Notes for Security Vulnerabilities & Solutions By Scott Granneman & Jans Carton Find the presentation at http://www.granneman.com/presentations/ ## Slide 2 Photo of Bruce Schneier by Geoffrey Stone. . “Feel free to choose among the following photos to illustrate your article about or interview with Bruce Schneier. All are license-free for that use. Please credit the photographer.” ## Slide 3 https://www.schneier.com/crypto-gram/archives/2005/0815.html#13 Photo Bruce Schneier at the Congress on Privacy & Surveillance, 2013-09-30. Photo from Wikipedia, by Rama. License: CC BY-SA 2.0 FR. . ## Slide 6 Wikiquote contributors. “Security”. Wikiquote, 30 July 2022, https://en.wikiquote.org/w/index.php?title=Security&oldid=3190305. Web. 9 Nov 2022. ## Slide 7 Herzog, Pete & Marta Barceló. OSSTMM 3 – The Open Source Security Testing Methodology Manual. E-book, Institute for Security and Open Methodologies, 2010, https://www.isecom.org/OSSTMM.3.pdf. 23. ## Slide 8 Wikipedia contributors. “Computer security”. Wikipedia, The Free Encyclopedia, 2 Nov. 2022, https://en.wikipedia.org/wiki/Computer_security. Web. 9 Nov. 2022. ## Slide 9 Wikipedia contributors. “Privacy”. Wikipedia, The Free Encyclopedia, 25 Oct. 2022, https://en.wikipedia.org/wiki/Privacy. Web. 9 Nov. 2022. ## Slide 11 Wikiquote contributors. “Security”. Wikiquote, 30 July 2022, https://en.wikiquote.org/w/index.php?title=Security&oldid=3190305. Web. 9 Nov 2022. Wikipedia contributors. “Information security”. Wikipedia, The Free Encyclopedia, 28 Oct. 2022, https://en.wikipedia.org/wiki/Information_security. Web. 9 Nov. 2022. Wikipedia contributors. “Endpoint security”. Wikipedia, The Free Encyclopedia, 28 Oct. 2022, https://en.wikipedia.org/wiki/Endpoint_security. Web. 9 Nov. 2022. ## Slide 12 Wikiquote contributors. “Security”. Wikiquote, 30 July 2022, https://en.wikiquote.org/w/index.php?title=Security&oldid=3190305. Web. 9 Nov 2022. ## Slide 13 Wikiquote contributors. “Security”. Wikiquote, 30 July 2022, https://en.wikiquote.org/w/index.php?title=Security&oldid=3190305. Web. 9 Nov 2022. ## Slide 15 http://en.wikipedia.org/w/index.php?title=Brighton_hotel_bombing&oldid=550534203 https://en.wikipedia.org/wiki/File:Grand-Hotel-Following-Bomb-Attack-1984-10-12.jpg ## Slide 17 Jones, Carly. “Middle School Student Suspended for Opening Exterior Door”. Tidewater Latest News [Franklin, VA], 26 Feb 2011, http://www.tidewaternews.com/2011/02/26/middle-school-student-suspended-for-opening-door/. Web. 9 Nov 2022. Skenazy, Lenore [lskenazy]. “I Hate This! Student Suspended for Opening Door”. Free-Range Kids, 2 Mar 2011, http://freerangekids.wordpress.com/2011/03/02/i-hate-this-student-suspended-for-opening-door/. Web. 9 Nov 2022. ## Slide 18 Skenazy, Lenore [lskenazy]. “I Hate This! Student Suspended for Opening Door”. Free-Range Kids, 2 Mar 2011, http://freerangekids.wordpress.com/2011/03/02/i-hate-this-student-suspended-for-opening-door/. Web. 9 Nov 2022. ## Slide 36 fistclan. “Cyberdrive 1997”. Flickr, 28 Apr 2005, https://www.flickr.com/photos/kernelpanic/11379740/in/album-283374/. Web. 7 Nov 2022. Fair use. ## Slide 37 fistclan. “Think Different 1997”. Flickr, 28 Apr 2005, https://www.flickr.com/photos/kernelpanic/11379741/in/album-283374/. Web. 7 Nov 2022. Fair use. ## Slide 38 flstclan. “Apple.com 1997 (hacked)”. Flickr, 21 May 2005, https://www.flickr.com/photos/kernelpanic/14909783/in/album-283374/. Web. 7 Nov 2022. Fair use. ## Slide 41 https://en.wikipedia.org/wiki/Malware ## Slide 45 CommercialsOMG. “Mac Vs. PC - Viruses”. YouTube, 4 Sep 2009, https://www.youtube.com/watch?v=V0feR5grSa4. Web. 9 Nov 2022. ## Slide 48 Wikipedia contributors. “Morris worm”. Wikipedia, The Free Encyclopedia, 31 Oct. 2022, https://en.wikipedia.org/wiki/Morris_worm. Web. 9 Nov. 2022. Intel. “Lessons from the 1st Major Computer Virus”. Intel, 25 Oct 2013, https://newsroom.intel.com/editorials/lessons-from-the-first-computer-virus-the-morris-worm/. Web. 9 Nov 2022. Fair use. ## Slide 57 http://kalasinar.deviantart.com/art/Trojan-Horse-22433724 ## Slide 64 https://en.wikipedia.org/wiki/Ransomware ## Slide 71 https://en.wikipedia.org/wiki/Ransomware ## Slide 72 41%: http://www.cybersec.kent.ac.uk/Survey2.pdf Profits: http://www.zdnet.com/cryptolockers-crimewave-a-trail-of-millions-in-laundered-bitcoin-7000024579/ ## Slide 74 4774344sean. “Smiling young post employee taking notes on clipboard”. Can Stock Photo, 11 Nov 2011, http://www.canstockphoto.com/smiling-young-post-employee-taking-notes-7819020.html. Licensed from Can Stock Photo on 4 Oct 2015. ## Slide 78 Bruce Schneier’s Crypto-Gram, April 15, 2004 ## Slide 82 Image by wintering from iStockPhoto () ## Slide 83 http://www.computerworld.com/printthis/2004/0,4814,91313,00.html ## Slide 94 https://en.wikipedia.org/wiki/Botnet ## Slide 95 Loika, Pat. “Anthony Misiano as the Joker”. Wikipedia, The Free Encyclopedia, 14 July 2012, https://commons.wikimedia.org/wiki/File:Anthony_Misiano_as_the_Joker_(7574256222).jpg. Web. 9 Nov 2022. Licensed CC BY 2.0: https://creativecommons.org/licenses/by/2.0/. Modified by converting from JPEG to WebP, & then cropping. Credit: Pat Loika Zombie heads: Hollister, Daniel Keywan [dhollister]. “zombie”. Flickr, 31 Oct 2004, https://www.flickr.com/photos/dhollister/2596483147. Web. 20 Nov 2007. Licensed CC BY 2.0: https://creativecommons.org/licenses/by/2.0/. Modified by converting to WebP, & may be cropped as well. Credit: Daniel Keywan Hollister ## Slide 98 http://www.networkworld.com/community/?q=node/15121 “The Ghost In The Browser: Analysis of Web-based Malware”
http://www.usenix.org/events/hotbots07/tech/full_papers/provos/provos.pdf ## Slide 102 Wikipedia contributors. “Botnet”. Wikipedia, The Free Encyclopedia, 14 Oct. 2022, https://en.wikipedia.org/wiki/Botnet. Web. 9 Nov. 2022. ## Slide 104 Source: Higgins, Kelly Jackson. “The World’s Biggest Botnets”. Dark Reading (9 November 2007). http://www.darkreading.com/document.asp?doc_id=138610&print=true. Accessed 20 April 2008. ## Slide 113 http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1286808,00.html Image from Gun Crazy. ## Slide 116 https://en.wikipedia.org/wiki/Email_spam#Statistics_and_estimates http://news.bbc.co.uk/2/hi/technology/7988579.stm ## Slide 127 https://en.wikipedia.org/wiki/File:Icarus_Bitcoin_Mining_rig.jpg ## Slide 128 DDoS http://www.cisco.com/web/about/security/images/csc_child_pages/white_papers/ddos_fig02.jpg ## Slide 129 https://www.netscout.com/report/ ## Slide 130 http://www.digitalattackmap.com/ ## Slide 131 http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=2&time=17981&view=map ## Slide 132 Keylogging ## Slide 133 https://en.wikipedia.org/w/index.php?title=Keystroke_logging&oldid=890653761 ## Slide 135 Hardware keylogger http://www.keelog.com/files/KeyGrabberUsbUsersGuide.pdf ## Slide 136 VideoGhost, a video keylogger that takes screenshots every few seconds & stores them http://www.keelog.com/files/VideoGhostUsersGuide.pdf ## Slide 137 Pornography http://greatlifegreatsex.com/wp-content/uploads/Pornography.jpg ## Slide 138 http://www.filmlervekitaplar.com/wp-content/uploads/2012/08/taxi-driver-jodie-foster1.jpg ## Slide 139 Infiltration ## Slide 143 https://www.securitynewspaper.com/2018/12/18/hire-for-ddos-service-for-just-20/ ## Slide 144 https://www.securitynewspaper.com/2018/12/18/hire-for-ddos-service-for-just-20/ ## Slide 145 https://www.securitynewspaper.com/2018/12/18/hire-for-ddos-service-for-just-20/ ## Slide 146 Source: Espiner, Tom. “Cracking open the cybercrime economy”. ZDNet (14 December 2007). http://news.zdnet.com/2100-1009_22-6222896.html. Accessed 20 April 2008. ## Slide 147 DDoS & Flooding: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf 1 million: http://krebsonsecurity.com/2012/01/mr-waledac-the-peter-north-of-spamming/ ## Slide 148 https://www.nuviasblog.com/main-category/security/cost-renting-iot-botnet/ ## Slide 149 https://www.swordshield.com/blog/inside-crimeware-as-a-service/ ## Slide 150 Source: Espiner, Tom. “Cracking open the cybercrime economy”. ZDNet (14 December 2007). http://news.zdnet.com/2100-1009_22-6222896.html. Accessed 20 April 2008. ## Slide 151 https://web.archive.org/web/20190403152914/https://www.experian.com/blogs/ask-experian/heres-how-much-your-personal-information-is-selling-for-on-the-dark-web/ https://web.archive.org/web/20190405151648/https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html ## Slide 152 Source: Espiner, Tom. “Cracking open the cybercrime economy”. ZDNet (14 December 2007). http://news.zdnet.com/2100-1009_22-6222896.html. Accessed 20 April 2008. ## Slide 153 Source: Espiner, Tom. “Cracking open the cybercrime economy”. ZDNet (14 December 2007). http://news.zdnet.com/2100-1009_22-6222896.html. Accessed 20 April 2008. Glavmed: http://krebsonsecurity.com/2011/02/spamit-glavmed-pharmacy-networks-exposed/ Affixing & SpamIt: http://krebsonsecurity.com/2012/02/whos-behind-the-worlds-largest-spam-botnet/ ## Slide 156 CC from Flickr: Bella ragazza (zenera) ## Slide 157 CC from Flickr: The need for speed (marinacvinhal [Amnemona]) ## Slide 158 CC from Flickr: Cricket (Caleb Keiter) ## Slide 159 CC from Flickr: Sniff Sniff (sleepyneko) ## Slide 160 CC from Flickr: Sniff, Sniff … what did you say your name was? (stovak [Tom Stovall]) ## Slide 179 Stressed man with laptop; licensed through Shutterstock ## Slide 183 Source: Sylvain Pedneault; edited by jjron; http://commons.wikimedia.org/w/index.php?title=File:FirePhotography_edit1.jpg&oldid=26671960 ## Slide 188 donald_gruener. “Oh No! stock photo”. iStock, 12 Oct 2006, https://www.istockphoto.com/photo/oh-no-gm174013349-2268146?clarity=false. Web. 15 Aug 2007. Licensed from iStock on 15 Aug 2007. ## Slide 193 https://dropbox.com ## Slide 198 Dropbox. “Cloud storage you can count on”. Dropbox, https://www.dropbox.com/plans. Web. 9 Nov 2022. ## Slide 201 http://www.code42.com/crashplan/ ## Slide 203 https://www.backblaze.com/ ## Slide 204 https://www.backblaze.com/backup-pricing.html ## Slide 205 https://thewirecutter.com/reviews/best-online-backup-service/ ## Slide 206 https://thewirecutter.com/reviews/best-online-backup-service/ ## Slide 208 https://www.backblaze.com/b2/cloud-storage.html ## Slide 209 https://www.backblaze.com/backup-pricing.html ## Slide 211 https://www.arqbackup.com/index.html ## Slide 214 https://www.arqbackup.com ## Slide 218 https://wasabi.com ## Slide 219 https://wasabi.com/pricing/pricing-faqs ## Slide 222 https://www.arqbackup.com/arqcloudbackup/ ## Slide 224 https://www.arqbackup.com/cloud-backup-comparison.html ## Slide 230 Backup and Restore https://en.wikipedia.org/wiki/File:Backup_and_Restore_in_Windows_7.png ## Slide 235 https://en.wikipedia.org/wiki/Clone_(computing)#Disk_cloning_software ## Slide 244 Pedneault, Sylvain. “File:Fire inside an abandoned convent in Massueville, Quebec, Canada.jpg”. Wikipedia, The Free Encyclopedia, 27 Oct 2006, https://en.wikipedia.org/wiki/File:FirePhotography.jpg. Web. 19 Sep 2009. Licensed CC BY-SA 3.0: https://creativecommons.org/licenses/by-sa/3.0/. Modified by converting from JPEG to WebP. ## Slide 245 “iRobot Roomba 555 Robotic Vacuum Cleaner”. Walmart, https://www.walmart.com/ip/iRobot-Roomba-555-Robotic-Vacuum-Cleaner/164673477. Web. 19 Aug 2014. ## Slide 246 Thegreenj. “File:Masterpadlock.jpg”. Wikimedia Commons, 16 July 2007, https://commons.wikimedia.org/wiki/File:Masterpadlock.jpg. Web. 19 Sep 2007. Licensed CC BY-SA 3.0: https://creativecommons.org/licenses/by-sa/3.0/. ## Slide 250 http://www.openwall.com/john/ http://www.oxid.it/cain.html ## Slide 251 http://www.hackersnewsbulletin.com/wp-content/uploads/2015/02/john-the-ripper.png ## Slide 253 Source: @OpenWithMit. https://twitter.com/OpenWithMit/status/521645769447981057 ## Slide 254 http://www.zdnet.com/article/your-passwords-dont-suck-its-your-policies/ ## Slide 255 http://passfault.com ## Slide 256 http://passfault.com ## Slide 257 http://passfault.com/password_strength.html ## Slide 258 http://passfault.com/password_strength.html ## Slide 259 http://passfault.com/password_strength.html ## Slide 260 http://passfault.com/password_strength.html ## Slide 261 http://passfault.com/password_strength.html ## Slide 262 http://passfault.com/password_strength.html ## Slide 263 http://passfault.com/password_strength.html ## Slide 264 http://passfault.com/password_strength.html ## Slide 265 http://passfault.com/password_strength.html ## Slide 266 http://passfault.com/password_strength.html ## Slide 267 https://www.youtube.com/watch?v=JLdA1ikkoEc “Ask not what your country can do for you; ask what you can do for your country” ## Slide 276 Wikipedia contributors. “LastPass”. Wikipedia, The Free Encyclopedia, 21 Oct. 2022, https://en.wikipedia.org/wiki/LastPass. Web. 8 Nov. 2022. ## Slide 278 KeePassXC Team. “KeePassXC Password Manager”. KeePassXC, https://keepassxc.org/. Web. 16 Nov 2022. ## Slide 279 KeePassXC Team. “Download”. KeePassXC, https://keepassxc.org/download/. Web. 16 Nov 2022. ## Slide 280 KeePassXC Team. “Screenshots”. KeePassXC, https://keepassxc.org/screenshots/. Web. 16 Nov 2022. ## Slide 281 KeePassXC Team. “Screenshots”. KeePassXC, https://keepassxc.org/screenshots/. Web. 16 Nov 2022. ## Slide 282 KeePassXC Team. “Screenshots”. KeePassXC, https://keepassxc.org/screenshots/. Web. 16 Nov 2022. ## Slide 283 KeePassXC Team. “Screenshots”. KeePassXC, https://keepassxc.org/screenshots/. Web. 16 Nov 2022. ## Slide 284 KeePassXC Team. “Screenshots”. KeePassXC, https://keepassxc.org/screenshots/. Web. 16 Nov 2022. ## Slide 285 KeePassXC Team. “Screenshots”. KeePassXC, https://keepassxc.org/screenshots/. Web. 16 Nov 2022. ## Slide 286 KeePassXC Team. “Screenshots”. KeePassXC, https://keepassxc.org/screenshots/. Web. 16 Nov 2022. ## Slide 287 iOS: https://itunes.apple.com/us/app/strongbox-password-safe/id897283731 & https://apps.apple.com/us/app/keepassium-keepass-passwords/id1435127111 Android: https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free & https://play.google.com/store/apps/details?id=keepass2android.keepass2android ## Slide 289 1Password. “Pricing for teams & businesses | 1Password”. 1Password, 2022, https://1password.com/sign-up/. Web. 08 Nov 2022. ## Slide 292 1Password. “Pricing for teams & businesses | 1Password”. 1Password, 2022, https://1password.com/teams/pricing/. Web. 08 Nov 2022. ## Slide 351 https://www.routerpasswords.com/tp-link-default-router-password/ ## Slide 352 http://www.routerpasswords.com ## Slide 353 http://www.routerpasswords.com ## Slide 355 Dog Education by alkir, licensed from Can Stock Photo, http://www.canstockphoto.com/dog-education-19161190.html