Daniel Nadeau is a bilingual barista and art curator seeking a new position. He has over 10 years of experience as a barista at various cafes in Montreal, Ottawa, Port Hardy, and Golden, where he gained expertise in coffee preparation and roasting. He also has experience as an art gallery curator and salesperson. Nadeau holds a Bachelor of Journalism degree from Carleton University with a minor in Eastern languages.
There's Waldo by Patrick Wardle & Colby MooreShakacon
Mobile apps are truly ubiquitous and enhance our lives in many ways. However, many either leak or insecurely handle geolocation data, affording an attacker the ability to locate, track, or even determine a user’s identity. This talk describes classes of geolocation vulnerabilities, how apps may be audited to find such bugs, and best practices to ensure users remain protected. To provide a more 'hands-on' feel, real world case studies are presented to demonstrate attacks uncovered by Synack researchers.
The talk will begin with a technical overview of geolocation capabilities in mobile OSs and how apps may access a user's location. Next the talk will identify common classes of geolocation bugs and illustrate how developers often utilize a user's location in an insecure manner. One example, since geolocation APIs may default to the highest level of accuracy, a user's precise location may be revealed if not properly secured (on the device, in transit, or in the cloud).
Unfortunately, as our case studies show, such bugs are alarmingly common (numerous popular applications will be mentioned). A specific case study on Grindr (a common dating app), will be presented to illustrate a myriad of geolocation bugs that placed its users in harm’s way (see: 'Grindr vulnerability places men in harm's way' http://goo.gl/dg4cs6). First, due to the lack of SSL pinning, we present a MitM attack that reveals the user's exact location. Following this, we demonstrate a scalable remote attack. This attack combined several bugs, including the fact that the app reported (to anybody), the precise relative distance of all 'near-by' users. With these distances and the ability to spoof one's location and perform unlimited requests, trilateration could precisely locate and track users world-wide. Unfortunately though we reported the bugs, patches only appeared after it was reported that the Egyptian government was tracking and arresting Grindr users.
Step by step demonstrations will be given, showing how we were able to harvest data and run calculations to determine tens of thousands of user's locations in real time. But it would be silly if we stopped there... Leveraging our capability we demonstrate a custom framework developed to map patterns of life and subsequently correlate these patters to true identity. By setting "hot spots" in our framework (think celebrity homes or US capitols) we can monitor target locations for user activity - potentially exposing identities of parties that may traditionally wish to remain private such as celebrities, athletes, and politicians. And yes, it works ;).
There's Waldo by Patrick Wardle & Colby MooreShakacon
Mobile apps are truly ubiquitous and enhance our lives in many ways. However, many either leak or insecurely handle geolocation data, affording an attacker the ability to locate, track, or even determine a user’s identity. This talk describes classes of geolocation vulnerabilities, how apps may be audited to find such bugs, and best practices to ensure users remain protected. To provide a more 'hands-on' feel, real world case studies are presented to demonstrate attacks uncovered by Synack researchers.
The talk will begin with a technical overview of geolocation capabilities in mobile OSs and how apps may access a user's location. Next the talk will identify common classes of geolocation bugs and illustrate how developers often utilize a user's location in an insecure manner. One example, since geolocation APIs may default to the highest level of accuracy, a user's precise location may be revealed if not properly secured (on the device, in transit, or in the cloud).
Unfortunately, as our case studies show, such bugs are alarmingly common (numerous popular applications will be mentioned). A specific case study on Grindr (a common dating app), will be presented to illustrate a myriad of geolocation bugs that placed its users in harm’s way (see: 'Grindr vulnerability places men in harm's way' http://goo.gl/dg4cs6). First, due to the lack of SSL pinning, we present a MitM attack that reveals the user's exact location. Following this, we demonstrate a scalable remote attack. This attack combined several bugs, including the fact that the app reported (to anybody), the precise relative distance of all 'near-by' users. With these distances and the ability to spoof one's location and perform unlimited requests, trilateration could precisely locate and track users world-wide. Unfortunately though we reported the bugs, patches only appeared after it was reported that the Egyptian government was tracking and arresting Grindr users.
Step by step demonstrations will be given, showing how we were able to harvest data and run calculations to determine tens of thousands of user's locations in real time. But it would be silly if we stopped there... Leveraging our capability we demonstrate a custom framework developed to map patterns of life and subsequently correlate these patters to true identity. By setting "hot spots" in our framework (think celebrity homes or US capitols) we can monitor target locations for user activity - potentially exposing identities of parties that may traditionally wish to remain private such as celebrities, athletes, and politicians. And yes, it works ;).
Chromatographical fractionation guided by antioxidant activity of Morinda cit...
dhnresume2015bar(eng)
1. Daniel Hervé Nadeau
(514) 916-3399
1957 Rue Hunter, Montreal
danhnadeau@gmail.com
Bilingual.
Work Experience:
Café St. Henri – Montreal, QC 2013 – 2014
Barista
- Scientific approach to coffee, received excellent training in cupping,
dosing, alternative brewing methodology.
Caffe ArtJava – Montreal, QC 2010 – 2013
Barista
- Busy downtown location, high-volume, mastering a quality cup in
a limited timeframe.
Guido's Café – Port Hardy, BC Summer 2012
Barista
- Seasonal position in friendly café, free to experiment with different
types of drinks, some food production, multitasking.
Bean Bag Coffee Company – Golden, BC Winter 2007
Barista, Coffee Roaster
- Seasonal position for small roaster in the Rockies. Gained experience
with roasting practices, coffee sourcing.
Bridgehead Coffee Company – Ottawa, ON 2006 – 2010
Barista
- Early training in coffee production and culture. Comprehensive
and forward-thinking company.
Other Experience:
Giraffe Art Gallery – Ottawa, ON
Curator, Salesperson 2009 – 2010
Cedar Corner Art Gallery – Tofino, BC 2007 – 2008
Curator, Salesperson
Education:
LaSalle College 2014
3D Modeling for Video Games
Carleton University 2005
BJ, Bachelor of Journalism
Minor in Eastern Language