SlideShare a Scribd company logo

Threat modeling librarian freedom conference

Download as PPTX, PDF
E
evacide

Slides from the Threat Modeling: Librarian Edition talk by Eva Galperin and Morgan Marquis-Boire at the Digital Rights in Librarian Conference, 2015.

Technology
1 of 83
Threat Modeling Library Freedom Edition Morgan Marquis-Boire & Eva Galperin @headhntr @evacide
Who are we?
What are we talking about? What the hell is threat modeling? How do you do it? What makes this trickier than it looks?
Librarians are doing it for themselves
How not to go crazy
What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect?
What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from?
What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it?
What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it? 4. How bad are the consequences if you fail?
What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it? 4. How bad are the consequences if you fail? 5. How much trouble are you willing to go through in order to prevent those consequences?
What do you need to know? Assets Adversary Threat Capability Risk
Surveillance is magic.
VS
COST = $0
COST = $$
Replenishing the minibar? Or...
COST = $$$
COST = PRICELESS
Those are the types of actors, but who are the players?
High End FVEY - US / UK / CA / AU / NZ ISRAEL CHINA RUSSIA FRANCE etc etc etc etc
Artisanal, Small-Batch, Locally made, home grown...
Commercial Market ● Law Enforcement ● Intelligence agencies ● Security companies
Pay for tools
Pay per job
Gotta get paid, yo
Attacker resources vs $$$$ vs target value
Surveillance Starts at Home
Stalkers
“When we share information, we are building power of our own. Potential harassers may deterred by the thought that we are both capable of and willing to turn the eye of internet surveillance back on them.” Liz Henry, Model View Culture Investigation Online: Gathering Information to Assess Risk
Amina Araaf: a gay girl in Damascus
Tom MacMaster: middle aged guy in Scotland
Domestic abuser
I smell a RAT
StealthGenie
Other kinds of criminals
“Before his gauche upload, he posted a picture of his lobster salad and tagged the restaurant.” New York Post
Hey teacher, leave those kids alone
“One day soon, home room teachers in your local middle and high schools may stop scanning rows of desks and making each student yell out ‘Here!’ during a morning roll call. Instead, small cards, or tags, carried by each student will transmit a unique serial number via radio signal to an electronic reader near the school door.” AT&T advertising brochure
The blended threat landscape Not discrete categories: many delicious flavors!
Risk
Different appetites for risk
Meet the nihilists
Alaa Abdel Fattah says “Come at me, bro.”
Meet the vegans
Further reading What Every Librarian Should Know About HTTPS: https://www.eff.org/deeplinks/2015/05/what-every-librarian-needs-know-about- https Surveillance Self Defense: https://ssd.eff.org. COMSEC: Beyond Encryption: https://grugq.github.io/presentations/COMSEC%20beyond%20encryption.pdf Digital First Aid Kit: http://digitaldefenders.org/digitalfirstaid/

Recommended

Threat modeling nihilists v. vegans
Threat modeling nihilists v. vegansThreat modeling nihilists v. vegans
Threat modeling nihilists v. vegansevacide
 
An Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecAn Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecStu Hirst
 
Dynamic Risk Assessment, March 2013
Dynamic Risk Assessment, March 2013Dynamic Risk Assessment, March 2013
Dynamic Risk Assessment, March 2013David Webster
 
Making Ethical Tech: Fulfilling Obligations to Your Users, Your Staff and You...
Making Ethical Tech: Fulfilling Obligations to Your Users, Your Staff and You...Making Ethical Tech: Fulfilling Obligations to Your Users, Your Staff and You...
Making Ethical Tech: Fulfilling Obligations to Your Users, Your Staff and You...YTH
 
The #1 Thing That Goes Wrong In Client Projects Even When You're Doing Everyt...
The #1 Thing That Goes Wrong In Client Projects Even When You're Doing Everyt...The #1 Thing That Goes Wrong In Client Projects Even When You're Doing Everyt...
The #1 Thing That Goes Wrong In Client Projects Even When You're Doing Everyt...Followbright
 
Starting with Yes: How Lawyers Can Become Early Adopters of Technology
Starting with Yes: How Lawyers Can Become Early Adopters of TechnologyStarting with Yes: How Lawyers Can Become Early Adopters of Technology
Starting with Yes: How Lawyers Can Become Early Adopters of TechnologyJules Miller
 
An Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecAn Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecStu Hirst
 
Where Americans Don't Lock Their Doors [Survey] | Eyewitness Surveillance
Where Americans Don't Lock Their Doors [Survey] | Eyewitness SurveillanceWhere Americans Don't Lock Their Doors [Survey] | Eyewitness Surveillance
Where Americans Don't Lock Their Doors [Survey] | Eyewitness SurveillanceAshley Stryker
 

Recommended

Threat modeling nihilists v. vegans
Threat modeling nihilists v. vegansThreat modeling nihilists v. vegans
Threat modeling nihilists v. vegansevacide
 
An Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecAn Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecStu Hirst
 
Dynamic Risk Assessment, March 2013
Dynamic Risk Assessment, March 2013Dynamic Risk Assessment, March 2013
Dynamic Risk Assessment, March 2013David Webster
 
Making Ethical Tech: Fulfilling Obligations to Your Users, Your Staff and You...
Making Ethical Tech: Fulfilling Obligations to Your Users, Your Staff and You...Making Ethical Tech: Fulfilling Obligations to Your Users, Your Staff and You...
Making Ethical Tech: Fulfilling Obligations to Your Users, Your Staff and You...YTH
 
The #1 Thing That Goes Wrong In Client Projects Even When You're Doing Everyt...
The #1 Thing That Goes Wrong In Client Projects Even When You're Doing Everyt...The #1 Thing That Goes Wrong In Client Projects Even When You're Doing Everyt...
The #1 Thing That Goes Wrong In Client Projects Even When You're Doing Everyt...Followbright
 
Starting with Yes: How Lawyers Can Become Early Adopters of Technology
Starting with Yes: How Lawyers Can Become Early Adopters of TechnologyStarting with Yes: How Lawyers Can Become Early Adopters of Technology
Starting with Yes: How Lawyers Can Become Early Adopters of TechnologyJules Miller
 
An Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecAn Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecStu Hirst
 
Where Americans Don't Lock Their Doors [Survey] | Eyewitness Surveillance
Where Americans Don't Lock Their Doors [Survey] | Eyewitness SurveillanceWhere Americans Don't Lock Their Doors [Survey] | Eyewitness Surveillance
Where Americans Don't Lock Their Doors [Survey] | Eyewitness SurveillanceAshley Stryker
 
ComputerSecurity-Brochure
ComputerSecurity-BrochureComputerSecurity-Brochure
ComputerSecurity-BrochureBenjamin Vevang
 
WALT be Cyber smart
WALT be Cyber smartWALT be Cyber smart
WALT be Cyber smartwiggit
 
Incredibly efficient but lesser known fighting systems for street defense
Incredibly efficient but lesser known fighting systems for street defenseIncredibly efficient but lesser known fighting systems for street defense
Incredibly efficient but lesser known fighting systems for street defenseAdam Quirk
 
Selling Elephant Whistles
Selling Elephant WhistlesSelling Elephant Whistles
Selling Elephant Whistlesjaysonstreet
 
AI-based rumor & fake news detection algorithm on Twitter
AI-based rumor & fake news detection algorithm on TwitterAI-based rumor & fake news detection algorithm on Twitter
AI-based rumor & fake news detection algorithm on TwitterMeeyoung Cha
 
Machine learning how not to lose the user
Machine learning how not to lose the userMachine learning how not to lose the user
Machine learning how not to lose the userNuritps
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17Eoin Keary
 
SQL injection
SQL injectionSQL injection
SQL injectionAkash Panchal
 
Introduction to SQL Injection
Introduction to SQL InjectionIntroduction to SQL Injection
Introduction to SQL Injectionjpubal
 
Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresCade Zvavanjanja
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionMarios Siganos
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 

More Related Content

What's hot

ComputerSecurity-Brochure
ComputerSecurity-BrochureComputerSecurity-Brochure
ComputerSecurity-BrochureBenjamin Vevang
 
WALT be Cyber smart
WALT be Cyber smartWALT be Cyber smart
WALT be Cyber smartwiggit
 
Incredibly efficient but lesser known fighting systems for street defense
Incredibly efficient but lesser known fighting systems for street defenseIncredibly efficient but lesser known fighting systems for street defense
Incredibly efficient but lesser known fighting systems for street defenseAdam Quirk
 
Selling Elephant Whistles
Selling Elephant WhistlesSelling Elephant Whistles
Selling Elephant Whistlesjaysonstreet
 
AI-based rumor & fake news detection algorithm on Twitter
AI-based rumor & fake news detection algorithm on TwitterAI-based rumor & fake news detection algorithm on Twitter
AI-based rumor & fake news detection algorithm on TwitterMeeyoung Cha
 
Machine learning how not to lose the user
Machine learning how not to lose the userMachine learning how not to lose the user
Machine learning how not to lose the userNuritps
 

What's hot (6)

ComputerSecurity-Brochure
ComputerSecurity-BrochureComputerSecurity-Brochure
ComputerSecurity-Brochure
 
WALT be Cyber smart
WALT be Cyber smartWALT be Cyber smart
WALT be Cyber smart
 
Incredibly efficient but lesser known fighting systems for street defense
Incredibly efficient but lesser known fighting systems for street defenseIncredibly efficient but lesser known fighting systems for street defense
Incredibly efficient but lesser known fighting systems for street defense
 
Selling Elephant Whistles
Selling Elephant WhistlesSelling Elephant Whistles
Selling Elephant Whistles
 
AI-based rumor & fake news detection algorithm on Twitter
AI-based rumor & fake news detection algorithm on TwitterAI-based rumor & fake news detection algorithm on Twitter
AI-based rumor & fake news detection algorithm on Twitter
 
Machine learning how not to lose the user
Machine learning how not to lose the userMachine learning how not to lose the user
Machine learning how not to lose the user
 

Viewers also liked

03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17Eoin Keary
 
Introduction to SQL Injection
Introduction to SQL InjectionIntroduction to SQL Injection
Introduction to SQL Injectionjpubal
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresCade Zvavanjanja
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 

Viewers also liked (20)

03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Introduction to SQL Injection
Introduction to SQL InjectionIntroduction to SQL Injection
Introduction to SQL Injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks Siddhesh
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasures
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Sql injection
Sql injectionSql injection
Sql injection
 

Similar to Threat modeling librarian freedom conference

Example Of Introduction In. Online assignment writing service.
Example Of Introduction In. Online assignment writing service.Example Of Introduction In. Online assignment writing service.
Example Of Introduction In. Online assignment writing service.Katrina Duarte
 
Essay Questions On The Cherry Orchard. Online assignment writing service.
Essay Questions On The Cherry Orchard. Online assignment writing service.Essay Questions On The Cherry Orchard. Online assignment writing service.
Essay Questions On The Cherry Orchard. Online assignment writing service.Taina Myers
 
Stopping Child Sexual Abuse Before it Happens
Stopping Child Sexual Abuse Before it HappensStopping Child Sexual Abuse Before it Happens
Stopping Child Sexual Abuse Before it HappensKeith Gregory
 
Stopping Child Sexual Abuse Before it Happens
Stopping Child Sexual Abuse Before it HappensStopping Child Sexual Abuse Before it Happens
Stopping Child Sexual Abuse Before it HappensKeithGregory19
 
How To Survive The Zombie Apocalypse
How To Survive The Zombie ApocalypseHow To Survive The Zombie Apocalypse
How To Survive The Zombie Apocalypseelbryan108
 
Deadly Viruses Essay
Deadly Viruses EssayDeadly Viruses Essay
Deadly Viruses EssayAlison Parker
 
Verbal martial arts. Teaching Conflict Skills to Incarcerated Adults
Verbal martial arts. Teaching Conflict Skills to Incarcerated AdultsVerbal martial arts. Teaching Conflict Skills to Incarcerated Adults
Verbal martial arts. Teaching Conflict Skills to Incarcerated AdultsSharon Durgin Campbell, MS
 
Essay Jedi Review. Online assignment writing service.
Essay Jedi Review. Online assignment writing service.Essay Jedi Review. Online assignment writing service.
Essay Jedi Review. Online assignment writing service.Yolanda Allrich
 
Assignment 1.2 Conflicting Viewpoints Essay - Part Ii
Assignment 1.2 Conflicting Viewpoints Essay - Part IiAssignment 1.2 Conflicting Viewpoints Essay - Part Ii
Assignment 1.2 Conflicting Viewpoints Essay - Part IiMelissa Lofton
 
Borders With Leaves - Leaves Png Images Trans
Borders With Leaves - Leaves Png Images TransBorders With Leaves - Leaves Png Images Trans
Borders With Leaves - Leaves Png Images TransMichelle Robertson
 
Princess Writing Paper. Online assignment writing service.
Princess Writing Paper. Online assignment writing service.Princess Writing Paper. Online assignment writing service.
Princess Writing Paper. Online assignment writing service.Erica Spivey
 
How Would You Start Off A Persuasive Essay
How Would You Start Off A Persuasive EssayHow Would You Start Off A Persuasive Essay
How Would You Start Off A Persuasive EssayEmily Garcia
 
Imposter Syndrome (Kurt Madsen at LunchUX)
Imposter Syndrome (Kurt Madsen at LunchUX)Imposter Syndrome (Kurt Madsen at LunchUX)
Imposter Syndrome (Kurt Madsen at LunchUX)Kurt Madsen
 
Corn Syrup Essay. Online assignment writing service.
Corn Syrup Essay. Online assignment writing service.Corn Syrup Essay. Online assignment writing service.
Corn Syrup Essay. Online assignment writing service.Lisa Davis
 
To Kill A Mockingbird Lesson Plan For Laws Of Life Essay Writing Character Map
To Kill A Mockingbird Lesson Plan For Laws Of Life Essay Writing Character MapTo Kill A Mockingbird Lesson Plan For Laws Of Life Essay Writing Character Map
To Kill A Mockingbird Lesson Plan For Laws Of Life Essay Writing Character MapErica Turner
 
The Lighthouse Essay Agnes Owens
The Lighthouse Essay Agnes OwensThe Lighthouse Essay Agnes Owens
The Lighthouse Essay Agnes OwensDebbie White
 
American Dream Essay Contest Wyoming
American Dream Essay Contest WyomingAmerican Dream Essay Contest Wyoming
American Dream Essay Contest WyomingJennifer Prive
 
001 Essay Example In Citation Mla Format For Quotes Quotesgram Examples
001 Essay Example In Citation Mla Format For Quotes Quotesgram Examples001 Essay Example In Citation Mla Format For Quotes Quotesgram Examples
001 Essay Example In Citation Mla Format For Quotes Quotesgram ExamplesDenise Hudson
 
What Can We Learn from the Unabomber?: Nothing.
What Can We Learn from the Unabomber?: Nothing.What Can We Learn from the Unabomber?: Nothing.
What Can We Learn from the Unabomber?: Nothing.Peter Ludlow
 
How To Write A My Best Friend Essay In 5 Simple Steps.
How To Write A My Best Friend Essay In 5 Simple Steps.How To Write A My Best Friend Essay In 5 Simple Steps.
How To Write A My Best Friend Essay In 5 Simple Steps.Lori Mitchell
 

Similar to Threat modeling librarian freedom conference (20)

Example Of Introduction In. Online assignment writing service.
Example Of Introduction In. Online assignment writing service.Example Of Introduction In. Online assignment writing service.
Example Of Introduction In. Online assignment writing service.
 
Essay Questions On The Cherry Orchard. Online assignment writing service.
Essay Questions On The Cherry Orchard. Online assignment writing service.Essay Questions On The Cherry Orchard. Online assignment writing service.
Essay Questions On The Cherry Orchard. Online assignment writing service.
 
Stopping Child Sexual Abuse Before it Happens
Stopping Child Sexual Abuse Before it HappensStopping Child Sexual Abuse Before it Happens
Stopping Child Sexual Abuse Before it Happens
 
Stopping Child Sexual Abuse Before it Happens
Stopping Child Sexual Abuse Before it HappensStopping Child Sexual Abuse Before it Happens
Stopping Child Sexual Abuse Before it Happens
 
How To Survive The Zombie Apocalypse
How To Survive The Zombie ApocalypseHow To Survive The Zombie Apocalypse
How To Survive The Zombie Apocalypse
 
Deadly Viruses Essay
Deadly Viruses EssayDeadly Viruses Essay
Deadly Viruses Essay
 
Verbal martial arts. Teaching Conflict Skills to Incarcerated Adults
Verbal martial arts. Teaching Conflict Skills to Incarcerated AdultsVerbal martial arts. Teaching Conflict Skills to Incarcerated Adults
Verbal martial arts. Teaching Conflict Skills to Incarcerated Adults
 
Essay Jedi Review. Online assignment writing service.
Essay Jedi Review. Online assignment writing service.Essay Jedi Review. Online assignment writing service.
Essay Jedi Review. Online assignment writing service.
 
Assignment 1.2 Conflicting Viewpoints Essay - Part Ii
Assignment 1.2 Conflicting Viewpoints Essay - Part IiAssignment 1.2 Conflicting Viewpoints Essay - Part Ii
Assignment 1.2 Conflicting Viewpoints Essay - Part Ii
 
Borders With Leaves - Leaves Png Images Trans
Borders With Leaves - Leaves Png Images TransBorders With Leaves - Leaves Png Images Trans
Borders With Leaves - Leaves Png Images Trans
 
Princess Writing Paper. Online assignment writing service.
Princess Writing Paper. Online assignment writing service.Princess Writing Paper. Online assignment writing service.
Princess Writing Paper. Online assignment writing service.
 
How Would You Start Off A Persuasive Essay
How Would You Start Off A Persuasive EssayHow Would You Start Off A Persuasive Essay
How Would You Start Off A Persuasive Essay
 
Imposter Syndrome (Kurt Madsen at LunchUX)
Imposter Syndrome (Kurt Madsen at LunchUX)Imposter Syndrome (Kurt Madsen at LunchUX)
Imposter Syndrome (Kurt Madsen at LunchUX)
 
Corn Syrup Essay. Online assignment writing service.
Corn Syrup Essay. Online assignment writing service.Corn Syrup Essay. Online assignment writing service.
Corn Syrup Essay. Online assignment writing service.
 
To Kill A Mockingbird Lesson Plan For Laws Of Life Essay Writing Character Map
To Kill A Mockingbird Lesson Plan For Laws Of Life Essay Writing Character MapTo Kill A Mockingbird Lesson Plan For Laws Of Life Essay Writing Character Map
To Kill A Mockingbird Lesson Plan For Laws Of Life Essay Writing Character Map
 
The Lighthouse Essay Agnes Owens
The Lighthouse Essay Agnes OwensThe Lighthouse Essay Agnes Owens
The Lighthouse Essay Agnes Owens
 
American Dream Essay Contest Wyoming
American Dream Essay Contest WyomingAmerican Dream Essay Contest Wyoming
American Dream Essay Contest Wyoming
 
001 Essay Example In Citation Mla Format For Quotes Quotesgram Examples
001 Essay Example In Citation Mla Format For Quotes Quotesgram Examples001 Essay Example In Citation Mla Format For Quotes Quotesgram Examples
001 Essay Example In Citation Mla Format For Quotes Quotesgram Examples
 
What Can We Learn from the Unabomber?: Nothing.
What Can We Learn from the Unabomber?: Nothing.What Can We Learn from the Unabomber?: Nothing.
What Can We Learn from the Unabomber?: Nothing.
 
How To Write A My Best Friend Essay In 5 Simple Steps.
How To Write A My Best Friend Essay In 5 Simple Steps.How To Write A My Best Friend Essay In 5 Simple Steps.
How To Write A My Best Friend Essay In 5 Simple Steps.
 

Recently uploaded

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Threat modeling librarian freedom conference

  • 1. Threat Modeling Library Freedom Edition Morgan Marquis-Boire & Eva Galperin @headhntr @evacide
  • 3. What are we talking about? What the hell is threat modeling? How do you do it? What makes this trickier than it looks?
  • 4. Librarians are doing it for themselves
  • 5.
  • 6.
  • 7. How not to go crazy
  • 8. What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect?
  • 9. What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from?
  • 10. What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it?
  • 11. What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it? 4. How bad are the consequences if you fail?
  • 12. What the hell is threat modeling? 111sdgisjfoisejfoijs11. What do you want to protect?kok 1. What do you want to protect? 2.1. What do you want to protect? ASSETS1. What do you want to protect 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it? 4. How bad are the consequences if you fail? 5. How much trouble are you willing to go through in order to prevent those consequences?
  • 13. What do you need to know? Assets Adversary Threat Capability Risk
  • 15. VS
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 30.
  • 31.
  • 34.
  • 36. Those are the types of actors, but who are the players?
  • 37.
  • 38.
  • 39. High End FVEY - US / UK / CA / AU / NZ ISRAEL CHINA RUSSIA FRANCE etc etc etc etc
  • 41.
  • 42. Commercial Market ● Law Enforcement ● Intelligence agencies ● Security companies
  • 44.
  • 46.
  • 49.
  • 50.
  • 53. “When we share information, we are building power of our own. Potential harassers may deterred by the thought that we are both capable of and willing to turn the eye of internet surveillance back on them.” Liz Henry, Model View Culture Investigation Online: Gathering Information to Assess Risk
  • 54. Amina Araaf: a gay girl in Damascus
  • 55. Tom MacMaster: middle aged guy in Scotland
  • 56.
  • 58. I smell a RAT
  • 60.
  • 61. Other kinds of criminals
  • 62.
  • 63. “Before his gauche upload, he posted a picture of his lobster salad and tagged the restaurant.” New York Post
  • 64. Hey teacher, leave those kids alone
  • 65.
  • 66.
  • 67. “One day soon, home room teachers in your local middle and high schools may stop scanning rows of desks and making each student yell out ‘Here!’ during a morning roll call. Instead, small cards, or tags, carried by each student will transmit a unique serial number via radio signal to an electronic reader near the school door.” AT&T advertising brochure
  • 68.
  • 69.
  • 70.
  • 71. The blended threat landscape Not discrete categories: many delicious flavors!
  • 72. Risk
  • 75. Alaa Abdel Fattah says “Come at me, bro.”
  • 76.
  • 77.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83. Further reading What Every Librarian Should Know About HTTPS: https://www.eff.org/deeplinks/2015/05/what-every-librarian-needs-know-about- https Surveillance Self Defense: https://ssd.eff.org. COMSEC: Beyond Encryption: https://grugq.github.io/presentations/COMSEC%20beyond%20encryption.pdf Digital First Aid Kit: http://digitaldefenders.org/digitalfirstaid/

Editor's Notes

  1. On January 12, 2010, the same day as Google announced about the aurora targeted attacks, it was announced that gmail traffic would be encrypted by default. Since that time, facebook, twitter, and recently Yahoo have moved to using HTTPS traffic by default. Skype has provided encypted voice calls for many years. In addition to this, people like The Tor Project, The EFF’s HTTPS Everywhere plugin, Whisper Systems providing encrypted voice and text messaging means that passive sniffing of traffic has started to yield less interesting results. It’s still useful, in order to surveill persons of interest that have decent security understanding, active targeting becomes necessary.
  2. Computer viruses were just something that happened to computers and people shrugged their shoulders and figured they’d have to reinstall. Now this is fine if malware isn’t targeted and indeed, you’ve become part of a viagra spam botnet, however, it’s problematic for people that discover that they’ve been targeted by a nation-state. Because...
  3. Computer viruses were just something that happened to computers and people shrugged their shoulders and figured they’d have to reinstall. Now this is fine if malware isn’t targeted and indeed, you’ve become part of a viagra spam botnet, however, it’s problematic for people that discover that they’ve been targeted by a nation-state. Because...
  4. Cyber mercenaries using the police tools sold to repressive governments In fact the Turkmenistan secret service and the Australian police use the same tool!
  5. only sell to military
  6. Computer viruses were just something that happened to computers and people shrugged their shoulders and figured they’d have to reinstall. Now this is fine if malware isn’t targeted and indeed, you’ve become part of a viagra spam botnet, however, it’s problematic for people that discover that they’ve been targeted by a nation-state. Because...
  7. Hammad Akbar was fined $500k by the district court in Virginia in December of last year for selling and distributing “StealthGenie.”
  8. 'Please Rob Me' aggregates and streams location check-ins into a list of 'all those empty homes out there,' and describes the recently-shared locations as 'new opportunities.'
  9. a Texas school district just begun implanting the devices on student identification cards to monitor pupils’ movements on campus, and to track them as they come and go from school. Tagging school children with RFID chips is uncommon, but not new. A federally funded preschool in Richmond, California, began embedding RFID chips in students’ clothing in 2010. And an elementary school outside of Sacramento, California, scrubbed a plan in 2005 amid a parental uproar. And a Houston, Texas, school district began using the chips to monitor students on 13 campuses in 2004.
  10. Cyber mercenaries using the police tools sold to repressive governments In fact the Turkmenistan secret service and the Australian police use the same tool!
  11. Cyber mercenaries using the police tools sold to repressive governments In fact the Turkmenistan secret service and the Australian police use the same tool!