Gabor Szathmari, profile picture
Uploaded byGabor Szathmari
PDF, PPTX1,573 views

Safe Browsing in 2016

The document discusses safe web browsing in 2016 and provides tips to protect against cyber criminals and government surveillance. It recommends using anti-malware software and an anti-exploit kit to prevent malware infections. It also suggests choosing a search engine that doesn't log searches and using a secure web browser along with privacy-focused browser extensions. Key strategies include operating system hygiene, de-linking browsing data, and protecting against data correlation attacks.

Embed presentation

Download as PDF, PPTX
SAFE BROWSING IN 2016 SECURITY & PRIVACY
SAFE BROWSING IN 2016 me_irl • Gabor Szathmari • Information Security Professional Hacker Freelancer • Privacy Advocate
SAFE BROWSING IN 2016 I WILL BE TALKING ABOUT • Web browsing ‣Privately ‣Securely
THE SMALL PRINT
SAFE BROWSING IN 2016 THIS GUIDE IS NOT FOR YOU, IF… • Targeted surveillance • Whistleblower protection • Browsing the web anonymously
SAFE BROWSING IN 2016 YOU NEED INSTEAD … • Tor browser • Tails OS, Qubes OS • PGP, Signal, WhatsApp, Ricochet • SecureDrop, GlobaLeaks
KNOW YOUR ADVERSARY
SAFE BROWSING IN 2016 CYBER CRIMINALS •Ransomware ‣ Your files for Bitcoins •Info stealing malware ‣ Passwords ‣ Bank and credit card details
SAFE BROWSING IN 2016 THE GOVERNMENT Metadata law1 excludes2: •URLs •Web Page Content •DNS requests •Destination IPs and Ports [1]: Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015
 [2]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf
SAFE BROWSING IN 2016 THE GOVERNMENT ISPs must retain1 : • Assigned IP and Port • Date and Duration • Data Volume • Subscriber Data [1]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf
SAFE BROWSING IN 2016 THE GOVERNMENT ISPs must retain1 : • Assigned IP and Port • Date and Duration • Data Volume • Subscriber Data Service Providers have: • Connecting IP and Port • Date and Duration • Data Volume • Content [1]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf On Request
SAFE BROWSING IN 2016 DATA CORRELATION • Hello Google, give us 
 all the IP addresses
 searching for “whistleblowing” 
 in January 2016
SAFE BROWSING IN 2016 DATA CORRELATION • Hey Facebook, tell us 
 the URL of all websites 
 that this IP address visited
 with your ‘Like button’ on the page1 [1]: http://arstechnica.com/tech-policy/2015/03/report-facebook-tracks-all-visitors-even-if-youre-not-a-user-and-opted-out/
SAFE BROWSING IN 2016 SAFE BROWSING IS • Protection from
 ransomware and info stealing malware • De-linking data between the
 ISP and Service Providers
OPERATING SYSTEM HYGIENE
SAFE BROWSING IN 2016 HOW MALWARE GETS IN? • File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
SAFE BROWSING IN 2016 WHAT CAN PROTECT ME? • Anti-virus software • Anti-exploit kit
SAFE BROWSING IN 2016 ANTI-VIRUS SOFTWARE Modern AV protects from: • Known and unknown malware • Loading malicious URLs • Ransomware • Keystroke logging
SAFE BROWSING IN 2016 ANTI-EXPLOIT KIT Protects from: • Browser exploits • Browser add-on exploits
SAFE BROWSING IN 2016 OPERATING SYSTEM HYGIENE Anti-malware 1 : ‣ Kaspersky Internet Security ‣ Norton Security Anti-exploit kit 2 : ‣ MalwareBytes
 Anti-Exploit ‣ HitmanPro.Alert [1]: https://www.mrg-effitas.com/wp-content/uploads/2016/05/MRG-Effitas-360-Assessment-Q1-2016.pdf
 [2]: https://www.mrg-effitas.com/wp-content/uploads/2015/04/MRG_Effitas_Real_world_exploit_prevention_test.pdf
SEARCH ENGINE
SAFE BROWSING IN 2016 DATA CORRELATION • Hello Google, give us 
 all the IP addresses
 searching for “whistleblowing” 
 in January 2016
SAFE BROWSING IN 2016 SAFE BROWSING IS • Protection from
 ransomware and malware • De-linking data between the
 ISP and Service Providers
SAFE BROWSING IN 2016 CHOOSING THE SEARCH ENGINE • Doesn't keep logs • Nothing to hand over
SAFE BROWSING IN 2016 CHOOSING THE SEARCH ENGINE • startpage.com • search.disconnect.me • duckduckgo.com
WEB BROWSER
SAFE BROWSING IN 2016 HOW MALWARE GETS IN? • File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
SAFE BROWSING IN 2016 A MODERN WEB BROWSER • Warns if something bad is going to happen • Stops bad things from happening
SAFE BROWSING IN 2016 BROWSER SECURITY File / URL Reputation Yes Yes Yes Yes Sandboxing Yes Yes Yes Sandboxed Flash Yes Yes Yes Sandboxed PDF Yes Yes Yes Certificate Transparency Yes Token Binding Yes
SAFE BROWSING IN 2016 CHROME, BECAUSE … • Implements state of the art security technologies • Privacy and security extensions
SAFE BROWSING IN 2016 BEFORE YOU BEGIN… • Don’t log in with a Google account • Fine-tune its privacy settings1 • Read the Chrome Privacy Whitepaper2 [1]: http://www.dummies.com/how-to/content/how-to-use-google-chrome-privacy-settings.html
 [2]: https://www.google.com/chrome/browser/privacy/whitepaper.html
BROWSER EXTENSIONS
SAFE BROWSING IN 2016 DATA CORRELATION • Hey Facebook, tell us 
 the URL of all websites 
 that this IP address visited
 with your ‘Like button’ on the page1 [1]: http://arstechnica.com/tech-policy/2015/03/report-facebook-tracks-all-visitors-even-if-youre-not-a-user-and-opted-out/
SAFE BROWSING IN 2016 SAFE BROWSING IS • Protection from
 ransomware and malware • De-linking data between the
 ISP and Service Providers
SAFE BROWSING IN 2016 EXTENSIONS: PRIVACY • Disable tracking pixels ‣ Disconnect -or- ‣ Privacy Badger • Enforce encryption ‣ HTTPS Everywhere • Prevent leaks ‣ Referer Control ‣ WebRTC Leak Prevent • Prevent fingerprinting ‣ CanvasFingerprintBlock ‣ User-Agent Switcher
SAFE BROWSING IN 2016 HOW MALWARE GETS IN? • File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
SAFE BROWSING IN 2016 EXTENSIONS: SECURITY • Click to Flash ‣ Flashcontrol • Control third-party code ‣ uBlock Origin ‣ ScriptSafe • Browser and add-on health check ‣ Qualys BrowserCheck • URL Reputation ‣ WOT: Web of Trust
SAFE BROWSING IN 2016 WHAT’S YOUR FAVOURITE EXTENSION? • https://chrome.google.com/webstore/detail/disconnect/jeoacafpbcihiomhlakheieifhpjdfeo • https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp • https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp • https://chrome.google.com/webstore/detail/referer-control/hnkcfpcejkafcihlgbojoidoihckciin • https://chrome.google.com/webstore/detail/canvasfingerprintblock/ipmjngkmngdcdpmgmiebdmfbkcecdndc • https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml • https://chrome.google.com/webstore/detail/user-agent-switcher-for-g/ffhkkpnppgnfaobgihpdblnhmmbodake • https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe • https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm • https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf • https://chrome.google.com/webstore/detail/qualys-browsercheck-for-w/ejhnkognlohdkpjkjongioociddgoibk • https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
SUMMARY
SAFE BROWSING IN 2016 SUMMARY • Cyber criminals, The Government • Anti-malware, anti-exploit • Search engine • Secure web browser • Browser extensions
SAFE BROWSING IN 2016 THANK YOU• @gszathmari • PGP: keybase.io/gszathmari • Threema: PRN7228A
SAFE BROWSING IN 2016 PHOTOS • https://americangallery.files.wordpress.com/2012/06/sheep-in-wolfs-clothing.jpg • http://dropsafe.crypticide.com/wp-content/uploads/2013/08/Secure-Beneath-Watchful-Eyes.png • https://uploads.skyhighnetworks.com/2014/12/blog-banner-dr-evil.png • https://twitter.com/malware_traffic/status/738801324955832321

More Related Content

PDF
WCBham Beginner WordPress Security
byGerroald Barron
 
PDF
The Slow Death of Passwords
byForgeRock Identity Tech Talks
 
PPT
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
byProQuest
 
PDF
Ransomware - Mark Chimely
byIISPEastMids
 
PDF
Help! I am an Investigative Journalist in 2017
byGabor Szathmari
 
PPTX
infosec_for_journalists_2016
byJustin Giles
 
PPTX
Internet and Personal Privacy
byUtku Sen
 
PDF
Digital Safety
byCelia Chavez
 
WCBham Beginner WordPress Security
byGerroald Barron
 
The Slow Death of Passwords
byForgeRock Identity Tech Talks
 
Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017
byProQuest
 
Ransomware - Mark Chimely
byIISPEastMids
 
Help! I am an Investigative Journalist in 2017
byGabor Szathmari
 
infosec_for_journalists_2016
byJustin Giles
 
Internet and Personal Privacy
byUtku Sen
 
Digital Safety
byCelia Chavez
 

Viewers also liked

PDF
Safe browsing
by88DIMATH
 
PDF
End-to-End Encryption of Distributed Applications
byJeff Lambert
 
PPTX
Internet Safety Gwen
byguest3d3a205b
 
PDF
Practical Encryption Tips and Tools
byHeidi Alexander
 
PPT
Douglas Crockford - Ajax Security
byWeb Directions
 
PPTX
Internet browsing
byImran Noori
 
PDF
The Importance of Business Data Backups
bySwiftTech Solutions, Inc.
 
PPTX
Browser Security 101
byStormpath
 
PPT
General Awareness On Cyber Security
byDominic Rajesh
 
PPT
Download presentation
bywebhostingguy
 
PPT
Browser Security
byRoberto Suggi Liverani
 
Safe browsing
by88DIMATH
 
End-to-End Encryption of Distributed Applications
byJeff Lambert
 
Internet Safety Gwen
byguest3d3a205b
 
Practical Encryption Tips and Tools
byHeidi Alexander
 
Douglas Crockford - Ajax Security
byWeb Directions
 
Internet browsing
byImran Noori
 
The Importance of Business Data Backups
bySwiftTech Solutions, Inc.
 
Browser Security 101
byStormpath
 
General Awareness On Cyber Security
byDominic Rajesh
 
Download presentation
bywebhostingguy
 
Browser Security
byRoberto Suggi Liverani
 

Similar to Safe Browsing in 2016

PPT
Browsing the Net Safely
bytxcsndtampa
 
DOCX
Browser Security – Issues and Best Practices1Outli
byVannaSchrader3
 
PPTX
Browser and Windows Hardening Bsides Detroit
byKurtis Armour
 
PPTX
Security-Web Vulnerabilities-Browser Attacks
byRaghu Addanki
 
PDF
Symantec Internet Security Threat Report Volume 2015
byWaqas Amir
 
PPT
webbrowrtretretretretretertsersecurity.ppt
bymark625251
 
PPTX
Fundamentals of Safe Browsing.pptx
by24149052
 
PPTX
Surfing with Sharks KS ED TECH 2012
byinf8nity
 
PPTX
ICT-Lec-3.pptx bkjojbjdbjkklbhsdkssscduigi
byworryno71
 
PPT
The most dangerous places on the web
byJoel May
 
PDF
Secure Remote Browser
byCitrix
 
PPTX
Cybersecurity Cyber Usalama
byMuhammadRadwan10
 
PPTX
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
byPrinceYdvz
 
PPTX
Securtiy Issues 17.05.2020.pptx
byvatsalrbhatt13
 
PDF
Internet Security Threat Report (ISTR) Government
bySSLRenewals
 
PPT
The Corporate Web Security Landscape
byPeter Wood
 
PDF
Lecture #18 - #20: Web Browser and Web Application Security
byDr. Ramchandra Mangrulkar
 
PPTX
Web Browser
bymandeag
 
PPTX
Soham web security
bySoham Sengupta
 
PPTX
Browsers
byAlexander Medina Gómez
 
Browsing the Net Safely
bytxcsndtampa
 
Browser Security – Issues and Best Practices1Outli
byVannaSchrader3
 
Browser and Windows Hardening Bsides Detroit
byKurtis Armour
 
Security-Web Vulnerabilities-Browser Attacks
byRaghu Addanki
 
Symantec Internet Security Threat Report Volume 2015
byWaqas Amir
 
webbrowrtretretretretretertsersecurity.ppt
bymark625251
 
Fundamentals of Safe Browsing.pptx
by24149052
 
Surfing with Sharks KS ED TECH 2012
byinf8nity
 
ICT-Lec-3.pptx bkjojbjdbjkklbhsdkssscduigi
byworryno71
 
The most dangerous places on the web
byJoel May
 
Secure Remote Browser
byCitrix
 
Cybersecurity Cyber Usalama
byMuhammadRadwan10
 
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
byPrinceYdvz
 
Securtiy Issues 17.05.2020.pptx
byvatsalrbhatt13
 
Internet Security Threat Report (ISTR) Government
bySSLRenewals
 
The Corporate Web Security Landscape
byPeter Wood
 
Lecture #18 - #20: Web Browser and Web Application Security
byDr. Ramchandra Mangrulkar
 
Web Browser
bymandeag
 
Soham web security
bySoham Sengupta
 
Browsers
byAlexander Medina Gómez
 

More from Gabor Szathmari

PPTX
Iron Bastion: Preventing business email compromise fraud at your firm
byGabor Szathmari
 
PPTX
Iron Bastion: How to Manage Your Clients' Data Responsibly
byGabor Szathmari
 
PPTX
Hacking law firms with abandoned domain names
byGabor Szathmari
 
PPTX
How to manage your client's data responsibly
byGabor Szathmari
 
PPTX
How to protect your clients and your law firm from money transfer scams
byGabor Szathmari
 
PPTX
Phishing stories from the trenches
byGabor Szathmari
 
PPTX
CryptoParty Tor Relay Workshop
byGabor Szathmari
 
PDF
Privacy for journalists introduction
byGabor Szathmari
 
PDF
Threat Modeling for Journalists
byGabor Szathmari
 
PDF
Privacy for Journalists Introduction
byGabor Szathmari
 
PDF
When the CDN goes bananas
byGabor Szathmari
 
PPTX
PGP and Keybase (CryptoParty Belfast)
byGabor Szathmari
 
Iron Bastion: Preventing business email compromise fraud at your firm
byGabor Szathmari
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
byGabor Szathmari
 
Hacking law firms with abandoned domain names
byGabor Szathmari
 
How to manage your client's data responsibly
byGabor Szathmari
 
How to protect your clients and your law firm from money transfer scams
byGabor Szathmari
 
Phishing stories from the trenches
byGabor Szathmari
 
CryptoParty Tor Relay Workshop
byGabor Szathmari
 
Privacy for journalists introduction
byGabor Szathmari
 
Threat Modeling for Journalists
byGabor Szathmari
 
Privacy for Journalists Introduction
byGabor Szathmari
 
When the CDN goes bananas
byGabor Szathmari
 
PGP and Keybase (CryptoParty Belfast)
byGabor Szathmari
 

Recently uploaded

PDF
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
PDF
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
DOCX
Quercus semecarpifolia is widely recognized as a keystone species in alpine a...
byMadan Bhandari university and St. Xavier's college , Maitighar
 
PDF
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
PPTX
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PPTX
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
PPTX
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
PDF
oracle_apex_tamil_export_an_application.pdf
byUthamaselvan M
 
PDF
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
PDF
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
PDF
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
PDF
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PPTX
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
PDF
DevOps GenAI_ How Generative AI Is Changing Software Delivery.pdf
byDevseccops.ai
 
PPTX
SRWE_Module_14_SRWE_ccna_basics_routing_concepts.pptx
byahmedmahmoudece
 
PPTX
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
Quercus semecarpifolia is widely recognized as a keystone species in alpine a...
byMadan Bhandari university and St. Xavier's college , Maitighar
 
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
oracle_apex_tamil_export_an_application.pdf
byUthamaselvan M
 
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
DevOps GenAI_ How Generative AI Is Changing Software Delivery.pdf
byDevseccops.ai
 
SRWE_Module_14_SRWE_ccna_basics_routing_concepts.pptx
byahmedmahmoudece
 
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 

Safe Browsing in 2016

  • 1.
    SAFE BROWSING IN2016 SECURITY & PRIVACY
  • 2.
    SAFE BROWSING IN2016 me_irl • Gabor Szathmari • Information Security Professional Hacker Freelancer • Privacy Advocate
  • 3.
    SAFE BROWSING IN2016 I WILL BE TALKING ABOUT • Web browsing ‣Privately ‣Securely
  • 4.
  • 5.
    SAFE BROWSING IN2016 THIS GUIDE IS NOT FOR YOU, IF… • Targeted surveillance • Whistleblower protection • Browsing the web anonymously
  • 6.
    SAFE BROWSING IN2016 YOU NEED INSTEAD … • Tor browser • Tails OS, Qubes OS • PGP, Signal, WhatsApp, Ricochet • SecureDrop, GlobaLeaks
  • 7.
  • 8.
    SAFE BROWSING IN2016 CYBER CRIMINALS •Ransomware ‣ Your files for Bitcoins •Info stealing malware ‣ Passwords ‣ Bank and credit card details
  • 9.
    SAFE BROWSING IN2016 THE GOVERNMENT Metadata law1 excludes2: •URLs •Web Page Content •DNS requests •Destination IPs and Ports [1]: Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015
 [2]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf
  • 10.
    SAFE BROWSING IN2016 THE GOVERNMENT ISPs must retain1 : • Assigned IP and Port • Date and Duration • Data Volume • Subscriber Data [1]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf
  • 11.
    SAFE BROWSING IN2016 THE GOVERNMENT ISPs must retain1 : • Assigned IP and Port • Date and Duration • Data Volume • Subscriber Data Service Providers have: • Connecting IP and Port • Date and Duration • Data Volume • Content [1]: https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf On Request
  • 12.
    SAFE BROWSING IN2016 DATA CORRELATION • Hello Google, give us 
 all the IP addresses
 searching for “whistleblowing” 
 in January 2016
  • 13.
    SAFE BROWSING IN2016 DATA CORRELATION • Hey Facebook, tell us 
 the URL of all websites 
 that this IP address visited
 with your ‘Like button’ on the page1 [1]: http://arstechnica.com/tech-policy/2015/03/report-facebook-tracks-all-visitors-even-if-youre-not-a-user-and-opted-out/
  • 15.
    SAFE BROWSING IN2016 SAFE BROWSING IS • Protection from
 ransomware and info stealing malware • De-linking data between the
 ISP and Service Providers
  • 16.
  • 17.
    SAFE BROWSING IN2016 HOW MALWARE GETS IN? • File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
  • 18.
    SAFE BROWSING IN2016 WHAT CAN PROTECT ME? • Anti-virus software • Anti-exploit kit
  • 19.
    SAFE BROWSING IN2016 ANTI-VIRUS SOFTWARE Modern AV protects from: • Known and unknown malware • Loading malicious URLs • Ransomware • Keystroke logging
  • 20.
    SAFE BROWSING IN2016 ANTI-EXPLOIT KIT Protects from: • Browser exploits • Browser add-on exploits
  • 22.
    SAFE BROWSING IN2016 OPERATING SYSTEM HYGIENE Anti-malware 1 : ‣ Kaspersky Internet Security ‣ Norton Security Anti-exploit kit 2 : ‣ MalwareBytes
 Anti-Exploit ‣ HitmanPro.Alert [1]: https://www.mrg-effitas.com/wp-content/uploads/2016/05/MRG-Effitas-360-Assessment-Q1-2016.pdf
 [2]: https://www.mrg-effitas.com/wp-content/uploads/2015/04/MRG_Effitas_Real_world_exploit_prevention_test.pdf
  • 23.
  • 24.
    SAFE BROWSING IN2016 DATA CORRELATION • Hello Google, give us 
 all the IP addresses
 searching for “whistleblowing” 
 in January 2016
  • 25.
    SAFE BROWSING IN2016 SAFE BROWSING IS • Protection from
 ransomware and malware • De-linking data between the
 ISP and Service Providers
  • 26.
    SAFE BROWSING IN2016 CHOOSING THE SEARCH ENGINE • Doesn't keep logs • Nothing to hand over
  • 27.
    SAFE BROWSING IN2016 CHOOSING THE SEARCH ENGINE • startpage.com • search.disconnect.me • duckduckgo.com
  • 28.
  • 29.
    SAFE BROWSING IN2016 HOW MALWARE GETS IN? • File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
  • 30.
    SAFE BROWSING IN2016 A MODERN WEB BROWSER • Warns if something bad is going to happen • Stops bad things from happening
  • 31.
    SAFE BROWSING IN2016 BROWSER SECURITY File / URL Reputation Yes Yes Yes Yes Sandboxing Yes Yes Yes Sandboxed Flash Yes Yes Yes Sandboxed PDF Yes Yes Yes Certificate Transparency Yes Token Binding Yes
  • 32.
    SAFE BROWSING IN2016 CHROME, BECAUSE … • Implements state of the art security technologies • Privacy and security extensions
  • 33.
    SAFE BROWSING IN2016 BEFORE YOU BEGIN… • Don’t log in with a Google account • Fine-tune its privacy settings1 • Read the Chrome Privacy Whitepaper2 [1]: http://www.dummies.com/how-to/content/how-to-use-google-chrome-privacy-settings.html
 [2]: https://www.google.com/chrome/browser/privacy/whitepaper.html
  • 34.
  • 35.
    SAFE BROWSING IN2016 DATA CORRELATION • Hey Facebook, tell us 
 the URL of all websites 
 that this IP address visited
 with your ‘Like button’ on the page1 [1]: http://arstechnica.com/tech-policy/2015/03/report-facebook-tracks-all-visitors-even-if-youre-not-a-user-and-opted-out/
  • 36.
    SAFE BROWSING IN2016 SAFE BROWSING IS • Protection from
 ransomware and malware • De-linking data between the
 ISP and Service Providers
  • 37.
    SAFE BROWSING IN2016 EXTENSIONS: PRIVACY • Disable tracking pixels ‣ Disconnect -or- ‣ Privacy Badger • Enforce encryption ‣ HTTPS Everywhere • Prevent leaks ‣ Referer Control ‣ WebRTC Leak Prevent • Prevent fingerprinting ‣ CanvasFingerprintBlock ‣ User-Agent Switcher
  • 38.
    SAFE BROWSING IN2016 HOW MALWARE GETS IN? • File downloads • Browser and add-on exploits ‣ Adobe Flash ‣ Java ‣ PDF
  • 39.
    SAFE BROWSING IN2016 EXTENSIONS: SECURITY • Click to Flash ‣ Flashcontrol • Control third-party code ‣ uBlock Origin ‣ ScriptSafe • Browser and add-on health check ‣ Qualys BrowserCheck • URL Reputation ‣ WOT: Web of Trust
  • 40.
    SAFE BROWSING IN2016 WHAT’S YOUR FAVOURITE EXTENSION? • https://chrome.google.com/webstore/detail/disconnect/jeoacafpbcihiomhlakheieifhpjdfeo • https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp • https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp • https://chrome.google.com/webstore/detail/referer-control/hnkcfpcejkafcihlgbojoidoihckciin • https://chrome.google.com/webstore/detail/canvasfingerprintblock/ipmjngkmngdcdpmgmiebdmfbkcecdndc • https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml • https://chrome.google.com/webstore/detail/user-agent-switcher-for-g/ffhkkpnppgnfaobgihpdblnhmmbodake • https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe • https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm • https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf • https://chrome.google.com/webstore/detail/qualys-browsercheck-for-w/ejhnkognlohdkpjkjongioociddgoibk • https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
  • 41.
  • 42.
    SAFE BROWSING IN2016 SUMMARY • Cyber criminals, The Government • Anti-malware, anti-exploit • Search engine • Secure web browser • Browser extensions
  • 43.
    SAFE BROWSING IN2016 THANK YOU• @gszathmari • PGP: keybase.io/gszathmari • Threema: PRN7228A
  • 44.
    SAFE BROWSING IN2016 PHOTOS • https://americangallery.files.wordpress.com/2012/06/sheep-in-wolfs-clothing.jpg • http://dropsafe.crypticide.com/wp-content/uploads/2013/08/Secure-Beneath-Watchful-Eyes.png • https://uploads.skyhighnetworks.com/2014/12/blog-banner-dr-evil.png • https://twitter.com/malware_traffic/status/738801324955832321