![Page 1: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/1.jpg)
Copyright © 2007 - The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/
The OWASP Foundation
OWASPUSA
November 2007
http://www.owasp.org/
For my next trick...hacking Web2.0 (lite)
Petko D. Petkov (pdp)GNUCITIZENhttp://www.gnucitizen.org
![Page 2: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/2.jpg)
OWASP USA – November 2007
powered BY
http://www.gnucitizen.org
![Page 3: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/3.jpg)
OWASP USA – November 2007
...before we START
Feel free to ask questions!Do ask questions!Have fun!
![Page 4: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/4.jpg)
OWASP USA – November 2007
what is WEB2.0?
![Page 5: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/5.jpg)
OWASP USA – November 2007
...
Marketing buzzwordInvented by O'Reilly Media in 2003Wikis, Blogs, AJAX, Social Networks, CollaborationAPIs, SOA (Service Oriented Architecture)Data in the CloudApplications on Demand
![Page 6: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/6.jpg)
OWASP USA – November 2007
why web2.0 HACKING?
![Page 7: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/7.jpg)
OWASP USA – November 2007
...
Data ManagementInformation LeaksLive ProfilingInformation SpammingService AbuseAutonomous AgentsDistributionAttack Infrastructures
![Page 8: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/8.jpg)
OWASP USA – November 2007
the PAPER
5 fictional stories with technology that is realLearn by exampleKISS (Keep it Simple Stupid)Problems with no solutions
I was told that I need to come up with some solutions, otherwise I cannot present at OWASP.
![Page 9: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/9.jpg)
OWASP USA – November 2007
the STORIES
MPack2.0Attack Infrastructures
WormoholicAutonomous Agents
Bookmarks RiderDistribution
RSS KingpinInformation Spamming
Revealing the hidden WebService Abuse
![Page 10: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/10.jpg)
OWASP USA – November 2007
know your ROOTS
![Page 11: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/11.jpg)
OWASP USA – November 2007
...
what's MPACK?
![Page 12: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/12.jpg)
OWASP USA – November 2007
...
what would it be in the web2.0 WORLD?hint: Google Mashup Editor
![Page 13: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/13.jpg)
OWASP USA – November 2007
...
who is SAMY?
![Page 14: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/14.jpg)
OWASP USA – November 2007
...
what's a covert CHANNEL?
![Page 15: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/15.jpg)
OWASP USA – November 2007
...
...but in the web2.0 WORLD?
![Page 16: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/16.jpg)
OWASP USA – November 2007
...
who's the mechanical TURK?
![Page 17: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/17.jpg)
OWASP USA – November 2007
...
...to MALWARE?hint: Social Bookmarking
![Page 18: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/18.jpg)
OWASP USA – November 2007
...
can web2.0 malware BROADCAST?
![Page 19: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/19.jpg)
OWASP USA – November 2007
...
...MD5(DOMAIN + TIME)
![Page 20: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/20.jpg)
OWASP USA – November 2007
...
where are my SCHEDULERS?
![Page 21: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/21.jpg)
OWASP USA – November 2007
...
where are my ACTUATORS?
![Page 22: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/22.jpg)
OWASP USA – November 2007
...
...data in the CLOUD...
(the malicious one)
![Page 23: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/23.jpg)
OWASP USA – November 2007
...
...applications on DEMAND...
(the malicious ones)
![Page 24: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/24.jpg)
OWASP USA – November 2007
...
what's state and what's PERSISTENCE?
![Page 25: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/25.jpg)
OWASP USA – November 2007
...
riding social bookmarks is FUN!
![Page 26: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/26.jpg)
OWASP USA – November 2007
...
...maybe make some money TOO!
![Page 27: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/27.jpg)
OWASP USA – November 2007
...
to splog or not to splog. This is the QUESTION!
![Page 28: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/28.jpg)
OWASP USA – November 2007
...
call me the rss KINGPIN!
![Page 29: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/29.jpg)
OWASP USA – November 2007
...
service abuse and the hidden WEB
![Page 30: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/30.jpg)
OWASP USA – November 2007
know your ROOTS
![Page 31: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/31.jpg)
OWASP USA – November 2007
...more
Profiling targets by watching their Web activitiesSnoop onto targetsGEO Position Mobile phonesGEO Position individualsMore service abuseMore vulnerabilitiesMore Insecurities
![Page 32: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/32.jpg)
OWASP USA – November 2007
...
solutions and recommendations?
![Page 33: For my next trick hacking Web2.0 (lite) · why web2.0 HACKING? OWASP USA – November 2007... Data Management Information Leaks Live Profiling Information Spamming Service Abuse Autonomous](https://reader034.vdocuments.net/reader034/viewer/2022043018/5f3ab0b3bfcd1e676a1f88f7/html5/thumbnails/33.jpg)
OWASP USA – November 2007
thank YOU
http://www.gnucitizen.org