The "mess" in mobile instant messengers Markus Vogl
|
|
- Tamsyn Fox
- 6 years ago
- Views:
Transcription
1 The "mess" in mobile instant messengers Markus Vogl
2 Whoami Network & Security master JKU Bachelor thesis Evaluation of the IM Landscape : öä.eu/bac.pdf Overview table: öä.eu/bac.html vogl91@gmail.com Not: Lawyer, cryptographer, sponsored PGP: 6C48 29CD 43A FB F95 14F6 5C11 7E62 Questions: Wire, Signal, WA; LIFO
3 Instant Messaging In use for 20 years New hype with social media Rapidly changing, updates since late Sept.: Facebook got E2EE + self destroying messages Facebook lite WhatsApp got VideoChat Signal and Wire got self destroying messages Google Allo updated to 2.0, keychange notif.
4
5 History 2000: Early messengers: ICQ, MSN, Skype 2005: Rise of social networks 2011: NSA leaks by Manning 2013: Snowden leaks, Merkelphone affair 2014: WhatsApp sold: $19B 2014: We kill people based on Metadata General Hayden, Director of NSA & CIA 2014
6 Security 101 Basic IM/Crypto knowledge assumed Information Security: Confidentiality - Encryption Integrity - Signatures Availability Proxy, DOS-Prevention Non-Repudiation Plausible Deniability Pseudonymity: N-Anonymity, Tor PFS (Perfect Forward Secrecy) Session keys, not long term key E2EE (End2End Encryption)
7 Data in IM Transferred messages Presence and status data logging Message history seperately stored Conflicting to E2EE / PFS, often in cloud Login and profile data Contact lists
8 Metadata in IM Unintentionally/unavoidably produced Low level: IPs, port, packet size Received / read / now typing notification Server-connection-times Multimedia metadata Text/Language metadata: keystroke dynamics, spelling mistakes
9 Metadata protection Protection: Xprivacy (Xposed Module) AppOps (<4.3) Privacy Guard (Cyanogen) Permission Manager (>5) Don t link accounts Disabling IM features like location Sleeping, turning off, killing Tor, Proxy, GnuNet, I2P
10 Attackers and attacks Alice: Bad user configuration/defaults Bob: Conversation partner leaks Snapchat save module, photo of screen Cain: Physical attacker Telegram: No default encryption Theft, borrowing, shoulder surfing, ADB backup over OTG-USB Developer, vendor: Closed source, auto update, backdoors, shipped software, third party apps
11 Attackers and attacks Eavesdropper: Classic MITM with technical vulnerabilities Future: Exponential growth(?), unknown algorithms, quantum computing Government: Block specific services ARP/DHCP/DNS spoofing, TLS exploits, GSM Chinese firewall, Twitter during protests Host: Cloud hosting, ISPs Legal and technical access
12 Risks and mitigation Weak number verification and login Guess 4/6-digit-code, MITM link Oauth/OpenID, multimodal login, biometrics Mobile network Chat history SS7 backbone network, GSM issues, LTE Self destorying, do not save to cloud Presence and contact lists DP5: Dagstuhl privacy preservering presence proto Local storage or decentralized
13 Analyzed messengers and protocols Order: Open to closed; Big to small userbase Open protocol and open source Open protocol and closed source FB Messenger, WhatsApp, Snapchat, Threema Closed protocol and closed source XMPP, Telegram, Signal/Wire, Ricochet, Ring/Tox Skype, imessage, Google *, Viber, Wickr Honorable mentions
14 Open source Open protocol
15 XMPP: extensible Message & Presence Protocol Mobile clients: ChatSecure, Conversations Federated: Host your server, like Mess #1: 10 RFCs: , 4622, 4854, 5122, , 669 pages Mess #2: 380 XEPs (XMPP Extension Protocols), fragmentation, incompatiblity PGP, OTR, OMEMO (multidevice OTR), no e2ee-muc Multiple for mobile optimizations Multiple for live audio/video and file sharing Bare XMPP has minimal features and only TLS Security is not a feature you tack on
16 Telegram Bound to phone number Mess #1: Insecure by default Mess #2: No encrypted group chats Mess #3: Weird selfmade MTProto No TLS/HTTPS, no Axelotl Cert-pin by hardcoded RSA signature key Documentation!= Implementation Paper (2015) showed minor integrity flaws Seperate long term key per partner
17 Signal / Wire Axelotl/TextSecure/Signal protocol: First half of a DH-like key exchange (prekey for OTR) stored on server, PGP-like signed PGP like fingerprints Allows OTR with offline messages Signal / Signal protocol: Phone number, Multiparty-chat, 1:1 voice Legally: USA, Hosted: AmazonWS, using GCM Open source servers Wire / Proteus protocol: Phone number and/or + password Multiparty-voice, 1:1 video, multimedia features Legally in CH, Hosted in CH / EU, closed servers
18 Tox / Ring Decentralized protocol Every client is a server with an ID Blocking impossible, monitoring hard Storing data in Distributed Hash Table Difference: Cryptographic primitives Full multimedia capabilities Mess #1: No offline capabilites Mess #2: Bad mobile capabilites Mess #3: Accountfiles lost account lost
19 Ricochet Using TOR hidden services as username Nearly impossible to monitor Same flaws as TOX/Ring Only PC-client Only 1:1 chat, no multimedia, no voice
20 Closed source Open protocol
21 FB Messenger MQTT (Message Query Telemetry Transport Protocol) Designed for Machine2Machine / IoT Energy saving, modern, binary Subscriber-publisher based Bound to Facebook account Most features of all IMs Mess #1: Insecure by default Mess #2: New feature: Optional Signal E2EE Unaudited Only 1:1 text with app
22 WhatsApp Worldwide most used pure IM Since 2016: Signal encrypted Basically a closed source Signal Also using GCM Hosted and owned by Facebook Mess: Backups all conversations to icloud / Google Cloud by default
23 Snapchat Over 100 million users Focus: Spontaneous sharing Deletes history on app-close Early adopter of self-destroying messages: Notifies other if screenshot taken Mess #1: Client-sided feature: Can be disabled with XPosed Module SnapPrefs Mess #2: Reverse engineered protocol: Not E2EE Using a REST API over HTTPS Showed various horrible flaws
24 Threema Mess #1: 3.5 Million users Mess #2: Costs money (~3 ) Audited well-documented E2EE protocol Also uploads backups to Google Clouds Encrypts with a password Bound to 8-alphanum-ID Also adds by phone number No live video, no self destroying messages Hosted and legally in CH
25 Closed source Closed protocol Mess Mess Mess Mess #1: #2: #3: #4: Unknown code... sending unknown data... to USA-based companies monetizing your data
26 Skype 300 Million users Internally using Windows Live Protocol Early adopter of live audio/video Mess #1: No E2EE Mess #2: Involved in PRISM
27 imessage Shipped with Apple devices Self-made E2EE crypto like Telegram Mess #1: Undocumented Mess #2: Limited to Apple devices
28 Google Allo Previous attempts: Google Plus Chat Google Talk (XMPP based!) Google Hangouts (partially replaced by Duo) Mess #1: Just optional E2EE Undocumented Unaudited Can talk to Google Assistant Chatbot Based on phone number
29 Viber Claims to have 700m registered users Same concept as Skype Based on phone number Self-made weird closed E2EE protocol Mess #1: Key not verifiable Mess #2: Previously analyzed users calls
30 Blackberry Messenger Early adopter of secure mobile IM in 2005 Previously only for Blackberry devices Mess #1: No special features or E2EE Mess #2: Shared data with canadian mounted police
31 Wickr Basically free Threema Mess #1: Closed protocol Mess #2: Based in USA Early adopter of self destroying messages Featured in Mr. Robot At least better than Snapchat
32 Honorable Mentions Franz: Desktop based multimessenger Using web-interfaces basically a browser Made in Austria Slack and Slack-Clones: Focus on cooperative working Basically IRC with a webinterface Some allow self-hosting, nearly all HTTPS
33 Honorable Mentions Various locally popular messengers like Line, WeChat, Tencent QQ, KIK, RenRen, KakaoTalk with 200M-800M users No or bad E2EE, often not even TLS/HTTPS Closed source, closed protocol Used because others are blocked Mostly comparable to Facebook Messenger
34 User requirements Ease of use Number based tools Pseudonymity Account/Mail based tools Sharing private information E2EE, self destorying messages, use your brain Trust in software open software Best privacy, whistleblowing, censorship Tor, Decentralized, PGP, Basic Infosec Company guidelines Selfhosted or E2EE
35 Summary Huge improvement in the last years HTTPS by default, mostly cert-pinned Big players have verifiable E2EE Horrible solutions are still in use Good solutions are far from perfect Best solution depends on requirements Try out Signal, Wire, Tox and Ricochet! Thesis/table: öä.eu/bac.pdf bac.html
SECURE COMMUNICATIONS: PAST, PRESENT, FUTURE
SECURE COMMUNICATIONS: PAST, PRESENT, FUTURE Jean-Philippe Aumasson P U B L I C THE SPEAKER PhD in cryptography from EPFL & FHNW, 2009 Principal Cryptographer at Kudelski Security Designed popular algorithms:
More informationBIOCODED. On-premise encrypted text, multimedia and voice communication. Product by
On-premise encrypted text, multimedia and voice communication Product by is a solution that provides privacy for your communication needs. Biocoded is independent of network operators. Requires data network/internet
More informationTungsten Security Whitepaper
Tungsten Labs UG (haftungsbeschränkt) Email: contact@tungsten-labs.com Web: http://tungsten-labs.com Monbijouplatz 5, 10178 Berlin Tungsten Security Whitepaper Berlin, May 2018 Version 1 Contents Introduction
More informationMan in the middle attack on TextSecure Signal. David Wind IT SeCX 2015
Man in the middle attack on TextSecure Signal David Wind IT SeCX 2015 $ whoami David Wind Information Security Master student @ University of Applied Science St. Pölten Working for XSEC infosec GmbH since
More informationDeveloping an End-to-End Secure Chat Application
108 IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.11, November 2017 Developing an End-to-End Secure Chat Application Noor Sabah, Jamal M. Kadhim and Ban N. Dhannoon Department
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationExperimental Analysis of Popular Anonymous, Ephemeral, and End-to-End Encrypted Apps
UEOP 2016 Experimental Analysis of Popular Anonymous, Ephemeral, and End-to-End Encrypted Apps Lucky Onwuzurike and Emiliano De Cristofaro University College London https://emilianodc.com Our Work
More informationCS Paul Krzyzanowski
Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide
More informationDecentralised Communication: The challenge of balancing interoperability and privacy.
Decentralised Communication: The challenge of balancing interoperability and privacy. matthew@matrix.org http://www.matrix.org Privacy in Matrix 2 Two basic types of privacy: 1. Can attackers see what
More informationWorldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System
Your world, Secured 2016 Worldwide Release System Overview Wi-Fi interception system is developed for police operations and searching of information leaks in the office premises, government agencies and
More informationUSER PERCEPTION OF DELETING INSTANT MESSAGES EuroUSEC 18, London, UK, 23 April 2018
OVERVIEW Instant Messaging New WhatsApp feature introduced October 2017 Delete messages for everyone Do users delete messages? How do other messengers do this? Do users know what happens? What do users
More informationThe Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science
The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.
More informationRCS THE GLOBAL PERSPECTIVE DAVID O BYRNE, PROGRAMME DIRECTOR - GSMA
RCS THE GLOBAL PERSPECTIVE DAVID O BYRNE, PROGRAMME DIRECTOR - GSMA RCS LAUNCH STATUS 60 RCS Launches 90 Announced 100% launched Multiple RCS launches Forecast to go from one to multiple launches in 2018
More informationOnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization
The Tor Project Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention.
More informationIntroducing COI: Chat over IMAP Modern Messaging over
Introducing COI: Chat over IMAP Modern Messaging over Email Robert Virkus 2018-10-29 1 Vision 2 What s the Problem? Messaging silos lock us in Proprietary services operated by a single company, several
More informationCONIKS: Bringing Key Transparency to End Users
CONIKS: Bringing Key Transparency to End Users Morris Yau 1 Introduction Public keys must be distributed securely even in the presence of attackers. This is known as the Public Key Infrastructure problem
More informationsecure communications
Jabber security Peter Saint-Andre stpeter@jabber.org secure communications with Jabber Jabber is... open technologies real-time messaging presence multimedia negotiation and more invented by Jeremie Miller
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationComputer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 15. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 April 24, 2017 CS 419 2017 Paul Krzyzanowski 1 Private Browsing Browsers offer a "private" browsing modes
More informationPrivate Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes
Private Browsing Computer Security 16. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 Browsers offer a "private" browsing modes Apple Private Browsing, Mozilla Private Browsing,
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationReal-time protocol. Chapter 16: Real-Time Communication Security
Chapter 16: Real-Time Communication Security Mohammad Almalag Dept. of Computer Science Old Dominion University Spring 2013 1 Real-time protocol Parties negotiate interactively (Mutual) Authentication
More informationCERTIFIED SECURE COMPUTER USER COURSE OUTLINE
CERTIFIED SECURE COMPUTER USER COURSE OUTLINE Page 1 TABLE OF CONTENT 1 COURSE DESCRIPTION... 3 2 MODULE-1: INTRODUCTION TO DATA SECURITY... 4 3 MODULE-2: SECURING OPERATING SYSTEMS... 6 4 MODULE-3: MALWARE
More informationIphone Setting Privacy Microphone Viber Set To On >>>CLICK HERE<<<
Iphone Setting Privacy Microphone Viber Set To On In privacy setting i don't find facetime accessing microphone. iphone 4S Again while using viber, if I set it to loud speaker, rare end doesn't hear my
More informationDefinition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party
Definition Anonymous Communication Hiding identities of parties involved in communications from each other, or from third-parties Who you are from the communicating party Who you are talking to from everyone
More informationCSCE 813 Internet Security Final Exam Preview
CSCE 813 Internet Security Final Exam Preview Professor Lisa Luo Fall 2017 Coverage All contents! Week1 ~ Week 15 The nature of the exam: 12 questions: 3 multiple choices questions 1 true or false question
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More information(In-)secure messaging with SCimp
(In-)secure messaging with SCimp Sebastian R. Verschoor and Tanja Lange (with many slides and pictures by Sebastian) University of Waterloo / Eindhoven University of Technology CryptoAction Symposium 2017
More informationUFED Cloud Analyzer. Traces and changes. February Version 6.0
UFED Cloud Analyzer Traces and changes February 2017 Version 6.0 Legal notices Copyright 2017 Cellebrite Mobile Synchronization Ltd. All rights reserved. This manual is delivered subject to the following
More informationProduct Brief. Circles of Trust.
Product Brief Circles of Trust www.cryptomill.com product overview Circles of Trust is an enterprise security software system that eliminates the risks associated with data breaches from a hacker attack
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Real-Time Communication Security Network layers
More informationCourse Outline (version 2)
Course Outline (version 2) Page. 1 CERTIFIED SECURE COMPUTER USER This course is aimed at end users in order to educate them about the main threats to their data s security. It also equips the students
More informationCNT4406/5412 Network Security
CNT4406/5412 Network Security Authentication Zhi Wang Florida State University Fall 2014 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2014 1 / 43 Introduction Introduction Authentication is the process
More informationPersonal Internet Security Basics. Dan Ficker Twin Cities DrupalCamp 2018
Personal Internet Security Basics Dan Ficker Twin Cities DrupalCamp 2018 Overview Security is an aspiration, not a state. Encryption is your friend. Passwords are very important. Make a back-up plan. About
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationTransport Layer Security
Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols
More informationAuthentication CS 4720 Mobile Application Development
Authentication Mobile Application Development System Security Human: social engineering attacks Physical: steal the server itself Network: treat your server like a 2 year old Operating System: the war
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationGuess Who s Texting You?
TelcoSecDay @ Troopers 3/20/12 Heidelberg, Germany Guess Who s Texting You? Evaluating the Security of Smartphone Messaging Applications Sebastian Schrittwieser SBA Research, Vienna, Austria Source: path.com
More informationAnonymity. Assumption: If we know IP address, we know identity
03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We
More informationCompeting with OTT Services: RCS e without IMS. November 15, 2011
Competing with OTT Services: RCS e without IMS November 15, 2011 An Introduction to Interop All Gen Short Message Service Center (SMSC) 4 Series Message Personalization & Control (MPAC) Multimedia Message
More informationSecurity and Certificates
Encryption, page 1 Voice and Video Encryption, page 6 Federal Information Processing Standards, page 6 Certificate Validation, page 6 Required Certificates for On-Premises Servers, page 7 Certificate Requirements
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationChiffry. Secure smartphone communication Statustext eingeben. Chiffry-Zertifikat: Chiffry-Zertifikat: Statustext eingeben
Chiffry Secure smartphone communication 09:41 Profil +49124148155122 Statustext eingeben Chiffry-Zertifikat: Profil Einladen Chats Gruppe Einstellungen Profil Einladen Chats Gruppe Einstellungen Chiffry-Zertifikat:
More informationEMERGING TRENDS AROUND AUTHENTICATION
EMERGING TRENDS AROUND AUTHENTICATION Michelle Salway Senior Director Sales - EMEA May 2017 1 BIOMETRICS: A GIFT FROM THE DEVICE MAKERS & BIOMETRIC VENDORS DEVICES ARE RICH IN AUTHENTICATION CAPABILITIES,
More informationInformation Security: Principles and Practice Second Edition. Mark Stamp
Information Security: Principles and Practice Second Edition Mark Stamp August 10, 2009 Contents Preface Second Edition Preface About The Author Acknowledgments xvii xix xxiii xxv 1 Introduction 1 1.1
More informationAuditing IoT Communications with TLS-RaR
Auditing IoT Communications with TLS-RaR Judson Wilson, Henry Corrigan-Gibbs, Riad S. Wahby, Keith Winstein, Philip Levis, Dan Boneh Stanford University Auditing Standard Devices MITM Used for: security
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationWHITE PAPER. Authentication and Encryption Design
WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationMessenger Wars 2. How Facebook climbed back to #1
Messenger Wars 2 How Facebook climbed back to #1 Source: Max Morse for TechCrunch, 2013 https://www.flickr.com/photos/techcrunch/9728625374/in/photolist- Since our hugely popular Messenger Wars: How Facebook
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationNetwork Applications and Protocols
Network Applications and Protocols VoIP (Voice over Internet Protocol) Voice over IP (VoIP) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over
More informationTLS1.2 IS DEAD BE READY FOR TLS1.3
TLS1.2 IS DEAD BE READY FOR TLS1.3 28 March 2017 Enterprise Architecture Technology & Operations Presenter Photo Motaz Alturayef Jubial Cyber Security Conference 70% Privacy and security concerns are
More informationMBFuzzer - MITM Fuzzing for Mobile Applications
MBFuzzer - MITM Fuzzing for Mobile Applications Fatih Özavcı Mentor of MBFuzer @ yakindanegitim.org fatih.ozavci at gamasec.net gamasec.net/fozavci Scope Yakindan Egitim Project Security Vulnerabilities
More informationGLOBAL STATSHOT: DIGITAL IN Q THE LATEST ESSENTIAL INTERNET, SOCIAL MEDIA, AND MOBILE STATS FROM AROUND THE WORLD
GLOBAL STATSHOT: DIGITAL IN Q3 2017 THE LATEST ESSENTIAL INTERNET, SOCIAL MEDIA, AND MOBILE STATS FROM AROUND THE WORLD 1 2 3 GLOBAL OVERVIEW AUG GLOBAL DIGITAL SNAPSHOT 2017 THE LATEST NUMBERS FOR INTERNET,
More informationAn Overview of Secure and Authenticated Remote Access to Central Sites
Workshop on Data Access to Micro-Data (WDA) Nuernberg, August 20-21 An Overview of Secure and Authenticated Remote Access to Central Sites Dr Milan Marković Banca Intesa ad Beograd, Serbia milan.markovic@bancaintesabeograd.com
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationSystem Requirements. Network Administrator Guide
System Requirements Network Administrator Guide 1 Beam Network Administrator Guide Suitable Technologies, Inc. May 2018 Beam is a comprehensive Presence System that couples high-end video, high-end audio,
More informationSocial Media Messaging: Market Shares, Strategies, and Forecasts, Worldwide,
Social Media Messaging: Market Shares, Strategies, and Forecasts, Worldwide, 2016-2022 Table of Contents Social Media Messaging: Executive Summary The study is designed to give a comprehensive overview
More informationTHE END OF SURVEILLANCE
PR METHER THE END OF SURVEILLANCE VISION Promether marks the end of surveillance and brings about a new era of online privacy and security. By merging blockchain technology, decentralized networks, and
More informationAnonymous Communications
Anonymous Communications Andrew Lewman andrew@torproject.org December 05, 2012 Andrew Lewman andrew@torproject.org () Anonymous Communications December 05, 2012 1 / 45 Who is this guy? 501(c)(3) non-profit
More informationCNT4406/5412 Network Security Introduction
CNT4406/5412 Network Security Introduction Zhi Wang Florida State University Fall 2013 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2013 1 / 35 Introduction What is Security? Protecting information
More informationPCI DSS and VNC Connect
VNC Connect security whitepaper PCI DSS and VNC Connect Version 1.2 VNC Connect security whitepaper Contents What is PCI DSS?... 3 How does VNC Connect enable PCI compliance?... 4 Build and maintain a
More informationPublic or Private (1)
100% Results from Tutorial 2012 Public or Private (1) 90% 80% 70% 60% CCST9015 20 Mar, 2013 Dr. Hayden Kwok-Hay So Department of Electrical and Electronic Engineering 50% 40% 30% 20% 10% 0% No Depends
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationRelease Version 7.14: UFED Physical Analyzer, UFED Logical Analyzer & Reader
Release Version 7.14: UFED Physical Analyzer, UFED Logical Analyzer & Reader January 2019 Now supporting: 27,141 device profiles App versions: 7,447 HIGHLIGHTS App support First time access to the popular
More informationFrequently Asked Questions
General Where can I find a user guide? When logged in, a user guide can be downloaded from within the client. Help is located in the options tab at the bottom right hand corner of the desktop client and
More informationSecuring today s identity and transaction systems:! What you need to know! about two-factor authentication!
Securing today s identity and transaction systems:! What you need to know! about two-factor authentication! 1 Today s Speakers! Alex Doll! CEO OneID Jim Fenton! Chief Security Officer OneID 2 Contents!
More informationSecurity & Privacy. Larry Rudolph. Pervasive Computing MIT SMA 5508 Spring 2006 Larry Rudolph
Security & Privacy Larry 1 Who cares about Privacy? Everybody? Nobody? Criminals? Governments? Corporations? Privacy is the right to keep information hidden. But there is lots of information. You do not
More informationUFED Physical Analyzer, UFED Logical Analyzer & Cellebrite Reader v 7.11
UFED Physical Analyzer, UFED Logical Analyzer & Cellebrite Reader v 7.11 November 2018 Now supporting: 26,179 device profiles App versions: 7,043 Continue the fight against child exploitation Helping examiners
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationVideo and Audio Communication
Skype - making video and phone conversations If you don't already have Skype on your PC, use the Microsoft Store to locate Skype and install it. Allow the install to access your camera and microphone when
More informationAuthentication. Steven M. Bellovin January 31,
Authentication Another trilogy: identification, authentication, authorization ACLs and the like are forms of authorization: what you re allowed to do Identification is whom you claim to be be Authentication
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationcs642 /introduction computer security adam everspaugh
cs642 computer security /introduction adam everspaugh ace@cs.wisc.edu definition Computer Security := understanding and improving the behavior of computing systems in the presence of adversaries adversaries
More informationMOBILedit Forensic Express
MOBILedit Forensic Express All-in-one phone forensic tool from pioneers in the field MOBILedit Forensic Express is a phone and cloud extractor, data analyzer and report generator all in one solution. A
More informationMobile Devices. Objectives. Types of Devices 4/25/2012
Mobile Devices Objectives Identify mobile devices Learn how mobile devices obtain and transmit information Identify potential evidence that may be obtained from mobile devices Learn where data is stored
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationOverview of Web Application Security and Setup
Overview of Web Application Security and Setup Section Overview Where to get assistance Assignment #1 Infrastructure Setup Web Security Overview Web Application Evaluation & Testing Application Security
More informationA Comparison of Secure Messaging Protocols and Implementations
A Comparison of Secure Messaging Protocols and Implementations Aulon Mujaj Thesis submitted for the degree of Master in Informatics: Programming and Network 60 credits Department of Informatics Faculty
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationInstallation and User Guide. fring version For iphone / ipod touch 2.x/3.x.x
Installation and User Guide fring version 3.0.0.4 For iphone / ipod touch 2.x/3.x.x 1 Table of Contents Introduction... 2 About fring... 3 System Requirements... 4 Registering to fring... 5 Login Procedure...
More informationThe State of Instant Messaging Interconnectivity. Andy Higgins - IMCollaboration
The State of Instant Messaging Interconnectivity Andy Higgins - IMCollaboration Introduction Andy Higgins worked with first version of Sametime when at IBM in 1998 and has been involved with IM solutions
More informationMassive IM Scalability using WebSockets Michał Ślaski
Erlang Solutions Ltd. Massive IM Scalability using WebSockets Michał Ślaski What am I chatting about? 1999-2011 Erlang Solutions Ltd. 2 What am I chatting about? Chat features 1999-2011 Erlang Solutions
More informationThe Future of Authentication
The Future of Authentication Table of Contents Introduction Facial Recognition Liveness Detection and Multimodal Biometrics FIDO: Standards-Based, Password-Free Authentication Biometric Authentication
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2017 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationA team-oriented open source password manager with a focus on transparency, usability and security.
A team-oriented open source password manager with a focus on transparency, usability and security. SCRT Who am I? Florian Gaultier Security engineer in charge of SCRT France I break things for a living,
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationCS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD
ERIK JONSSON SCHOOL OF ENGINEERING & COMPUTER SCIENCE Cyber Security Research and Education Institute CS 6324: Information Security Dr. Junia Valente Department of Computer Science The University of Texas
More informationSafelayer's Adaptive Authentication: Increased security through context information
1 Safelayer's Adaptive Authentication: Increased security through context information The password continues to be the most widely used credential, although awareness is growing that it provides insufficient
More informationNetwork Administrator s Guide
Overview Network Administrator s Guide Beam is a comprehensive Smart Presence system that couples high-end video, high-end audio, and the freedom of mobility for a crisp and immersive, video experience
More informationAssistance with University Projects? Research Reports? Writing Skills? We ve got you covered! www.assignmentstudio.net WhatsApp: +61-424-295050 Toll Free: 1-800-794-425 Email: contact@assignmentstudio.net
More information