Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Apple

advertisement 
•
•
•
•
•
Survey results: why this stuff matters
Case study: Mat Honan hacking case
Social Networking safety
Examples
Tech demo
Social Media
• Form of communication in which users create online
communities to share info, ideas, personal messages,
etc.
Your lives are only going to get more complicated.
Now is the time to build good habits and learn
to be safe and secure.
• Mat Honan hack
• Customer service transcript
• Prevention
Mat Honan
Wired.com
• Add a fake credit card number to account
• Call back, tell them you’re locked out of account
• Use that fake CC number to verify your identity
• Lets you see last 4 digits of all credit cards on
account
Which is all you need to reset your account with…
• Gained access to Apple account
• Remote device wipes
Use @me.com email to reset passwords. Like…
• Another password reset
• Entire account deleted
What was their final goal?
• Twitter account: @mat
• Load up wall with racist, homophobic tweets
• Deleted Gmail and wiped devices to keep Mat from
regaining access to Twitter
One weak link can let someone into your entire digital life.
And often that
weak link is
convenience.
People really do this.
DON’T
Security
Convenience
and
…are not friends.
Convenience will always betray security.
Taken from a January 2012 live chat between Apple
online support and a hacker posing as a real Apple
customer
Source: http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/2/
Apple: Can you answer a question from the account?
Name of your best friend?
Hacker: I think that is “Kevin” or “Austin” or “Max.”
Apple: None of those answers are correct. Do you think you
may have entered last names with the answer?
Apple: The last four of the card are incorrect. Do you
have another card?
Hacker: Can you check again? I’m looking at my Visa
here, the last 4 is “5555.”
Apple: Yes, I have checked again. 5555 is not what is on
the account. Did you try to reset online and choose
email authentication?
Apple: You want to try the first and last name for the best
friend question?
Hacker: Here, I’m back. I think the answer might be Chris?
He’s a good friend.
Apple: I am sorry, Brian, but that answer is incorrect.
Hacker: Christopher A********h is the full name. Another
possibility is Raymond M*******r.
Apple: Both of those are incorrect as well.
Hacker: I’m just gonna list off some friends that might be
haha. Brian C**a. Bryan Y***t. Steven M***y.
Apple: How about this. Give me the name of one of
your custom mail folders.
Hacker: “Google” “Gmail” “Apple” I think. I’m a
programmer at Google.
Apple: OK, “Apple” is correct. Can I have an alternate
email address for you?
Hacker: The alternate email I used when I made the
account?
Apple: I will need an email address to send you the
password reset.
Hacker: Can you send it to “toe@aol.com”?
Apple: The email has been sent.
Hacker: Thanks!
What can prevent this sort of hack?
Two-factor
authentication
(as of March 22, 2013)
Password Managers
LastPass
1Password
RoboForm
Lock down your cell phone!
• Passcode lock
• Use remote tracking/wiping
Find my iPhone (or iPad…or MacBook)
Cerberus
SeekDroid
COMMON
SENSE
• Don’t overshare
• Remember your audience
• Crime + Facebook = BAD
Sharing Too Much
• Personal Information
– Address, Phone Number, Password
• Social Plans
• Negative Attitude
– Complaints, Criticism, Threats
Fired because of Facebook
• Woman blasts her boss with Facebook post
– Turns out her boss was a Facebook friend
– She was immediately fired
Fired because of Facebook
• Waitress fired for complaining about customers
– Ashley Johnson, a former waitress at Brixx, a pizza
restaurant, claims she was fired from her job for
complaining about customers on her Facebook account.
Self-Incrimination
Choose your friends wisely
• Never be online friends with someone you don’t know in
real life
– Online predators
– Cyber-stalking
– Cat-fishing
COMMON
SENSE
• Phishing
• Malicious advertising
• Scareware
Phishing
Email pretending to be from legitimate
companies to trick you into revealing
personal information
Bad grammar
False sense of
urgency
http://www.daycomsolutions.com
http://www.daycomsolutions.com
http://www.daycomsolutions.com
Fake Ads
• Common on piracy/warez/porn sites
• Try to mine your personal information or
install malware
Suspicious Websites
•
•
•
•
Offer free downloads
Many Annoying Ads and Pop-ups
Tacky Appearance
Asks you to download plug-ins
Live TV Cafe
4Shared
Softonic
Use Sites Like These:
Hulu
Scareware
• Pretends to be system messages or antivirus
programs.
• Takes advantage of less savvy users.
DEMO
• Sub7 “remote administration” tool
• Worst-case malware
Related documents
Sequencing - Heritage Baptist Church
Sequencing - Heritage Baptist Church
Target Marketing Describe an appropriate target market for each of
Target Marketing Describe an appropriate target market for each of
Influence of Vision & Mission
Influence of Vision & Mission
Basic Apple Configurator Preferences
Basic Apple Configurator Preferences
Sample Press Release - USGBC
Sample Press Release - USGBC
An Overview of Marketing
An Overview of Marketing
Download
advertisement