Jump to navigation Jump to search

Security Overview

762 bytes added, 12:36, 17 December 2013
→‎Fingerprinting: link to tor bug tracker
=Social Engineering & Basic Stuff=
  * doxxing: * cultivate multiple identities, emails, usernames, etc * be very wary of facebook, g+, social networks * always avoid using your legal name, address * avoid logging in on your phone, or entering your phone # * you can look up license plates * "20 questions" metaphor:
* cameras, microphones, radios * facial recognition * evil chip manufacturers * keyloggers * monitors leak radiation * tracking devices on cars - ride a bicycle, store it indoors * burner phones - prepaid, kept batteryless * tin foil houses:
* nonfree software (microsoft, apple, google: all evil) * early security updates: package managers are the only way * app stores add complications: paywallsmainframes, "permission creep" * how exploits work: backdoors, CVEs, black market, foxacidprotecting users from each other * hall of shame: skype, silverlight, flash are all evil * how a computer works ** picture a vast table of index cards - that is memory, it is addressable ** CPU instructions manipulate the index cards ** I/O devices all have addresses you write to/from (registers, ram, disk, net, keyboard, mouse, monitor) * how an operating system works ** kernel vs userspace - enforced by CPU *** kernel runs on a CPU, has access to hardware *** CPU time is expensive, so how to multitask? *** kernel invents concept of "users", protects them from each other *** if user figures out how to mess with the kernel, that's an escalation bug *** userspace is often called a "shell" *** trusted boot **** causing kernel escalation bugs to be taken more seriously **** when combined with full-disk encryption, prevents "evil maid" **** sometimes only trusts windows **** attempts at closing this hole on linux: ** super users *** root on unix, admin on windows *** privilege separation made windows XP unusable *** android uses privilege separation - every app is its own user *** getting super user is also an escalation bug *** sometimes achieved by keyloggers *** Xorg / linux desktop ships with its own keylogger (xev) ** userspace apps are sandboxes *** interact with images, html, javascript, emails *** buffer overflows, bad code, bad runtime, bad languages *** difference between code & data is arbitrary, enforced by software! this is what makes computers powerful, but is also very dangerous*** if remote attacker can run code directly on your CPU, that's an execution bug *** this is how the NSA defeated TBB: bug in firefox xml library *** execution (get shell) then escalation (get root), optionally get kernel (rootkit) == pwnd * arms race: who wants to break in? ** govts, spies ** vandals - gnaa, trolls, syrian electronic army ** botnets: send spam, mine bitcoin, steal your identity ** black market for pwnd computers, amazon accounts, etc ** backdoors, CVEs, foxacid** because exploits are valuable, they use sparingly to avoid discovery ** updates*** always update!*** package managers are the only way*** app stores add complications: paywalls, "permission creep"** nonfree software*** microsoft, apple, google: all evil*** hall of shame: skype, silverlight, flash are all evil**** defense in depth ** antivirus *** helps slow mass infections *** does not protect you personally *** it's too late, wipe & restore *** cannot remove all rootkits, kernel exploits, firmware worms ** firewalls *** reduce attack surface *** prevents propagation, phoning home, so no payload for attacker *** NAT is not security, ipv6 is coming, "internet of things" *shiver* * developer security ==Developer Security==* source control (** http://www.git)***** secret backdoors submitted openly? * package signing, opsec* deterministic builds are the future** * opsec* ** multiple compiler ecosystems (gcc, llvm/clang) * deterministic builds are the future * secret backdoors submitted openly (selinux?)
disk encryption==Disk Encryption== * "rubber hose cryptanalysis" * adds security at rest, but not while running * android makes this easy * your mugger probably won't dump the RAM, but cops can * always keep backups - data loss is DoS * deniability is very hard * * much easier to avoid being a suspect** having TBB on your disk is a red flag, especially with particular extensions** ideal solution is steganography: hiding in plain sight
networks are * evil * ISPs spy on you * assume all cables are tapped, intercepted * routers & modems are vulnerable * NSA suppresses openwrt to keep them that way * closed hardware drivers are the other culprit - patents, binary blobs ** some things need old kernels: more work for kernel devs ** #1 reason some hardware needs dd-wrt, not openwrt * cell phones especially, even with cyanogenmod
mesh networks==Mesh== * harder to wiretap individuals * but ideally should not be trusted either - end-to-end encryption * can do location analysis, enable stalkers (seattle) * mac address randomization: unsupported, not foolproof, easy to block
tor==Tor, vpnsVPNs, proxiesProxies== * protect you from your own ISP/network hardware * provider or exit node still can spy on you * much VPN software/protocols are not audited * local traffic analysis & timestamps could give you less deniability * they can tell WHEN you are using tor/vpn * tor only hides/obfuscates your IP address - NOTHING ELSE (unless you use tbb) * flash is evil: poor sandboxing, disrespects proxies
mitm==MITM== * anyone controlling the pipes can do it * Tor can make this WORSE, not better, so router-level Tor is also bad
* show * example of site that sells SSL certs (: * show directory with certs your * example of who an OS trusts(Arch Linux uses Mozilla's cert list): ** any of these orgs can impersonate any website ** cert authorities don't solve mitm, just narrows down who can do it** US & UK govt: FLYING PIG? *** french govt *** chinese govt** bootstrap problem *** HSTS preloading *** *** ipsec + dnssec + dane** metadata *** even with SSL, they can see who you're talking to *** traffic analysis, packet size gives away a lot: google maps tiles, for example
* tor hidden services
** the address is the certificate ** solves the mitm problem ** solves the metadata problem ** solves the auth problem ** are not user-friendly by today's standards ** this is what securedrop uses
* in the future we will all memorize hashes like phone #s
** similarly: ** OTR approximates this ** this means that access to truly random numbers is very important *** specialized crypto hardware *** PRNGs: android fail *** freebsd no longer trusts intel
cookies==Cookies== * ad networks: google, etc * analytics: google, etc * CDNs: google, amazon, akamai * social networks: facebook "like" button, twitter, etc * session cookies partially solves ** but how long is your session? ** what did you do in your session? * persistence - anything on disk: flash cookies, DOM objects, cache * deleting flash cookies deletes security settings. flash is evil! * disk encryption does not solve this - it is still a disk! * private / incognito mode partially solves, makes false promises ** bugs, leaks, plugins: * TAILS solves this - defense in depth
browser fingerprinting==Fingerprinting== * * * tor bug tracker is always thinking of new problems!closed&keywords=~tbb-fingerprinting* https reduces attack surface but does not solve ** with http you are vulnerable to fingerprinting from EVERYONE EVERYWHERE ** with https you are vulnerable to fingerprinting from sites you visit & 3rd party networks * in active use at major sites ** ** * worst offenders: javascript, plugins, user agents * TBB does its best, not perfect * TAILS mostly solves - but webrtc * still leaves: your language, timezone (country), window size, timestamps, things you say & do, textual analysis
other datamining vectors==Other== * referers * geolocation * URL shorteners:, * if you're not paying, you're the product

Navigation menu