This document provides information about the Tor anonymity network and issues related to privacy, surveillance, and cryptography. It discusses how Tor works to anonymize users and protect their privacy, the importance of privacy in a democratic society, and risks of government surveillance and backdoors in encryption tools and software. It also summarizes the history of Tor and how it was originally developed by the US Naval Research Laboratory.
Præsentation for PROSA listing some threat and how to reduce risk - open source oyu can reuse slides for your own presentations https://github.com/kramshoej/security-courses
The deep web allows anonymous communication. Bitcoin makes it possible to transfer assets around the globe in seconds, also in absolute anonymity. ISIS has a war chest of over USD $2 billion, seeks to attack the west and is attributed the ability to operate very strategically. Jihadists
have been known to embrace technology. Gaping vulnerabilities in the technology-reliant western
infrastructure make easy targets.
This is the presentation from Null/OWASP/g4h Bangalore December MeetUp by Vandana Verma.
technology.inmobi.com/events/null-owasp-g4h-december-meetup
Outline:
Security news from November and December 2014.
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
The document discusses the privacy of email and how David Petraeus's affair with Paula Broadwell was discovered through their emails. It notes that Petraeus and Broadwell tried to avoid creating an email trail by composing draft emails and leaving them in a draft folder for the other to access. The FBI was ultimately able to use subpoenas to obtain IP logs connecting Broadwell's anonymous Gmail account to others accessed from her devices, confirming her involvement with Petraeus. The discovery of the affair led to Petraeus's resignation as CIA director.
This document provides an overview of chapter 6 from a textbook on network and internet security and privacy. It covers several learning objectives: understanding security concerns like hacking and cybercrime; online threats such as identity theft and malware; cyberstalking and personal safety; assessing personal computer security using encryption and firewalls; privacy concerns regarding personal data collection; and current legislation. The chapter examines these topics in depth through explanations of technical concepts, examples, and best practices for protection.
The document discusses wireless network security and hacking. It covers types of wireless networks and encryption, wireless hacking tools and methodology, threats to wireless networks, and how to hack wireless networks and Bluetooth connections. The goal is to understand wireless security concepts and vulnerabilities in order to test and improve security.
If last year’s presentation on the SANS 20 felt like more of a rant than a practical application of elite IT knowledge, Ian Trump’s technical track presentation is going to unleash GFI MAX as a security dashboard like nothing you have seen.
The Octopi team has leveraged network scanning and event log checks, and Ian takes the GFI MAX dashboard to a whole new level. MSP’s can take his code and research and immediately apply it to their practices to secure their customers from cyber threats. Dehydrated from the summer information security conferences, Ian will give you the threat intel you need to be on the lookout for in the months ahead.
Besides all the GFI MAX goodness, being part of a live demo to find APT, and seeing Ian link Human Rights, Market Research, Ice, Law, Iggy Azalea, War Ferrets, Christian Studies, Event Auditing, Security Tools, Taylor Swift and How we can all fix the cyber problem into one epic presentation – well, you don’t want to miss this.
The ClearScore Darkpaper: The danger of the dark web 2020Jayna Mistry
1. The document discusses fraud on the dark web and its impact on UK residents. It finds that 33% of UK residents have been victims of online fraud, with losses commonly between £101-£500.
2. Many underestimate how frequently data breaches occur, with only 25% thinking their data could be for sale on the dark web. However, the average ClearScore user found passwords from seven online accounts had been leaked.
3. Identity theft and fraud are among the UK population's biggest financial concerns highlighted in the report.
Præsentation for PROSA listing some threat and how to reduce risk - open source oyu can reuse slides for your own presentations https://github.com/kramshoej/security-courses
The deep web allows anonymous communication. Bitcoin makes it possible to transfer assets around the globe in seconds, also in absolute anonymity. ISIS has a war chest of over USD $2 billion, seeks to attack the west and is attributed the ability to operate very strategically. Jihadists
have been known to embrace technology. Gaping vulnerabilities in the technology-reliant western
infrastructure make easy targets.
This is the presentation from Null/OWASP/g4h Bangalore December MeetUp by Vandana Verma.
technology.inmobi.com/events/null-owasp-g4h-december-meetup
Outline:
Security news from November and December 2014.
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
The document discusses the privacy of email and how David Petraeus's affair with Paula Broadwell was discovered through their emails. It notes that Petraeus and Broadwell tried to avoid creating an email trail by composing draft emails and leaving them in a draft folder for the other to access. The FBI was ultimately able to use subpoenas to obtain IP logs connecting Broadwell's anonymous Gmail account to others accessed from her devices, confirming her involvement with Petraeus. The discovery of the affair led to Petraeus's resignation as CIA director.
This document provides an overview of chapter 6 from a textbook on network and internet security and privacy. It covers several learning objectives: understanding security concerns like hacking and cybercrime; online threats such as identity theft and malware; cyberstalking and personal safety; assessing personal computer security using encryption and firewalls; privacy concerns regarding personal data collection; and current legislation. The chapter examines these topics in depth through explanations of technical concepts, examples, and best practices for protection.
The document discusses wireless network security and hacking. It covers types of wireless networks and encryption, wireless hacking tools and methodology, threats to wireless networks, and how to hack wireless networks and Bluetooth connections. The goal is to understand wireless security concepts and vulnerabilities in order to test and improve security.
If last year’s presentation on the SANS 20 felt like more of a rant than a practical application of elite IT knowledge, Ian Trump’s technical track presentation is going to unleash GFI MAX as a security dashboard like nothing you have seen.
The Octopi team has leveraged network scanning and event log checks, and Ian takes the GFI MAX dashboard to a whole new level. MSP’s can take his code and research and immediately apply it to their practices to secure their customers from cyber threats. Dehydrated from the summer information security conferences, Ian will give you the threat intel you need to be on the lookout for in the months ahead.
Besides all the GFI MAX goodness, being part of a live demo to find APT, and seeing Ian link Human Rights, Market Research, Ice, Law, Iggy Azalea, War Ferrets, Christian Studies, Event Auditing, Security Tools, Taylor Swift and How we can all fix the cyber problem into one epic presentation – well, you don’t want to miss this.
The ClearScore Darkpaper: The danger of the dark web 2020Jayna Mistry
1. The document discusses fraud on the dark web and its impact on UK residents. It finds that 33% of UK residents have been victims of online fraud, with losses commonly between £101-£500.
2. Many underestimate how frequently data breaches occur, with only 25% thinking their data could be for sale on the dark web. However, the average ClearScore user found passwords from seven online accounts had been leaked.
3. Identity theft and fraud are among the UK population's biggest financial concerns highlighted in the report.
Warrantless governmental surveillance through the use of emerging technology ...Vania_Chaker
Abstract: Warrantless Governmental Surveillance through the Use of Emerging Technology Has Become a Mainstay of Governmental Investigation
The United States government enjoys awesome technological capabilities. It can facilely monitor electronic communications and surreptitiously retrieve stored information on private computer systems through the use of emerging technology. Indeed, technology that was once the stuff of science fiction is now routinely used in real life to monitor the activities of citizens, corporations, even foreign nationals in foreign nations.
This blog post raises the question as to whether such powerful governmental capabilities have been tempered by the countervailing protective judicial or legislative safeguards necessary to offset the greatly increased potential for improper government intrusiveness. The word count is 449 words (1,396 words including footnotes).
The Passware Forensic Kit 10.3 allows for distributed password recovery using multiple "Agents" installed on different machines. This helps speed up the password recovery process by leveraging additional computing resources. The kit can recover passwords from Bitlocker encrypted drives and Truecrypt encrypted volumes. It provides forensic investigators the ability to decrypt and access encrypted drives and containers to find passwords. Pricing starts at $795 for the basic kit with 5 Agents, and scales up to support 500 Agents for large-scale forensic investigations.
The document discusses how recent NSA surveillance program revelations have negatively impacted the technology industry and cloud computing. It summarizes that the NSA collected data from major tech companies without consent, details some of their surveillance programs, and reviews the legal and economic fallout, including two conflicting court rulings on the programs' constitutionality. Recent estimates suggest the NSA actions could cost the US tech industry between $35-180 billion over the next three years due to lost foreign business and erosion of trust in US cloud services.
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywordskhansalman19
Computer security involves protecting computer systems and data from theft or damage. It includes protecting data, networks, and computing power through controls that provide confidentiality, integrity, and availability of systems and components like data, software, hardware, and firmware. Common threats include vulnerabilities, exploits, and privilege escalation that hackers can use to breach security. Installation of operating systems like Kali Linux in virtual machines requires selecting the ISO file, initiating the VMware installation wizard, and choosing typical options to complete setup.
Malta Economic Update 06 2008 - isec interviewFabian Borg
Mr. Borg, Managing Director of isecmalta.com, argues that companies should hire ethical hackers to test their network security. His company forms teams to perform security audits by thinking like hackers and using their techniques, such as social engineering. Social engineering tricks employees into revealing information, for example by posing as IT staff or applying for jobs to obtain network details. Hackers may also directly access systems by installing malware on unused floppy disks left in public areas. Regular security audits are important as hacking risks rise with greater internet access and more people studying hacking tools.
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Fakrul Alam
The internet has, in the mere space of a decade, completely revolutionized the way things are done in Bangladesh. Everything from making friends, shopping, learning and even starting and promoting businesses has experienced paradigm shifts due to the internet. But, despite the allures of connectivity. There are also dangers as well.
This event will focus on cyber security and how to keep privileged data safe from unwanted observation. The event will also talk about how society has changed, both good and bad, and how we can use this opportunity to drive more meaningful growth.
The document discusses various types of computer security threats including denial-of-service (DoS) attacks, wiretapping, viruses, worms, and trojans. It provides examples of each type of threat and how they work, such as how a HTTP POST DoS attack can overload a server with slow connections. The document also discusses the conflict between Bollywood and the hacktivist group Anonymous over piracy and retaliation through DDoS attacks. Finally, it covers computer viruses in more detail, describing different categories like boot sector, file infector, macro, multipartite, and polymorphic viruses.
This document discusses cyber warfare and the threats it poses. It defines cyber warfare as using computers and the internet to conduct warfare in cyberspace. It notes governments' vulnerability due to their reliance on internet-connected systems like power grids. Examples are given of cyber attacks on Estonia, the Pentagon, and countries involved in conflicts like Georgia. The document suggests future wars may target critical infrastructure through cyber means to cause damage without risking attackers' lives. It remains unclear if a large-scale cyber war has occurred but attacks are developing and pose threats like crippling a country by disrupting communication, utilities, and access to sensitive information.
DDoS awareness grows with the attack state shifting towards the healthy state of the Internet. DDoS attacks are like sharks in the ocean—you know they are there, even if you do not see any shark fins above the water. This picture describes what’s happening in the modern internet, where DDoS attacks occur every minute—they become the new normal, and those serving accessibility are adapting by including such services in their bundles. In 2017 an internet business without DDoS mitigation and WAF is ceased to exist.
Cyberwarfare involves politically motivated attacks on computer systems and networks. Many countries are engaging in cyber attacks and developing cyber weapons. A major cyber attack could significantly impact a country's economy and critical infrastructure by disrupting financial systems, communications, and other daily activities that rely on internet connectivity. Protecting against cyber threats will require increased security measures and international cooperation.
The document discusses the biggest cybersecurity threats of 2017, including ransomware, distributed denial of service (DDoS) attacks, the internet of things (IoT), and human/employee threats. Ransomware attacks grew significantly in recent years, with the WannaCry attack in 2017 infecting over 200,000 computers globally. DDoS attacks can overwhelm servers through hijacked devices in botnets, while the growing IoT introduces new vulnerabilities. Employees were responsible for the majority of data breaches, whether through malicious insiders, mistakes, or negligence. The costs of data breaches for companies are substantial.
This document discusses several key issues relating to the investigation and regulation of cybercrimes. It covers topics such as obtaining witness cooperation, choosing the appropriate jurisdiction, logistical barriers to international investigations, identifying suspects, challenges with search and seizure of digital evidence, problems of encryption, locating and securing relevant materials, use of mutual assistance treaties, and securing extradition when suspects are located across international borders. Overall, the document outlines the complex legal and technical challenges involved in investigating cybercrimes that cross international lines.
Cyberwar, cyberwarfare are on everyone's lips but mean nothing as they are least understood and still need to be defined! Yet we have everyone who means something - standing on the rooftops and rattling their swords. The question is = is India ready - this is explored in the presentation. Indian institutions, cyber practices and the way ahead.
This document discusses computer and cyber crimes. It defines computer crimes as illegal acts performed by hackers to steal private information from companies or individuals. Cyber crimes are crimes that involve computers and networks, where the computer may be used to enable criminal acts or be the target. Various types of cyber crimes are discussed such as cyber stalking, cyber pornography, intellectual property crimes, and computer vandalism. Computer forensics and tools for investigating cyber crimes are also mentioned.
The document discusses cyber security awareness and issues in Bangladesh. It notes that while internet usage in Bangladesh is growing rapidly with over 40 million users, most users have little awareness of cyber security. It then examines key cyber security threats and vulnerabilities faced by social media users, mobile phone users, and computer users in Bangladesh. These include weak passwords, interacting with strangers online, downloading unauthorized apps, and lack of antivirus use. The document concludes by recommending various measures to mitigate cyber security risks, such as using two-factor authentication, updating software, and following organizations' cyber security policies.
This document discusses how to make an Asterisk system more secure. It begins by explaining that PBX systems are targets for hackers and how they can find unsecured systems. It then provides recommendations for securing the physical device, operating system, network, Asterisk configuration, SIP, and dialplan. Resources discussed include taking Asterisk security courses, reviewing the Asterisk wiki for security articles, keeping systems updated, and using dedicated VoIP security products to monitor for attacks.
Don't Panic. Making Progress on the 'Going Dark' DebateFabio Chiusi
The document summarizes a report by the Berkman Center for Internet & Society at Harvard University on the debate around government access to encrypted communications and data. The report finds that while encryption technologies are making some surveillance more difficult, communications will neither be completely obscured nor fully transparent. End-to-end encryption is unlikely to be adopted ubiquitously as companies rely on access to user data. Metadata and data from networked devices may enable alternative forms of surveillance. The trends raise novel privacy and security challenges as today's debate does not consider the full technological landscape.
To download The Cyber Security Whitepaper for free, visit: www.vTechSolution.com
https://vtechsolution.com/cyber-security-whitepaper-2018/
Small businesses usually neglect Cyber Security as an essential function making their IT infrastructure vulnerable.
IT security issues often cost companies a lot of money and downtime every year. Even if the IT infrastructure consists of couple laptops and Devices, Cyber Security should always be a top priority.
This white paper provides Cyber Security Insights that are a must know for all small to midsize business. It describes the current trends in Cyber Security, do & don’ts, and scenarios. Learn how to protect your computers, networks, programs, and data from unauthorized access or attacks that are aimed for exploitation.
The document discusses the introduction and basics of IPv6. It covers why IPv6 was developed due to the depletion of IPv4 addresses, the differences between IPv4 and IPv6 headers and addressing, and how to obtain and use IPv6 addresses. It also provides examples of IPv6 addresses and prefixes.
Warrantless governmental surveillance through the use of emerging technology ...Vania_Chaker
Abstract: Warrantless Governmental Surveillance through the Use of Emerging Technology Has Become a Mainstay of Governmental Investigation
The United States government enjoys awesome technological capabilities. It can facilely monitor electronic communications and surreptitiously retrieve stored information on private computer systems through the use of emerging technology. Indeed, technology that was once the stuff of science fiction is now routinely used in real life to monitor the activities of citizens, corporations, even foreign nationals in foreign nations.
This blog post raises the question as to whether such powerful governmental capabilities have been tempered by the countervailing protective judicial or legislative safeguards necessary to offset the greatly increased potential for improper government intrusiveness. The word count is 449 words (1,396 words including footnotes).
The Passware Forensic Kit 10.3 allows for distributed password recovery using multiple "Agents" installed on different machines. This helps speed up the password recovery process by leveraging additional computing resources. The kit can recover passwords from Bitlocker encrypted drives and Truecrypt encrypted volumes. It provides forensic investigators the ability to decrypt and access encrypted drives and containers to find passwords. Pricing starts at $795 for the basic kit with 5 Agents, and scales up to support 500 Agents for large-scale forensic investigations.
The document discusses how recent NSA surveillance program revelations have negatively impacted the technology industry and cloud computing. It summarizes that the NSA collected data from major tech companies without consent, details some of their surveillance programs, and reviews the legal and economic fallout, including two conflicting court rulings on the programs' constitutionality. Recent estimates suggest the NSA actions could cost the US tech industry between $35-180 billion over the next three years due to lost foreign business and erosion of trust in US cloud services.
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywordskhansalman19
Computer security involves protecting computer systems and data from theft or damage. It includes protecting data, networks, and computing power through controls that provide confidentiality, integrity, and availability of systems and components like data, software, hardware, and firmware. Common threats include vulnerabilities, exploits, and privilege escalation that hackers can use to breach security. Installation of operating systems like Kali Linux in virtual machines requires selecting the ISO file, initiating the VMware installation wizard, and choosing typical options to complete setup.
Malta Economic Update 06 2008 - isec interviewFabian Borg
Mr. Borg, Managing Director of isecmalta.com, argues that companies should hire ethical hackers to test their network security. His company forms teams to perform security audits by thinking like hackers and using their techniques, such as social engineering. Social engineering tricks employees into revealing information, for example by posing as IT staff or applying for jobs to obtain network details. Hackers may also directly access systems by installing malware on unused floppy disks left in public areas. Regular security audits are important as hacking risks rise with greater internet access and more people studying hacking tools.
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Fakrul Alam
The internet has, in the mere space of a decade, completely revolutionized the way things are done in Bangladesh. Everything from making friends, shopping, learning and even starting and promoting businesses has experienced paradigm shifts due to the internet. But, despite the allures of connectivity. There are also dangers as well.
This event will focus on cyber security and how to keep privileged data safe from unwanted observation. The event will also talk about how society has changed, both good and bad, and how we can use this opportunity to drive more meaningful growth.
The document discusses various types of computer security threats including denial-of-service (DoS) attacks, wiretapping, viruses, worms, and trojans. It provides examples of each type of threat and how they work, such as how a HTTP POST DoS attack can overload a server with slow connections. The document also discusses the conflict between Bollywood and the hacktivist group Anonymous over piracy and retaliation through DDoS attacks. Finally, it covers computer viruses in more detail, describing different categories like boot sector, file infector, macro, multipartite, and polymorphic viruses.
This document discusses cyber warfare and the threats it poses. It defines cyber warfare as using computers and the internet to conduct warfare in cyberspace. It notes governments' vulnerability due to their reliance on internet-connected systems like power grids. Examples are given of cyber attacks on Estonia, the Pentagon, and countries involved in conflicts like Georgia. The document suggests future wars may target critical infrastructure through cyber means to cause damage without risking attackers' lives. It remains unclear if a large-scale cyber war has occurred but attacks are developing and pose threats like crippling a country by disrupting communication, utilities, and access to sensitive information.
DDoS awareness grows with the attack state shifting towards the healthy state of the Internet. DDoS attacks are like sharks in the ocean—you know they are there, even if you do not see any shark fins above the water. This picture describes what’s happening in the modern internet, where DDoS attacks occur every minute—they become the new normal, and those serving accessibility are adapting by including such services in their bundles. In 2017 an internet business without DDoS mitigation and WAF is ceased to exist.
Cyberwarfare involves politically motivated attacks on computer systems and networks. Many countries are engaging in cyber attacks and developing cyber weapons. A major cyber attack could significantly impact a country's economy and critical infrastructure by disrupting financial systems, communications, and other daily activities that rely on internet connectivity. Protecting against cyber threats will require increased security measures and international cooperation.
The document discusses the biggest cybersecurity threats of 2017, including ransomware, distributed denial of service (DDoS) attacks, the internet of things (IoT), and human/employee threats. Ransomware attacks grew significantly in recent years, with the WannaCry attack in 2017 infecting over 200,000 computers globally. DDoS attacks can overwhelm servers through hijacked devices in botnets, while the growing IoT introduces new vulnerabilities. Employees were responsible for the majority of data breaches, whether through malicious insiders, mistakes, or negligence. The costs of data breaches for companies are substantial.
This document discusses several key issues relating to the investigation and regulation of cybercrimes. It covers topics such as obtaining witness cooperation, choosing the appropriate jurisdiction, logistical barriers to international investigations, identifying suspects, challenges with search and seizure of digital evidence, problems of encryption, locating and securing relevant materials, use of mutual assistance treaties, and securing extradition when suspects are located across international borders. Overall, the document outlines the complex legal and technical challenges involved in investigating cybercrimes that cross international lines.
Cyberwar, cyberwarfare are on everyone's lips but mean nothing as they are least understood and still need to be defined! Yet we have everyone who means something - standing on the rooftops and rattling their swords. The question is = is India ready - this is explored in the presentation. Indian institutions, cyber practices and the way ahead.
This document discusses computer and cyber crimes. It defines computer crimes as illegal acts performed by hackers to steal private information from companies or individuals. Cyber crimes are crimes that involve computers and networks, where the computer may be used to enable criminal acts or be the target. Various types of cyber crimes are discussed such as cyber stalking, cyber pornography, intellectual property crimes, and computer vandalism. Computer forensics and tools for investigating cyber crimes are also mentioned.
The document discusses cyber security awareness and issues in Bangladesh. It notes that while internet usage in Bangladesh is growing rapidly with over 40 million users, most users have little awareness of cyber security. It then examines key cyber security threats and vulnerabilities faced by social media users, mobile phone users, and computer users in Bangladesh. These include weak passwords, interacting with strangers online, downloading unauthorized apps, and lack of antivirus use. The document concludes by recommending various measures to mitigate cyber security risks, such as using two-factor authentication, updating software, and following organizations' cyber security policies.
This document discusses how to make an Asterisk system more secure. It begins by explaining that PBX systems are targets for hackers and how they can find unsecured systems. It then provides recommendations for securing the physical device, operating system, network, Asterisk configuration, SIP, and dialplan. Resources discussed include taking Asterisk security courses, reviewing the Asterisk wiki for security articles, keeping systems updated, and using dedicated VoIP security products to monitor for attacks.
Don't Panic. Making Progress on the 'Going Dark' DebateFabio Chiusi
The document summarizes a report by the Berkman Center for Internet & Society at Harvard University on the debate around government access to encrypted communications and data. The report finds that while encryption technologies are making some surveillance more difficult, communications will neither be completely obscured nor fully transparent. End-to-end encryption is unlikely to be adopted ubiquitously as companies rely on access to user data. Metadata and data from networked devices may enable alternative forms of surveillance. The trends raise novel privacy and security challenges as today's debate does not consider the full technological landscape.
To download The Cyber Security Whitepaper for free, visit: www.vTechSolution.com
https://vtechsolution.com/cyber-security-whitepaper-2018/
Small businesses usually neglect Cyber Security as an essential function making their IT infrastructure vulnerable.
IT security issues often cost companies a lot of money and downtime every year. Even if the IT infrastructure consists of couple laptops and Devices, Cyber Security should always be a top priority.
This white paper provides Cyber Security Insights that are a must know for all small to midsize business. It describes the current trends in Cyber Security, do & don’ts, and scenarios. Learn how to protect your computers, networks, programs, and data from unauthorized access or attacks that are aimed for exploitation.
The document discusses the introduction and basics of IPv6. It covers why IPv6 was developed due to the depletion of IPv4 addresses, the differences between IPv4 and IPv6 headers and addressing, and how to obtain and use IPv6 addresses. It also provides examples of IPv6 addresses and prefixes.
This document provides a summary of an internet security trends presentation from April 2013. It discusses various internet security reports from 2012 and 2013, key findings from 2011, an overview of common attack types, botnets like Carna that use insecure embedded devices, the Shodan search engine, vulnerabilities in Cisco IOS passwords, leaked passwords on GitHub and from other sites, the debate around replacing passwords, massive DDoS attacks against Spamhaus and the increasing use of DNS amplification attacks. It also covers topics like open DNS resolvers, BIND vulnerabilities, ingress filtering, IPv6 security, and the increasing prevalence of IPv6.
The document summarizes a presentation on IT security given by Henrik Lund Kramshøj. The presentation covers topics such as password security, using encryption tools to protect data, and two-factor authentication. It provides examples of password managers and hardware security keys that can be used to replace passwords. It also discusses using encryption protocols and virtual private networks to securely transmit data.
- The document is a technical seminar presentation on the topic of the dark web.
- It discusses what the dark web is, how it can be accessed using Tor, and both the legal and illegal uses of the dark web.
- The presentation covers topics like how Tor works to anonymize users, legal uses of the dark web like avoiding censorship, and the criminal elements and dangers that exist on the dark web like drugs, weapons, and other disturbing content.
This document discusses government surveillance programs and civil liberties in the UK. It provides examples of surveillance programs operated by GCHQ and the NSA, such as programs that collect data from social media sites, smartphones, text messages, and more. The document questions whether surveillance is being conducted within proper legal and oversight guidelines, or if it has gone too far and infringed on citizens' privacy and civil liberties. It calls for stronger legal protections and more oversight of surveillance activities.
BruCON is an annual two-day security conference held in Brussels that features talks from international experts on topics related to information security, privacy, and the implications of technology on society. It provides an accessible and affordable event for open discussions within the security and hacker communities. The conference includes keynote speeches, security challenges, and workshops on various technical subjects.
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
An overview of the legal, privacy, and security issues surrounding modern cloud services and cryptography
Created as an alumnus talk for the Computer & Network Support Technology Fairfield Career Center senior class of 2016.
A free software implementation of second-generation onion routing that help the user to be anonymous while using the internet so it protect the user’s privacy from being monitored
Some people use it in the wrong way which lead to what is called now “The Darknet” : A black spot in the internet which involve all the criminal activities on the internet such as selling Drugs, fraud, copyright infringement and piracy and so on.
Security Solutions for Hyperconnectivity and the Internet of ThingsMaurice Dawson
The Internet of Things describes a world in which smart technologies enable objects with a network to communicate with each other and interface with humans effortlessly. This connected world of convenience and technology does not come without its drawbacks, as interconnectivity implies hackability. Security Solutions for Hyperconnectivity and the Internet of Things offers insights from cutting-edge research about the strategies and techniques that can be implemented to protect against cyber-attacks.
A free software implementation of second-generation onion routing that help the user to be anonymous while using the internet so it protect the user’s privacy from being monitored
Some people use it in the wrong way which lead to what is called now “The Darknet” : A black spot in the internet which involve all the criminal activities on the internet such as selling Drugs, fraud, copyright infringement and piracy and so on.
This presentation was made by collecting all publicly available materials and it is purely for educational purpose. Author wants to thank each and every contributor of pictures, video, text in this presentation.
This document provides a summary of various news articles and discussions related to government surveillance programs and encryption. It references revelations about the NSA and GCHQ programs like PRISM and Tempora that were disclosed by Edward Snowden. There are discussions of how encryption standards have been weakened and backdoors added at the request of intelligence agencies. Critics argue that massive surveillance is a violation of privacy, while NSA officials claim it is necessary to find threats. The future of security and privacy in the digital age is debated.
A former hacker who went by the alias "Mafiaboy" launched denial-of-service attacks in 2000 that temporarily shut down websites like Yahoo, eBay and CNN. He has now written a memoir about his criminal past as a hacker and examines current issues with online security. The hacks caused millions in damages and increased government focus on cybersecurity.
Dark Web Kristin Finklea Specialist in Domestic SeOllieShoresna
The document provides an overview of the dark web, including how it can be accessed using tools like Tor, how users navigate it through directories and search engines, and how communications can occur anonymously. It discusses both legitimate and illegal uses of the dark web, noting notorious illegal dark web markets like Silk Road. It also examines how law enforcement, military, and intelligence agencies may use the dark web for surveillance or covert operations.
Tor is a free tool that allows users to browse the internet anonymously. It works by routing internet traffic through a network of volunteers around the world, preventing others from seeing what sites a user visits. Originally created by the U.S. Naval Research Laboratory to protect government communications, Tor has since been adopted by normal users, journalists, activists, and others seeking privacy online or wanting to access censored sites. It encrypts data and routes it through several volunteer nodes, removing layers of encryption at each stop to hide a message's origin, destination, and contents from intermediaries.
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
This document provides an overview of anonymous networks and circumvention techniques. It discusses Tor, Freenet, Gnunet, and I2P as examples of implemented anonymous networks. Tor routes traffic through volunteer servers called nodes to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Circumvention techniques like Obfsproxy and Flashproxy are also summarized, which transform Tor traffic to bypass censorship methods like deep packet inspection.
The document discusses open source software and security. It notes that while open source code being publicly available could enable security vulnerabilities if viewed by malicious actors, open source may also increase security through transparency and many eyes reviewing the code. Studies have found Linux source code to have significantly fewer bugs than closed source commercial software. The document also discusses how transparency, interoperability, and avoiding vendor lock-in have driven many governments to adopt open source solutions for national security and accessibility reasons.
The document discusses various tools and techniques for online anonymity and encrypted communication, including hacktivism, open source operating systems like Linux, full-disk encryption, virtual private networks, anonymous email providers, encrypted messaging apps, anonymous social media, torrents, and darknet file sharing platforms. It provides instructions for setting up encrypted browsers, email, chat, and collaboration while avoiding surveillance and censorship. The overall aim is to educate on building "cipherspace" through digital security culture.
This document discusses various fears related to computer technology. It covers fears about information technology like cyber fraud and leaked intelligence. It also addresses fears about industrial technology like job loss from automation. Experimental technologies like the Large Hadron Collider and hypothetical future technologies involving nanotechnology and artificial intelligence are also discussed. The document examines how weapon technologies have advanced and become more powerful over time, raising fears about future weapons.
The Honeynet Project is a non-profit organization that aims to improve internet security by learning about computer attacks. It deploys honeypots - computers designed to be hacked - to capture data on threats. The organization shares its research findings openly. It also operates a Honeynet Research Alliance of groups around the world collaborating on honeypot technologies and research.
A framework for practical vulnerabilities of the tor (the onion routing) anon...IAEME Publication
This document discusses vulnerabilities in the Tor (The Onion Routing) anonymity network. It contains the following key points:
1. Tor aims to protect users' anonymity by routing traffic through multiple volunteer-run relays, but it does not provide perfect anonymity.
2. Adversaries can de-anonymize users by observing both ends of the Tor circuit, as this allows them to correlate incoming and outgoing traffic in real-time.
3. Padding traffic to make all circuits indistinguishable is challenging and introduces a lot of overhead, as circuits would need to start and end at exactly the same time while accommodating unpredictable traffic volumes.
A framework for practical vulnerabilities of the tor (the onion routing) anon...IAEME Publication
This document summarizes vulnerabilities in the Tor (The Onion Routing) anonymity network. It discusses how an adversary can perform end-to-end correlation attacks by observing both ends of a Tor circuit. Even if the adversary cannot observe both ends directly, they may be able to do so through a single autonomous system on the internet paths between the client and destination. Padding traffic to make circuits indistinguishable does not fully address the problem due to latency requirements for applications like web browsing. The document concludes that while Tor provides anonymity against local observers, it offers limited protection against a global adversary.
This document provides an overview and instructions for a series of exercises for an ethical hacking workshop. It outlines 25 different exercises that cover topics like installing Putty and WinSCP for secure connections, logging into Unix servers, using basic Unix commands, gaining root access on Unix, booting a Backtrack live CD, installing Wireshark, and sniffing network packets. For each exercise, it provides the objective, suggested approach, hints, a potential solution, and discussion points. The goal is to expose participants to practical security tools and scenarios to help them learn techniques used in ethical hacking.
This document provides an overview of security tools that can be used in software development. It discusses coding standards, compiler warnings, version control, design for security, testing, and analysis tools. Coding standards and following compiler warnings can help catch simple errors. Version control allows reviewing changes and implementing hooks to catch issues early. Designing for security from the start is important. Testing on multiple levels from units to full systems helps improve quality. Static and dynamic analysis tools can find bugs without or during execution. Overall, applying security best practices throughout the development cycle leads to higher quality software.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Dandelion Hashtable: beyond billion requests per second on a commodity server
Tor talk-prosa-screen
1. Welcome to
TOR
Paranoia and government hacking
Henrik Lund Kramshøj, internet samurai
hlk@solido.net
http://www.solidonetworks.com
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
1
2. ˚
Bjarne Jess Hansen - Vi voksne kan ogsa være bange
https://www.youtube.com/watch?v=ApRPz9FzkQM
Source: Lyrics to the old-skool protest song about nuclear war
http://www.fredsakademiet.dk/abase/sange/sang29.htm
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
2
3. Syria: Protest singer Ibrahim Kashoush
Four days later, his body was found dumped in the Assi River (also spelled: Isa
River), with a big, open and bloody wound in his neck where his adam’s apple
and voice chord had been removed. A clear message to those who dare to raise
their voice against the Syrian President Bashar al-Assad.
’Yalla Erhal Ya Bashar’ (It’s time to leave, Bashar), demanding an end to President
Bashar al-Assads regime.
https://www.youtube.com/watch?v=nox6sVyhBYk
http://freemuse.org/archives/5054
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
3
4. Democracy now: Why do we bother?
In a democracy we need the citizens with freedom that can act without constant surveillance
Democracy requires that we can actively select which personal data to give up and to
whom
Cryptography is peaceful protest against blanket surveillance
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
4
5. Data collected will be abused
Data collected will be abused either by criminals or for criminal purposes, commercial
purposes no matter what the original intentions were. Today data is gathered to protect
us from terrorists, extremism, nazis, pedophiles, abuse of children ... Le mal du jour.
but also enables stalking, employers doing abusive monitoring, spouses and parents
abusing power, politicians abusing power, police investigations into legal protests
You should take control of your data - that is democracy
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
5
6. Why think of security?
Privacy is necessary for an open society in the electronic age. Privacy is not
secrecy. A private matter is something one doesn’t want the whole world to know,
but a secret matter is something one doesn’t want anybody to know. Privacy is
the power to selectively reveal oneself to the world. A Cypherpunk’s Manifesto
by Eric Hughes, 1993
Copied from https://cryptoparty.org/wiki/CryptoParty
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
6
7. Paranoia defined
Source: google paranoia definition - Er du passende paranoid?
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
7
8. Face reality
From the definition:
suspicion and mistrust of people or their actions without evidence or justification. ”the global paranoia about hackers and viruses”
It is not paranoia when:
•
•
•
•
•
Criminals sell your credit card information and identity theft
Trade infected computers like a commodity
Governments write laws that allows them to introduce back-doors - and use these
Governments do blanket surveillance of their population
Governments implement censorship, threaten citizens and journalist
You are not paranoid when there are people actively attacking you!
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
8
9. Risk management defined
Source: Shon Harris CISSP All-in-One Exam Guide
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
9
10. Using crypto is a peaceful protest
and it is not magic
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
10
11. Government back-doors
What if I told you:
Governments will introduce back-doors
Intercepting encrypted communications with fake certificates - check
May 5, 2011 A Syrian Man-In-The-Middle Attack against Facebook
”Yesterday we learned of reports that the Syrian Telecom Ministry
had launched a man-in-the-middle attack against the HTTPS version of the Facebook site.”
Source:
https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook
Mapping out social media and finding connections - check
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
11
12. Infecting activist machines
Infecting activist machines - check
Tibet activists are repeatedly being targeted with virus and malware,
such as malicious apps for Android like KakaoTalk
TOR-users infected with malicious code to reveal their real
IPs
https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting
Copying journalist data in airports - check
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
12
13. Governments blanket surveillance
NSA - need we say more?
http://en.wikipedia.org/wiki/PRISM_(surveillance_program)
Governments also implementing censorship
Outlaw and/or discredit crypto
Go after TOR exit nodes
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
13
14. TOR is BAD
The only users of TOR are bad people, BAD people I tell you!
Criminals
Drugs - lots of drugs
Terrorists planning World War IIIII
Pedophiles
More drugs - and high quality!
Copyright infringement
Did you know the roads are being used by criminals in the physical world
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
14
15. TOR History Inception
http://www.onion-router.net/
This website comprises the onion-router.net site formerly hosted at the Center for
High Assurance Computer Systems of the U.S. Naval Research Laboratory. It
primarily covers the work done at NRL during the first decade of onion routing
and reflects the onion-router.net site roughly as it existed circa 2005. As a
historical site it may contain dead external links and other signs of age.
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
15
16. TOR today
• Tor was originally designed, implemented, and deployed as a third-generation onion routing project
of the U.S. Naval Research Laboratory.
• Today, it is used every day for a wide variety of purposes by normal people, the military,
journalists, law enforcement officers, activists, and many others.
• Tor’s hidden services let users publish web sites and other services
Source:
https://www.torproject.org/about/overview.html.en
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
16
17. TOR users 2007
Dan Egerstad, Swedish computer security consultant obtained log-in and password information for 1,000 e-mail accounts belonging to foreign embassies, corporations and human rights organizations.
Use encryption and secure protocols AND TOR!
Note: I have no knowledge about the danish embassies using or not using TOR, but probably they do.
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
17
18. Denmark
Danish police and TAX authorities have the legals means, even for small tax-avoidance
cases, see Rockerloven
Danish prime minister Helle Thorning-Schmidt does NOT criticize the USA
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
18
19. Use protection - always
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
19
20. A vulnerability can and will be abused
What if I told you:
Criminals will be happy to leverage backdoors created
by government
It does not matter if the crypto product has a weakness to allow investigations or the
software has a backdoor to help law enforcement. Data and vulnerabilities WILL be
abused and exploited.
If nothing else Snowden leaks have shown us - trust nobody!
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
20
21. Tor project - how it works 1
pictures from https://www.torproject.org/about/overview.html.en
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
21
22. Tor project - how it works 2
pictures from https://www.torproject.org/about/overview.html.en
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
22
23. Tor project - how it works 3
pictures from https://www.torproject.org/about/overview.html.en
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
23
24. Using TOR
Recommendation is to run TOR browser
Also plugins to Firefox etc. beware of browser fingerprint and DNS leaks!
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
24
25. Whonix - a better idea
Whonix is an operating system focused on anonymity, privacy and security. It’s
based on the Tor anonymity network[5], Debian GNU/Linux[6] and security by
isolation. DNS leaks are impossible, and not even malware with root privileges
can find out the user’s real IP.
https://www.whonix.org/
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
25
26. TOR crypto Use version 2.4+
Tor is still DHE 1024 (NSA crackable)
By Robert Graham
After more revelations, and expert analysis, we still aren’t precisely sure what
crypto the NSA can break. But everyone seems to agree that if anything, the
NSA can break 1024 RSA/DH keys. Assuming no ”breakthroughs”, the NSA
can spend $1 billion on custom chips that can break such a key in a few hours.
We know the NSA builds custom chips, they’ve got fairly public deals with IBM
foundries to build chips.
The problem with Tor is that it still uses these 1024 bit keys for much of its crypto,
particularly because most people are still using older versions of the software.
The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys.
Source:
http://blog.erratasec.com/2013/09/tor-is-still-dhe-1024-nsa-crackable.html
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
26
27. The future of Tor cryptography
After the last round of revelations from Edward Snowden, described as ”explosive”
by Bruce Schneier, several threads started on the tor-talk mailing list to discuss
Tor cryptography. A lot of what has been written is speculative at this point. But
some have raised concerns about 1024 bit Diffie-Hellman key exchange. This
has already been addressed with the introduction of the ”ntor” handshake
in 0.2.4 and Nick Mathewson encourages everybody to upgrade.
Source:
https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-september-11th-2013
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
27
28. TOR news
• TOR blogGreat news stories about TOR
https://blog.torproject.org/blog/
• Electronic Frontier Foundation (EFF)
https://www.eff.org/
• TOR users are also Access users
https://www.accessnow.org/
• cryptoparty.org and Asher Wolf, https://twitter.com/Asher_Wolf https://en.wikipedia.
org/wiki/CryptoParty
• Schneier on Security
https://www.schneier.com/
Sample analysis How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html
• Cryptome welcomes documents for publication that are prohibited by governments worldwide
cryptome.org/
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
28
29. Accessnow.org
Access defends and extends the digital rights of users at risk around the world.
By combining innovative policy, user engagement, and direct technical support,
we fight for open and secure communications for all.
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
29
30. Helping out - run a relay
solidaritetskryptering
more expensive to do blanket surveillance and focus will switch to targeted monitoring!
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
30
31. Be careful - questions?
Hey, Lets be careful out there!
Henrik Lund Kramshøj, internet samurai
hlk@solido.net
Source: Michael Conrad http://www.hillstreetblues.tv/
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
31
32. Cryptography Engineering
Cryptography Engineering by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno
https://www.schneier.com/book-ce.html
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
32
33. HTTPS Everywhere
HTTPS Everywhere is a Firefox extension produced as a collaboration between
The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.
http://www.eff.org/https-everywhere
And configure your browser to not activate content like Flash before you click
Plugins like NoScript for Firefox and NotScripts for Chrome is highly recommended
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
33
34. UK: Seize smart phones and download data
Officers use counter-terrorism laws to remove a mobile phone from any passenger they wish coming through UK air, sea and international rail ports and then
scour their data.
The blanket power is so broad they do not even have to show reasonable suspicion for seizing the device and can retain the information for ”as long as is
necessary”.
Data can include call history, contact books, photos and who the person is texting
or emailing, although not the contents of messages.
Source: http://www.telegraph.co.uk/technology/10177765/Travellers-mobile-phone-data-seized-by-policeat-border.html
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
34
35. UK wouldn’t seize data like that, you are lying
(Reuters) - British authorities came under pressure on Monday to explain why
anti-terrorism powers were used to detain for nine hours the partner of a journalist
who has written articles about U.S. and British surveillance programs based
on leaks from Edward Snowden.
Brazilian David Miranda, the partner of American journalist Glenn Greenwald,
was detained on Sunday at London’s Heathrow Airport where he was in transit on
his way from Berlin to Rio de Janeiro. He was released without charge.
Source:
http://www.reuters.com/article/2013/08/19/us-britain-snowden-detention-idUSBRE97I0J520130819
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
35
36. Government backdoors is not news
Nothing new really, see for example D.I.R.T and Magic Lantern
D.I.R.T - Data Interception by Remote Transmission since the late 1990s
http://cryptome.org/fbi-dirt.htm
http://cryptome.org/dirty-secrets2.htm
They will always use Le mal du jour to increase monitoring
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
36
37. Government monitoring is not news
FBI Carnivore
”... that was designed to monitor email and electronic communications. It used a
customizable packet sniffer that can monitor all of a target user’s Internet traffic.” http:
//en.wikipedia.org/wiki/Carnivore_(software)
NarusInsight ”Narus provided Egypt Telecom with Deep Packet Inspection equipment,
a content-filtering technology that allows network managers to inspect, track and target
content from users of the Internet and mobile phones, as it passes through routers
on the information superhighway. Other Narus global customers include the national
telecommunications authorities in Pakistan and Saudi Arabia, ...”
http://en.wikipedia.org/wiki/NarusInsight
c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj
37