Security? Who Cares! - Privacy is Dead

Transcript

1. Security? Who Cares! Privacy is Dead BsidesSF March 3, 2010

   Brett Hardin 1

2. Brett Hardin - BsidesSF Who Am I 2 ✓Pen Tester

   ✓Security Researcher Old Lives: @miscsecurity Currently: Brett Hardin ✓Product Manager

3. Brett Hardin - BsidesSF • Inviting my Dad to LinkedIn

   3

4. Brett Hardin - BsidesSF Disconnected Generation • “Older” Generations don’t

   get it. • “Younger” Generations do. • Do They? 4

5. Brett Hardin - BsidesSF • Geo Location becoming more available.

   • Open APIs make this Scary Geo Location 5

6. Brett Hardin - BsidesSF Permission Based Systems • When you

   tweet out your Foursquare check-ins (some people even do this automatically), it essentially makes Foursquare an asymmetric network. And believe it or not, some people are doing that without really thinking about it. Or they’re doing it because it’s easier to gain friends/followers on an asymmetric network. • Connecting them to non-permission based systems. 6

7. Brett Hardin - BsidesSF 7

8. Brett Hardin - BsidesSF 8

9. Brett Hardin - BsidesSF 9 A mayor you say?

10. Brett Hardin - BsidesSF 10 http://foursquare.com/venue/1404526

11. Brett Hardin - BsidesSF • Share a bunch of information

    with people you don’t care about. • “Connect” with old friends • Flog the dead horse. 11

12. Brett Hardin - BsidesSF DOD okays use of Social Networks

    • February 26, 2010 • DOD okays use of Social Networks • (http://www.defense.gov/NEWS/DTM%2009-026.pdf) • “Scary Precedent”? • http://wefollow.com/twitter/military 12

13. Brett Hardin - BsidesSF • Who has heard of Blippy?

    13

14. Brett Hardin - BsidesSF Social Demographics being harvested • To

    identify “creditworthy” customers, CC companies are beginning to harvest info from social networking sites. • http://www.creditcards.com/credit-card-news/social-networking- social-graphs-credit-1282.php 14

15. Brett Hardin - BsidesSF Security as a Process • How

    many times have you heard this? • It’s not working! • We need new concepts. • People will continue to get compromised. 15 !

16. Brett Hardin - BsidesSF Are we doing our Job? (Raise

    your hands) • Who here works for a company who creates software? • Who here, be honest, has an actual SDLC process? • Who started one? 16

17. Brett Hardin - BsidesSF What can we do? • Work

    Harder? • Complain? • Drop It? • http://www.youtube.com/watch?v=6qIgVrOy9vM • “It’s over Johnny, It’s Over!” • “Nothing is Over! Nothing!” 17

18. Brett Hardin - BsidesSF Where to Begin? • I don’t

    know. • Embrace it? • Public Networks are Public 18