SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
A presentation for the Blue Hat conference about what the privacy-friendly open source social network Diaspora can learn from Microsoft's experiences in security.
A presentation for the Blue Hat conference about what the privacy-friendly open source social network Diaspora can learn from Microsoft's experiences in security.
1.
What Diaspora* can learn about security from Microsoft Jon Pincus / @jdp23 http://talesfromthe.net October 15, 2010
2.
<ul><li>Diaspora* </li></ul><ul><li>the “privacy-aware, personally-controlled, open-source, do-it-all social network” </li></ul><ul><li>A Facebook alternative like Appleseed, OneSocialWeb, … </li></ul><ul><li>founded in May by four NYU students </li></ul><ul><li>Raised $200K on Kickstarter </li></ul><ul><li>http: //joindiaspora .com </li></ul>
3.
September: first source code release <ul><li>On schedule! </li></ul><ul><li>Basic functionality in place! </li></ul><ul><li>Profiles and aspects </li></ul><ul><li>Status updates </li></ul><ul><li>Photos </li></ul><ul><li>Security: umm … </li></ul>
4.
Does it matter? <ul><li>“ It’s no worse than most web startups …” </li></ul><ul><li>Yeah, but: </li></ul><ul><li>Privacy is key to their value proposition </li></ul><ul><li>A reputation for insecurity will doom them </li></ul><ul><li>So while they’ve made the right tradeoff so far, </li></ul><ul><li>they’ll need to start taking security more seriously </li></ul>
5.
I’m flashing! <ul><li>Remember back in 2001/2002? </li></ul><ul><li>Gartner advisor about IIS </li></ul><ul><li>MikeHow’s SQL injection demo to Bill </li></ul><ul><li>SWI and “the Security Push” </li></ul><ul><li>Substantial investment and progress since then </li></ul><ul><li>- although significant challenges remain </li></ul>