Image Hoster Diving: Examining the Web’s Dumpster

PRESENTATION SLIDES (PDF)

We all remember dumpster diving – going through a company’s trash searching for personal information, corporate secrets and even passwords. But after decades of surveillance, trainings and security certifications, surely such reckless behavior is a thing of the past…

Or not. Humans tend to ignore risks that are based on mathematical probability – and that has made anonymous image hosters the dumpsters of the current decade. Hundreds of thousands of people upload hundreds of millions of images. Most of them secured only by the semi-random image name assigned to them after uploading. Worse yet, a majority of image hosters don’t prohibit making random guesses at image names in their ToS or even provide us with built-in functionality to display random images in their catalog.

This speech will share the amusing, the shocking, the stupid and the downright bizarre findings on anonymous image hosters as well as the neuronal networks used to filter thousands of images for relevant information. Join us in digging through copious amounts of (filtered) nudity, abs, duckfaces, game screenshots and a statistically disturbing lack of cats. Oh, as well as IPs, session tokens, passwords, phone numbers, floor-plans, bank statements and much much more.

CONFERENCE
Location: Track 2 Date: October 16, 2014 Time: 10:30 am - 11:30 am Paul S. Ziegler