Safe Browsing in 2016 - Rainbow and Unicorn
Transcript of Safe Browsing in 2016 - Rainbow and Unicorn
SAFE BROWSING IN 2016SECURITY & PRIVACY
SAFE BROWSING IN 2016
me_irl• Gabor Szathmari • Information Security
Professional Hacker Freelancer
• Privacy Advocate
SAFE BROWSING IN 2016
I WILL BE TALKING ABOUT• Web browsing
‣Privately
‣Securely
THE SMALL PRINT
SAFE BROWSING IN 2016
THIS GUIDE IS NOT FOR YOU, IF…• Targeted surveillance • Whistleblower protection • Browsing the web anonymously
SAFE BROWSING IN 2016
YOU NEED INSTEAD …• Tor browser • Tails OS, Qubes OS • PGP, Signal, WhatsApp, Ricochet • SecureDrop, GlobaLeaks
KNOW YOUR ADVISORY
SAFE BROWSING IN 2016
CYBER CRIMINALS•Ransomware
‣ Your files for Bitcoins
• Info stealing malware
‣ Passwords
‣ Bank and credit card details
SAFE BROWSING IN 2016
THE GOVERNMENTMetadata law1 excludes2:
•URLs
•Web Page Content
•DNS requests
•Destination IPs and Ports[1]: Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 [2]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf
SAFE BROWSING IN 2016
THE GOVERNMENTISPs must retain1:
• Assigned IP and Port
• Date and Duration
• Data Volume
• Subscriber Data[1]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf
SAFE BROWSING IN 2016
THE GOVERNMENTISPs must retain1:
• Assigned IP and Port
• Date and Duration
• Data Volume
• Subscriber Data
Service Providers have:
• Connecting IP and Port
• Date and Duration
• Data Volume
• Content[1]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf
On Request
SAFE BROWSING IN 2016
DATA CORRELATION• Hello Google, give us
all the IP addressessearching for “whistleblowing” in January 2016
SAFE BROWSING IN 2016
DATA CORRELATION• Hey Facebook, tell us
the URL of all websites that this IP address visitedwith your ‘Like button’ on the page1
[1]: http://arstechnica.com/tech-policy/2015/03/report-facebook-tracks-all-visitors-even-if-youre-not-a-user-and-opted-out/
SAFE BROWSING IN 2016
SAFE BROWSING IS• Protection from
ransomware and info stealing malware
• De-linking data between the ISP and Service Providers
OPERATING SYSTEM HYGIENE
SAFE BROWSING IN 2016
HOW MALWARE GETS IN?• File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
SAFE BROWSING IN 2016
WHAT CAN PROTECT ME?
• Anti-virus software • Anti-exploit kit
SAFE BROWSING IN 2016
ANTI-VIRUS SOFTWAREModern AV protects from: • Known and unknown malware • Loading malicious URLs • Ransomware • Keystroke logging
SAFE BROWSING IN 2016
ANTI-EXPLOIT KIT
Protects from: • Browser exploits • Browser add-on exploits
SAFE BROWSING IN 2016
OPERATING SYSTEM HYGIENEAnti-malware1: ‣ Kaspersky Internet
Security ‣ Norton Security
Anti-exploit kit2: ‣ MalwareBytes
Anti-Exploit ‣ HitmanPro.Alert
[1]: https://www.mrg-effitas.com/wp-content/uploads/2016/05/MRG-Effitas-360-Assessment-Q1-2016.pdf [2]: https://www.mrg-effitas.com/wp-content/uploads/2015/04/MRG_Effitas_Real_world_exploit_prevention_test.pdf
SEARCH ENGINE
SAFE BROWSING IN 2016
DATA CORRELATION
• Hello Google, give us all the IP addressessearching for “whistleblowing” in January 2016
SAFE BROWSING IN 2016
SAFE BROWSING IS
• Protection from ransomware and malware
• De-linking data between theISP and Service Providers
SAFE BROWSING IN 2016
CHOOSING THE SEARCH ENGINE• Doesn't keep logs • Nothing to hand over
SAFE BROWSING IN 2016
CHOOSING THE SEARCH ENGINE• startpage.com • search.disconnect.me • duckduckgo.com
WEB BROWSER
SAFE BROWSING IN 2016
HOW MALWARE GETS IN?• File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
SAFE BROWSING IN 2016
A MODERN WEB BROWSER• Warns if something
bad is going to happen
• Stops bad things from happening
SAFE BROWSING IN 2016
BROWSER SECURITY
File / URL Reputation
Yes Yes Yes Yes
Sandboxing Yes Yes Yes
Sandboxed Flash Yes Yes Yes
Sandboxed PDF Yes Yes Yes
Certificate Transparency
Yes
Token Binding Yes
SAFE BROWSING IN 2016
CHROME, BECAUSE …
• Implements state of the art security technologies
• Privacy and security extensions
SAFE BROWSING IN 2016
BEFORE YOU BEGIN…• Don’t log in with a Google account • Fine-tune its privacy settings1
• Read the Chrome Privacy Whitepaper2
[1]: http://www.dummies.com/how-to/content/how-to-use-google-chrome-privacy-settings.html [2]: https://www.google.com/chrome/browser/privacy/whitepaper.html
BROWSER EXTENSIONS
SAFE BROWSING IN 2016
DATA CORRELATION• Hey Facebook, tell us
the URL of all websites that this IP address visitedwith your ‘Like button’ on the page1
[1]: http://arstechnica.com/tech-policy/2015/03/report-facebook-tracks-all-visitors-even-if-youre-not-a-user-and-opted-out/
SAFE BROWSING IN 2016
SAFE BROWSING IS
• Protection from ransomware and malware
• De-linking data between theISP and Service Providers
SAFE BROWSING IN 2016
EXTENSIONS: PRIVACY• Disable tracking pixels
‣ Disconnect -or-
‣ Privacy Badger
• Enforce encryption
‣ HTTPS Everywhere
• Prevent leaks
‣ Referer Control
‣ WebRTC Leak Prevent
• Prevent fingerprinting
‣ CanvasFingerprintBlock
‣ User-Agent Switcher
SAFE BROWSING IN 2016
HOW MALWARE GETS IN?• File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
SAFE BROWSING IN 2016
EXTENSIONS: SECURITY• Click to Flash ‣ Flashcontrol
• Control third-party code ‣ uBlock Origin ‣ ScriptSafe
• Browser and add-on health check ‣ Qualys BrowserCheck
• URL Reputation ‣ WOT: Web of Trust
SAFE BROWSING IN 2016
WHAT’S YOUR FAVOURITE EXTENSION?• https://chrome.google.com/webstore/detail/disconnect/jeoacafpbcihiomhlakheieifhpjdfeo
• https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp
• https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp
• https://chrome.google.com/webstore/detail/referer-control/hnkcfpcejkafcihlgbojoidoihckciin
• https://chrome.google.com/webstore/detail/canvasfingerprintblock/ipmjngkmngdcdpmgmiebdmfbkcecdndc
• https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml
• https://chrome.google.com/webstore/detail/user-agent-switcher-for-g/ffhkkpnppgnfaobgihpdblnhmmbodake
• https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe
• https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
• https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf
• https://chrome.google.com/webstore/detail/qualys-browsercheck-for-w/ejhnkognlohdkpjkjongioociddgoibk
• https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
SUMMARY
SAFE BROWSING IN 2016
SUMMARY• Cyber criminals, The Government • Anti-malware, anti-exploit • Search engine • Secure web browser • Browser extensions
SAFE BROWSING IN 2016
THANK YOU• @gszathmari
• PGP: keybase.io/gszathmari
• Threema: PRN7228A
SAFE BROWSING IN 2016
PHOTOS• https://americangallery.files.wordpress.com/2012/06/sheep-in-wolfs-clothing.jpg
• http://dropsafe.crypticide.com/wp-content/uploads/2013/08/Secure-Beneath-Watchful-Eyes.png
• https://uploads.skyhighnetworks.com/2014/12/blog-banner-dr-evil.png
• https://twitter.com/malware_traffic/status/738801324955832321