Changes

Jump to navigation Jump to search

Security Overview

326 bytes added, 12:36, 17 December 2013
→‎Fingerprinting: link to tor bug tracker
=Endpoints=
* nonfree software (microsoft, apple, google: all evil)* security updates: package managers are the only way* app stores add complications: paywalls, "permission creep"* how exploits work: backdoors, CVEs, black market, foxacid* hall of shame: skype, silverlight, flash are all evil* early security: mainframes, protecting users from each other
* how a computer works
** picture a vast table of index cards - that is memory, it is addressable
** botnets: send spam, mine bitcoin, steal your identity
** black market for pwnd computers, amazon accounts, etc
** backdoors, CVEs, foxacid
** because exploits are valuable, they use sparingly to avoid discovery
** updates
*** always update!
*** package managers are the only way
*** app stores add complications: paywalls, "permission creep"
** nonfree software
*** microsoft, apple, google: all evil
*** hall of shame: skype, silverlight, flash are all evil
*** http://www.wired.co.uk/news/archive/2013-10/21/googles-iron-grip-on-android
* defense in depth
** antivirus
* SSL
** show example of site that sells SSL certs (: https://www.namecheap.com)/ssl-certificates.aspx** show directory with certs your example of who an OS trusts(Arch Linux uses Mozilla's cert list): https://www.archlinux.org/packages/core/any/ca-certificates/
** any of these orgs can impersonate any website
** cert authorities don't solve mitm, just narrows down who can do it
* https://panopticlick.eff.org/
* http://browserspy.dk
* tor bug tracker is always thinking of new problems https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
* https reduces attack surface but does not solve
** with http you are vulnerable to fingerprinting from EVERYONE EVERYWHERE

Navigation menu