household infosec in a post-sony era
TRANSCRIPT
Household INFOSECin a Post-Sony Era
Steve [email protected]@steveloughran
Data IntegrityData Privacy
Data AvailabilityResource Control
Don’t upset a nation state
Worry about drive-by
How to Quantify Risk?
Vulnerability
Priv
acy
(lack
of)
(1, 0)
(11, 1)
(*, 11)
Firefox (8, 2)
Chrome: (8, 10)
IE 11 Use to D/L Firefox or Chrome
Flash (9->10, 4)
Vulnerability
Priv
acy
(lack
of)
—LG TV
iPad— —iPhone—PS4-Airplay Amplifier
trouble—
LG TV
(?, 8)
doctorbeet.blogspot.co.uk (?, 10)
(?, 0)
Vulnerability
Priv
acy
(lack
of)
DD-WRT
New Netgear Firewall
CRITICAL
DMZ
USB
...
(?, 11)SQL vulnerability?
Other?
(5,11)iPhone + Google photos
(3,11)
(9, >7)( ?, >7)
Game over
Vulnerability
Priv
acy
(lack
of)
We must fix this in our code
All external data is malicious
All remote interactions leak privacy
C++
C
new URL(“http://www.starcon.net.kp”) .toString()
java.net.URL (>2, >2)
def objectFile[T: ClassTag]( path: String, minPartitions: Int): RDD[T] = withScope { sequenceFile(path, classOf[NullWritable], classOf[BytesWritable], minPartitions) .flatMap(x => Utils.deserialize[Array[T]]( x._2.getBytes, Utils.getContextOrSparkClassLoader))}
SparkContext (0, 9)
OSS everywhere ==> target
Apache & github keys
apt-get upgradebrew upgrademvn installnpm updateyum updatepip installdocker pull…
(?, ?)
build dependencies
We need to address this!
Isolation: containers?
Authentication: PGP validate mvn…
Audit logs
Questions?