Institute for Internet-Security
if(is)

Links  | Kontakt  | Sitemap  | Impressum  |  if(is) auf Twitter if(is) Facebook if(is)
Scenarios

Please find below some descriptions of our scenarios as well as some video streams about our Live Hackings.

Our booth "Live-Hacking"

 

Bluetooth mobile

Bluetooth is a very popular radio interface that can be used to transmit speech or data fast and wireless over short distances. Nearly all current mobile phones are equipped with such an interface. Due to security leaks within the Bluetooth implementation many devices can be spied out or remote controlled. Reading out the phone directory is just a harmless example. Without much effort directory entries can be altered, which leads to expensive phone bills. In this scenario we read out the phone directory of a Bluetooth equipped mobile. Later on we demonstrate how easy it is to protect yourself against this attack.

 

Bluetooth-Headset (the spy in your ear)

As they are very popular amongst mobile users, most people do not know what these small gadgets are capable of.  Bluetooth-Headsets are designed very simple, which makes them easy to handle. But simplicity goes to the expense of security. To keep complexity low during the production process, nearly all security codes are the same for the recent mobile phones.
PINS like 0000 or 1234 give an example how simple it is to manipulate those headsets. With less effort the hardware address of the headset can be tracked, enabling the hacker to establish a connection to the headset, tapping all calls within the vicinity of the device. During this scenario our experts demonstrate an easy way to protect oneself against those attacks.

Watch this scenario from Security 2006.

 

Password database (Passwort Scrabble)

This scenario demonstrates that you don’t need to be a professional hacker to intrude a foreign System; you only need to have some creativity. Using a real database containing passwords of an existing company, we demonstrate how careless many users are in terms of security. It also shows that most users lack of imagination finding safe passwords.

You will be surprised about the passwords revealed.

Watch this scenario from Security 2006.

 

Password brute force

For a long time passwords aren’t stored anymore in plain text. Instead a fingerprint is saved. This improves security significantly, because such a password file can’t be decrypted by unauthorized persons. In case that a simple password is used, it is quite easy to resolve the password from the fingerprint. We demonstrate the simplicity of cracking a weak password and how to protect yourself against such attacks.

 

Windows-Metasploit (I can see things you don't want me to see)

Within this scenario we attack a Microsoft Windows based computer.
Starting from our system we install a Trojan horse, enabling us to control the victim computer remotely. Besides harmless script kiddie activities like remote control of the CD tray, we are able to read out user E-Mails or other sensitive data. This example demonstrates the importance of continuous security updates. In addition we show how to surf the net securely by the help of Firewalls and Antivirus software.

Watch this scenario from Security 2006.

 

Phishing (Phisherman's Bank)

Day by day we can read in the news about Phishing attacks. Through fake E-Mails and websites malicious scammers try to acquire home banking data or other user data. Those fake websites look confusingly genuine and even experts are fooled sometimes. We demonstrate the course of such a phishing attack and how to protect yourself. With some awareness at the right point such a phishing attack can be recognized.

The most important rule: “credit institutions don’t send E-Mails”.

Watch this scenario from Security 2006

 

Word Meta Data (Perfect Holiday)

This scenario shows how insecure “password protected” word documents are. By the help of a simple text editor like Notepad our expert turns a „protected“ word document of the company “Perfect Holiday” into an unprotected document.

Watch this scenario from Security 2006.

 

XSS

Some may have heard of it, but most people don’t know about it.
XSS stands for Cross-Site-Scripting and means the exploit of security vulnerability.
Information that stems from a context that is not trusted is put into another context that shall make it trustable.
Sounds complicated? It isn’t. Within a small scenario we demonstrate XSS and how to protect yourself against it.

 

Google-Hacking (I can find things you don't want me to find)

Most people do not know that Google isn’t just a well known search bot, but also a first class hacker tool, due to its complex search options.
Google can be directed to filter search results through specific parameters.
For example: Google can be directed through the parameter “intitle:” to look for key words only within the title of a website.

You will be amazed what things can be found.

 

Ebay-Harvesting

Online auctions are trendy, as there’s nothing more thrilling than to find a looked-for wish online and to purchase it much cheaper by auction, than in the shop at the corner.  It is worrying to see how careless some of the auction platforms deal with their user data. We demonstrate how to collect loads of usernames by the help of a simple script.


Link zum moeglichen Abschlussarbeiten des if(is)
Marktplatz IT-Sicherheit, Lösungen, Anbieter, Dienstleistungen, IT-Jobs
Anbieter finden!
Jobs finden!

Logo zum neuen Studiengang: Master Internet-SicherheitEinstieg auch zum
Sommersemster!

Logo zum Professor des Jahres 2011

Logo: Buch Sicher im Internet

Logo: DIX - Deutscher Internet-Index

Logo: Frühwarn- und Intrusion Detection-System auf der Basis von kombinierten Methoden der KI

Logo: Live Hacking / Awareness Performance

Logo: Turaya