security is everyone's responsibility

Download Security is Everyone's Responsibility

Post on 21-Apr-2017

2.830 views

Category:

Internet

2 download

Embed Size (px)

TRANSCRIPT

  • SECURITY#btsec@MrRio

  • DIRECTOR/FOUNDER AT

  • jsPDF JAVASCRIPT PDF GENERATION LIBRARY

  • SECURITY

    #btsec@MrRio

    IS EVERYONESRESPONSIBILITY

  • DEBOOKEEFOR MAC

    #btsec@MrRio

  • #btsec

  • CRACKING A WIFIPASSWORD IS EASY

    #btsec@MrRio

  • #btsec@MrRio

  • HOW DOWE FIX THIS?!

    #btsec@MrRio

  • #btsec@MrRio

    WEBSITE OWNERS

    USE SSL

  • #btsec@MrRio

    WEBSITE USERS

    USE VPN

  • WHAT ISCRYPTOGRAPHY?

    #btsec@MrRio

  • SENDING A#btsec

    SECURE MESSAGE(OFFLINE DEMO EDITION)

  • A CIPHERIS A DIGITAL

    LOCK#btsec

  • CAESAR CIPHERUSED IN WARSAROUND 50BC

    #btsec

  • ABCDEFGHIJKLM

    XYZABCDEFGHIJ

    #btsec

  • SHIFT CIPHER

    I LOVE BT

    I LOVE BT

    0SHIFT VALUE (KEY)

    INPUT

    OUTPUT

    #btsec

  • SHIFT CIPHER

    I LOVE BT

    J MPWF CU

    1SHIFT VALUE (KEY)

    INPUT

    OUTPUT

    #btsec

  • SHIFT CIPHER

    I LOVE BT

    K NQXG DV

    2SHIFT VALUE (KEY)

    INPUT

    OUTPUT

    #btsec

  • ONE-TIME PAD

    ILOVEBT

    JUTVHKZ

    1950396KEY

    INPUT

    OUTPUT

    #btsec

  • STREAM CIPHER

    ILOVEBT

    JUTVHKZ

    7894KEY (SEED)

    KEY STREAM (PRNG)

    OUTPUT#btsec

    1950396INPUT

  • HOW TO GET ASHAREDSECRET

    WITH THIS ONE WEIRD TRICK#btsec

  • MARCSTEFAN

    EVE#btsec

  • STEFAN MARC

    EVE#btsec

  • EVE

    STEFAN MARC

    #btsec

  • EVE

    STEFAN MARC

    #btsec

  • EVE

    STEFAN MARC

    #btsec

  • EVE

    STEFAN MARC

    #btsec

  • EVE

    STEFAN MARC

    #btsec

  • INSTEAD OF COLOURS

    #btsec

    WE USE PRIME NUMBERS

  • (3^29) % 17 = 12

    (3^??) % 17 = 12

    EASY

    HARD

  • 32,416,190,071

  • USE SSL#btsec

    (TLS)

    TO FIX MITM

  • WITH SVG FILTERS

    #btsec

    HACKING SITES

  • #btsec

    var lastTime = 0;!function loop(time) {! var delay = time lastTime;! var fps = 1000/delay;! console.log(delay + ms + fps: + fps);! updateAnimation();! requestAnimationFrame(loop);! lastTime = time;!}!requestAnimationFrame(loop);

    TIMING ATTACK

  • #btsec

    ! ! ! ! ! ! !!

    TIMING ATTACK

  • #btsec

  • #btsec

    !

    Source: http://www.contextis.com/documents/2/Browser_Timing_Attacks.pdf

    http://example.comhttp://www.contextis.com/documents/2/Browser_Timing_Attacks.pdf

  • X-FRAME-OPTIONS: SAMEORIGIN

  • DEMO 2

    #btsec

    The non-WiFi version

  • #btsec

  • #btsec

    YOU CAN STRIP SSL EASILY

  • #btsec

    I BUILT A SCARY APPsslstrip arpspoof

    css3 3d transforms

    node.js

    websocketslasers(spelt the british way)

  • #btsec

  • #btsec

  • #btsec

  • Strict-Transport-Security: max-age=63072000

    response.headers[Strict-Transport-Security] = max-age=63072000'

    header(Strict-Transport-Security: max-age=63072000);

    #btsec

    HTTP Strict Transport Security (HSTS)

  • RECAPPROBLEM: HTTP Sucks

    #btsec

    SOLUTION: Use SSL or a VPN! (TLS)

    PROBLEM: SSL Sucks!SOLUTION: Use HSTS headers

    PROBLEM: IFRAMES suckSOLUTION: Use X-FRAME-OPTIONS: SAMEORIGIN

  • THANK YOU!#btsec@MrRio @parallax

    ME MY COMPANY