Soumettre la recherche
Mettre en ligne
Security is Everyone's Responsibility
•
13 j'aime
•
4,192 vues
James Hall
Suivre
Here are the slides I did for my talk at Beyond Tellerand in Berlin.
Lire moins
Lire la suite
Internet
Signaler
Partager
Signaler
Partager
1 sur 49
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Information security
Information security
kevin_donovan
웹 서비스를 위한 보안서버 구축방향
웹 서비스를 위한 보안서버 구축방향
FlyHigh Co., LTD.
Information security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
The Basics of Cryptography
The Basics of Cryptography
James Hall
Cryptography talk export
Cryptography talk export
James Hall
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
Skeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
Contenu connexe
Dernier
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
Mavein
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
ssuser166378
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
Jan Löffler
Zero-day Vulnerabilities
Zero-day Vulnerabilities
alihassaah1994
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
edrianrheine
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Roxana Stingu
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
naveenithkrishnan
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
mchristianalwyn
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
APNIC
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Shreedeep Rayamajhi
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
Shubham Pant
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
lesteraporado16
Dernier
(12)
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
Zero-day Vulnerabilities
Zero-day Vulnerabilities
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
En vedette
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
Getting into the tech field. what next
Getting into the tech field. what next
Tessa Mero
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
How to have difficult conversations
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
Introduction to Data Science
Introduction to Data Science
Christy Abraham Joy
Time Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
Vit Horky
The six step guide to practical project management
The six step guide to practical project management
MindGenius
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
RachelPearson36
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
GetSmarter
ChatGPT webinar slides
ChatGPT webinar slides
Alireza Esmikhani
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
Project for Public Spaces & National Center for Biking and Walking
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
DevGAMM Conference
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
Erica Santiago
En vedette
(20)
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Getting into the tech field. what next
Getting into the tech field. what next
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
How to have difficult conversations
How to have difficult conversations
Introduction to Data Science
Introduction to Data Science
Time Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
The six step guide to practical project management
The six step guide to practical project management
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
ChatGPT webinar slides
ChatGPT webinar slides
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
Security is Everyone's Responsibility
1.
SECURITY @MrRio #btsec
2.
DIRECTOR/FOUNDER AT
3.
jsPDF JAVASCRIPT PDF
GENERATION LIBRARY
4.
SECURITY IS EVERYONE’S
RESPONSIBILITY @MrRio #btsec
5.
DEBOOKEE FOR MAC
@MrRio #btsec
6.
#btsec
7.
CRACKING A WIFI
PASSWORD IS EASY @MrRio #btsec
8.
@MrRio #btsec
9.
HOW DO WE
FIX THIS?! @MrRio #btsec
10.
WEBSITE OWNERS –
USE SSL @MrRio #btsec
11.
WEBSITE USERS –
USE VPN @MrRio #btsec
12.
WHAT IS CRYPTOGRAPHY?
@MrRio #btsec
13.
SENDING A SECURE
MESSAGE #btsec (OFFLINE DEMO EDITION)
14.
A CIPHER IS
A DIGITAL LOCK #btsec
15.
CAESAR CIPHER USED
IN WARS AROUND 50BC #btsec
16.
ABCDEFGHIJKLM XYZABCDEFGHIJ #btsec
17.
SHIFT CIPHER SHIFT
VALUE (KEY) 0 INPUT I LOVE BT OUTPUT I LOVE BT #btsec
18.
SHIFT CIPHER SHIFT
VALUE (KEY) 1 INPUT I LOVE BT OUTPUT J MPWF CU #btsec
19.
SHIFT CIPHER SHIFT
VALUE (KEY) 2 INPUT I LOVE BT OUTPUT K NQXG DV #btsec
20.
ONE-TIME PAD KEY
1950396 INPUT ILOVEBT OUTPUT JUTVHKZ #btsec
21.
STREAM CIPHER KEY
(SEED) 7894 KEY STREAM (PRNG) ILOVEBT OUTPUT JUTVHKZ #btsec 1950396 INPUT
22.
HOW TO GET
A SHARED SECRET WITH THIS ONE WEIRD TRICK #btsec
23.
STEFAN MARC EVE
#btsec
24.
STEFAN MARC EVE
#btsec
25.
STEFAN MARC EVE
#btsec
26.
STEFAN MARC EVE
#btsec
27.
STEFAN MARC EVE
#btsec
28.
STEFAN MARC EVE
#btsec
29.
STEFAN MARC EVE
#btsec
30.
INSTEAD OF COLOURS
#btsec WE USE PRIME NUMBERS
31.
EASY (3^29) %
17 = 12 (3^??) % 17 = 12 HARD
32.
32,416,190,071
33.
TO FIX MITM
USE SSL #btsec (TLS)
34.
WITH SVG FILTERS
#btsec HACKING SITES
35.
var lastTime =
0;! function loop(time) {! var delay = time – lastTime;! var fps = 1000/delay;! console.log(delay + ‘ ms’ + ‘ fps: ‘ + fps);! updateAnimation();! requestAnimationFrame(loop);! lastTime = time;! }! requestAnimationFrame(loop); #btsec TIMING ATTACK
36.
#btsec TIMING ATTACK
<filter id="threshold" color-interpolation-filters="sRGB">! <feColorMatrix type="matrix" ! values="0.333 0.333 0.333 0 -.16! 0.333 0.333 0.333 0 -.16! 0.333 0.333 0.333 0 -.16! 0 0 0 0 1" />! <feComponentTransfer>! <feFuncR type="discrete" tableValues="1 0" />! <feFuncG type="discrete" tableValues="1 0" />! <feFuncB type="discrete" tableValues="1 0" />! </feCompnentTransfer>! </filter>!
37.
#btsec
38.
<iframe src=”view-source:http://example.com#line77”></iframe>! #btsec
Source: http://www.contextis.com/documents/2/Browser_Timing_Attacks.pdf
39.
X-FRAME-OPTIONS: SAMEORIGIN
40.
DEMO 2 #btsec
The non-WiFi version
41.
#btsec
42.
YOU CAN STRIP
SSL EASILY #btsec
43.
lasers websockets node.js
#btsec I BUILT A SCARY APP sslstrip arpspoof (spelt the british way) css3 3d transforms
44.
#btsec
45.
#btsec
46.
#btsec
47.
HTTP Strict Transport
Security (HSTS) Strict-Transport-Security: max-age=63072000 response.headers[‘Strict-Transport-Security’] = ‘max-age=63072000' header(“Strict-Transport-Security: max-age= 63072000”); #btsec
48.
RECAP PROBLEM: HTTP
Sucks SOLUTION: Use SSL or a VPN! (TLS) SOLUTION: Use X-FRAME-OPTIONS: SAMEORIGIN #btsec PROBLEM: IFRAMES suck PROBLEM: SSL Sucks! SOLUTION: Use HSTS headers
49.
THANK YOU! ME
MY COMPANY @MrRio @parallax #btsec
Télécharger maintenant