SlideShare a Scribd company logo

(Pdf) yury chemerkin _icitst_2012

STO STRATEGY
STO STRATEGY

This document summarizes security issues and vulnerabilities in BlackBerry mobile operating systems. It discusses how earlier BlackBerry devices had more native security solutions compared to the PlayBook tablet, which had a simplified security model. The document outlines several types of malware that could affect BlackBerry devices, including user-mode rootkits and spyware. It also describes potential issues like unauthorized access to files, clipboard data, messages, and device passwords. The conclusion is that BlackBerry's security vision does not match reality and has been aggravated by oversimplification of permissions and controls.

Technology
1 of 28
Download to read offline
VULNERABILITY ELIMINATION BY FORCE OF NEW MOBILE OS YURY CHEMERKIN THE 7TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS 2012
THE SECURITY IS THE CORNERSTONE A POWERFUL HIGH LEVEL INTEGRATION  IMs, SOCIAL NETWORKS  FINANCIAL DATA AND ETC. THE BLACKBERRY WAS BUILT  FREE OF MALWARE & HARMFUL ACTIONS  WITH NATIVE SECURITY SOLUTIONS MAINLY FOCUSED ON ENTERPRISE  WIDE RANGE IT POLICY SET  UP TO 500 UNITS  A FEW THIRD PARTY SECURITY SOLUTIONS A SIMPLIFICATION OF THE SECURITY VISION POOR INTERGRATION (ONLY BLACKBERRY BRIDGE)  NO BUILT IMs, HTML5 & WEB-LAUNCHER  NO WALLETS OR ELSE BUILT APPLICATIONS PLAYBOOK MIGHT  PRODUCE FEW VALUE DATA DUE APIs  NOT MORE THAN LARGE PHONE’S SCREEN TOTALLY FOCUSED ON ENTERPRISE  IT POLICY EXTRA REDUCED  UP TO 10 UNITS  ENTERTAINMENT APPLICATIONS ONLY BLACKBERRY SECURITY ENVIRONMENT BLACKBERRYSMARTPHONEWASSECURE… PLAYBOOKHASCOMEWITHAPOORENVIROMENT
 A LOT OF TYPES  BOOTKITS  FIRMWARE  USER-MODE  KERNEL  HYPERVISOR  SIMILAR TO THE SPYWARE  BUNDLING WITH DESIRABLE SOFTWARE  WIDESPREADING, EASY DITRIBUTION AND QUITE RELEVANT FOR HACKERS  BASED ON:  VENDOR-SUPPLIED EXTENSIONS  THIRD PARTY PLUGINS  PUBLIC INTERFACES  INTERCEPTION OF SYSTEMS MESSAGES  EXPLOITATION OF SECURITY VULNERABILITIES  HOOKING AND PATCHING OF APIs METHODS USER MODE ROOTKIT AND SPYWARE MALWAREBOUNDSBECOMEUNCLEAR… HACKERSAREINTERESTEDINCHEAPERCOSTING
 VIA THE BUILT (INTERNAL) EXPLORER  AFTER ENTERING THE PASSWORD BUT STILL THE INTERNAL EXPLORER  FOR EXECUTING MALWARE FROM THE DEVICE BY CLICKING FILE (.JAR/.JAD + .COD)  TO ALLOW COPYING THE MALWARE TO THE DEVICE AS AN EXTERNAL DRIVE (LIKE A WORM)  AFTER MOUNTING AS AN EXTERNAL DRIVE(-S)  AFTER ENTERING THE PASSWORD BUT IT IS NOT NECESSARY TO USE INTERNAL EXPLORER  TO PREVENT FROM EXECUTING ANYTHING OUTSIDE APPWORLD (.BAR)  MALWARE IS A PERSONAL APPLICATION SUBTYPE IN TERMS OF RIM’s SECURITY THE FILE SYSTEM ISSUES BBOSv4–5WASACCESSIBLE BBOSV6–7PLUSPLAYBOOKAREACCESSIBLE
 THE “UPGRADE” FEATURE MEANS  THE INSTALL & REMOVE ACTIONS AT LEAST  AN APPLICATION ID REQUIREMENT  AN ACCESSIBLE RUNNING APPLICATION LIST  HANDLING ANOTHER APPs SILENTLY VIA API  HANDLING ANOTHER APPLICATION SILENTLY VIA PC TOOLS  MAY NEED A PASSWORD  DEBUG MODE IS FOR TRACING & DEBUGING ONLY  EASY TRACKING THE NEWCOMING .COD MODULES FOR THE MALWARE PAYLOAD  THE “UPGRADE” MEANS AN USER INTERACTION  WITH APPWORLD  WITH HOME SCREEN  THERE ARE SOME APIs BUT DISABLED  THERE IS NO API FOR SUCH ACTIONS YET  HANDLING ANOTHER APPLICATION SILENTLY VIA PC TOOLS  MAY NEED A PASSWORD  STRONGLY NEED ACTIVATED A DEBUG MODE  LOOKS LIKE MORE SECURE THAN BLACKBERRY BUT DIFFICULT TO REMOVE DISTRIBUTED MALWARE THE APPLICATION MANAGEMENT ISSUES BLACKBERRYSMARTPHONE(LESSTHANBB10) BLACKBERRYPLAYBOOK(PROBABLYBLACKBERRY10)
 HOW TO REVEAL THE DATA IN REAL TIME  GETCLIPBOARD()  ANY PROTECTION  NATIVE WALLETS RESTRICT THE CLIPBOARD ACCESS BY RETURNING “NULL”  WHILE THE APPLICATION IS ACTIVE (ON TOP OF SCREEN STACK) ONLY  DOES NOT WORK IN MINIMIZED STATE  HOW TO REVEAL THE DATA IN REAL TIME  GETDATA()  ANY PROTECTION  NO NATIVE WALLET APPLICATION  MANAGING THE LAST CLIPBOARD DATA VIA SHARED FOLDER  PLAIN TEXT  HTML  ETC. THE CLIPBOARD ISSUES BLACKBERRYSMARTPHONE BLACKBERRYPLAYBOOK
 SCREEN PROTECTION VIA SWITCHING  PERMIT  RESTRICT  ADDITIONALLY PER APPLICATION….  BUT DOES NOT HANDLE WINDOWs  HANDLE WITH THE KEY PREVIEW DUE THE VIRTUAL KEYBOARD  MAY BE IMPROVED BY XOR’ing TWO PHOTOSCREENS TO GET THE DIFFERENCE  MASKING THE ASTERISKS TAKES A DELAY  ENOUGH TO STEAL THE TEXT  MAY BE PART OF OCR ENGINES  ONLINE OR DESKTOP  RECOGNIZE TYPED DATA VERY QUICKLY  WAS TESTED ON ABBYY ONLINE OCR  SUBSTITUTE FOR HARDWARE KEYLLOGER  RUNNING DOWN THE BATTERRY MORE SLOWLY THAN PHOTO/VIDEO CAMERA  EASY ACCESS TO ANY APPLICATION…WALLET EVEN  NO RESTRICTION LIKE THE CLIPBOARD “NULL”  SCREENSHOTS OFTEN STORE IN CAMERA FOLDER  THE SAME A FILE ACCESS THE PHOTOSCREEN ISSUES AREAVAILABLEFORALLBLACKBERRYDEVICESBUTDISABLEDFORPLAYBOOKANDBLACKBERRY10YET
 USING AUTHORIZED API TO INTERCEPT  MESSAGES (BBM, EMAIL, PIN-TO-PIN)  CREATE THE MESSAGE  READ THE MESSAGE  DELETE THE MESSAGE  SET THE MESSAGE STATUS (UNREAD, SENT, ANY ERROR STATE, ETC.)  THE BUTTON EVENTS (THE SAME TYPES)  OPENING THE MESSAGE  FORWARDING THE MESSAGE  SENDING THE MESSAGE  INTERCEPTING THE SMS (BASICALLY)  RECEIVING AND SENDING EVENTS  DELETING THE SENT & RECEIVED SMS  ENOUGH TO HANDLE SOCIAL C&C SMS  OUTCOMING SMS (ADVANCED)  BLOCKING (DROPPING) THE SMS  A NOTIFICATION IN THE MESSAGE THREAD  SPOOFING  THE RECEPIENT  THE BODY  TRANSMISSION REFUSED BY … IF SUCH MESSAGE WAS NOT REMOVED THE MESSAGES ISSUES AVAILABLEONTHEBBDEVICES PROBABLYONTHEBLACKBERRY10 NO3G,NOAPIFORPLAYBOOK
 THE PASSWORD PROTECTION COVERS  DEVICE LOCKING & ENCRYPTION FEATURE  APPWORLD REQUEST  LIMITED BY 5/10 ATTEMPTS & WIPE THEN  WIPING THE INTERNAL STORAGE ONLY  EXTRACTING THE PASSWORD TRHOUGHT  ELCOMSOFT PRODUCT (CUSTOM CASE)  GUI VULNERABILITY  CREATING THE FAKE WINDOW ON DESKTOP SYNCHRONIZATION  BREAKING INTO BB DESKTOP SOFTWARE  HANDLING MS WINDOWS VULNERABILITY  UNMASKING THE FIELD  GRABBING THE PASSWORD  MASKING THE FIELD  THIS DELAY TAKES 10-20 MSEC  AFFECTED PASSWORD TYPES  THE DEVICE PASSWORD  THE BACKUP PASSWORD  AFFECTED DEVICES  BLACKBERRY 4-7 (BB 10 HIGHLY PROBABLY)  BLACKBERRY PLAYBOOK THE DEVICE PASSWORD ISSUES FORTHEBLACKBERRY4–7DUETHEINTERNALCASE FORALLDEVICESDUEINTHEDESKTOPACCESSCASE
 INITIALLY BASED ON AUTHORIZED API COVERED  ALL PHYSICAL & NAVIGATION BUTTONS  TYPING THE TEXTUAL DATA  AFFECT ALL NATIVE & THIRD PARTY APPs  SECONDARY BASED ON ADDING THE MENU ITEMS  INTO THE GLOBAL MENU  INTO THE “SEND VIA” MENU  AFFECT ALL NATIVE APPLICATIONS  NATIVE APPLICATIONS ARE DEVELOPED BY RIM  BLACKBERRY WALLETS, MESSAGES, SETTINGS, FACEBOOK, TWITTER,…  BBM/GTALK/YAHOO/WINDOWS IMs,…  GUI EXPLOITATION HANDLES WITH  REDRAWING THE SCREENS  ADDING NEW GUI OBJECTS  CHANGING THEIR PROPERTIES  GRABBING THE TEXT FROM THE  ANY FIELDs (INCL. PASSWORD FIELD)  UNLOCK THE DEVICE’s FIELD  SETTING UP THE PASSWORD’s FIELD  ADDING, REMOVING THE FIELD DATA  ORIGINAL DATA IS INACCESSIBLE BUT NOT AFFECTED  GUI OBJECTS SHUFFLING IS NOT POSSIBLE THE GUI EXPLOITATION CONSEQUENCEOFWIDEINTERGRATIONFEATURESOFFEREDFORDEVELOPERS(BLACKBERRY4–7 ONLY)
 KASPERSKY MOBILE SECURITY PROVIDES  FIREWALL, WIPE, BLOCK, INFO FEATURES  NO PROTECTION FROM REMOVING.CODs  NO PROTECTION UNDER SIMULATOR  EXAMING THE TRAFFIC, BEHAVIOUR  SHOULD CHECK API “IS SIMULATOR”  SMS MANAGEMENT (“QUITE” SECRET SMS)  PASSWORD IS FOUR– SIXTEEN DIGITS SET  …AND CAN BE MODIFIED IN REAL-TIME  SMS IS A HALF A HASH VALUE OF GOST R 34.11-94  IMPLEMENTATION USES TEST CRYPTO VALUES AND NO SALT  TABLES (VALUEHASH) ARE EASY BUILT  OUTCOMING SMS CAN BE SPOOFED WITHOUT ANY NOTIFICATION  OUTCOMING SMS CAN BLOCK OR WIPE THE SAME DEVICE OR ANOTHER DEVICE  McAfee MOBILE SECURITY PROVIDES  FIREWALL, WIPE, BLOCK, INFO FEATURES  NO PROTECTION FROM REMOVING.CODs  NO PROTECTION UNDER SIMULATOR  EXAMING THE TRAFFIC, BEHAVIOUR  SHOULD CHECK API “IS SIMULATOR”  WEB MANAGEMENT CONSOLE  DIFFICULT TO BREAK SMS C&C THE THIRD PARTY EXPLOITATION THEREAREAFEWOFTHEM THEYMIGHTHAVEANEXPLOIT BUTRUINNATIVEASECURITY
 DENIAL OF SERVICE  REPLACING/REMOVING EXEC FILES  DOS’ing EVENTs, NOISING FIELDS  GUI INTERCEPT  INFORMATION DISCLOSURE  CLIPBOARD, SCREEN CAPTURE  GUI INTERCEPT  DUMPING .COD FILES, SHARED FILES  MITM (INTERCEPTION / SPOOFING)  MESSAGES  GUI INTERCEPT, THIRD PARTY APPs  FAKE WINDOW/CLICKJACKING  GENERAL PERMISSIONS  INSTEAD OF SPECIFIC SUB-PERMISSIONS  A FEW NOTIFICATION/EVENT LOGs FOR USER  BUILT PER APPLICATION INSTEAD OF APP SCREENs  CONCRETE PERMISSIONS  BUT COMBINED INTO GENERAL PERMISSION  A SCREENSHOT PERMISSION IS PART OF THE CAMERA  GENERAL PERMISSIONS  INSTEAD OF SPECIFIC SUB-PERMISSIONS  A FEW NOTIFICATION/EVENT LOGs FOR USER  BUILT PER APPLICATION INSTEAD OF APP SCREENs THE PERMISSIONS PRIVILEGEDGENERALPERMISSIONS OWNAPPs,NATIVE&3RD PARTYAPPs FEATURES
 SIMPLIFICATION AND REDUCING SECURITY CONTROLS  MANY GENERAL PERMISSIONS AND COMBINED INTO EACH OTHER  NO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY  ANY SECURITY VULNERABILITY ARE ONLY FIXED BY ENTIRELY NEW AND DIFFERENT OS / KERNEL  A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS  THE SANDBOX PROTECT ONLY APPLICATION DATA  USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE  APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANCE OF AVAILABILITY  MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY  THE NATIVE SPOOFING AND INTERCEPTION FEATURES  BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUCH  THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES  PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PERMISSION LIST CONCLUSION THEVENDORSECURITYVISION HASNOTHINGWITHREALITY AGGRAVATEDBYSIMPLICITY
THANK YOU YURY CHEMERKIN

Recommended

(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013STO STRATEGY
 
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013STO STRATEGY
 
Universities
Universities Universities
Universities PlanetM.us Company
 
Travel Industry
Travel IndustryTravel Industry
Travel IndustryPlanetM.us Company
 
κολοκούβαρου
κολοκούβαρουκολοκούβαρου
κολοκούβαρουMaria Nyfoudi
 
12% Assured Return on Property in Noida Expressway “Cosmic Corporate Park-2”@...
12% Assured Return on Property in Noida Expressway “Cosmic Corporate Park-2”@...12% Assured Return on Property in Noida Expressway “Cosmic Corporate Park-2”@...
12% Assured Return on Property in Noida Expressway “Cosmic Corporate Park-2”@...INCUBUS CONSULTING
 
Hosobaiday
HosobaidayHosobaiday
Hosobaidaynhomhopestar
 
Factorizacion
FactorizacionFactorizacion
FactorizacionAbraham Aranda
 

Recommended

(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013STO STRATEGY
 
(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013STO STRATEGY
 
Universities
Universities Universities
Universities PlanetM.us Company
 
Travel Industry
Travel IndustryTravel Industry
Travel IndustryPlanetM.us Company
 
κολοκούβαρου
κολοκούβαρουκολοκούβαρου
κολοκούβαρουMaria Nyfoudi
 
12% Assured Return on Property in Noida Expressway “Cosmic Corporate Park-2”@...
12% Assured Return on Property in Noida Expressway “Cosmic Corporate Park-2”@...12% Assured Return on Property in Noida Expressway “Cosmic Corporate Park-2”@...
12% Assured Return on Property in Noida Expressway “Cosmic Corporate Park-2”@...INCUBUS CONSULTING
 
Hosobaiday
HosobaidayHosobaiday
Hosobaidaynhomhopestar
 
Factorizacion
FactorizacionFactorizacion
FactorizacionAbraham Aranda
 
αλεξανδρος παπαδιαμαντης
αλεξανδρος παπαδιαμαντηςαλεξανδρος παπαδιαμαντης
αλεξανδρος παπαδιαμαντης1odimsxoleio
 
Security & penetration testing
Security & penetration testingSecurity & penetration testing
Security & penetration testingGTestClub
 
Hosobaiday
HosobaidayHosobaiday
Hosobaidaynhomhopestar
 
Sample123
Sample123Sample123
Sample123Brian Teller
 
Map presentation
Map presentationMap presentation
Map presentationtechcoachtony
 
Кабінет Укр.мови
Кабінет Укр.мовиКабінет Укр.мови
Кабінет Укр.мовиOlga Poslovska
 
(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011STO STRATEGY
 
Global Medical Cures™ | Pocket Guide to Maintaining Healthy Weight
Global Medical Cures™ | Pocket Guide to Maintaining Healthy WeightGlobal Medical Cures™ | Pocket Guide to Maintaining Healthy Weight
Global Medical Cures™ | Pocket Guide to Maintaining Healthy WeightGlobal Medical Cures™
 
P01
P01P01
P01ipeter16888
 
Πάτρα και οι Ναοί της
Πάτρα και οι Ναοί τηςΠάτρα και οι Ναοί της
Πάτρα και οι Ναοί τηςgympeirp
 
GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...
GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...
GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...Gelecek Hane
 
упражнения для развития логики детей 6-7 лет
упражнения для развития логики детей 6-7 лет упражнения для развития логики детей 6-7 лет
упражнения для развития логики детей 6-7 лет Елена Исакова
 
Роман Кокин «Организация тестирования в больших командах»
Роман Кокин «Организация тестирования в больших командах»Роман Кокин «Организация тестирования в больших командах»
Роман Кокин «Организация тестирования в больших командах»DataArt
 
Trinh dien ho so bai day
Trinh dien ho so bai dayTrinh dien ho so bai day
Trinh dien ho so bai dayheocon020192
 
MTECH MOBILE OPAL QUEST
MTECH MOBILE OPAL QUESTMTECH MOBILE OPAL QUEST
MTECH MOBILE OPAL QUESTMTECH MOBILE
 
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013STO STRATEGY
 
(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013STO STRATEGY
 
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013STO STRATEGY
 
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013STO STRATEGY
 
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013STO STRATEGY
 
Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012STO STRATEGY
 
Cloud computing for libraries an introduction
Cloud computing for libraries an introductionCloud computing for libraries an introduction
Cloud computing for libraries an introductionKrista Godfrey
 

More Related Content

Viewers also liked

αλεξανδρος παπαδιαμαντης
αλεξανδρος παπαδιαμαντηςαλεξανδρος παπαδιαμαντης
αλεξανδρος παπαδιαμαντης1odimsxoleio
 
Security & penetration testing
Security & penetration testingSecurity & penetration testing
Security & penetration testingGTestClub
 
Кабінет Укр.мови
Кабінет Укр.мовиКабінет Укр.мови
Кабінет Укр.мовиOlga Poslovska
 
(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011STO STRATEGY
 
Global Medical Cures™ | Pocket Guide to Maintaining Healthy Weight
Global Medical Cures™ | Pocket Guide to Maintaining Healthy WeightGlobal Medical Cures™ | Pocket Guide to Maintaining Healthy Weight
Global Medical Cures™ | Pocket Guide to Maintaining Healthy WeightGlobal Medical Cures™
 
Πάτρα και οι Ναοί της
Πάτρα και οι Ναοί τηςΠάτρα και οι Ναοί της
Πάτρα και οι Ναοί τηςgympeirp
 
GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...
GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...
GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...Gelecek Hane
 
упражнения для развития логики детей 6-7 лет
упражнения для развития логики детей 6-7 лет упражнения для развития логики детей 6-7 лет
упражнения для развития логики детей 6-7 лет Елена Исакова
 
Роман Кокин «Организация тестирования в больших командах»
Роман Кокин «Организация тестирования в больших командах»Роман Кокин «Организация тестирования в больших командах»
Роман Кокин «Организация тестирования в больших командах»DataArt
 
Trinh dien ho so bai day
Trinh dien ho so bai dayTrinh dien ho so bai day
Trinh dien ho so bai dayheocon020192
 
MTECH MOBILE OPAL QUEST
MTECH MOBILE OPAL QUESTMTECH MOBILE OPAL QUEST
MTECH MOBILE OPAL QUESTMTECH MOBILE
 

Viewers also liked (15)

αλεξανδρος παπαδιαμαντης
αλεξανδρος παπαδιαμαντηςαλεξανδρος παπαδιαμαντης
αλεξανδρος παπαδιαμαντης
 
Security & penetration testing
Security & penetration testingSecurity & penetration testing
Security & penetration testing
 
Hosobaiday
HosobaidayHosobaiday
Hosobaiday
 
Sample123
Sample123Sample123
Sample123
 
Map presentation
Map presentationMap presentation
Map presentation
 
Кабінет Укр.мови
Кабінет Укр.мовиКабінет Укр.мови
Кабінет Укр.мови
 
(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011
 
Global Medical Cures™ | Pocket Guide to Maintaining Healthy Weight
Global Medical Cures™ | Pocket Guide to Maintaining Healthy WeightGlobal Medical Cures™ | Pocket Guide to Maintaining Healthy Weight
Global Medical Cures™ | Pocket Guide to Maintaining Healthy Weight
 
P01
P01P01
P01
 
Πάτρα και οι Ναοί της
Πάτρα και οι Ναοί τηςΠάτρα και οι Ναοί της
Πάτρα και οι Ναοί της
 
GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...
GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...
GelecekHane Halil Aksu - Açık İnovasyon Buluşması - Akıl Gıdıklayıcı İnovasyo...
 
упражнения для развития логики детей 6-7 лет
упражнения для развития логики детей 6-7 лет упражнения для развития логики детей 6-7 лет
упражнения для развития логики детей 6-7 лет
 
Роман Кокин «Организация тестирования в больших командах»
Роман Кокин «Организация тестирования в больших командах»Роман Кокин «Организация тестирования в больших командах»
Роман Кокин «Организация тестирования в больших командах»
 
Trinh dien ho so bai day
Trinh dien ho so bai dayTrinh dien ho so bai day
Trinh dien ho so bai day
 
MTECH MOBILE OPAL QUEST
MTECH MOBILE OPAL QUESTMTECH MOBILE OPAL QUEST
MTECH MOBILE OPAL QUEST
 

Similar to (Pdf) yury chemerkin _icitst_2012

(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013STO STRATEGY
 
(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013STO STRATEGY
 
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013STO STRATEGY
 
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013STO STRATEGY
 
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013STO STRATEGY
 
Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012STO STRATEGY
 
Cloud computing for libraries an introduction
Cloud computing for libraries an introductionCloud computing for libraries an introduction
Cloud computing for libraries an introductionKrista Godfrey
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Securing Your BBC Identity
Securing Your BBC IdentitySecuring Your BBC Identity
Securing Your BBC IdentityMarc Littlemore
 
Rosario Valotta. Abusing Browser User Interfaces for Fun and Profit.
Rosario Valotta. Abusing Browser User Interfaces for Fun and Profit.Rosario Valotta. Abusing Browser User Interfaces for Fun and Profit.
Rosario Valotta. Abusing Browser User Interfaces for Fun and Profit.Positive Hack Days
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Visual Studio Tools for Apache Cordova (TACO) and Ionic
Visual Studio Tools for Apache Cordova (TACO) and IonicVisual Studio Tools for Apache Cordova (TACO) and Ionic
Visual Studio Tools for Apache Cordova (TACO) and IonicJustin James
 
Cloud Trends: The Impact to Your Business and Customers (webinar)
Cloud Trends: The Impact to Your Business and Customers (webinar)Cloud Trends: The Impact to Your Business and Customers (webinar)
Cloud Trends: The Impact to Your Business and Customers (webinar)VISIHOSTING
 
Fixing the mobile web - Internet World Romania
Fixing the mobile web - Internet World RomaniaFixing the mobile web - Internet World Romania
Fixing the mobile web - Internet World RomaniaChristian Heilmann
 
Julie Mckenzie-project4-fwd
Julie Mckenzie-project4-fwdJulie Mckenzie-project4-fwd
Julie Mckenzie-project4-fwdmckenzjules
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)Reality Net System Solutions
 

Similar to (Pdf) yury chemerkin _icitst_2012 (20)

(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013
 
(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013
 
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
 
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013
 
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013
 
Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012
 
Cloud computing for libraries an introduction
Cloud computing for libraries an introductionCloud computing for libraries an introduction
Cloud computing for libraries an introduction
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 
Securing Your BBC Identity
Securing Your BBC IdentitySecuring Your BBC Identity
Securing Your BBC Identity
 
Rosario Valotta. Abusing Browser User Interfaces for Fun and Profit.
Rosario Valotta. Abusing Browser User Interfaces for Fun and Profit.Rosario Valotta. Abusing Browser User Interfaces for Fun and Profit.
Rosario Valotta. Abusing Browser User Interfaces for Fun and Profit.
 
Abusing bu is-4.3
Abusing bu is-4.3Abusing bu is-4.3
Abusing bu is-4.3
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Visual Studio Tools for Apache Cordova (TACO) and Ionic
Visual Studio Tools for Apache Cordova (TACO) and IonicVisual Studio Tools for Apache Cordova (TACO) and Ionic
Visual Studio Tools for Apache Cordova (TACO) and Ionic
 
Cloud Trends: The Impact to Your Business and Customers (webinar)
Cloud Trends: The Impact to Your Business and Customers (webinar)Cloud Trends: The Impact to Your Business and Customers (webinar)
Cloud Trends: The Impact to Your Business and Customers (webinar)
 
Fixing the mobile web - Internet World Romania
Fixing the mobile web - Internet World RomaniaFixing the mobile web - Internet World Romania
Fixing the mobile web - Internet World Romania
 
Julie Mckenzie-project4-fwd
Julie Mckenzie-project4-fwdJulie Mckenzie-project4-fwd
Julie Mckenzie-project4-fwd
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)
 

More from STO STRATEGY

(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013STO STRATEGY
 
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedingsSTO STRATEGY
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013STO STRATEGY
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013STO STRATEGY
 
(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013STO STRATEGY
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013STO STRATEGY
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedingsSTO STRATEGY
 
Pen test career. how to begin
Pen test career. how to beginPen test career. how to begin
Pen test career. how to beginSTO STRATEGY
 
State of art of mobile forensics
State of art of mobile forensicsState of art of mobile forensics
State of art of mobile forensicsSTO STRATEGY
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security ChallengesSTO STRATEGY
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challengesSTO STRATEGY
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiSTO STRATEGY
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.STO STRATEGY
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesSTO STRATEGY
 
Social network privacy
Social network privacySocial network privacy
Social network privacySTO STRATEGY
 
Interview with yury chemerkin
Interview with yury chemerkinInterview with yury chemerkin
Interview with yury chemerkinSTO STRATEGY
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortressSTO STRATEGY
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
A security system that changed the world
A security system that changed the worldA security system that changed the world
A security system that changed the worldSTO STRATEGY
 
Is data secure on the password protected blackberry device
Is data secure on the password protected blackberry deviceIs data secure on the password protected blackberry device
Is data secure on the password protected blackberry deviceSTO STRATEGY
 

More from STO STRATEGY (20)

(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
 
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013
 
(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings
 
Pen test career. how to begin
Pen test career. how to beginPen test career. how to begin
Pen test career. how to begin
 
State of art of mobile forensics
State of art of mobile forensicsState of art of mobile forensics
State of art of mobile forensics
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security Challenges
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challenges
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniques
 
Social network privacy
Social network privacySocial network privacy
Social network privacy
 
Interview with yury chemerkin
Interview with yury chemerkinInterview with yury chemerkin
Interview with yury chemerkin
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortress
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
A security system that changed the world
A security system that changed the worldA security system that changed the world
A security system that changed the world
 
Is data secure on the password protected blackberry device
Is data secure on the password protected blackberry deviceIs data secure on the password protected blackberry device
Is data secure on the password protected blackberry device
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

(Pdf) yury chemerkin _icitst_2012

  • 1. VULNERABILITY ELIMINATION BY FORCE OF NEW MOBILE OS YURY CHEMERKIN THE 7TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS 2012
  • 2. THE SECURITY IS THE CORNERSTONE A POWERFUL HIGH LEVEL INTEGRATION  IMs, SOCIAL NETWORKS  FINANCIAL DATA AND ETC. THE BLACKBERRY WAS BUILT  FREE OF MALWARE & HARMFUL ACTIONS  WITH NATIVE SECURITY SOLUTIONS MAINLY FOCUSED ON ENTERPRISE  WIDE RANGE IT POLICY SET  UP TO 500 UNITS  A FEW THIRD PARTY SECURITY SOLUTIONS A SIMPLIFICATION OF THE SECURITY VISION POOR INTERGRATION (ONLY BLACKBERRY BRIDGE)  NO BUILT IMs, HTML5 & WEB-LAUNCHER  NO WALLETS OR ELSE BUILT APPLICATIONS PLAYBOOK MIGHT  PRODUCE FEW VALUE DATA DUE APIs  NOT MORE THAN LARGE PHONE’S SCREEN TOTALLY FOCUSED ON ENTERPRISE  IT POLICY EXTRA REDUCED  UP TO 10 UNITS  ENTERTAINMENT APPLICATIONS ONLY BLACKBERRY SECURITY ENVIRONMENT BLACKBERRYSMARTPHONEWASSECURE… PLAYBOOKHASCOMEWITHAPOORENVIROMENT
  • 3.  A LOT OF TYPES  BOOTKITS  FIRMWARE  USER-MODE  KERNEL  HYPERVISOR  SIMILAR TO THE SPYWARE  BUNDLING WITH DESIRABLE SOFTWARE  WIDESPREADING, EASY DITRIBUTION AND QUITE RELEVANT FOR HACKERS  BASED ON:  VENDOR-SUPPLIED EXTENSIONS  THIRD PARTY PLUGINS  PUBLIC INTERFACES  INTERCEPTION OF SYSTEMS MESSAGES  EXPLOITATION OF SECURITY VULNERABILITIES  HOOKING AND PATCHING OF APIs METHODS USER MODE ROOTKIT AND SPYWARE MALWAREBOUNDSBECOMEUNCLEAR… HACKERSAREINTERESTEDINCHEAPERCOSTING
  • 4.  VIA THE BUILT (INTERNAL) EXPLORER  AFTER ENTERING THE PASSWORD BUT STILL THE INTERNAL EXPLORER  FOR EXECUTING MALWARE FROM THE DEVICE BY CLICKING FILE (.JAR/.JAD + .COD)  TO ALLOW COPYING THE MALWARE TO THE DEVICE AS AN EXTERNAL DRIVE (LIKE A WORM)  AFTER MOUNTING AS AN EXTERNAL DRIVE(-S)  AFTER ENTERING THE PASSWORD BUT IT IS NOT NECESSARY TO USE INTERNAL EXPLORER  TO PREVENT FROM EXECUTING ANYTHING OUTSIDE APPWORLD (.BAR)  MALWARE IS A PERSONAL APPLICATION SUBTYPE IN TERMS OF RIM’s SECURITY THE FILE SYSTEM ISSUES BBOSv4–5WASACCESSIBLE BBOSV6–7PLUSPLAYBOOKAREACCESSIBLE
  • 5.
  • 6.
  • 7.  THE “UPGRADE” FEATURE MEANS  THE INSTALL & REMOVE ACTIONS AT LEAST  AN APPLICATION ID REQUIREMENT  AN ACCESSIBLE RUNNING APPLICATION LIST  HANDLING ANOTHER APPs SILENTLY VIA API  HANDLING ANOTHER APPLICATION SILENTLY VIA PC TOOLS  MAY NEED A PASSWORD  DEBUG MODE IS FOR TRACING & DEBUGING ONLY  EASY TRACKING THE NEWCOMING .COD MODULES FOR THE MALWARE PAYLOAD  THE “UPGRADE” MEANS AN USER INTERACTION  WITH APPWORLD  WITH HOME SCREEN  THERE ARE SOME APIs BUT DISABLED  THERE IS NO API FOR SUCH ACTIONS YET  HANDLING ANOTHER APPLICATION SILENTLY VIA PC TOOLS  MAY NEED A PASSWORD  STRONGLY NEED ACTIVATED A DEBUG MODE  LOOKS LIKE MORE SECURE THAN BLACKBERRY BUT DIFFICULT TO REMOVE DISTRIBUTED MALWARE THE APPLICATION MANAGEMENT ISSUES BLACKBERRYSMARTPHONE(LESSTHANBB10) BLACKBERRYPLAYBOOK(PROBABLYBLACKBERRY10)
  • 8.
  • 9.  HOW TO REVEAL THE DATA IN REAL TIME  GETCLIPBOARD()  ANY PROTECTION  NATIVE WALLETS RESTRICT THE CLIPBOARD ACCESS BY RETURNING “NULL”  WHILE THE APPLICATION IS ACTIVE (ON TOP OF SCREEN STACK) ONLY  DOES NOT WORK IN MINIMIZED STATE  HOW TO REVEAL THE DATA IN REAL TIME  GETDATA()  ANY PROTECTION  NO NATIVE WALLET APPLICATION  MANAGING THE LAST CLIPBOARD DATA VIA SHARED FOLDER  PLAIN TEXT  HTML  ETC. THE CLIPBOARD ISSUES BLACKBERRYSMARTPHONE BLACKBERRYPLAYBOOK
  • 10.
  • 11.
  • 12.
  • 13.  SCREEN PROTECTION VIA SWITCHING  PERMIT  RESTRICT  ADDITIONALLY PER APPLICATION….  BUT DOES NOT HANDLE WINDOWs  HANDLE WITH THE KEY PREVIEW DUE THE VIRTUAL KEYBOARD  MAY BE IMPROVED BY XOR’ing TWO PHOTOSCREENS TO GET THE DIFFERENCE  MASKING THE ASTERISKS TAKES A DELAY  ENOUGH TO STEAL THE TEXT  MAY BE PART OF OCR ENGINES  ONLINE OR DESKTOP  RECOGNIZE TYPED DATA VERY QUICKLY  WAS TESTED ON ABBYY ONLINE OCR  SUBSTITUTE FOR HARDWARE KEYLLOGER  RUNNING DOWN THE BATTERRY MORE SLOWLY THAN PHOTO/VIDEO CAMERA  EASY ACCESS TO ANY APPLICATION…WALLET EVEN  NO RESTRICTION LIKE THE CLIPBOARD “NULL”  SCREENSHOTS OFTEN STORE IN CAMERA FOLDER  THE SAME A FILE ACCESS THE PHOTOSCREEN ISSUES AREAVAILABLEFORALLBLACKBERRYDEVICESBUTDISABLEDFORPLAYBOOKANDBLACKBERRY10YET
  • 14.
  • 15.  USING AUTHORIZED API TO INTERCEPT  MESSAGES (BBM, EMAIL, PIN-TO-PIN)  CREATE THE MESSAGE  READ THE MESSAGE  DELETE THE MESSAGE  SET THE MESSAGE STATUS (UNREAD, SENT, ANY ERROR STATE, ETC.)  THE BUTTON EVENTS (THE SAME TYPES)  OPENING THE MESSAGE  FORWARDING THE MESSAGE  SENDING THE MESSAGE  INTERCEPTING THE SMS (BASICALLY)  RECEIVING AND SENDING EVENTS  DELETING THE SENT & RECEIVED SMS  ENOUGH TO HANDLE SOCIAL C&C SMS  OUTCOMING SMS (ADVANCED)  BLOCKING (DROPPING) THE SMS  A NOTIFICATION IN THE MESSAGE THREAD  SPOOFING  THE RECEPIENT  THE BODY  TRANSMISSION REFUSED BY … IF SUCH MESSAGE WAS NOT REMOVED THE MESSAGES ISSUES AVAILABLEONTHEBBDEVICES PROBABLYONTHEBLACKBERRY10 NO3G,NOAPIFORPLAYBOOK
  • 16.
  • 17.  THE PASSWORD PROTECTION COVERS  DEVICE LOCKING & ENCRYPTION FEATURE  APPWORLD REQUEST  LIMITED BY 5/10 ATTEMPTS & WIPE THEN  WIPING THE INTERNAL STORAGE ONLY  EXTRACTING THE PASSWORD TRHOUGHT  ELCOMSOFT PRODUCT (CUSTOM CASE)  GUI VULNERABILITY  CREATING THE FAKE WINDOW ON DESKTOP SYNCHRONIZATION  BREAKING INTO BB DESKTOP SOFTWARE  HANDLING MS WINDOWS VULNERABILITY  UNMASKING THE FIELD  GRABBING THE PASSWORD  MASKING THE FIELD  THIS DELAY TAKES 10-20 MSEC  AFFECTED PASSWORD TYPES  THE DEVICE PASSWORD  THE BACKUP PASSWORD  AFFECTED DEVICES  BLACKBERRY 4-7 (BB 10 HIGHLY PROBABLY)  BLACKBERRY PLAYBOOK THE DEVICE PASSWORD ISSUES FORTHEBLACKBERRY4–7DUETHEINTERNALCASE FORALLDEVICESDUEINTHEDESKTOPACCESSCASE
  • 18.
  • 19.
  • 20.  INITIALLY BASED ON AUTHORIZED API COVERED  ALL PHYSICAL & NAVIGATION BUTTONS  TYPING THE TEXTUAL DATA  AFFECT ALL NATIVE & THIRD PARTY APPs  SECONDARY BASED ON ADDING THE MENU ITEMS  INTO THE GLOBAL MENU  INTO THE “SEND VIA” MENU  AFFECT ALL NATIVE APPLICATIONS  NATIVE APPLICATIONS ARE DEVELOPED BY RIM  BLACKBERRY WALLETS, MESSAGES, SETTINGS, FACEBOOK, TWITTER,…  BBM/GTALK/YAHOO/WINDOWS IMs,…  GUI EXPLOITATION HANDLES WITH  REDRAWING THE SCREENS  ADDING NEW GUI OBJECTS  CHANGING THEIR PROPERTIES  GRABBING THE TEXT FROM THE  ANY FIELDs (INCL. PASSWORD FIELD)  UNLOCK THE DEVICE’s FIELD  SETTING UP THE PASSWORD’s FIELD  ADDING, REMOVING THE FIELD DATA  ORIGINAL DATA IS INACCESSIBLE BUT NOT AFFECTED  GUI OBJECTS SHUFFLING IS NOT POSSIBLE THE GUI EXPLOITATION CONSEQUENCEOFWIDEINTERGRATIONFEATURESOFFEREDFORDEVELOPERS(BLACKBERRY4–7 ONLY)
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.  KASPERSKY MOBILE SECURITY PROVIDES  FIREWALL, WIPE, BLOCK, INFO FEATURES  NO PROTECTION FROM REMOVING.CODs  NO PROTECTION UNDER SIMULATOR  EXAMING THE TRAFFIC, BEHAVIOUR  SHOULD CHECK API “IS SIMULATOR”  SMS MANAGEMENT (“QUITE” SECRET SMS)  PASSWORD IS FOUR– SIXTEEN DIGITS SET  …AND CAN BE MODIFIED IN REAL-TIME  SMS IS A HALF A HASH VALUE OF GOST R 34.11-94  IMPLEMENTATION USES TEST CRYPTO VALUES AND NO SALT  TABLES (VALUEHASH) ARE EASY BUILT  OUTCOMING SMS CAN BE SPOOFED WITHOUT ANY NOTIFICATION  OUTCOMING SMS CAN BLOCK OR WIPE THE SAME DEVICE OR ANOTHER DEVICE  McAfee MOBILE SECURITY PROVIDES  FIREWALL, WIPE, BLOCK, INFO FEATURES  NO PROTECTION FROM REMOVING.CODs  NO PROTECTION UNDER SIMULATOR  EXAMING THE TRAFFIC, BEHAVIOUR  SHOULD CHECK API “IS SIMULATOR”  WEB MANAGEMENT CONSOLE  DIFFICULT TO BREAK SMS C&C THE THIRD PARTY EXPLOITATION THEREAREAFEWOFTHEM THEYMIGHTHAVEANEXPLOIT BUTRUINNATIVEASECURITY
  • 26.  DENIAL OF SERVICE  REPLACING/REMOVING EXEC FILES  DOS’ing EVENTs, NOISING FIELDS  GUI INTERCEPT  INFORMATION DISCLOSURE  CLIPBOARD, SCREEN CAPTURE  GUI INTERCEPT  DUMPING .COD FILES, SHARED FILES  MITM (INTERCEPTION / SPOOFING)  MESSAGES  GUI INTERCEPT, THIRD PARTY APPs  FAKE WINDOW/CLICKJACKING  GENERAL PERMISSIONS  INSTEAD OF SPECIFIC SUB-PERMISSIONS  A FEW NOTIFICATION/EVENT LOGs FOR USER  BUILT PER APPLICATION INSTEAD OF APP SCREENs  CONCRETE PERMISSIONS  BUT COMBINED INTO GENERAL PERMISSION  A SCREENSHOT PERMISSION IS PART OF THE CAMERA  GENERAL PERMISSIONS  INSTEAD OF SPECIFIC SUB-PERMISSIONS  A FEW NOTIFICATION/EVENT LOGs FOR USER  BUILT PER APPLICATION INSTEAD OF APP SCREENs THE PERMISSIONS PRIVILEGEDGENERALPERMISSIONS OWNAPPs,NATIVE&3RD PARTYAPPs FEATURES
  • 27.  SIMPLIFICATION AND REDUCING SECURITY CONTROLS  MANY GENERAL PERMISSIONS AND COMBINED INTO EACH OTHER  NO LOGs ACTIVITY FOR SUB-PERMISSIONS TO PROVE THE TRANSPARENCY  ANY SECURITY VULNERABILITY ARE ONLY FIXED BY ENTIRELY NEW AND DIFFERENT OS / KERNEL  A FEW PERMISSIONs ARE CLOSED TO THE USER ACTIONS  THE SANDBOX PROTECT ONLY APPLICATION DATA  USERS HAVE TO STORE THEIR DATA INTO SHARED FOLDERS OR EXTERNAL STORAGE  APPLICATIONS CONTINUE STORE DATA IN PUBLIC FOLDERs BECAUSE GOVERNED BY CHANCE OF AVAILABILITY  MITM / INTERCEPTION ACTIONS ARE OFTEN SILENTLY  THE NATIVE SPOOFING AND INTERCEPTION FEATURES  BLACKBERRY ENTERPRISE SOLUTION / BLACKBERRY MOBILE FUSION IS NOT EFFECTIVE MUCH  THE BEST SECURITY (PERMISSIONS) RULED BY AMAZON WEB SERVICES  PERMISSIONS SHOULD RELY ON THE DIFFERENT USEFUL CASES SET INSTEAD OF SPECIFIC PERMISSION LIST CONCLUSION THEVENDORSECURITYVISION HASNOTHINGWITHREALITY AGGRAVATEDBYSIMPLICITY