Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security is Everyone's Responsibility

3,313 views

Published on

Here are the slides I did for my talk at Beyond Tellerand in Berlin.

Published in: Internet
  • Hey guys! Who wants to chat with me? More photos with me here 👉 http://www.bit.ly/katekoxx
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Security is Everyone's Responsibility

  1. 1. SECURITY @MrRio #btsec
  2. 2. DIRECTOR/FOUNDER AT
  3. 3. jsPDF JAVASCRIPT PDF GENERATION LIBRARY
  4. 4. SECURITY IS EVERYONE’S RESPONSIBILITY @MrRio #btsec
  5. 5. DEBOOKEE FOR MAC @MrRio #btsec
  6. 6. #btsec
  7. 7. CRACKING A WIFI PASSWORD IS EASY @MrRio #btsec
  8. 8. @MrRio #btsec
  9. 9. HOW DO WE FIX THIS?! @MrRio #btsec
  10. 10. WEBSITE OWNERS – USE SSL @MrRio #btsec
  11. 11. WEBSITE USERS – USE VPN @MrRio #btsec
  12. 12. WHAT IS CRYPTOGRAPHY? @MrRio #btsec
  13. 13. SENDING A SECURE MESSAGE #btsec (OFFLINE DEMO EDITION)
  14. 14. A CIPHER IS A DIGITAL LOCK #btsec
  15. 15. CAESAR CIPHER USED IN WARS AROUND 50BC #btsec
  16. 16. ABCDEFGHIJKLM XYZABCDEFGHIJ #btsec
  17. 17. SHIFT CIPHER SHIFT VALUE (KEY) 0 INPUT I LOVE BT OUTPUT I LOVE BT #btsec
  18. 18. SHIFT CIPHER SHIFT VALUE (KEY) 1 INPUT I LOVE BT OUTPUT J MPWF CU #btsec
  19. 19. SHIFT CIPHER SHIFT VALUE (KEY) 2 INPUT I LOVE BT OUTPUT K NQXG DV #btsec
  20. 20. ONE-TIME PAD KEY 1950396 INPUT ILOVEBT OUTPUT JUTVHKZ #btsec
  21. 21. STREAM CIPHER KEY (SEED) 7894 KEY STREAM (PRNG) ILOVEBT OUTPUT JUTVHKZ #btsec 1950396 INPUT
  22. 22. HOW TO GET A SHARED SECRET WITH THIS ONE WEIRD TRICK #btsec
  23. 23. STEFAN MARC EVE #btsec
  24. 24. STEFAN MARC EVE #btsec
  25. 25. STEFAN MARC EVE #btsec
  26. 26. STEFAN MARC EVE #btsec
  27. 27. STEFAN MARC EVE #btsec
  28. 28. STEFAN MARC EVE #btsec
  29. 29. STEFAN MARC EVE #btsec
  30. 30. INSTEAD OF COLOURS #btsec WE USE PRIME NUMBERS
  31. 31. EASY (3^29) % 17 = 12 (3^??) % 17 = 12 HARD
  32. 32. 32,416,190,071
  33. 33. TO FIX MITM USE SSL #btsec (TLS)
  34. 34. WITH SVG FILTERS #btsec HACKING SITES
  35. 35. var lastTime = 0;! function loop(time) {! var delay = time – lastTime;! var fps = 1000/delay;! console.log(delay + ‘ ms’ + ‘ fps: ‘ + fps);! updateAnimation();! requestAnimationFrame(loop);! lastTime = time;! }! requestAnimationFrame(loop); #btsec TIMING ATTACK
  36. 36. #btsec TIMING ATTACK <filter id="threshold" color-interpolation-filters="sRGB">! <feColorMatrix type="matrix" ! values="0.333 0.333 0.333 0 -.16! 0.333 0.333 0.333 0 -.16! 0.333 0.333 0.333 0 -.16! 0 0 0 0 1" />! <feComponentTransfer>! <feFuncR type="discrete" tableValues="1 0" />! <feFuncG type="discrete" tableValues="1 0" />! <feFuncB type="discrete" tableValues="1 0" />! </feCompnentTransfer>! </filter>!
  37. 37. #btsec
  38. 38. <iframe src=”view-source:http://example.com#line77”></iframe>! #btsec Source: http://www.contextis.com/documents/2/Browser_Timing_Attacks.pdf
  39. 39. X-FRAME-OPTIONS: SAMEORIGIN
  40. 40. DEMO 2 #btsec The non-WiFi version
  41. 41. #btsec
  42. 42. YOU CAN STRIP SSL EASILY #btsec
  43. 43. lasers websockets node.js #btsec I BUILT A SCARY APP sslstrip arpspoof (spelt the british way) css3 3d transforms
  44. 44. #btsec
  45. 45. #btsec
  46. 46. #btsec
  47. 47. HTTP Strict Transport Security (HSTS) Strict-Transport-Security: max-age=63072000 response.headers[‘Strict-Transport-Security’] = ‘max-age=63072000' header(“Strict-Transport-Security: max-age= 63072000”); #btsec
  48. 48. RECAP PROBLEM: HTTP Sucks SOLUTION: Use SSL or a VPN! (TLS) SOLUTION: Use X-FRAME-OPTIONS: SAMEORIGIN #btsec PROBLEM: IFRAMES suck PROBLEM: SSL Sucks! SOLUTION: Use HSTS headers
  49. 49. THANK YOU! ME MY COMPANY @MrRio @parallax #btsec

×