823
edits
(reformat with bullet points) |
(→Fingerprinting: link to tor bug tracker) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 21: | Line 21: | ||
=Endpoints= | =Endpoints= | ||
early security: mainframes, protecting users from each other | |||
* how a computer works | * how a computer works | ||
** picture a vast table of index cards - that is memory, it is addressable | ** picture a vast table of index cards - that is memory, it is addressable | ||
Line 52: | Line 48: | ||
*** interact with images, html, javascript, emails | *** interact with images, html, javascript, emails | ||
*** buffer overflows, bad code, bad runtime, bad languages | *** buffer overflows, bad code, bad runtime, bad languages | ||
*** difference between code & data is arbitrary, enforced by software! this is what makes computers powerful, but is also very dangerous | |||
*** if remote attacker can run code directly on your CPU, that's an execution bug | *** if remote attacker can run code directly on your CPU, that's an execution bug | ||
*** this is how the NSA defeated TBB: bug in firefox xml library | *** this is how the NSA defeated TBB: bug in firefox xml library | ||
Line 57: | Line 54: | ||
* arms race: who wants to break in? | * arms race: who wants to break in? | ||
** govts, spies | ** govts, spies | ||
** vandals | ** vandals, trolls, syrian electronic army | ||
** botnets: send spam, mine bitcoin, steal your identity | ** botnets: send spam, mine bitcoin, steal your identity | ||
** black market for pwnd computers, amazon accounts, etc | ** black market for pwnd computers, amazon accounts, etc | ||
** backdoors, CVEs, foxacid | |||
** because exploits are valuable, they use sparingly to avoid discovery | ** because exploits are valuable, they use sparingly to avoid discovery | ||
** updates | |||
*** always update! | |||
*** package managers are the only way | |||
*** app stores add complications: paywalls, "permission creep" | |||
** nonfree software | |||
*** microsoft, apple, google: all evil | |||
*** hall of shame: skype, silverlight, flash are all evil | |||
*** http://www.wired.co.uk/news/archive/2013-10/21/googles-iron-grip-on-android | |||
* defense in depth | * defense in depth | ||
** antivirus | ** antivirus | ||
Line 71: | Line 77: | ||
*** prevents propagation, phoning home, so no payload for attacker | *** prevents propagation, phoning home, so no payload for attacker | ||
*** NAT is not security, ipv6 is coming, "internet of things" *shiver* | *** NAT is not security, ipv6 is coming, "internet of things" *shiver* | ||
* | |||
** | ==Developer Security== | ||
** package signing | * source control | ||
** | ** http://www.git-scm.com/about/info-assurance | ||
** https://www.kernel.org/ | |||
** http://www.linuxfoundation.org/news-media/blogs/browse/2011/08/cracking-kernelorg | |||
* secret backdoors submitted openly? https://www.nsa.gov/research/selinux/ | |||
* package signing, opsec | |||
* deterministic builds are the future | |||
** https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise | |||
** https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details | |||
** multiple compiler ecosystems (gcc, llvm/clang) | ** multiple compiler ecosystems (gcc, llvm/clang) | ||
==Disk Encryption== | ==Disk Encryption== | ||
* "rubber hose cryptanalysis" https://xkcd.com/538/ | * "rubber hose cryptanalysis" https://xkcd.com/538/ | ||
* adds security at rest, but not while running | * adds security at rest, but not while running | ||
Line 87: | Line 97: | ||
* always keep backups - data loss is DoS | * always keep backups - data loss is DoS | ||
* deniability is very hard | * deniability is very hard | ||
* steganography: hiding in plain sight | ** much easier to avoid being a suspect | ||
** having TBB on your disk is a red flag, especially with particular extensions | |||
** ideal solution is steganography: hiding in plain sight | |||
=Networks= | =Networks= | ||
Line 123: | Line 135: | ||
* SSL | * SSL | ||
** | ** example of site that sells SSL certs: https://www.namecheap.com/ssl-certificates.aspx | ||
** | ** example of who an OS trusts (Arch Linux uses Mozilla's cert list): https://www.archlinux.org/packages/core/any/ca-certificates/ | ||
** any of these orgs can impersonate any website | ** any of these orgs can impersonate any website | ||
** cert authorities don't solve mitm, just narrows down who can do it | ** cert authorities don't solve mitm, just narrows down who can do it | ||
Line 172: | Line 184: | ||
* https://panopticlick.eff.org/ | * https://panopticlick.eff.org/ | ||
* http://browserspy.dk | * http://browserspy.dk | ||
* tor bug tracker is always thinking of new problems https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting | |||
* https reduces attack surface but does not solve | * https reduces attack surface but does not solve | ||
** with http you are vulnerable to fingerprinting from EVERYONE EVERYWHERE | ** with http you are vulnerable to fingerprinting from EVERYONE EVERYWHERE |