Jump to navigation Jump to search
698 bytes added ,  13:20, 15 December 2013
→‎Endpoints: clean up, expand a little bit
* how exploits work: backdoors, CVEs, black market, foxacid
* hall of shame: skype, silverlight, flash are all evil
* early security: mainframes, protecting users from each other
* how a computer works
** picture a vast table of index cards - that is memory, it is addressable
*** interact with images, html, javascript, emails
*** buffer overflows, bad code, bad runtime, bad languages
*** difference between code & data is arbitrary, enforced by software! this is what makes computers powerful, but is also very dangerous
*** if remote attacker can run code directly on your CPU, that's an execution bug
*** this is how the NSA defeated TBB: bug in firefox xml library
* arms race: who wants to break in?
** govts, spies
** vandals - gnaa, trolls, syrian electronic army
** botnets: send spam, mine bitcoin, steal your identity
** black market for pwnd computers, amazon accounts, etc
*** prevents propagation, phoning home, so no payload for attacker
*** NAT is not security, ipv6 is coming, "internet of things" *shiver*
 ==Developer Security==* developer securitysource control** source control (http://www.git)*****secret backdoors submitted openly?* package signing, opsec* deterministic builds are the future** opsec**
** multiple compiler ecosystems (gcc, llvm/clang)
** deterministic builds are the future
** secret backdoors submitted openly (selinux?)
==Disk Encryption==
* "rubber hose cryptanalysis"
* adds security at rest, but not while running
* always keep backups - data loss is DoS
* deniability is very hard
* * much easier to avoid being a suspect** having TBB on your disk is a red flag, especially with particular extensions** ideal solution is steganography: hiding in plain sight

Navigation menu