Slides from a talk about "HTTPS Everywhere" held today. Swedish slides (and as usual they may need some talking to fully understand).
Mentions the many problems with regular plain-text HTTP, how HTTPS solves a lot of those problems and how HTTPS is growing to become the default web.
The Caffe Latte attack debunks the age old myth that to crack WEP, the attacker needs to be in the RF vicinity of the authorized network, with at least one functional AP up and running. We demonstrate that it is possible to retrieve the WEP key from an isolated Client - the Client can be on the Moon! - using a new technique called "AP-less WEP Cracking". With this discovery Pen-testers will realize that a hacker no longer needs to drive up to a parking lot to crack WEP. Corporations still stuck with using WEP, will realize that their WEP keys can be cracked while one of their employees is transiting through an airport, having a cup of coffee, or is catching some sleep in a hotel room. Interestingly, Caffe Latte also has a great impact on the way Honey-pots work today and takes them to the next level of sophistication.
The Caffe Latte attack debunks the age old myth that to crack WEP, the attacker needs to be in the RF vicinity of the authorized network, with at least one functional AP up and running. We demonstrate that it is possible to retrieve the WEP key from an isolated Client - the Client can be on the Moon! - using a new technique called "AP-less WEP Cracking". With this discovery Pen-testers will realize that a hacker no longer needs to drive up to a parking lot to crack WEP. Corporations still stuck with using WEP, will realize that their WEP keys can be cracked while one of their employees is transiting through an airport, having a cup of coffee, or is catching some sleep in a hotel room. Interestingly, Caffe Latte also has a great impact on the way Honey-pots work today and takes them to the next level of sophistication.
Daniel Stenberg goes through some basic libcurl fundamentals and API design and explain how easily you can get your first transfers going in your own application. libcurl is the defacto standard library for Internet transfers and runs on virtually all platforms. The language focus will be on C/C++ but the concepts are generally applicable even if you use libcurl bindings for other languages.
Daniel Stenberg discusses some of the most common mistakes users are doing when using libcurl and what to do about them.
Video: https://youtu.be/0KfDdIAirSI
8. Klartext
Alla som sitter “på vägen” kan se din trafik
De kan modifiera trafik
De kan stoppa in data som inte fanns där
De kan ta bort data
De kan avbryta trafiken
“Alla” kan vara din brödrost
Litegrann som vykort
30. Mellanboxar som förstör
Internet är fullt av boxar som “förstår” HTTP
De tolkar trafik och “hjälper till”
När man inför nyheter inom HTTP som
servrar och klienter förstår…
… så är Internet fullt av burkar som inte
förstår det nya och nu tar sönder riktig trafik.