Observa(on & Empirical Research. Advanced Persistent Threats & Social Engineering. Observa(on of complex systems
|
|
- Doreen Greene
- 8 years ago
- Views:
Transcription
1 17/03/15 Advanced Persistent Threats & Social Engineering SBA Research & Vienna University of Technology Edgar R. Weippl Observa(on & Empirical Research Observa(on of complex systems 1
2 Impact Real- World Problems NYT, By David E. Sanger and Nicole Perlroth February 14,
3 17/03/15 Empirical Research Dropbox Mar(n Mulazzani, Sebas(an SchriDwieser, Manuel Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds on the horizon: Using cloud storage as adack vector and online slack space. USENIX Security, 8/2011. WhatsApp Sebas(an SchriDwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Mar(n Mulazzani, Markus Huber, and Edgar R. Weippl. Guess who is texfng you? evalua(ng the security of smartphone messaging applica(ons. In Network and Distributed System Security Symposium (NDSS 2012), Feb Amazon Amir Herzberg and Haya Shulman and Johanna Ullrich and Edgar R. Weippl, Cloudoscopy: Services Discovery and Topology Mapping, in Proceedings of the ACM Cloud Compu(ng Security Workshop (CCSW) at ACM CCS 2013, Facebook Markus Huber, Sebas(an SchriDwieser, Mar(n Mulazzani, and Edgar Weippl. Appinspect: Large- scale evaluafon of social networking apps. In ACM Conference on Online Social Networks (COSN), Tor Philipp Winter and Richard Koewer and Mar(n Mulazzani and Markus Huber and Sebas(an SchriDwieser and Stefan Lindskog and Edgar R. Weippl, Spoiled Onions: Exposing Malicious Tor Exit Relays, in Proceedings of the 14th Privacy Enhancing Technologies Symposium, 2014 GSM Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Mar(n Mulazzani, and Edgar R. Weippl, IMSI- Catch Me If You Can: IMSI- Catcher- Catchers in Proceedings of ACSAC, 2014 Apple TwiDer ipdad iphone Mac Cool handle Digital Na(ves Google To buy stuff Amazon 1: Backup unknown 4: forgot PW? Support asks for: 2: Google 6: Add new CC: 9: Post nonsense to TwiDer Billing address 3: Backup: m n@me.com , CC (fake) Billing address Last 4 digits of CC 8: Devices iphone ipad Mac 5: Whois: Address 7: forgot PW? You need: , CC info Billing address Last 4 digits of other CCs are visible Slide by Christian Platzer, ISecLab, Vienna University of Technology 3
4 AppInspect: Large- scale Evalua(on of Social Networking Apps Social networks act as proxies between user and third- party providers Personal informa(on is transferred to providers App providers themselves rely on third- parfes (analy(cs, adver(sing products) Custom hosfng infrastructures Approval of apps with authenfcafon dialog System Architecture for Data Collec(on 4
5 Enumera(on Exhaus(ve search in June 2012 with character trigrams 434,687 unique applica(ons in two weeks Main obstacle: Facebook account rate limits Most Popular Apps 10,624 most popular app, 94.07% of samples cumula(ve applica(on usage Language: English (64.72%), 69 different languages 5
6 Permissions per Provider 4,747 applica(ons belonged to 1,646 dis(nct providers 60.24% of all providers requested personal address Suspicious Apps 40 providers requested more than 10 permissions 139 web tracking / adver(sing providers used Manually verified requested permissions vs. app func(onality Legi(mate uses da(ng and job hun(ng applica(ons XBOX applica(on (not available anymore) Malprac(ces Horoscopo Diario, 2.5 million monthly users Would only require birthdate, 25 different permissions Wisdom of the Buddha etc. 6
7 Informa(on Leaks 315 apps directly transferred sensi(ve informa(on (via HTTP parameter) Informa(on Leaks 51 applica(ons leaked unique user iden(fiers (HTTP Referrer) 14 out of these 51 applica(ons also leaked API authoriza(on tokens 7
8 Facebook Summary Reported our findings to Facebook in November 2012 Facebook responded within one week Skype mee(ngs with Facebook Facebook acknowledged problems and contacted developers Fixed in May 2013 Security and privacy implica(ons Since January 2010 unproxied access to address 60% of applica(on developers request address Social phishing, context- aware spam Users trackable with real name Hos(ng Number of hosts possible vulnerable FTP/SSH bruteforce Amazon EC2 community images Data Deduplica(on At the server Same file only stored once Save storage space at server At the client Calculate hash or other digest Reduce communica(on 8
9 Hash manipulafon Stolen Host ID ADacks Direct Up- /Download Uploading without linking Simple HTTPS request hdps://dl- clientxx.dropbox.com/ store 1. Steal hashes 4. Download all files of the victim 3. Link hashes with fake client 2. Send hashes to Attacker Attackers PC Victim using Dropbox Solu(ons Anermath Dropbox fixed the flaws Host ID is now encrypted No more client- side deduplica(on Proof of ownership Take down no(ce 9
10 Authen(ca(on Viber, WhatsApp, fring, GupShup, hike, KakaoTalk, Line, ChatOn, textplus and WeChat Man- in- the- Middle 10
11 WhatsApp in 2012 Forfone (Iphone + Android) 11
12 Spoofing Forfone WowTalk 12
13 XMS, JaxtrSMS (Android,!Iphone) LegiFmate Registering Spoofing Enumera(on ADack 13
14 Enumera(on ADack Status Messages 14
15 Results 2012 Re- Evalua(on
16 17/03/15 Empirical Research Dropbox Mar(n Mulazzani, Sebas(an SchriDwieser, Manuel Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds on the horizon: Using cloud storage as adack vector and online slack space. USENIX Security, 8/2011. WhatsApp Sebas(an SchriDwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Mar(n Mulazzani, Markus Huber, and Edgar R. Weippl. Guess who is texfng you? evalua(ng the security of smartphone messaging applica(ons. In Network and Distributed System Security Symposium (NDSS 2012), Feb Markus Huber, Sebas(an SchriDwieser, Mar(n Mulazzani, and Edgar Weippl. Appinspect: Large- scale evaluafon of social networking apps. In ACM Conference on Online Social Networks (COSN), Tor Philipp Winter and Richard Koewer and Mar(n Mulazzani and Markus Huber and Sebas(an SchriDwieser and Stefan Lindskog and Edgar R. Weippl, Spoiled Onions: Exposing Malicious Tor Exit Relays, in Proceedings of the 14th Privacy Enhancing Technologies Symposium, 2014 Facebook Amazon Amir Herzberg and Haya Shulman and Johanna Ullrich and Edgar R. Weippl, Cloudoscopy: Services Discovery and Topology Mapping, in Proceedings of the ACM Cloud Compu(ng Security Workshop (CCSW) at ACM CCS 2013, GSM Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Mar(n Mulazzani, and Edgar R. Weippl, IMSI- Catch Me If You Can: IMSI- Catcher- Catchers in Proceedings of ACSAC, 2014 Upcoming Conferences Sacmat 2015 hdp:// ARES 2015 hdp:// conference.eu/conf/ Esorics 2015 hdp://esorics2015.sba- research.org/ ACM CCS
17 17/03/15 Past Conferences 2014 GI Sicherheit 2014 hdp://sicherheit2014.sba- research.org/ DB Sec 2014 hdp://dbsec2014.sba- research.org/ IFIP WG 11.9 Interna(onal Conference on Digital Forensics research.org research.org 17
EHR: System Architecture and Systems Security An Analysis of Interdependencies. SBA Research & Vienna University of Technology Edgar R.
EHR: System Architecture and Systems Security An Analysis of Interdependencies SBA Research & Vienna University of Technology Edgar R. Weippl Typical Security Errors in Large-Scale Systems SBA Research
More informationWelcome to SBA Research! NIST/ACTS Team Visit Vienna, April 10 th, 2015
Welcome to SBA Research! NIST/ACTS Team Visit Vienna, April 10 th, 2015 SBA Research Overview Markus D. Klemen Managing director Basic facts Founded 2006 Research center (for applied information security)
More informationCloud Security and Mobile Applica4on Security
2/22/13 Cloud Security and Mobile Applica4on Security SBA Research & Vienna University of Technology Edgar R. Weippl Target Audience Graduate students in computer science Some knowledge in in security
More informationCloud Security and Mobile Application Security. SBA Research & Vienna University of Technology Edgar R. Weippl
Cloud Security and Mobile Application Security SBA Research & Vienna University of Technology Edgar R. Weippl Target Audience Graduate students in computer science Some knowledge in in security but no
More informationSBA Research. Angewandte Forschung Angewandtes Wissen. UBIT Club IT, 12. Mai 2015 Best of Cybersecurity
SBA Research Angewandte Forschung Angewandtes Wissen SBA Die Fakten gegründet 2006 größtes Forschungszentrum für IT-Sicherheit und einer der größten Sicherheitsdienstleister in der DACH-Region Know-how
More informationAppInspect: Large-scale Evaluation of Social Networking Apps
AppInspect: Large-scale Evaluation of Social Networking Apps ACM COSN, Boston, 10/08/2013 Markus Huber, Martin Mulazzani, Sebastian Schrittwieser, Edgar Weippl mhuber[at]sba-research[dot]org Main Contributions
More informationRe-evaluating Smartphone Messaging Application Security
Re-evaluating Smartphone Messaging Application Security Robin Müller University of Technology Vienna, Austria robin.m@gmx.at Abstract During the last two years mobile messaging and VoIP applications for
More informationGuess Who s Texting You? Evaluating the Security of Smartphone Messaging Applications
Guess Who s Texting You? Evaluating the Security of Smartphone Messaging Applications Sebastian Schrittwieser, Peter Frühwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, Edgar Weippl
More informationGuess Who s Texting You? Evaluating the Security of Smartphone Messaging Applications
Guess Who s Texting You? Evaluating the Security of Smartphone Messaging Applications Sebastian Schrittwieser, Peter Frühwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, Edgar Weippl
More informationBig Data & Security. Edgar Weippl SBA Research
Big Data & Security Edgar Weippl SBA Research Security Challenges Confidentiality Cloud storage (e.g. Dropbox) Authentication (e.g. WhatsApp) Open data vs. unintended data leaks Availability Dependability
More informationIAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner johannes.feichtner@iaik.tugraz.at IAIK
Motivation 2 Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at What you have heard last time Mobile devices: Short history, features Technical evolution, major OS,
More informationNetwork and device forensic analysis of Android social- messaging applica=ons
Network and device forensic analysis of Android social- messaging applica=ons Daniel Walnycky, Ibrahim Baggili, Andrew Marrington, Jason Moore, Frank Brei=nger Graduate Research Assistant, UNHcFREG Member
More informationSpoiled Onions: Exposing Malicious Tor Exit Relays
Spoiled Onions: Exposing Malicious Tor Exit Relays Philipp Winter, Richard Köwer, Martin Mulazzani, Markus Huber, Sebastian Schrittwieser, Stefan Lindskog, Edgar Weippl Outline This talk is about: Detecting
More informationHow To Manage A Mobile Device Management At Harvard
Demys&fying Mobile Device Management Challenges Indir Avdagic Director of Informa.on Security and Risk Management, SEAS Objec&ves Our hope is that this conversa0on will get people thinking about mobile
More informationAdventures in Bouncerland. Nicholas J. Percoco Sean Schulte Trustwave SpiderLabs
Adventures in Bouncerland Nicholas J. Percoco Sean Schulte Trustwave SpiderLabs Agenda Introduc5ons Our Mo5va5ons What We Knew About Bouncer Research Approach & Process Phase 0 Phase 1 7 Final Test What
More informationProtecting against Mobile Attacks
2014-APR-17 Protecting against Mobile Attacks Frankie Wong Security Analyst, HKCERT 1 Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537 2 Agenda Attacks moving to mobile
More informationIncident Response Using Splunk for State and Local Governments
Copyright 2013 Splunk Inc. Incident Response Using Splunk for State and Local Governments Bert Hayes Solu=ons Engineer bert@splunk.com #splunkconf Legal No=ces During the course of this presenta=on, we
More informationCloud Storage & Tools. Ford s Colony Computer & Technology Club
Cloud Storage & Tools Ford s Colony Computer & Technology Club What is the Cloud? Metaphor for the Internet Infrastructure hosted & maintained by 3 rd party Hardware & Server O/S Applica?ons Lowers cost
More informationPrivacy- Preserving P2P Data Sharing with OneSwarm. Presented by. Adnan Malik
Privacy- Preserving P2P Data Sharing with OneSwarm Presented by Adnan Malik Privacy The protec?on of informa?on from unauthorized disclosure Centraliza?on and privacy threat Websites Facebook TwiFer Peer
More informationA Brief Overview of the Mobile App Ecosystem. September 13, 2012
A Brief Overview of the Mobile App Ecosystem September 13, 2012 Presenters Pam Dixon, Execu9ve Director, World Privacy Forum Jules Polonetsky, Director and Co- Chair, Future of Privacy Forum Nathan Good,
More informationOAuth2 Ready or not? Dominick Baier h.p://leastprivilege.com @leastprivilege
OAuth2 Ready or not? Dominick Baier h.p://leastprivilege.com Dominick Baier Security consultant at thinktecture Focus on security in distributed applica9ons iden9ty management access control Windows/.NET
More informationMobile Weblink Security
Name Maryam Al- Naemi Date 11/01/2013 Subject ITGS higher level Title How safe is the informa@on we store on our smartphones? Area of impact Home & Leisure Social & Ethical Issue Security Ar:cle Smartphone
More informationMobile Applica,on and BYOD (Bring Your Own Device) Security Implica,ons to Your Business. Dmitry Dessiatnikov
Mobile Applica,on and BYOD (Bring Your Own Device) Security Implica,ons to Your Business Dmitry Dessiatnikov DISCLAIMER All informa,on in this presenta,on is provided for informa,on purposes only and in
More informationPerception and knowledge of IT threats: the consumer s point of view
Perception and knowledge of IT threats: the consumer s point of view It s hard to imagine life without digital devices, be it a large desktop computer or a smartphone. Modern users are storing some of
More informationBYPASSING THE ios GATEKEEPER
BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY
More informationCertified Secure Computer User
Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the
More informationEmail/Endpoint Security and More Rondi Jamison
Email/Endpoint Security and More Rondi Jamison Sr. Marke)ng Manager - Enterprise Security Strategy Agenda 1 Why Symantec? 2 Partnership 3 APS2 Packages 4 What s next Copyright 2014 Symantec Corpora)on
More informationReneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response
Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response Incident Response What is the most importance component of an Incident Response Program? Tools? Processes? Governance?
More informationCloud Security: Yesterday, Today, and Tomorrow
Cloud Security: Yesterday, Today, and Tomorrow Presentation by Gunnar Peterson www.arctecgroup.net 2005-9 Arctec Group Everything we think of as a computer today is really just a device that connects to
More informationSome Security Challenges of Cloud Compu6ng. Kui Ren Associate Professor Department of Computer Science and Engineering SUNY at Buffalo
Some Security Challenges of Cloud Compu6ng Kui Ren Associate Professor Department of Computer Science and Engineering SUNY at Buffalo Cloud Compu6ng: the Next Big Thing Tremendous momentum ahead: Prediction
More informationDATA BREACH RISK INTELLIGENCE FOR HIGHER ED. Financial prioritization of data breach risk in the language of the C-suite
DATA BREACH RISK INTELLIGENCE FOR HIGHER ED Financial prioritization of data breach risk in the language of the C-suite WHY? Slow, disruptive to students & staff Almost 1 million records were False positives,
More informationTutorial on Smartphone Security
Tutorial on Smartphone Security Wenliang (Kevin) Du Professor wedu@syr.edu Smartphone Usage Smartphone Applications Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security
More informationBacking Up Your Files. External Hard Drives
Backing Up Your Files As we become more and more dependent on technology to help accomplish our everyday tasks, we tend to forget how easily the information stored on our computers can be lost. Imagine
More informationCloud Compu)ng and Global Communica)ons. Steven M. Bellovin h:ps://www.cs.columbia.edu/~smb
1 Cloud Compu)ng and Global Communica)ons Steven M. Bellovin h:ps://www.cs.columbia.edu/~smb Cloud Compu)ng 2 3 What s a Cloud? l A cloud is a tradi)onal way to represent a network l This three- cloud
More informationCourse Content: Session 1. Ethics & Hacking
Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for
More informationApplication Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper
Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks Whitepaper The security industry has extensively focused on protecting against malicious injection attacks like
More informationDigital Consumer s Online Trends and Risks
Digital Consumer s Online Trends and Risks Modern consumers live a full-scale digital life. Their virtual assets like personal photos and videos, work documents, passwords to access social networking and
More informationHow To Use Splunk For Android (Windows) With A Mobile App On A Microsoft Tablet (Windows 8) For Free (Windows 7) For A Limited Time (Windows 10) For $99.99) For Two Years (Windows 9
Copyright 2014 Splunk Inc. Splunk for Mobile Intelligence Bill Emme< Director, Solu?ons Marke?ng Panos Papadopoulos Director, Product Management Disclaimer During the course of this presenta?on, we may
More informationOWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.
OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android
More informationA Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith
A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications Slides by Connor Schnaith Cross-Site Request Forgery One-click attack, session riding Recorded since 2001 Fourth out of top 25 most
More informationMonitoring mobile communication network, how does it work? How to prevent such thing about that?
Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘 維 亞 周 明 哲 劉 子 揚 (P78017058) (P48027049) (N96011156) 1 Contents How mobile communications work Why monitoring?
More informationINCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe
INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN Albin Penič Technical Team Leader Eastern Europe Trend Micro 27 years focused on security software Headquartered
More informationIntroduction to Dropbox. Jim Miller, LCITO Office 785.296.5566 Mobile 913.484.8013 Email jim.miller@las.ks.gov
Introduction to Dropbox Jim Miller, LCITO Office 785.296.5566 Mobile 913.484.8013 Email jim.miller@las.ks.gov Introduction to Dropbox What is it? Why use it? Mitigating the risks of using Dropbox? Dropbox
More informationIt s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions
It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect
More informationNo Cloud Allowed. Denying Service to DDOS Protection Services
No Cloud Allowed Denying Service to DDOS Protection Services Presented by: Allison Nixon Allison.Nixon@integralis.com Pentesting, Incident Response PaulDotCom host Cloud Based DDOS Protection How it works
More informationRunning Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationRich Communication Suite Enabler. plus integration with your existing VoIP services
Rich Communication Suite Enabler plus integration with your existing VoIP services Join the next generation telecom market and offer services that are blend the best features of Skype, Viber and WhatsApp.
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationSound-Proof: Usable Two-Factor Authentication Based on Ambient Sound
Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound Nikos Karapanos, Claudio Marforio, Claudio Soriente and Srdjan Čapkun ETH Zurich USENIX Security 2015 Web Authentication Supplementing
More informationTips for Banking Online Safely
If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationEnabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments
Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments Efficiently and Cost- Effectively Managing Mobility Risks in the Age of IT Consumerization Table of Contents EXECUTIVE
More informationPu?ng B2B Research to the Legal Test
With the global leader in sampling and data services Pu?ng B2B Research to the Legal Test Ashlin Quirk, SSI General Counsel 2014 Survey Sampling Interna6onal 1 2014 Survey Sampling Interna6onal Se?ng the
More informationEnterprise Apps: Bypassing the Gatekeeper
Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that
More informationKeeping Data Safe. Patients, Research Subjects, and You
Keeping Data Safe Patients, Research Subjects, and You How do hackers access a system Hackers Lurking in Vents and Soda Machines By NICOLE PERLROTH APRIL 7, 2014 New York Times SAN FRANCISCO They came
More informationCloud Computing for Education Workshop
Cloud Computing for Education Workshop 2012 Copyright REZA CURTMOLA, NJIT Why Should You Learn This? Learn some useful software and services Backup and sync your materials for teaching Data reliability
More informationNetwork Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones
Network Security Security in Compu5ng, Chapter 7 Topics l Network AAacks l Reconnaissance l AAacks l Spoofing l Web Site Vulnerabili5es l Denial of Service l Network Defences l Firewalls l Demilitarised
More informationAppInspect Large-scale Evaluation of Social Apps
1 AppInspect Large-scale Evaluation of Social Apps Markus Huber, Martin Mulazzani, Sebastian Schrittwieser, Edgar R. Weippl Vienna PhD School of Informatics SBA Research {mhuber,mmulazzani,sschrittwieser,eweippl}@sba-research.org
More information16 CLOUD APPS YOU NEED TO KNOW IF EMPLOYEES ARE USING
16 CLOUD APPS YOU NEED TO KNOW IF EMPLOYEES ARE USING One of the biggest risks that companies face today is the growing popularity and availability of cloud-based applications shadow IT. These applications
More informationCloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research
t Cloud Security Let s Open the Box t Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research Facts about Ericsson Ericsson is a world-leading provider of telecommunication equipment and
More informationEncrypting Business Files in the Cloud
Quick Guide for IT-Security and Data Privacy Encrypting Business Files in the Cloud Requirements for data security in the cloud End to end encryption Secure file transfers Data Security in the Cloud A
More informationDIGITAL FORENSIC INVESTIGATION OF CLOUD STORAGE SERVICES
DIGITAL FORENSIC INVESTIGATION OF CLOUD STORAGE SERVICES Hyunji Chung, Jungheum Park, Sangjin Lee, Cheulhoon Kang Presented by: Abdiwahid Abubakar Ahmed, ID #201205820 2 OUTLINE 1. Introduction 2. Cloud
More informationWhy you need. McAfee. Multi Acess PARTNER SERVICES
Why you need McAfee Multi Acess PARTNER SERVICES McAfee Multi Access is an online security app that protects all types of devices. All at once. The simple monthly subscription covers up to five devices
More informationReport on Consumer Behaviors and Perceptions of Mobile Security. Presented by NQ Mobile & NCSA January 25, 2012
Report on Consumer Behaviors and Perceptions of Mobile Security Presented by NQ Mobile & NCSA January 25, 2012 Methodology Online survey of 1,158 consumers. Participants had to own a smartphone. Respondents
More informationGyrus: A Framework for User- Intent Monitoring of Text- Based Networked ApplicaAons
Gyrus: A Framework for User- Intent Monitoring of Text- Based Networked ApplicaAons Yeongjin Jang*, Simon P. Chung*, Bryan D. Payne, and Wenke Lee* *Georgia Ins=tute of Technology Nebula, Inc 1 Tradi=onal
More informationLooking Ahead The Path to Moving Security into the Cloud
Looking Ahead The Path to Moving Security into the Cloud Gerhard Eschelbeck Sophos Session ID: SPO2-107 Session Classification: Intermediate Agenda The Changing Threat Landscape Evolution of Application
More informationCloud Compu)ng in Educa)on and Research
Cloud Compu)ng in Educa)on and Research Dr. Wajdi Loua) Sfax University, Tunisia ESPRIT - December 2014 04/12/14 1 Outline Challenges in Educa)on and Research SaaS, PaaS and IaaS for Educa)on and Research
More informationThe downturn and the cloud..challenge and solution?
The downturn and the cloud..challenge and solution? Dr Adrian Davis, MBCS, CITP Head, Leadership and Management Group Information Security Forum Research and Services Team What the ISF provides for its
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One End User Security, IS Control Evaluation & Self- Assessment Information Security Trends and Countermeasures
More informationBig Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data
Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data
More informationCertified Secure Computer User
Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The
More informationCloud App Security. Tiberio Molino Sales Engineer
Cloud App Security Tiberio Molino Sales Engineer 2 Customer Challenges 3 Many Attacks Include Phishing Emails External Phishing attacks: May target specific individuals or companies Customer malware or
More informationThe smartphone revolution
Mobile Applications Security Eugene Schultz, Ph.D., CISSP, CISM, GSLC Chief Technology Officer Emagined Security EugeneSchultz@emagined.com ISSA-Los Angeles Los Angeles, California January 19, 2011 Emagined
More informationKaspersky Security for Mobile Administrator's Guide
Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that
More informationFRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES SECURITY
More informationU.S. Cellular Mobile Data Security. User Guide Version 00.01
U.S. Cellular Mobile Data Security User Guide Version 00.01 Table of Contents Install U.S. Cellular Mobile Data Security...3 Activate U.S. Cellular Mobile Data Security...3 Main Interface...3 Checkup...4
More informationEncyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.
Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:
More informationHow To Perform a SaaS Applica7on Inventory in. 5Simple Steps. A Guide for Informa7on Security Professionals. Share this ebook
How To Perform a SaaS Applica7on Inventory in 5Simple Steps A Guide for Informa7on Security Professionals WHY SHOULD I READ THIS? This book will help you, the person in the organiza=on who cares deeply
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationDetecting Cyber Attacks in a Mobile and BYOD Organization
SOLUTION BRIEF Detecting Cyber Attacks in a Mobile and BYOD Organization Explore the challenges, understand the needs, evaluate mobile device management as an approach to detecting attacks and offer a
More informationA Practical Attack to De Anonymize Social Network Users
A Practical Attack to De Anonymize Social Network Users Gilbert Wondracek () Thorsten Holz () Engin Kirda (Institute Eurecom) Christopher Kruegel (UC Santa Barbara) http://iseclab.org 1 Attack Overview
More informationMonitoring commercial cloud service providers
Monitoring commercial cloud service providers July Author: Lassi Kojo Supervisor: Stefan Lüders CERN openlab Summer Student Report Abstract There is a growing tendency by individuals to sign-up for public
More informationThis is a picture of a kiqen
Who am I? 11 years in InfoSec with 5 years of hobby work prior to that Primary interests: penetra;on tes;ng, intrusion detec;on, and log correla;on Currently employed as an InfoSec generalist at a cloud
More informationWhite paper. Phishing, Vishing and Smishing: Old Threats Present New Risks
White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationGoogle Drive lets you store and share all your stuff, including documents, videos, images and other files that are important to
What are Docs & Drive? Docs Use Google Docs, Sheets and Slides for document editing anywhere, anytime. Google Docs is an online word processor that lets you create and format text documents and collaborate
More informationBackground. Personal cloud services are gaining popularity
Background Personal cloud services are gaining popularity Many providers enter the market. (e.g. Dropbox, Google, Microso
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationSecurity Evaluation CLX.Sentinel
Security Evaluation CLX.Sentinel October 15th, 2009 Walter Sprenger walter.sprenger@csnc.ch Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel.+41 55-214 41 60 Fax+41 55-214 41
More informationactivecho Frequently Asked Questions
activecho Frequently Asked Questions What are the benefits of activecho? activecho allows your organization to provide an on-premise, managed and secure alternative to Dropbox and other file synching and
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More informationConnec(ng to the NC Educa(on Cloud
NC Educa)on Cloud Connec(ng to the NC Educa(on Cloud May 2012 Update! http://cloud.fi.ncsu.edu! Dave Furiness, MCNC! Phil Emer, Friday Institute! 1 First Things First Year one was about planning we are
More informationFor example some Bookkeepers are using Dropbox to share the accounting files between them and their client.
DropBox vs SugarSync - File storage in the cloud 1 Dropbox There are a number of solutions emerging into the market, which provide users the ability to store files in the cloud, which provide a number
More informationPrivileged Administra0on Best Prac0ces :: September 1, 2015
Privileged Administra0on Best Prac0ces :: September 1, 2015 Discussion Contents Privileged Access and Administra1on Best Prac1ces 1) Overview of Capabili0es Defini0on of Need 2) Preparing your PxM Program
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationMobile Printing for Business Made Easy
Mobile Printing for Business Made Easy If users know how to send an email or go to a Web address, they can print with EveryonePrint EveryonePrint is the perfect fit for any business of any size, where
More informationCloud and Security (Cloud hacked via Cloud) Lukas Grunwald
Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral
More informationM2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC
M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security Mihai Voicu CIO/CSO ILS Technology LLC Topics 1 What is the role of standardization in security for M2M solutions? 2 How are TIA and other
More informationECE 646, CRYPTOGRAPHY PROJECT SPECIFICATION GEORGE MASON UNIVERSITY FALL, 2013
ECE 646, CRYPTOGRAPHY PROJECT SPECIFICATION GEORGE MASON UNIVERSITY FALL, 2013 v Team members: Kunal Pillai Asrat Dea Ravi Chandra Reddy Kambalapally v Cryptographic Security for Cloud Storage Cloud storage
More information