Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

You and Your Phone are Huge Threats to the Net

1,417 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

You and Your Phone are Huge Threats to the Net

  1. 1. you and your phone are a huge threat to the net @alecmuffett www.alecmuffett.com green lane security www.greenlanesecurity.com@alecmuffett www.greenlanesecurity.com
  2. 2. ...but not in the way you may think@alecmuffett www.greenlanesecurity.com
  3. 3. 1: You@alecmuffett www.greenlanesecurity.com
  4. 4. knowledge & memory@alecmuffett www.greenlanesecurity.com
  5. 5. example: you & phone numbers@alecmuffett www.greenlanesecurity.com
  6. 6. nowadays your phone helps you remember phone numbers so you can ignore the phonebook@alecmuffett www.greenlanesecurity.com
  7. 7. example: you & IP addresses@alecmuffett www.greenlanesecurity.com
  8. 8. your computer is not yet bypassing DNS for you@alecmuffett www.greenlanesecurity.com
  9. 9. 2: Your Phone@alecmuffett www.greenlanesecurity.com
  10. 10. (my phone)@alecmuffett www.greenlanesecurity.com
  11. 11. samsung galaxy S2@alecmuffett www.greenlanesecurity.com
  12. 12. (I used to sysadmin for universities which had less CPU power)@alecmuffett www.greenlanesecurity.com
  13. 13. networking@alecmuffett www.greenlanesecurity.com
  14. 14. GPRS, 3G, HSDPA/+, Wifi@alecmuffett www.greenlanesecurity.com
  15. 15. @alecmuffett www.greenlanesecurity.com
  16. 16. @alecmuffett www.greenlanesecurity.com
  17. 17. Mon Jan 9 21:40:05 82.xx.xx.xx Vigor[4294967295] <Info>: DoS smurf Block31.106.0.240 -> 82.xx.xx.xx PR icmp len 2084 icmp 0/8Mon Jan 9 21:40:11 82.xx.xx.xx Vigor[4294967295] <Info>: DoS smurf Block31.106.0.240 -> 82.xx.xx.xx PR icmp len 2084 icmp 0/8@alecmuffett www.greenlanesecurity.com
  18. 18. @alecmuffett www.greenlanesecurity.com
  19. 19. @alecmuffett www.greenlanesecurity.com
  20. 20. @alecmuffett www.greenlanesecurity.com
  21. 21. Your phone is...@alecmuffett www.greenlanesecurity.com
  22. 22. powerful enough to be a server@alecmuffett www.greenlanesecurity.com
  23. 23. thoroughly connected@alecmuffett www.greenlanesecurity.com
  24. 24. but underutilised.@alecmuffett www.greenlanesecurity.com
  25. 25. So what?@alecmuffett www.greenlanesecurity.com
  26. 26. threat 1: censorship@alecmuffett www.greenlanesecurity.com
  27. 27. domain filtering@alecmuffett www.greenlanesecurity.com
  28. 28. UAE, Saudi, Ireland...@alecmuffett www.greenlanesecurity.com
  29. 29. DNS domain seizure@alecmuffett www.greenlanesecurity.com
  30. 30. newzbin2, dajaz1, ...@alecmuffett www.greenlanesecurity.com
  31. 31. threat 2: network isolation@alecmuffett www.greenlanesecurity.com
  32. 32. “divided we stand”@alecmuffett www.greenlanesecurity.com
  33. 33. restricted ingress & egress = easier control = simpler censorship@alecmuffett www.greenlanesecurity.com
  34. 34. direct communication = disintermediation = harder to block@alecmuffett www.greenlanesecurity.com
  35. 35. so why is your phone NAT’ed?@alecmuffett www.greenlanesecurity.com
  36. 36. not security, else you need to avoid wifi@alecmuffett www.greenlanesecurity.com
  37. 37. your phone is NAT’ed and firewalled instead for another reason:@alecmuffett www.greenlanesecurity.com
  38. 38. “because it’s what people currently expect”@alecmuffett www.greenlanesecurity.com
  39. 39. summary@alecmuffett www.greenlanesecurity.com
  40. 40. in three sentences:@alecmuffett www.greenlanesecurity.com
  41. 41. “why can’t I ping your phone?”@alecmuffett www.greenlanesecurity.com
  42. 42. “you’d do more with full connectivity...”@alecmuffett www.greenlanesecurity.com
  43. 43. network access is not the same as network connectivity@alecmuffett www.greenlanesecurity.com
  44. 44. until this changes, you and your phone are promoting inferior methods of network connectivity@alecmuffett www.greenlanesecurity.com
  45. 45. ie: you are part of the problem@alecmuffett www.greenlanesecurity.com
  46. 46. solutions?@alecmuffett www.greenlanesecurity.com
  47. 47. technologies • IPv6 • no more scarcity of addresses • no more argument for NAT • NAT is not a security mechanism • NAT is not a firewall@alecmuffett www.greenlanesecurity.com
  48. 48. “a /48 is big enough for anyone?” *281,474,976,710,656 devices in your home?@alecmuffett www.greenlanesecurity.com
  49. 49. technologies • Alternatives to DNS • several out there • “.p2p” domain project • also better DNS (i.e. DNSSEC) • Unloved by censors • SOPA would forbid@alecmuffett www.greenlanesecurity.com
  50. 50. technologies • Tor • ignores DNS internally • “.onion” domain@alecmuffett www.greenlanesecurity.com
  51. 51. but the real solution@alecmuffett www.greenlanesecurity.com
  52. 52. demand change.@alecmuffett www.greenlanesecurity.com
  53. 53. (fin)@alecmuffett www.greenlanesecurity.com

×