Difference between revisions of "PresentationAPE"

From LiluxWiki
 
Line 1: Line 1:
 
Introduction LiLux
 
Introduction LiLux
 
  
 
Agenda
 
Agenda
 
 
   - Firesheep
 
   - Firesheep
 
   - Phishing
 
   - Phishing
Line 25: Line 23:
  
 
     Access www.yahoo.com and log-in
 
     Access www.yahoo.com and log-in
     User to Install firesheep himself
+
     User to Install firesheep himself -> install Yahoo
 
 
 
  --> always check that https is on front of the URL (address)  
 
  --> always check that https is on front of the URL (address)  
 
  --> be careful about Open Wifi Access points
 
  --> be careful about Open Wifi Access points
 +
 +
 +
Phishing
 +
  Send e-mails : genuine and fake
 +
    - linkedin
 +
    - facebook.org.lu
 +
    - yahoo.org.lu
 +
    - numerical with a @ 3584442354
 +
--> verify link carefully.
 +
--> Don't click but enter the manually or use you bookmark
 +
--> do not use the same password on every site
 +
 +
 +
Bad certificate
 +
  Use of the AK-proxy
 +
  www.yahoo.com -> user/pass given by APE
 +
  www.facebook.com -> user/pass given by APE
 +
 +
  1. bad certificate --> will user react to it
 +
      --> Do not ignore bad certificate warning.
 +
      --> explain certifacte
 +
  2. redirect on http  --> even if real server redirects on https stay on http
 +
      --> always enter https in the URL bar or in your bookmarks
 +
 +
Spyware
 +
  --> explain

Latest revision as of 22:23, 14 June 2012

Introduction LiLux

Agenda

 - Firesheep
 - Phishing
 - Bad certificate
 - Man in the middle

Explication sur le set-up:

 - addresse e-mail
 - compte facebook
 - mots de passe (dans envelope distribué par APE)

Set-up réseau

  Internet -- Hotspot-Lu -- Wifi-router (laptop) -- Wifi access point --   laptop users
                                                                       +-- laptop present. 


Firesheep

 Acces via Hotspot.lu (verify if https)
   Access www.yahoo.com and log-in
   User to Install firesheep himself -> install Yahoo
--> always check that https is on front of the URL (address) 
--> be careful about Open Wifi Access points


Phishing

  Send e-mails : genuine and fake
    - linkedin
    - facebook.org.lu
    - yahoo.org.lu
    - numerical with a @ 3584442354
--> verify link carefully. 
--> Don't click but enter the manually or use you bookmark
--> do not use the same password on every site


Bad certificate

 Use of the AK-proxy
 www.yahoo.com -> user/pass given by APE
 www.facebook.com -> user/pass given by APE
 1. bad certificate --> will user react to it
     --> Do not ignore bad certificate warning.
     --> explain certifacte
 2. redirect on http  --> even if real server redirects on https stay on http
     --> always enter https in the URL bar or in your bookmarks

Spyware

 --> explain