 
Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)Top Ten Web Hacking Techniques (2010)
Top Ten Web Hacking Techniques (2010)
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
Hotspot: Openness and API's
Hotspot: Openness and API'sHotspot: Openness and API's
Hotspot: Openness and API's
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
 
091209 Mc Afee Roundtable
091209 Mc Afee Roundtable091209 Mc Afee Roundtable
091209 Mc Afee Roundtable
 

Último

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Último (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

B-sides Las Vegas - social network security

  • 1.
  • 3. A Twistory of Security #fail Security #fail
  • 4.
  • 5.
  • 6.  
  • 7.
  • 8.
  • 9.  
  • 10.
  • 11.  
  • 12. Password Security 5 Minutes Later
  • 13.
  • 14.
  • 15. Retrieve Username $.getJSON(&quot; http://twitter.com /statuses/user_timeline?count=1&callback=? &quot;, function(data) { alert(&quot;Username is: &quot; + data[0].user.screen_name ) }); {&quot;text&quot;:&quot;Pretty sure humans have kneecaps so we can slam them into tables. *ow*&quot;,&quot;truncated&quot;:false, &quot;user&quot; :{&quot;following&quot;:null,&quot;time_zone&quot;:&quot;Pacific Time (US & Canada)&quot;,&quot;description&quot;:&quot;Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http:tweetstats.com and http:ratemytalk.com).&quot;, &quot;screen_name&quot;:&quot;dacort&quot; ,&quot;utc_offset&quot;:-28800,&quot;profile_sidebar_border_color&quot;:&quot;87bc44&quot;,&quot;notifications&quot;:null,&quot;created_at&quot;:&quot;Thu Dec 21 07:14:05 +0000 2006&quot;,&quot;profile_text_color&quot;:&quot;000000&quot;,&quot;url&quot;:&quot;http:dcortesi.com&quot;,&quot;name&quot;:&quot;Damon Cortesi&quot;,&quot;statuses_count&quot;:21385,&quot;profile_background_image_url&quot;:&quot;http:static.twitter.comimagesthemestheme1bg.gif&quot;,&quot;followers_count&quot;:4441,&quot;protected&quot;:false,&quot;profile_link_color&quot;:&quot;A100FF&quot;,&quot;profile_background_tile&quot;:false,&quot;friends_count&quot;:1775,&quot;profile_background_color&quot;:&quot;000000&quot;,&quot;verified&quot;:false,&quot;favourites_count&quot;:202,&quot;profile_image_url&quot;:&quot;http:s3.amazonaws.comtwitter_productionprofile_images90802743Famous_Glasses_normal.jpg&quot;,&quot;location&quot;:&quot;Seattle, WA&quot;,&quot;id&quot;:99723,&quot;profile_sidebar_fill_color&quot;:&quot;e0ff92&quot;},&quot;in_reply_to_status_id&quot;:null,&quot;created_at&quot;:&quot;Mon Jul 27 21:37:53 +0000 2009&quot;,&quot;in_reply_to_user_id&quot;:null,&quot;favorited&quot;:false,&quot;in_reply_to_screen_name&quot;:null,&quot;id&quot;:2877957719,&quot;source&quot;:&quot;<a href=amp;quot;http: www.atebits.com amp;quot;>Tweetie<a>&quot;}
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.  
  • 22.
  • 23. Saturday, April 11 Sunday, April 12
  • 24. Monday, April 13 Friday, April 17
  • 25.  
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 37.
  • 39.  
  • 41.
  • 42.
  • 43. OAuth Will Save us All
  • 44.
  • 45. Again, Not just Twitter “ What Other Users Can See via the Facebook Platform” “ When a friend of yours allows an application to access their information, that application may also access any information about you that your friend can already see.”
  • 46.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.  
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.

Notas del editor

  1. Twitter has had a great history of #fail’s, and I’ve been there to screencap a lot of ‘em.
  2. July is when I quite my job and entered the self-employed world. I had some extra time on my hands...
  3. Obama, Britney Spears, etc - 33 total.
  4. Twitter has had a great history of #fail’s, and I’ve been there to screencap a lot of ‘em.