Successfully reported this slideshow.
Your SlideShare is downloading. ×

Threat modeling librarian freedom conference

Jul. 01, 2015
4 likes 1,762 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Threat modeling nihilists v. vegans
Threat modeling nihilists v. vegans
Loading in …3
×

Check these out next

ComputerSecurity-Brochure
Benjamin Vevang
WALT be Cyber smart
wiggit
Incredibly efficient but lesser known fighting systems for street defense
Adam Quirk
Selling Elephant Whistles
jaysonstreet
AI-based rumor & fake news detection algorithm on Twitter
Meeyoung Cha
Machine learning how not to lose the user
Nuritps
1 of 83 Ad

Threat modeling librarian freedom conference

Jul. 01, 2015
4 likes 1,762 views

Download to read offline

Technology

Slides from the Threat Modeling: Librarian Edition talk by Eva Galperin and Morgan Marquis-Boire at the Digital Rights in Librarian Conference, 2015.

Slides from the Threat Modeling: Librarian Edition talk by Eva Galperin and Morgan Marquis-Boire at the Digital Rights in Librarian Conference, 2015.

Technology
Advertisement

Recommended

Threat modeling nihilists v. vegans
evacide
1.5k views
27 slides
An Imposter's Journey Into InfoSec
Stu Hirst
593 views
34 slides
Dynamic Risk Assessment, March 2013
David Webster
552 views
17 slides
Making Ethical Tech: Fulfilling Obligations to Your Users, Your Staff and You...
YTH
80 views
17 slides
The #1 Thing That Goes Wrong In Client Projects Even When You're Doing Everyt...
Followbright
759 views
58 slides
Starting with Yes: How Lawyers Can Become Early Adopters of Technology
Jules Miller
120 views
32 slides
An Imposter's Journey Into InfoSec
Stu Hirst
161 views
41 slides
Where Americans Don't Lock Their Doors [Survey] | Eyewitness Surveillance
Ashley Stryker
260 views
27 slides
Advertisement

More Related Content

Slideshows for you (6)

ComputerSecurity-Brochure
Benjamin Vevang
80 views
WALT be Cyber smart
wiggit
363 views
Incredibly efficient but lesser known fighting systems for street defense
Adam Quirk
50 views
Selling Elephant Whistles
jaysonstreet
383 views
AI-based rumor & fake news detection algorithm on Twitter
Meeyoung Cha
781 views
Machine learning how not to lose the user
Nuritps
3.4k views
ComputerSecurity-Brochure
Benjamin Vevang
80 views
3 slides
WALT be Cyber smart
wiggit
363 views
12 slides
Incredibly efficient but lesser known fighting systems for street defense
Adam Quirk
50 views
2 slides
Selling Elephant Whistles
jaysonstreet
383 views
15 slides
AI-based rumor & fake news detection algorithm on Twitter
Meeyoung Cha
781 views
16 slides
Machine learning how not to lose the user
Nuritps
3.4k views
34 slides

Viewers also liked (20)

03. sql and other injection module v17
Eoin Keary
284 views
SQL injection
Akash Panchal
357 views
Introduction to SQL Injection
jpubal
3.1k views
Sql injection
Sasha-Leigh Garret
436 views
Sql injection - security testing
Napendra Singh
1.6k views
SQL Injection Attacks cs586
Stacy Watts
1.5k views
Sql Injection Attacks Siddhesh
Siddhesh Bhobe
4k views
Sql injection attack
RajKumar Rampelli
5.9k views
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
17.7k views
Sql Injection and Entity Frameworks
Rich Helton
7k views
D:\Technical\Ppt\Sql Injection
avishkarm
6k views
Sql injection
Hemendra Kumar
9.2k views
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
3.7k views
SQL Injection
Marios Siganos
44.6k views
SQL INJECTION
Anoop T
18.8k views
SQL Injection
Adhoura Academy
13.9k views
Advanced Sql Injection ENG
Dmitry Evteev
4.5k views
Sql injection
Zidh
2k views
Sql Injection attacks and prevention
helloanand
25.6k views
Sql injection
Pallavi Biswas
26.9k views
03. sql and other injection module v17
Eoin Keary
284 views
52 slides
SQL injection
Akash Panchal
357 views
15 slides
Introduction to SQL Injection
jpubal
3.1k views
25 slides
Sql injection
Sasha-Leigh Garret
436 views
14 slides
Sql injection - security testing
Napendra Singh
1.6k views
20 slides
SQL Injection Attacks cs586
Stacy Watts
1.5k views
15 slides
Advertisement

Similar to Threat modeling librarian freedom conference (20)

How To Survive The Zombie Apocalypse
elbryan108
7.6k views
Verbal martial arts. Teaching Conflict Skills to Incarcerated Adults
Sharon Durgin Campbell, MS
783 views
Imposter Syndrome (Kurt Madsen at LunchUX)
Kurt Madsen
1.3k views
What Can We Learn from the Unabomber?: Nothing.
Peter Ludlow
3.6k views
Hacktivists in trouble
Peter Ludlow
905 views
Growth session presentation
Murad
133 views
Are We the Terminal Generation? Part 1
Beth Frisby
639 views
What i've learned about mosquitos
Mis Tribus
293 views
Bullying in ecuador
rafab1231
86 views
The psychology of human misjudgment
Sanjay Bakshi
2.8k views
Imposter Syndrome 2.0.PPTX
Col Mukteshwar Prasad
204 views
Behavioral bises in finance
Change
88 views
Write / Speak / Code 2019: "Why we worry about all the wrong things"
Hilary Stohs-Krause
311 views
A2 - Aspectos Psicológicos - The Psychology of Security
Spark Security
626 views
Womens safety Management
Sunku Surendra Kumar
246 views
Class 12 Cbse English Core Sample Paper 2012-13 Model 1
Sunaina Rawat
731 views
Monroeville 1 02 16-2019 seven habits of highly successful beekeepers
Grant Gillard
126 views
Msba spring 2020 seven habits grant gillard
Grant Gillard
61 views
Coaching generations
bradfordgs
424 views
The black swan
Prakash Francis
121 views
How To Survive The Zombie Apocalypse
elbryan108
7.6k views
26 slides
Verbal martial arts. Teaching Conflict Skills to Incarcerated Adults
Sharon Durgin Campbell, MS
783 views
49 slides
Imposter Syndrome (Kurt Madsen at LunchUX)
Kurt Madsen
1.3k views
90 slides
What Can We Learn from the Unabomber?: Nothing.
Peter Ludlow
3.6k views
101 slides
Hacktivists in trouble
Peter Ludlow
905 views
119 slides
Growth session presentation
Murad
133 views
22 slides

Recently uploaded (20)

ServletsJSP.ppt
SachinSingh217687
0 views
Research network engineering: Community kick-off meeting
Jisc
0 views
RIPE NCC Update
RIPE NCC
0 views
DeFi Opportunities and Challenges in the Current Crypto Market
Jesus Rodriguez
0 views
Janet-hosted test tools
Jisc
0 views
scope rules.pptx
NayyabMirTahir
0 views
Data Types & Objects .pptx
NayyabMirTahir
0 views
Invest in self.pptx
SaurabhSrivastava950285
0 views
Deployment, Performance, Agility and Flexibility using Trisotech Digital Dist...
Denis Gagné
0 views
TypeScript
Merchu Liang
0 views
5 Best Open Source IoT Frameworks
CloudStakes Technology
0 views
EDUCATIONAL_INNOVATION_Encep_Jendi_Mutaqin(1).pptx
sitiistikomahistikom
0 views
shaper PPT MAHESH (2).pptx
PMaheswarareddy
0 views
Sun%20Tracking%20Solar%20Panel.pdf
KrutikaGite1
0 views
4 th International Conference on Signal Processing and Machine Learning (SIGM...
ijscai
0 views
Deckling the Edges of the Digital: Why Book History Matters for Digital Human...
Leah Henrickson
0 views
Pitch Deck EventPlay (Versão Pública)
EventPlay
0 views
Analytics in Power Platform: What are my options?
Juan Carlos Gonzalez
0 views
typesofpatents-111011053928-phpapp02.ppt
PrajwalVKumar
0 views
Demystifying Datacenter Clos
ONeilRobinson2
0 views
ServletsJSP.ppt
SachinSingh217687
0 views
17 slides
Research network engineering: Community kick-off meeting
Jisc
0 views
9 slides
RIPE NCC Update
RIPE NCC
0 views
19 slides
DeFi Opportunities and Challenges in the Current Crypto Market
Jesus Rodriguez
0 views
45 slides
Janet-hosted test tools
Jisc
0 views
14 slides
scope rules.pptx
NayyabMirTahir
0 views
4 slides
Advertisement

Threat modeling librarian freedom conference

  1. 1. Threat Modeling Library Freedom Edition Morgan Marquis-Boire & Eva Galperin @headhntr @evacide
  2. 2. Who are we?
  3. 3. What are we talking about? What the hell is threat modeling? How do you do it? What makes this trickier than it looks?
  4. 4. Librarians are doing it for themselves
  5. 5. How not to go crazy
  6. 6. What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect?
  7. 7. What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from?
  8. 8. What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it?
  9. 9. What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it? 4. How bad are the consequences if you fail?
  10. 10. What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it? 4. How bad are the consequences if you fail? 5. How much trouble are you willing to go through in order to prevent those consequences?
  11. 11. What do you need to know? Assets Adversary Threat Capability Risk
  12. 12. Surveillance is magic.
  13. 13. VS
  14. 14. COST = $0
  15. 15. COST = $$
  16. 16. Replenishing the minibar? Or...
  17. 17. COST = $$$
  18. 18. COST = PRICELESS
  19. 19. Those are the types of actors, but who are the players?
  20. 20. High End FVEY - US / UK / CA / AU / NZ ISRAEL CHINA RUSSIA FRANCE etc etc etc etc
  21. 21. Artisanal, Small-Batch, Locally made, home grown...
  22. 22. Commercial Market ● Law Enforcement ● Intelligence agencies ● Security companies
  23. 23. Pay for tools
  24. 24. Pay per job
  25. 25. Gotta get paid, yo
  26. 26. Attacker resources vs $$$$ vs target value
  27. 27. Surveillance Starts at Home
  28. 28. Stalkers
  29. 29. “When we share information, we are building power of our own. Potential harassers may deterred by the thought that we are both capable of and willing to turn the eye of internet surveillance back on them.” Liz Henry, Model View Culture Investigation Online: Gathering Information to Assess Risk
  30. 30. Amina Araaf: a gay girl in Damascus
  31. 31. Tom MacMaster: middle aged guy in Scotland
  32. 32. Domestic abuser
  33. 33. I smell a RAT
  34. 34. StealthGenie
  35. 35. Other kinds of criminals
  36. 36. “Before his gauche upload, he posted a picture of his lobster salad and tagged the restaurant.” New York Post
  37. 37. Hey teacher, leave those kids alone
  38. 38. “One day soon, home room teachers in your local middle and high schools may stop scanning rows of desks and making each student yell out ‘Here!’ during a morning roll call. Instead, small cards, or tags, carried by each student will transmit a unique serial number via radio signal to an electronic reader near the school door.” AT&T advertising brochure
  39. 39. The blended threat landscape Not discrete categories: many delicious flavors!
  40. 40. Risk
  41. 41. Different appetites for risk
  42. 42. Meet the nihilists
  43. 43. Alaa Abdel Fattah says “Come at me, bro.”
  44. 44. Meet the vegans
  45. 45. Further reading What Every Librarian Should Know About HTTPS: https://www.eff.org/deeplinks/2015/05/what-every-librarian-needs-know-about- https Surveillance Self Defense: https://ssd.eff.org. COMSEC: Beyond Encryption: https://grugq.github.io/presentations/COMSEC%20beyond%20encryption.pdf Digital First Aid Kit: http://digitaldefenders.org/digitalfirstaid/

Editor's Notes

  • On January 12, 2010, the same day as Google announced about the aurora targeted attacks, it was announced that gmail traffic would be encrypted by default. Since that time, facebook, twitter, and recently Yahoo have moved to using HTTPS traffic by default. Skype has provided encypted voice calls for many years.

    In addition to this, people like The Tor Project, The EFF’s HTTPS Everywhere plugin, Whisper Systems providing encrypted voice and text messaging means that passive sniffing of traffic has started to yield less interesting results. It’s still useful, in order to surveill persons of interest that have decent security understanding, active targeting becomes necessary.

  • Computer viruses were just something that happened to computers and people shrugged their shoulders and figured they’d have to reinstall. Now this is fine if malware isn’t targeted and indeed, you’ve become part of a viagra spam botnet, however, it’s problematic for people that discover that they’ve been targeted by a nation-state.

    Because...
  • Computer viruses were just something that happened to computers and people shrugged their shoulders and figured they’d have to reinstall. Now this is fine if malware isn’t targeted and indeed, you’ve become part of a viagra spam botnet, however, it’s problematic for people that discover that they’ve been targeted by a nation-state.

    Because...
  • Cyber mercenaries using the police tools sold to repressive governments

    In fact the Turkmenistan secret service and the Australian police use the same tool!
  • only sell to military
  • Computer viruses were just something that happened to computers and people shrugged their shoulders and figured they’d have to reinstall. Now this is fine if malware isn’t targeted and indeed, you’ve become part of a viagra spam botnet, however, it’s problematic for people that discover that they’ve been targeted by a nation-state.

    Because...
  • Hammad Akbar was fined $500k by the district court in Virginia in December of last year for selling and distributing “StealthGenie.”
  • 'Please Rob Me' aggregates and streams location check-ins into a list of 'all those empty homes out there,' and describes the recently-shared locations as 'new opportunities.'
  • a Texas school district just begun implanting the devices on student identification cards to monitor pupils’ movements on campus, and to track them as they come and go from school.
    Tagging school children with RFID chips is uncommon, but not new. A federally funded preschool in Richmond, California, began embedding RFID chips in students’ clothing in 2010. And an elementary school outside of Sacramento, California, scrubbed a plan in 2005 amid a parental uproar. And a Houston, Texas, school district began using the chips to monitor students on 13 campuses in 2004.
  • Cyber mercenaries using the police tools sold to repressive governments

    In fact the Turkmenistan secret service and the Australian police use the same tool!
  • Cyber mercenaries using the police tools sold to repressive governments

    In fact the Turkmenistan secret service and the Australian police use the same tool!

×