Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The guide of Security Jerk


Published on

How to be a jerk in Security (rump session of RMLL Sec 2016)

Published in: Technology
  • Login to see the comments

  • Be the first to like this

The guide of Security Jerk

  1. 1. @CreativeConnard The Guide of Security Jerk Code of conduct is for bastards RMLL Sec 2016 – Rump session
  2. 2. @CreativeConnard Previous edition Le Guide du Connard du Logiciel Libre
  3. 3. ~ 3 ~@CreativeConnard HOW TO be a security jerk ~ Developer ~ ~ Sysadmin ~ ~ End user ~
  4. 4. ~ 4 ~@CreativeConnard Developer Store passwords in base64 (or in base32 for 32bits systems)※ Require specific lib versions and discourage any upgrade※ Invent your own cryptographic algorithm※
  5. 5. ~ 5 ~@CreativeConnard Sysadmin export TLS_REQCERT=never (aka Malware In The Middle)※ Write your own Config Management (SSH for kids)※ Always run processes as root and disable SELINUX※
  6. 6. ~ 6 ~@CreativeConnard End user Don’t trust One Time Password as is it always changing※ Click everywhere, IT is a game※ Use pastebin as password manager※
  7. 7. ~ 7 ~@CreativeConnard @CreativeConnard Links for bastards @DonJon_Legacy