Abstract image of a woman sitting on books and studying on a laptop

GNUCITIZEN Pdp Owasp Usa 2007

Download as PPT, PDF
G
guest20ab09

The document discusses hacking techniques that could be used on Web 2.0 platforms. It presents 5 fictional stories describing how malware or malicious actors could take advantage of features like social networking, mashups, cloud data, and social bookmarking to conduct attacks like information leaks, spamming, profiling users, or distributing malware. The stories are meant to highlight potential security issues in an educational way and provide examples of how existing hacking techniques could manifest in a Web 2.0 context. The document concludes by asking for solutions and recommendations to address these potential security problems.

BusinessTechnology
1 of 33
Downloaded 20 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
For my next trick... hacking Web2.0 ( lite ) Petko D. Petkov (pdp) GNUCITIZEN http://www.gnucitizen.org
powered BY http://www.gnucitizen.org
...before we START Feel free to ask questions! Do ask questions! Have fun!
what is WEB2.0?
... Marketing buzzword Invented by O'Reilly Media in 2003 Wikis, Blogs, AJAX, Social Networks, Collaboration APIs, SOA (Service Oriented Architecture) Data in the Cloud Applications on Demand
why web2.0 HACKING?
... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous Agents Distribution Attack Infrastructures
the PAPER 5 fictional stories with technology that is real Learn by example KISS (Keep it Simple Stupid) Problems with no solutions I was told that I need to come up with some solutions, otherwise I cannot present at OWASP.
the STORIES MPack2.0 Attack Infrastructures Wormoholic Autonomous Agents Bookmarks Rider Distribution RSS Kingpin Information Spamming Revealing the hidden Web Service Abuse
know your ROOTS
... what's MPACK?
... what would it be in the web2.0 WORLD? hint: Google Mashup Editor
... who is SAMY?
... what's a covert CHANNEL?
... ...but in the web2.0 WORLD?
... who's the mechanical TURK?
... ...to MALWARE? hint: Social Bookmarking
... can web2.0 malware BROADCAST?
... ...MD5(DOMAIN + TIME)
... where are my SCHEDULERS?
... where are my ACTUATORS?
... ...data in the CLOUD... (the malicious one)
... ...applications on DEMAND... (the malicious ones)
... what's state and what's PERSISTENCE?
... riding social bookmarks is FUN!
... ...maybe make some money TOO!
... to splog or not to splog. This is the QUESTION!
... call me the rss KINGPIN!
... service abuse and the hidden WEB
know your ROOTS
...more Profiling targets by watching their Web activities Snoop onto targets GEO Position Mobile phones GEO Position individuals More service abuse More vulnerabilities More Insecurities
... solutions and recommendations?
thank YOU http://www.gnucitizen.org

More Related Content

PPT
7
blogfqcr
 
PPT
六上 閱讀計畫
asiaman
 
PPT
2. Primeros Pasos
blogfqcr
 
PPT
Revista
Asuka Minoda
 
PPS
23 Apos Pentecostes 2007
evertongw
 
PPS
Antrtida Rctd
nimiaazucena
 
PPT
ANALISIS OCUPACIONAL PARTICIPATIVO
Deivi1805
 
PPT
Fútbol Sala Temporada 2006 07
Juan M. Lucena Pino
 
7
blogfqcr
 
六上 閱讀計畫
asiaman
 
2. Primeros Pasos
blogfqcr
 
Revista
Asuka Minoda
 
23 Apos Pentecostes 2007
evertongw
 
Antrtida Rctd
nimiaazucena
 
ANALISIS OCUPACIONAL PARTICIPATIVO
Deivi1805
 
Fútbol Sala Temporada 2006 07
Juan M. Lucena Pino
 

Similar to GNUCITIZEN Pdp Owasp Usa 2007 (20)

PPT
GNUCITIZEN Pdp Owasp Day September 2007
guest20ab09
 
PDF
Hack the book Mini
Khairi Aiman
 
PDF
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systems
khalavak
 
PDF
Hackers secrets
Tengku Maulana
 
PDF
Digital Culture - Web Evolution
Tom Fleerackers
 
PPTX
SecTor '09 - When Web 2.0 Attacks!
Rafal Los
 
PDF
HoneyPy & HoneyDB (LASCON 2016)
Phillip Maddux
 
PDF
Hacker halted2
samsniderheld
 
PDF
Meetup 6/3/2017 - Artificiële Intelligentie: over chatbots & robots
Digipolis Antwerpen
 
PPTX
Its the app stupid - CloudStack 2014 Collaboration Conference #CCNA14
Uri Cohen
 
PPTX
Practical exploitation and social engineering
Tiago Henriques
 
PDF
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Burr Sutter
 
PDF
Attacker Ghost Stories - ShmooCon 2014
Rob Fuller
 
PDF
Strategies for securing your banks & enterprises (from someone who robs bank...
ITCamp
 
PDF
hacking into computer systems - a beginners guid
Chandra Pr. Singh
 
ODP
Oscon 2008 Open Micro Blogging Presentation
Evan Prodromou
 
PDF
Hacking For Innovation
Christian Heilmann
 
PPT
Web Application Hacking
SensePost
 
PDF
Secular Technological Tailwinds
Dionisio Chiuratto Agourakis
 
PDF
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
André Goliath
 
GNUCITIZEN Pdp Owasp Day September 2007
guest20ab09
 
Hack the book Mini
Khairi Aiman
 
Hacking the Company : Risks with carbon-based lifeforms using vulnerable systems
khalavak
 
Hackers secrets
Tengku Maulana
 
Digital Culture - Web Evolution
Tom Fleerackers
 
SecTor '09 - When Web 2.0 Attacks!
Rafal Los
 
HoneyPy & HoneyDB (LASCON 2016)
Phillip Maddux
 
Hacker halted2
samsniderheld
 
Meetup 6/3/2017 - Artificiële Intelligentie: over chatbots & robots
Digipolis Antwerpen
 
Its the app stupid - CloudStack 2014 Collaboration Conference #CCNA14
Uri Cohen
 
Practical exploitation and social engineering
Tiago Henriques
 
Teaching Elephants to Dance (Federal Audience): A Developer's Journey to Digi...
Burr Sutter
 
Attacker Ghost Stories - ShmooCon 2014
Rob Fuller
 
Strategies for securing your banks & enterprises (from someone who robs bank...
ITCamp
 
hacking into computer systems - a beginners guid
Chandra Pr. Singh
 
Oscon 2008 Open Micro Blogging Presentation
Evan Prodromou
 
Hacking For Innovation
Christian Heilmann
 
Web Application Hacking
SensePost
 
Secular Technological Tailwinds
Dionisio Chiuratto Agourakis
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
André Goliath
 
Ad

Recently uploaded (20)

PPTX
operations management : demand supply ch
JayeshJaiswal23
 
PPTX
TRAINNING, DEVELOPMENT AND APPRAISAL.pptx
sy2773667
 
PPTX
Board-Reporting-Package-by-Umbrex-5-23-23.pptx
Pars Six Sigma Excellence
 
DOCX
Handbook of Entrepreneurship- Chapter 5: Identifying business opportunity.docx
DrSubinKMohan
 
PDF
Daniels 2024 Inclusive, Sustainable Development
CMassociates
 
DOCX
80 DE ÔN VÀO 10 NĂM 2023vhkkkjjhhhhjjjj
janggookdal
 
DOCX
Hand book of Entrepreneurship 4 Chapters.docx
DrSubinKMohan
 
PDF
Environmental Law Communication: Strategies for Advocacy (www.kiu.ac.ug)
publication11
 
PPTX
2 - Self & Personality 587689213yiuedhwejbmansbeakjrk
inshu28231804
 
PPTX
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
PDF
Charisse Litchman: A Maverick Making Neurological Care More Accessible
The lifescience magaizne
 
PPTX
chapter 2 entrepreneurship full lecture ppt
annejo20
 
PPTX
IITM - FINAL Option - 01 - 12.08.25.pptx
MukeshAssociates2
 
PDF
TyAnn Osborn: A Visionary Leader Shaping Corporate Workforce Dynamics
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PDF
NISM Series V-A MFD Workbook v December 2024.khhhjtgvwevoypdnew one must use ...
RoopaSherkar
 
PDF
Kishore Vora - Best CFO in India to watch in 2025.pdf
insightssuccess2
 
PPTX
basic introduction to research chapter 1.pptx
sangeethanagaraj8
 
PPTX
Project Management_ SMART Projects Class.pptx
ravindra661395
 
PPTX
CTG - Business Update 2Q2025 & 6M2025.pptx
HcTrSoros
 
PDF
Nante Industrial Plug Factory: Engineering Quality for Modern Power Applications
gdhdgee963
 
operations management : demand supply ch
JayeshJaiswal23
 
TRAINNING, DEVELOPMENT AND APPRAISAL.pptx
sy2773667
 
Board-Reporting-Package-by-Umbrex-5-23-23.pptx
Pars Six Sigma Excellence
 
Handbook of Entrepreneurship- Chapter 5: Identifying business opportunity.docx
DrSubinKMohan
 
Daniels 2024 Inclusive, Sustainable Development
CMassociates
 
80 DE ÔN VÀO 10 NĂM 2023vhkkkjjhhhhjjjj
janggookdal
 
Hand book of Entrepreneurship 4 Chapters.docx
DrSubinKMohan
 
Environmental Law Communication: Strategies for Advocacy (www.kiu.ac.ug)
publication11
 
2 - Self & Personality 587689213yiuedhwejbmansbeakjrk
inshu28231804
 
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
Charisse Litchman: A Maverick Making Neurological Care More Accessible
The lifescience magaizne
 
chapter 2 entrepreneurship full lecture ppt
annejo20
 
IITM - FINAL Option - 01 - 12.08.25.pptx
MukeshAssociates2
 
TyAnn Osborn: A Visionary Leader Shaping Corporate Workforce Dynamics
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
NISM Series V-A MFD Workbook v December 2024.khhhjtgvwevoypdnew one must use ...
RoopaSherkar
 
Kishore Vora - Best CFO in India to watch in 2025.pdf
insightssuccess2
 
basic introduction to research chapter 1.pptx
sangeethanagaraj8
 
Project Management_ SMART Projects Class.pptx
ravindra661395
 
CTG - Business Update 2Q2025 & 6M2025.pptx
HcTrSoros
 
Nante Industrial Plug Factory: Engineering Quality for Modern Power Applications
gdhdgee963
 
Ad

GNUCITIZEN Pdp Owasp Usa 2007