Kiwicon: a real security eye-opener for developers
I’ve always thought I was pretty security conscious with my own laptop, data and information - and that I could keep my own systems safe. But it only took a few hours at Kiwicon X to realise how wrong I was!!!
As a Linux fan and Mac user, I am always teasing my Windows friends at the office that you couldn’t catch malware or viruses on a Mac. Well, after what I heard at Kiwicon, I have to admit how mistaken I was…
The event was a real eye-opener for me about how insecure some of us are in the workplace and I came away from it with so much new and enlightening knowledge.
Here is some of what I learned from the talks - from a developer’s perspective (and hopefully not too nerdy):
Passwords today are still being sent unsalted/insecurely as a GET or POST request. Most web forms are still processing just plain text for passwords which allow man-in-the-middle attacks to retrieve these requests very easily.
Phishing emails used to be old school, but today they are still happening and are even more advanced. Michele Orru from Kiwicon showed us how to launch and setup phishing in under 10 minutes.
The tools he provided were crazy - you could send out thousands of legit emails within minutes! The tool even provided tons of premade email templates that looked legit and convincing. It was also automated so all you had to do was supply a domain name and it would do all the hard work. With his tool, you can monitor who’s clicked your links, and view all their data collected. You also had full remote access of a user’s machine.
Kiwicon was a great event and the knowledge can help anyone.