Everything is Awful (And You're Not Helping)
•
2 likes•1,855 views
Slides from my talk at BSidesSF 2016. Transcript available at https://www.netmeister.org/blog/everything-is-awful.html
Recommended
More Related Content
Similar to Everything is Awful (And You're Not Helping)
Similar to Everything is Awful (And You're Not Helping) (18)
More from Jan Schaumann
More from Jan Schaumann (12)
Recently uploaded
Recently uploaded (20)
Everything is Awful (And You're Not Helping)
- 1. Everything is Awful (And You’re Not Helping) An op;mis;c #infosec talk based on Shamir’s Laws of Security Jan Schaumann @jschauma
- 2. Everything is Awful. @jschauma BSidesSF 2016
- 3. @jschauma BSidesSF 2016
- 4. @jschauma BSidesSF 2016
- 5. @jschauma BSidesSF 2016
- 6. @jschauma BSidesSF 2016
- 7. @jschauma BSidesSF 2016
- 8. @jschauma BSidesSF 2016
- 9. @jschauma BSidesSF 2016
- 10. @jschauma BSidesSF 2016
- 11. @jschauma BSidesSF 2016 https://v.gd/thingOfTheDay
- 12. @jschauma BSidesSF 2016 #Infosec “research” (aka browsing Shodan)
- 13. And YouWe’re Not Helping. @jschauma BSidesSF 2016
- 14. @jschauma BSidesSF 2016 One of these two people probably has some really interes;ng OpSec stories to tell… … the other one keynotes RSAC.
- 15. Being really good at one thing does not make you an expert in all things. @jschauma BSidesSF 2016 💡
- 16. @jschauma BSidesSF 2016 #Infosec != Real World
- 17. @jschauma BSidesSF 2016 where Hanlon’s Razor is dull. Welcome to #Infosec,
- 18. @jschauma BSidesSF 2016 Why Glenn can’t encrypt.
- 19. @jschauma BSidesSF 2016 https://v.gd/hackersStealHospital
- 20. @jschauma BSidesSF 2016 https://v.gd/ccSignatureFun
- 21. @jschauma BSidesSF 2016
- 22. @jschauma BSidesSF 2016
- 23. @jschauma BSidesSF 2016 https://v.gd/securusDataBreach
- 24. @jschauma BSidesSF 2016
- 25. @jschauma BSidesSF 2016 https://libraryfreedomproject.org/
- 26. Don’t fuck with librarians. @jschauma BSidesSF 2016 💡 https://v.gd/FreedomToRead https://en.wikipedia.org/wiki/Doe_v._Gonzales
- 27. @jschauma BSidesSF 2016
- 28. Everything is Awful. And We’re Not Helping. @jschauma BSidesSF 2016
- 29. @jschauma BSidesSF 2016
- 30. @jschauma BSidesSF 2016 The “S” in RSA… …does not stand for Sean Penn. 💡
- 31. @jschauma BSidesSF 2016 Absolutely secure systems do not exist.
- 32. @jschauma BSidesSF 2016 Absolutely secure systems do not exist. To halve your vulnerability, you have to double your expenditure.
- 33. @jschauma BSidesSF 2016 Absolutely secure systems do not exist. To halve your vulnerability, you have to double your expenditure. Cryptography is typically bypassed, not penetrated.
- 34. @jschauma BSidesSF 2016 Absolutely secure systems do not exist.
- 35. 💡 @jschauma BSidesSF 2016 Absolutely secure systems do not exist. Keep calm, that’s fine. Raising the cost of an aaack is oben sufficient. Know your Threat Model.
- 36. @jschauma BSidesSF 2016
- 37. @jschauma BSidesSF 2016 https://v.gd/noSilverBullet
- 38. @jschauma BSidesSF 2016 HTTPS Essen;al Complexity: • exposes port 443 • uses TLS • speaks HTTP Accidental Complexity: • weak Ciphers enabled • 30 different versions of at least 5 different TLS libraries deployed • apache, nodejs, nginx, Tomcat , …
- 39. 💡 Reducing complexity reduces aaack surface. @jschauma BSidesSF 2016
- 40. @jschauma BSidesSF 2016 Data is your friend.
- 41. @jschauma BSidesSF 2016
- 42. @jschauma BSidesSF 2016
- 43. @jschauma BSidesSF 2016
- 44. @jschauma BSidesSF 2016 Data is your friend.
- 45. @jschauma BSidesSF 2016 Avg payout
- 46. @jschauma BSidesSF 2016 Cumula;ve payout by vuln.
- 47. @jschauma BSidesSF 2016 Data is your friend.
- 48. @jschauma BSidesSF 2016 Why not “APT breaking our cryptos”?
- 49. 💡 Cryptography is typically bypassed, not penetrated. @jschauma BSidesSF 2016
- 50. @jschauma BSidesSF 2016
- 51. @jschauma BSidesSF 2016 US gov risk management
- 52. @jschauma BSidesSF 2016 US gov risk management
- 53. @jschauma BSidesSF 2016 US gov risk management #infosec focus “APT” breaking our cryptos SQLi Keys on GitHub XSS
- 54. @jschauma BSidesSF 2016 Dat APT, tho.
- 55. @jschauma BSidesSF 2016 Dat APT, tho.
- 56. "If you think your problems can be solved by cryptography, you're probably wrong.” -‐-‐ Robert Morris @jschauma BSidesSF 2016
- 57. @jschauma BSidesSF 2016
- 58. @jschauma BSidesSF 2016
- 59. Everything is Awful. And We’re Not Helping. @jschauma BSidesSF 2016
- 60. Everything is Awful. (Keep calm, that’s fine.) @jschauma BSidesSF 2016 💡
- 61. @jschauma BSidesSF 2016 Is the internet on fire?
- 62. @jschauma BSidesSF 2016 The internet is always going to be on fire.
- 63. Don’t waste your ;me on busy work. Measure your impact. Priori;ze. @jschauma BSidesSF 2016
- 64. Don’t waste your ;me on busy work. Measure your impact. Understand your threat model. Priori;ze. @jschauma BSidesSF 2016
- 65. Don’t waste your ;me on busy work. Measure your impact. Have a threat model. Priori;ze. @jschauma BSidesSF 2016
- 67. Measure your impact. Priori;ze. Help others take responsibility. Guide them. @jschauma BSidesSF 2016
- 68. 💡 Everybody else's job is more complicated than you think. @jschauma BSidesSF 2016
- 69. Measure your impact. Priori;ze. Be helpful. Teach. Listen. @jschauma BSidesSF 2016
- 70. Measure your impact. Priori;ze. Be helpful. Teach. Listen. …and stop with the fucking Sun Tzu quotes. @jschauma BSidesSF 2016
- 71. Measure your impact. Priori;ze. Be helpful. Teach. Listen. …and stop with the fucking Sun Tzu quotes. @jschauma BSidesSF 2016