Ethics CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Slides:

Advertisements

Similar presentations

Part I: Making Good Online Choices

Advertisements

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Implications and Security Issues of the Internet By Neelesh Patel.

Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?

Clickjacking CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Victoria ISD Common Sense Media Grade 6: Scams and schemes

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

 Identity theft is the taking of one’s personal information and using it for yourself. Usually for illegal reasons. Though its all illegal if you even.

INTERNET SAFETY.

What is identity theft, and how can you protect yourself from it?

Ethical Hacking Pratheeba Murugesan. HACKER AENDA  What is Ethical Hacking?  Who are ethical hackers?  Every Website-A Target  Get out of jail free.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

Internet Safety/Cyber Ethics

Security for Internet Every Day Use Standard Security Practices and New Threats.

The Hacker Mindset CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Staying Safe, Having Fun, And Cruising The ‘Net Daniel Owens IT Security Professional.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams Stevie's Scam School videos

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Quiz 2 - Review. Identity Theft and Fraud Identity theft and fraud are: – Characterized by criminal use of the victim's personal information such as a.

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

How To Protect Your Privacy and Avoid Identity Theft Online.

PROFESSIONAL OUTSOURCED CUSTOMER SUPPORT On your website at affordable price. EU & America– Save up to 30% on your current customer support based Agents.

Introduction Social Implications & EthicsSocial Implications & Ethics Since the introduction of the Internet, many policies have been introduced as a way.

Digital Citizenship My definition of digital citizenship: To be kind online, not abusing anyone or anything on the internet and using the internet appropriately.

The Study of Security and Privacy in Mobile Applications Name: Liang Wei

SQL Injection Timmothy Boyd CSE 7330.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

Digital Citizenship By Bhavna. Plagiarism Plagiarism is illegal and can get you arrested. If a teacher finds out you used plagiarism he/she can fail you.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Dario Gonzalez.  Facebook makes most of its money through advertising.  You can also purchase "gifts" to send to your friends (birthday cards, calendars,

Copyrights and Wrongs Day 03. Essential Question How can I make responsible choices when I use other people’s creative work (pictures, etc)?

The Computer Labs are a valuable tool for learning at Prattville High School While in the labs, students will Follow appropriate code of conduct. Adhere.

BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)

BEING CYBERSMART! ABOUT ONLINE SAFETY AND SECURITY AT SCHOOLS Redelivery Part 1: The AUP.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.

3.05 Protect Your Computer and Information Unit 3 Internet Basics.

SCAMS & SCHEMES PROTECTING YOUR IDENTITY. SCAMS WHAT IS A SCAM? ATTEMPT TO TRICK SOMEONE, USUALLY WITH THE INTENTION OF STEALING MONEY OR PRIVATE INFORMATION.

IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK CERN 1.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

The things that make digital citizenship. By: Sergo.

Internet Safety By: Justin, Jack, Mike. Tip #1 Don’t agree to everything you see on the internet. EX- There will be a lot of people that like to sell.

Online Journalism in Agricultural Communication Agricultural Communication and Leadership.

MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.

Adam Shields Sarah Purdy. What is PayPal? PayPal is an online payment service that allows individuals and businesses to transfer funds electronically.

Cyber Safety Jamie Salazar.

Staying Secure Online How do we buy and sell safely on the Internet?

By: Ivelisse Avila What your zip code reveals about you By: Melanie Hicken Source: CNN Money; April 10, 2013.

Ethics CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Software Security CSE 545 – Software Security Spring 2016 Adam Doupé Arizona State University

Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:

Managing Money Workshop The National Autistic Society AGM

Clash of Kings Hack and Cheats Published by:

Shopping on Amazon & Safe Shopping

Scams & Schemes Common Sense Media.

To Know what Cyber crime is

How do we buy and sell on the Internet safely?

Ethics CSE 591 – Security and Vulnerability Analysis Spring 2017

Chapter 11 crime and security in the networked economy

Spyware. By: Katheryn L. Gaston.

Card Data Fraud.

Ethics CSE 545 – Software Security Spring 2018 Adam Doupé

Ethical Hacking.

Presentation transcript:

Ethics CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Adam Doupé, Security and Vulnerability Analysis

Albert Gonzalez

Adam Doupé, Security and Vulnerability Analysis Albert Gonzalez He and his crew used SQL injection vulnerabilities to steal credit cards Total stolen ~ 170 million credit cards Responsible for –Dave & Busters (May 2008) –TJ Maxx (May 2008) –Heartland Payment (August 2009) On March 25 th, 2010 he was sentenced to 20 years in federal prison

Adam Doupé, Security and Vulnerability Analysis Avoiding Jail Pretty easy, don't do anything illegal! What does this mean in a hacking context? –Never hack into a site that you do not own or have permission –Do not attempt to find vulnerabilities in a site that you do not own or have permission

Adam Doupé, Security and Vulnerability Analysis Practicing Without Going to Jail Download website source onto a server that you control (assuming the website is open- source) Only try to find vulnerabilities in a site that has a bug bounty program Become an academic –We can sometimes do vulnerability analysis, however we are very careful to consider the ethical considerations before performing any analysis

Adam Doupé, Security and Vulnerability Analysis Bug Bounty Programs A number of web sites have started to offer Bug Bounty programs They will give you money or fame in exchange for reporting security vulnerabilities to them –Make sure that they also give you permission, and make sure you understand what is in scope Google, Facebook, AT&T, Coinbase, Etsy, Github, Heroku, Microsoft, Paypal, –

Adam Doupé, Security and Vulnerability Analysis Facebook Incident Security researcher found vulnerability in Facebook to post on anyone's wall Breakdown in communication with Facebook's security team Researcher decided to post on Mark Zuckerberg's wall to get attention about the vulnerability Ultimately, Facebook said that the researcher did not follow the policy and therefore was ineligible for bounty

Adam Doupé, Security and Vulnerability Analysis

Disclosure In case you do find a vulnerability in software, what is your responsibility? –Tell the world (full disclosure) –Tell the company/group responsible for the software (responsible disclosure) –Sell the information to the grey or black market (no disclosure) Personal decision –I believe in responsible disclosure, first disclosing to the company then releasing the information publically

Adam Doupé, Security and Vulnerability Analysis Summary Proceed ethically Only attempt to find vulnerabilities in web applications that you either –Control –Have permission Jail is a possibility Also against ASU policy