Security is Everyone's Responsibility
-
Upload
james-hall -
Category
Internet
-
view
2.834 -
download
2
Transcript of Security is Everyone's Responsibility
![Page 1: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/1.jpg)
SECURITY#btsec@MrRio
![Page 2: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/2.jpg)
DIRECTOR/FOUNDER AT
![Page 3: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/3.jpg)
jsPDF JAVASCRIPT PDF GENERATION LIBRARY
![Page 4: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/4.jpg)
SECURITY
#btsec@MrRio
IS EVERYONE’SRESPONSIBILITY
![Page 5: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/5.jpg)
DEBOOKEEFOR MAC
#btsec@MrRio
![Page 6: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/6.jpg)
#btsec
![Page 7: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/7.jpg)
CRACKING A WIFIPASSWORD IS EASY
#btsec@MrRio
![Page 8: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/8.jpg)
#btsec@MrRio
![Page 9: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/9.jpg)
HOW DOWE FIX THIS?!
#btsec@MrRio
![Page 10: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/10.jpg)
#btsec@MrRio
WEBSITE OWNERS –
USE SSL
![Page 11: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/11.jpg)
#btsec@MrRio
WEBSITE USERS –
USE VPN
![Page 12: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/12.jpg)
WHAT ISCRYPTOGRAPHY?
#btsec@MrRio
![Page 13: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/13.jpg)
SENDING A#btsec
SECURE MESSAGE(OFFLINE DEMO EDITION)
![Page 14: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/14.jpg)
A CIPHERIS A DIGITAL
LOCK#btsec
![Page 15: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/15.jpg)
CAESAR CIPHERUSED IN WARSAROUND 50BC
#btsec
![Page 16: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/16.jpg)
ABCDEFGHIJKLM
XYZABCDEFGHIJ
#btsec
![Page 17: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/17.jpg)
SHIFT CIPHER
I LOVE BT
I LOVE BT
0SHIFT VALUE (KEY)
INPUT
OUTPUT
#btsec
![Page 18: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/18.jpg)
SHIFT CIPHER
I LOVE BT
J MPWF CU
1SHIFT VALUE (KEY)
INPUT
OUTPUT
#btsec
![Page 19: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/19.jpg)
SHIFT CIPHER
I LOVE BT
K NQXG DV
2SHIFT VALUE (KEY)
INPUT
OUTPUT
#btsec
![Page 20: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/20.jpg)
ONE-TIME PAD
ILOVEBT
JUTVHKZ
1950396KEY
INPUT
OUTPUT
#btsec
![Page 21: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/21.jpg)
STREAM CIPHER
ILOVEBT
JUTVHKZ
7894KEY (SEED)
KEY STREAM (PRNG)
OUTPUT#btsec
1950396INPUT
![Page 22: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/22.jpg)
HOW TO GET ASHAREDSECRET
WITH THIS ONE WEIRD TRICK#btsec
![Page 23: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/23.jpg)
MARCSTEFAN
EVE#btsec
![Page 24: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/24.jpg)
STEFAN MARC
EVE#btsec
![Page 25: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/25.jpg)
EVE
STEFAN MARC
#btsec
![Page 26: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/26.jpg)
EVE
STEFAN MARC
#btsec
![Page 27: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/27.jpg)
EVE
STEFAN MARC
#btsec
![Page 28: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/28.jpg)
EVE
STEFAN MARC
#btsec
![Page 29: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/29.jpg)
EVE
STEFAN MARC
#btsec
![Page 30: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/30.jpg)
INSTEAD OF COLOURS
#btsec
WE USE PRIME NUMBERS
![Page 31: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/31.jpg)
(3^29) % 17 = 12
(3^??) % 17 = 12
EASY
HARD
![Page 32: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/32.jpg)
32,416,190,071
![Page 33: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/33.jpg)
USE SSL#btsec
(TLS)
TO FIX MITM
![Page 34: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/34.jpg)
WITH SVG FILTERS
#btsec
HACKING SITES
![Page 35: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/35.jpg)
#btsec
var lastTime = 0;!function loop(time) {! var delay = time – lastTime;! var fps = 1000/delay;! console.log(delay + ‘ ms’ + ‘ fps: ‘ + fps);! updateAnimation();! requestAnimationFrame(loop);! lastTime = time;!}!requestAnimationFrame(loop);
TIMING ATTACK
![Page 36: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/36.jpg)
#btsec
<filter id="threshold" color-interpolation-filters="sRGB">! <feColorMatrix type="matrix" ! values="0.333 0.333 0.333 0 -.16! 0.333 0.333 0.333 0 -.16! 0.333 0.333 0.333 0 -.16! 0 0 0 0 1" />! <feComponentTransfer>! <feFuncR type="discrete" tableValues="1 0" />! <feFuncG type="discrete" tableValues="1 0" />! <feFuncB type="discrete" tableValues="1 0" />! </feCompnentTransfer>!</filter>!
TIMING ATTACK
![Page 37: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/37.jpg)
#btsec
![Page 38: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/38.jpg)
#btsec
<iframe src=”view-source:http://example.com#line77”></iframe>!
Source: http://www.contextis.com/documents/2/Browser_Timing_Attacks.pdf
![Page 39: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/39.jpg)
X-FRAME-OPTIONS: SAMEORIGIN
![Page 40: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/40.jpg)
DEMO 2
#btsec
The non-WiFi version
![Page 41: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/41.jpg)
#btsec
![Page 42: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/42.jpg)
#btsec
YOU CAN STRIP SSL EASILY
![Page 43: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/43.jpg)
#btsec
I BUILT A SCARY APPsslstrip arpspoof
css3 3d transforms
node.js
websocketslasers(spelt the british way)
![Page 44: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/44.jpg)
#btsec
![Page 45: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/45.jpg)
#btsec
![Page 46: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/46.jpg)
#btsec
![Page 47: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/47.jpg)
Strict-Transport-Security: max-age=63072000
response.headers[‘Strict-Transport-Security’] = ‘max-age=63072000'
header(“Strict-Transport-Security: max-age=63072000”);
#btsec
HTTP Strict Transport Security (HSTS)
![Page 48: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/48.jpg)
RECAPPROBLEM: HTTP Sucks
#btsec
SOLUTION: Use SSL or a VPN! (TLS)
PROBLEM: SSL Sucks!SOLUTION: Use HSTS headers
PROBLEM: IFRAMES suckSOLUTION: Use X-FRAME-OPTIONS: SAMEORIGIN
![Page 49: Security is Everyone's Responsibility](https://reader035.fdocuments.us/reader035/viewer/2022062901/58f9b3b2760da3da068bd8ba/html5/thumbnails/49.jpg)
THANK YOU!#btsec@MrRio @parallax
ME MY COMPANY