Security Overview
http://does-this-need-to-be-said.tumblr.com/
social engineering
* doxxing: http://thebot.net/general-tutorials/233339-how-doxing-works-protect-yourself/ * cultivate multiple identities, emails, usernames, etc
hardware
* cameras, microphones, radios * facial recognition * evil chip manufacturers * keyloggers * monitors leak radiation * tracking devices on cars - ride a bicycle, store it indoors
endpoint operating systems: main problems
* nonfree software (microsoft, apple, google: all evil) * security updates: package managers are the only way * app stores add complications: paywalls, "permission creep" * how exploits work: backdoors, CVEs, black market, foxacid * execution, escalation, propagation, phoning home * privilege separation (made windows XP unusable) * on linux this is defeated by keyloggers - X Windows is broken, even ships with its own keylogger (xev) * sandboxing is imperfect (that's how the NSA defeated TBB) * hall of shame: skype, silverlight, flash are all evil * firewalls++ * NAT is not security, ipv6 is coming * virus scanners are an ugly hack. it's too late, wipe & restore * rootkits, worms, botnets * PRNGs: android fail * developer security * source control (git) * package signing * opsec * multiple compiler ecosystems (gcc, llvm/clang) * deterministic builds are the future * secret backdoors submitted openly (selinux?)
disk encryption
* "rubber hose", "evil maid" * risky without trusted boot, but trusted boot also broken * deniability is very hard * steganography * best use case: phones (because of controlled environment) * adds security at rest, but not while running * your mugger probably won't dump the RAM, but cops can * always keep backups - data loss is DoS
networks are evil
* ISPs spy on you * assume all cables are tapped, intercepted * routers & modems are vulnerable * NSA suppresses openwrt to keep them that way * closed hardware drivers are the other culprit - patents, binary blobs * some things need old kernels: more work for kernel devs * #1 reason some hardware needs dd-wrt, not openwrt * cell phones especially, even with cyanogenmod
mesh networks
* harder to wiretap individuals * but ideally should not be trusted either - end-to-end encryption * can do location analysis, enable stalkers (seattle) * mac address randomization: unsupported, not foolproof, easy to block
tor, vpns, proxies
* protect you from your own ISP/network hardware * provider or exit node still can spy on you * much VPN software/protocols are not audited * local traffic analysis & timestamps could give you less deniability * they can tell WHEN you are using tor/vpn * tor only hides/obfuscates your IP address - NOTHING ELSE (unless you use tbb) * flash is evil: poor sandboxing, disrespects proxies
mitm
* anyone controlling the pipes can do it * Tor can make this WORSE, not better, so router-level Tor is also bad * SSL * https://www.eff.org/https-everywhere * cert authorities don't solve mitm, just narrows down who can do it * french ISP spoofed google, so did chinese govt * show directory with certs your OS trusts * show example of site that sells SSL certs (namecheap.com) * one solution is ipsec + dnssec + dane, but these are not deployed. internet is broken. * metadata * even with SSL, they can see who you're talking to * traffic analysis, packet size gives away a lot: google maps tiles, for example * tor hidden services * the address is the certificate * solves the mitm problem * solves the metadata problem * solves the auth problem * are not user-friendly by today's standards * this is what securedrop uses * in the future we will all memorize hashes like phone #s * similarly: hashed.im * OTR approximates this
cookies
* ad networks: google, etc * analytics: google, etc * CDNs: google, amazon, akamai * social networks: facebook "like" button, twitter, etc * session cookies partially solves * but how long is your session? * what did you do in your session? * persistence - anything on disk: flash cookies, DOM objects, cache * deleting flash cookies deletes security settings. flash is evil! * disk encryption does not solve this - it is still a disk! * private / incognito mode partially solves, makes false promises * bugs, leaks, plugins: https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs * TAILS solves this - defense in depth
browser fingerprinting
* https reduces attack surface but does not solve * with http you are vulnerable to fingerprinting from EVERYONE EVERYWHERE * with https you are vulnerable to fingerprinting from sites you visit & 3rd party networks * in active use at major sites * worst offenders: javascript, plugins, user agents * TBB does its best, not perfect * TAILS mostly solves - but webrtc * still leaves: your language, timezone (country), window size, timestamps, things you say & do, textual analysis
other datamining vectors
* referers * geolocation * URL shorteners: t.co, bit.ly * if you're not paying, you're the product