In the beginning, people inherently distrusted the Internet, however, Social Networking has changed this. People now enter information without even thinking of how it will affect them. This presentation will explain the shift in trust, with real-life examples, and what we as the security community need to do to change.
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Security? Who cares! - Brett Hardin
1. Security?
Who
Cares!
Privacy is Dead
Brett Hardin
March 3, 2010 1 BsidesSF
2. Who Am I
Brett Hardin
@miscsecurity
Old Lives: ✓Pen Tester
✓Security Researcher
Currently: ✓Product Manager
Brett Hardin - BsidesSF 2
3. • Inviting my Dad to LinkedIn
Brett Hardin - BsidesSF 3
4. Disconnected
Generation
• “Older” Generations don’t get it.
• “Younger” Generations do.
• Do They?
Brett Hardin - BsidesSF 4
5. Geo Location
• Geo Location becoming more available.
• Open APIs make this Scary
Brett Hardin - BsidesSF 5
6. Permission Based
Systems
• When you tweet out your Foursquare check-ins (some people even do this
automatically), it essentially makes Foursquare an asymmetric network. And
believe it or not, some people are doing that without really thinking about it.
Or they’re doing it because it’s easier to gain friends/followers on an
asymmetric network.
• Connecting them to non-permission based
systems.
Brett Hardin - BsidesSF 6
11. • Share a bunch of information with people
you don’t care about.
• “Connect” with old friends
• Flog the dead horse.
Brett Hardin - BsidesSF 11
12. DOD okays use of
Social Networks
• February 26, 2010
• DOD okays use of Social Networks
• (http://www.defense.gov/NEWS/DTM%2009-026.pdf)
• “Scary Precedent”?
• http://wefollow.com/twitter/military
Brett Hardin - BsidesSF 12
13. • Who has heard
of Blippy?
Brett Hardin - BsidesSF 13
14. Social Demographics
being harvested
• To identify “creditworthy”
customers, CC companies
are beginning to harvest
info from social networking
sites.
• http://www.creditcards.com/credit-card-news/social-networking-
social-graphs-credit-1282.php
Brett Hardin - BsidesSF 14
15. ! Security as a Process
• How many times have you heard this?
• It’s not working!
• We need new concepts.
• People will continue to get compromised.
Brett Hardin - BsidesSF 15
16. Are we doing our Job?
(Raise your hands)
• Who here works for a company who
creates software?
• Who here, be honest, has an actual SDLC
process?
• Who started one?
Brett Hardin - BsidesSF 16
17. What can we do?
• Work Harder?
• Complain?
• Drop It?
• http://www.youtube.com/watch?v=6qIgVrOy9vM
• “It’s over Johnny, It’s Over!”
• “Nothing is Over! Nothing!”
Brett Hardin - BsidesSF 17
18. Where to Begin?
• I don’t know.
• Embrace it?
• Public Networks are Public
Brett Hardin - BsidesSF 18