Security Overview

From Sudo Room
Revision as of 19:22, 10 December 2013 by Yar (talk | contribs) (giant brain dump)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

http://does-this-need-to-be-said.tumblr.com/

social engineering 

* doxxing: http://thebot.net/general-tutorials/233339-how-doxing-works-protect-yourself/
* cultivate multiple identities, emails, usernames, etc

hardware 

* cameras, microphones, radios
* facial recognition
* evil chip manufacturers
* keyloggers
* monitors leak radiation
* tracking devices on cars - ride a bicycle, store it indoors

endpoint operating systems: main problems 

* nonfree software (microsoft, apple, google: all evil)
* security updates: package managers are the only way
* app stores add complications: paywalls, "permission creep"
* how exploits work: backdoors, CVEs, black market, foxacid
* execution, escalation, propagation, phoning home
* privilege separation (made windows XP unusable)
  * on linux this is defeated by keyloggers - X Windows is broken, even ships with its own keylogger (xev)
* sandboxing is imperfect (that's how the NSA defeated TBB)
* hall of shame: skype, silverlight, flash are all evil
* firewalls++
* NAT is not security, ipv6 is coming
* virus scanners are an ugly hack. it's too late, wipe & restore
* rootkits, worms, botnets
* PRNGs: android fail
* developer security
  * source control (git)
  * package signing
  * opsec
  * multiple compiler ecosystems (gcc, llvm/clang)
  * deterministic builds are the future
  * secret backdoors submitted openly (selinux?)

disk encryption 

* "rubber hose", "evil maid"
* risky without trusted boot, but trusted boot also broken
* deniability is very hard
* steganography
* best use case: phones (because of controlled environment)
* adds security at rest, but not while running
* your mugger probably won't dump the RAM, but cops can
* always keep backups - data loss is DoS

networks are evil 

* ISPs spy on you
* assume all cables are tapped, intercepted
* routers & modems are vulnerable
* NSA suppresses openwrt to keep them that way
* closed hardware drivers are the other culprit - patents, binary blobs
  * some things need old kernels: more work for kernel devs
  * #1 reason some hardware needs dd-wrt, not openwrt
* cell phones especially, even with cyanogenmod

mesh networks 

* harder to wiretap individuals
* but ideally should not be trusted either - end-to-end encryption
* can do location analysis, enable stalkers (seattle)
* mac address randomization: unsupported, not foolproof, easy to block

tor, vpns, proxies 

* protect you from your own ISP/network hardware
* provider or exit node still can spy on you
* much VPN software/protocols are not audited
* local traffic analysis & timestamps could give you less deniability
* they can tell WHEN you are using tor/vpn
* tor only hides/obfuscates your IP address - NOTHING ELSE (unless you use tbb)
* flash is evil: poor sandboxing, disrespects proxies

mitm 

* anyone controlling the pipes can do it
* Tor can make this WORSE, not better, so router-level Tor is also bad
* SSL
  * https://www.eff.org/https-everywhere
  * cert authorities don't solve mitm, just narrows down who can do it
  * french ISP spoofed google, so did chinese govt
  * show directory with certs your OS trusts
  * show example of site that sells SSL certs (namecheap.com)
  * one solution is ipsec + dnssec + dane, but these are not deployed. internet is broken.
* metadata
  * even with SSL, they can see who you're talking to
  * traffic analysis, packet size gives away a lot: google maps tiles, for example
* tor hidden services
  * the address is the certificate
  * solves the mitm problem
  * solves the metadata problem
  * solves the auth problem
  * are not user-friendly by today's standards
  * this is what securedrop uses
* in the future we will all memorize hashes like phone #s
  * similarly: hashed.im
  * OTR approximates this

cookies 

* ad networks: google, etc
* analytics: google, etc
* CDNs: google, amazon, akamai
* social networks: facebook "like" button, twitter, etc
* session cookies partially solves
  * but how long is your session?
  * what did you do in your session?
* persistence - anything on disk: flash cookies, DOM objects, cache
* deleting flash cookies deletes security settings. flash is evil!
* disk encryption does not solve this - it is still a disk!
* private / incognito mode partially solves, makes false promises
  * bugs, leaks, plugins: https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs
* TAILS solves this - defense in depth

browser fingerprinting 

* https reduces attack surface but does not solve
  * with http you are vulnerable to fingerprinting from EVERYONE EVERYWHERE
  * with https you are vulnerable to fingerprinting from sites you visit & 3rd party networks
* in active use at major sites
* worst offenders: javascript, plugins, user agents
* TBB does its best, not perfect
* TAILS mostly solves - but webrtc
* still leaves: your language, timezone (country), window size, timestamps, things you say & do, textual analysis

other datamining vectors 

* referers
* geolocation
* URL shorteners: t.co, bit.ly
* if you're not paying, you're the product
Retrieved from "https://sudoroom.org/mediawiki/index.php?title=Security_Overview&oldid=6382"