Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Safe Browsing in 2016

816 views

Published on

Choosing moder anti-malware, a search engine, browser and its extensions for security and privacy

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Safe Browsing in 2016

  1. 1. SAFE BROWSING IN 2016 SECURITY & PRIVACY
  2. 2. SAFE BROWSING IN 2016 me_irl • Gabor Szathmari • Information Security Professional Hacker Freelancer • Privacy Advocate
  3. 3. SAFE BROWSING IN 2016 I WILL BE TALKING ABOUT • Web browsing ‣Privately ‣Securely
  4. 4. THE SMALL PRINT
  5. 5. SAFE BROWSING IN 2016 THIS GUIDE IS NOT FOR YOU, IF… • Targeted surveillance • Whistleblower protection • Browsing the web anonymously
  6. 6. SAFE BROWSING IN 2016 YOU NEED INSTEAD … • Tor browser • Tails OS, Qubes OS • PGP, Signal, WhatsApp, Ricochet • SecureDrop, GlobaLeaks
  7. 7. KNOW YOUR ADVERSARY
  8. 8. SAFE BROWSING IN 2016 CYBER CRIMINALS •Ransomware ‣ Your files for Bitcoins •Info stealing malware ‣ Passwords ‣ Bank and credit card details
  9. 9. SAFE BROWSING IN 2016 THE GOVERNMENT Metadata law1 excludes2: •URLs •Web Page Content •DNS requests •Destination IPs and Ports [1]: Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015
 [2]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf
  10. 10. SAFE BROWSING IN 2016 THE GOVERNMENT ISPs must retain1 : • Assigned IP and Port • Date and Duration • Data Volume • Subscriber Data [1]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf
  11. 11. SAFE BROWSING IN 2016 THE GOVERNMENT ISPs must retain1 : • Assigned IP and Port • Date and Duration • Data Volume • Subscriber Data Service Providers have: • Connecting IP and Port • Date and Duration • Data Volume • Content [1]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf On Request
  12. 12. SAFE BROWSING IN 2016 DATA CORRELATION • Hello Google, give us 
 all the IP addresses
 searching for “whistleblowing” 
 in January 2016
  13. 13. SAFE BROWSING IN 2016 DATA CORRELATION • Hey Facebook, tell us 
 the URL of all websites 
 that this IP address visited
 with your ‘Like button’ on the page1 [1]: http://arstechnica.com/tech-policy/2015/03/report-facebook-tracks-all-visitors-even-if-youre-not-a-user-and-opted-out/
  14. 14. SAFE BROWSING IN 2016 SAFE BROWSING IS • Protection from
 ransomware and info stealing malware • De-linking data between the
 ISP and Service Providers
  15. 15. OPERATING SYSTEM HYGIENE
  16. 16. SAFE BROWSING IN 2016 HOW MALWARE GETS IN? • File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
  17. 17. SAFE BROWSING IN 2016 WHAT CAN PROTECT ME? • Anti-virus software • Anti-exploit kit
  18. 18. SAFE BROWSING IN 2016 ANTI-VIRUS SOFTWARE Modern AV protects from: • Known and unknown malware • Loading malicious URLs • Ransomware • Keystroke logging
  19. 19. SAFE BROWSING IN 2016 ANTI-EXPLOIT KIT Protects from: • Browser exploits • Browser add-on exploits
  20. 20. SAFE BROWSING IN 2016 OPERATING SYSTEM HYGIENE Anti-malware 1 : ‣ Kaspersky Internet Security ‣ Norton Security Anti-exploit kit 2 : ‣ MalwareBytes
 Anti-Exploit ‣ HitmanPro.Alert [1]: https://www.mrg-effitas.com/wp-content/uploads/2016/05/MRG-Effitas-360-Assessment-Q1-2016.pdf
 [2]: https://www.mrg-effitas.com/wp-content/uploads/2015/04/MRG_Effitas_Real_world_exploit_prevention_test.pdf
  21. 21. SEARCH ENGINE
  22. 22. SAFE BROWSING IN 2016 DATA CORRELATION • Hello Google, give us 
 all the IP addresses
 searching for “whistleblowing” 
 in January 2016
  23. 23. SAFE BROWSING IN 2016 SAFE BROWSING IS • Protection from
 ransomware and malware • De-linking data between the
 ISP and Service Providers
  24. 24. SAFE BROWSING IN 2016 CHOOSING THE SEARCH ENGINE • Doesn't keep logs • Nothing to hand over
  25. 25. SAFE BROWSING IN 2016 CHOOSING THE SEARCH ENGINE • startpage.com • search.disconnect.me • duckduckgo.com
  26. 26. WEB BROWSER
  27. 27. SAFE BROWSING IN 2016 HOW MALWARE GETS IN? • File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
  28. 28. SAFE BROWSING IN 2016 A MODERN WEB BROWSER • Warns if something bad is going to happen • Stops bad things from happening
  29. 29. SAFE BROWSING IN 2016 BROWSER SECURITY File / URL Reputation Yes Yes Yes Yes Sandboxing Yes Yes Yes Sandboxed Flash Yes Yes Yes Sandboxed PDF Yes Yes Yes Certificate Transparency Yes Token Binding Yes
  30. 30. SAFE BROWSING IN 2016 CHROME, BECAUSE … • Implements state of the art security technologies • Privacy and security extensions
  31. 31. SAFE BROWSING IN 2016 BEFORE YOU BEGIN… • Don’t log in with a Google account • Fine-tune its privacy settings1 • Read the Chrome Privacy Whitepaper2 [1]: http://www.dummies.com/how-to/content/how-to-use-google-chrome-privacy-settings.html
 [2]: https://www.google.com/chrome/browser/privacy/whitepaper.html
  32. 32. BROWSER EXTENSIONS
  33. 33. SAFE BROWSING IN 2016 DATA CORRELATION • Hey Facebook, tell us 
 the URL of all websites 
 that this IP address visited
 with your ‘Like button’ on the page1 [1]: http://arstechnica.com/tech-policy/2015/03/report-facebook-tracks-all-visitors-even-if-youre-not-a-user-and-opted-out/
  34. 34. SAFE BROWSING IN 2016 SAFE BROWSING IS • Protection from
 ransomware and malware • De-linking data between the
 ISP and Service Providers
  35. 35. SAFE BROWSING IN 2016 EXTENSIONS: PRIVACY • Disable tracking pixels ‣ Disconnect -or- ‣ Privacy Badger • Enforce encryption ‣ HTTPS Everywhere • Prevent leaks ‣ Referer Control ‣ WebRTC Leak Prevent • Prevent fingerprinting ‣ CanvasFingerprintBlock ‣ User-Agent Switcher
  36. 36. SAFE BROWSING IN 2016 HOW MALWARE GETS IN? • File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
  37. 37. SAFE BROWSING IN 2016 EXTENSIONS: SECURITY • Click to Flash ‣ Flashcontrol • Control third-party code ‣ uBlock Origin ‣ ScriptSafe • Browser and add-on health check ‣ Qualys BrowserCheck • URL Reputation ‣ WOT: Web of Trust
  38. 38. SAFE BROWSING IN 2016 WHAT’S YOUR FAVOURITE EXTENSION? • https://chrome.google.com/webstore/detail/disconnect/jeoacafpbcihiomhlakheieifhpjdfeo • https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp • https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp • https://chrome.google.com/webstore/detail/referer-control/hnkcfpcejkafcihlgbojoidoihckciin • https://chrome.google.com/webstore/detail/canvasfingerprintblock/ipmjngkmngdcdpmgmiebdmfbkcecdndc • https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml • https://chrome.google.com/webstore/detail/user-agent-switcher-for-g/ffhkkpnppgnfaobgihpdblnhmmbodake • https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe • https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm • https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf • https://chrome.google.com/webstore/detail/qualys-browsercheck-for-w/ejhnkognlohdkpjkjongioociddgoibk • https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
  39. 39. SUMMARY
  40. 40. SAFE BROWSING IN 2016 SUMMARY • Cyber criminals, The Government • Anti-malware, anti-exploit • Search engine • Secure web browser • Browser extensions
  41. 41. SAFE BROWSING IN 2016 THANK YOU• @gszathmari • PGP: keybase.io/gszathmari • Threema: PRN7228A
  42. 42. SAFE BROWSING IN 2016 PHOTOS • https://americangallery.files.wordpress.com/2012/06/sheep-in-wolfs-clothing.jpg • http://dropsafe.crypticide.com/wp-content/uploads/2013/08/Secure-Beneath-Watchful-Eyes.png • https://uploads.skyhighnetworks.com/2014/12/blog-banner-dr-evil.png • https://twitter.com/malware_traffic/status/738801324955832321

×