Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
4 changed files
with
225 additions
and
1 deletion.
There are no files selected for viewing
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,216 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
| <head> | ||
| <meta charset="utf-8"> | ||
| <meta name="generator" content="pandoc"> | ||
| <meta name="author" content="Dan Goldsmith"> | ||
| <title>Hackers and the Hacked</title> | ||
| <meta name="apple-mobile-web-app-capable" content="yes"> | ||
| <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, minimal-ui"> | ||
| <link rel="stylesheet" href="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/dist/reset.css"> | ||
| <link rel="stylesheet" href="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/dist/reveal.css"> | ||
| <link rel="stylesheet" href="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/plugin/highlight/monokai.css" id="highlight-theme"> | ||
| <link rel="stylesheet" href="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/dist/theme/night.css" id="theme"> | ||
| </head> | ||
| <body> | ||
| <div class="reveal"> | ||
| <div class="slides"> | ||
|
|
||
| <section id="title-slide"> | ||
| <h1 class="title">Hackers and the Hacked</h1> | ||
| <p class="author">Dan Goldsmith</p> | ||
| </section> | ||
|
|
||
| <section> | ||
| <section id="case-studies" class="title-slide slide level1"> | ||
| <h1>Case Studies</h1> | ||
|
|
||
| </section> | ||
| <section id="this-weeks-future-learn" class="slide level2"> | ||
| <h2>This weeks Future learn</h2> | ||
| <ul> | ||
| <li>We looked at a few case studies</li> | ||
| <li>Different views on Hacking and the Hacked</li> | ||
| </ul> | ||
| </section></section> | ||
| <section> | ||
| <section id="mangham-case" class="title-slide slide level1"> | ||
| <h1>Mangham Case:</h1> | ||
|
|
||
| </section> | ||
| <section id="mangham-case-1" class="slide level2"> | ||
| <h2>Mangham Case</h2> | ||
| <ul> | ||
| <li>Glenn Mangham, Sentenced to 8 months for breaking into Facebook</li> | ||
| <li>Reduced to 4 Months on appeal</li> | ||
| <li>Prior to FB Bug Bounty Program</li> | ||
| </ul> | ||
| </section> | ||
| <section id="details" class="slide level2"> | ||
| <h2>Details:</h2> | ||
| <ul> | ||
| <li>Flaw in a separate subsystem of Facebook, used for puzzles.</li> | ||
| <li>Gained Access to an employee account</li> | ||
| <li>Accessed Mail Servers and Internal Tools</li> | ||
| <li>Estimated cost of $200,000</li> | ||
| </ul> | ||
| </section> | ||
| <section id="more-factors" class="slide level2"> | ||
| <h2>More Factors</h2> | ||
| <ul> | ||
| <li>Had previously taken part in Bug Bounty programs. | ||
| <ul> | ||
| <li>Paid for finding flaws by Yahoo</li> | ||
| </ul></li> | ||
| <li>However, Did not report Flaws to Facebook</li> | ||
| </ul> | ||
| </section> | ||
| <section id="prosecution" class="slide level2"> | ||
| <h2>Prosecution</h2> | ||
| <blockquote> | ||
| <p>“This was not just a bit of harmless experimentation - you accessed the very heart of the system of an international business of massive size.”</p> | ||
| <p>“This was not just fiddling about in the business records of some tiny business of no great importance and you acquired a great deal of sensitive and confidential information to which you were simply not entitled… Potentially what you did could have been utterly disastrous to Facebook.”</p> | ||
| </blockquote> | ||
| </section> | ||
| <section id="appeal" class="slide level2"> | ||
| <h2>Appeal</h2> | ||
| <blockquote> | ||
| <p>“The judge was entitled to conclude that his motive was not to inform Facebook of the defects in the system, but to prove that he could beat the system.</p> | ||
| </blockquote> | ||
| <blockquote> | ||
| <p>“In our view, the combination of the aggravating factors and mitigating factors is such that the more appropriate starting point, in our view, would have been six months, reduced to four months given the appellant’s plea.</p> | ||
| </blockquote> | ||
| <blockquote> | ||
| <p>“In particular, we would underline the point which the judge mentioned that the information had not been passed on to anyone and there was no financial gain involved.”</p> | ||
| </blockquote> | ||
| </section></section> | ||
| <section> | ||
| <section id="phone-hacking" class="title-slide slide level1"> | ||
| <h1>Phone Hacking</h1> | ||
|
|
||
| </section> | ||
| <section id="phone-hacking-1" class="slide level2"> | ||
| <h2>Phone Hacking</h2> | ||
| <ul> | ||
| <li>2005 Leaked information on Prince William</li> | ||
| <li>Other Celebrity activities leaked</li> | ||
| <li>2010 - 2011 Investigation</li> | ||
| </ul> | ||
| </section> | ||
| <section id="how" class="slide level2"> | ||
| <h2>How</h2> | ||
| <ul> | ||
| <li>Default PIN on voicemail messages</li> | ||
| <li>Used to access devices</li> | ||
| </ul> | ||
| </section> | ||
| <section id="issues" class="slide level2"> | ||
| <h2>Issues</h2> | ||
| <ul> | ||
| <li>Moral and Ethical Issues</li> | ||
| <li>Legal Issues?</li> | ||
| <li>Who paid attention to the Laws in the Case study?</li> | ||
| </ul> | ||
| </section> | ||
| <section id="laws-broken" class="slide level2"> | ||
| <h2>Laws Broken</h2> | ||
| <ul> | ||
| <li>Regulation of Investigatory powers | ||
| <ul> | ||
| <li>Intercept communication over telecoms, unless legal investigation by security services</li> | ||
| </ul></li> | ||
| <li>DPA | ||
| <ul> | ||
| <li>Personal Information</li> | ||
| </ul></li> | ||
| <li>CMA</li> | ||
| </ul> | ||
| </section></section> | ||
| <section> | ||
| <section id="password-phishing" class="title-slide slide level1"> | ||
| <h1>Password Phishing</h1> | ||
|
|
||
| </section> | ||
| <section id="phishing-4-passwords" class="slide level2"> | ||
| <h2>Phishing 4 Passwords</h2> | ||
| <ul> | ||
| <li>Which of these did you find most interesting?</li> | ||
| </ul> | ||
| </section> | ||
| <section id="easy-to-guess-passwords" class="slide level2"> | ||
| <h2>Easy to Guess Passwords</h2> | ||
| <ul> | ||
| <li>Picked a common PW, “Summer16”</li> | ||
| <li>Gained access to 50 or 800 accounts</li> | ||
| <li>Used this to escalate privileges to admin level</li> | ||
| <li>What was it about password policy that caused this?</li> | ||
| </ul> | ||
| </section> | ||
| <section id="phishing-via-email" class="slide level2"> | ||
| <h2>Phishing Via Email</h2> | ||
| <ul> | ||
| <li>Standard method</li> | ||
| <li>Learn something about the Organisation</li> | ||
| <li>Craft an Email</li> | ||
| <li>Wait for it to be clicked</li> | ||
| <li>What was the payload here?</li> | ||
| </ul> | ||
| </section> | ||
| <section id="phishing-via-phone" class="slide level2"> | ||
| <h2>Phishing Via Phone</h2> | ||
| <ul> | ||
| <li>Called organisation posing as Partner</li> | ||
| <li>Claimed software wouldn’t install</li> | ||
| <li>Was given admin password to help install process.</li> | ||
| <li>Who was at fault here?</li> | ||
| </ul> | ||
| </section></section> | ||
| <section> | ||
| <section id="task" class="title-slide slide level1"> | ||
| <h1>Task</h1> | ||
|
|
||
| </section> | ||
| <section id="task-1" class="slide level2"> | ||
| <h2>Task</h2> | ||
| <p>Coursework Preparation time.</p> | ||
| <p>In Groups: - Pick one of the case studies above, or choose your own. - Research this and look for the elements required for the coursework - Prepare a short presentation (~5 Mins) on the topic addressing the points</p> | ||
| </section> | ||
| <section id="reminder-of-the-topics-needed-for-the-coursework" class="slide level2"> | ||
| <h2>Reminder of the topics needed for the coursework:</h2> | ||
| <ul> | ||
| <li>Technical Details of the Hack Itself</li> | ||
| <li>Legal and Ethical Issues</li> | ||
| <li>Can we think of Similar Hacks that may have happened</li> | ||
| </ul> | ||
| </section></section> | ||
| </div> | ||
| </div> | ||
|
|
||
| <script src="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/dist/reveal.js"></script> | ||
|
|
||
| // reveal.js plugins | ||
| <script src="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/plugin/notes/notes.js"></script> | ||
| <script src="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/plugin/search/search.js"></script> | ||
| <script src="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/plugin/zoom/zoom.js"></script> | ||
| <script src="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/plugin/highlight/highlight.js"></script> | ||
|
|
||
| <script> | ||
|
|
||
| // Full list of configuration options available at: | ||
| // https://revealjs.com/config/ | ||
| Reveal.initialize({ | ||
| // Push each slide change to the browser history | ||
| history: true, | ||
|
|
||
| // reveal.js plugins | ||
| plugins: [ | ||
| RevealNotes, | ||
| RevealSearch, | ||
| RevealZoom, | ||
| RevealHighlight, | ||
| ] | ||
| }); | ||
| </script> | ||
| </body> | ||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.