The document is a transcript of a talk by Dan Kaminsky about various cybersecurity topics. Some key points:
- Hard drives are essentially their own computers with direct access to system memory, so malware on a hard drive can be highly persistent.
- Random number generators are often insecure by default due to lack of entropy. This leads to issues like easily crackable passwords.
- A new library called Liburandy aims to make random numbers secure by default by hijacking standard functions and backing them with cryptographically secure sources of randomness.
- Humans are better at remembering stories than random bits, so representing passwords as memorable stories could improve security and usability.
Blockchain and Smart Contracts (Series: Blockchain Basics)Financial Poise
Blockchain is a tool. Samson Williams likens blockchain to a group text message, in which each participant receives a distributed, time-stamped, tamper-resistant (and encrypted) record of data transactions. Each group text has these characteristics. Everyone in the group “sees” the data, and none can change or gainsay any group message. Smart contracts are computer code put on the blockchain (how, exactly?) that establishes self-executing terms and conditions of a transaction. Are smart contracts smart? If certain data comes in and fulfills a pre-set term or condition, then rights and responsibilities are formed, terminated, modified, or shifted among the parties. Ah certainty and transparency, but also ah garbage in and garbage out. Are some contractual terms not amenable to smart contracting? And are smart contracts necessarily contracts? If not, can they still be useful? If a smart contract is a contract, what is the governing document? Is it the words business people and lawyers use, or is it the code that is supposed to reflect the words?
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/blockchain-and-smart-contracts-2021/
***** Blockchain Training : https://www.edureka.co/blockchain-training *****
This Edureka video on "Blockchain Explained" is to guide you through the fundamentals of the new revolutionary technology called Blockchain and its defining concepts. Below are the topics covered in this tutorial:
1. History of blockchain
2. What is Blockchain
3. Traditional Transaction vs Blockchain
4. How Blockchain Works
5. Benefits of Blockchain
6. Blockchain Transaction Demo
Here is the link to the Blockchain blog series: https://goo.gl/DPoAHR
You can also refer this playlist on Blockchain: https://goo.gl/V5iayd
Blockchain technology and its impact on the supply chain Artur Gowin
Disruptive technologies such as Artificial Intelligence (AI), Blockchain, Virtual/Augmented Reality, or the Internet of Things (IoT), have already revolutionized almost every industry in the world. The four main trends in the automotive sector are diverse mobility, electrification, autonomous driving, and connectivity.
I invite you to read the material on how Blockchain can revolutionize the Finished Vehicle Logistics market!
Presentation on blockchains for Webbdagarna in Gothenburg, Sweden and for BISS (Brightlands Smart Services Campus) in Heerlen, the Netherlands in September 2016
TTA에서 좋은 주제를 주시고, 발표기회를 주셔서,
실감형 원격회의에 대해 생각해 봤습니다.
COVID19 대유행 영향으로 비대면 회의, 행사가 일상이 되면서, 사용시간이 늘어났습니다.
사용시간이 늘어나면서 점점 아쉬워지는 것은 실감형, 몰임감, 재미 요소등이 필요해 지기 시작했습니다.
아주 어려운 기술이 아니더라도, 가능한 것들도 있을 것입니다.
WebRTC는 다른 웹표준기술과 이기종의 기술과도 융합하여, 어떻게 실감나게 할 수 있을지, 벌써 오래전 Demo에서는 어떤 것들이 있었는지 알아봅니다.
Blockchain in Agri-Food – Industry Adoption AnalysisNetscribes
With the ability to track every movement of food – from the farm to the customer’s basket – blockchain has the power to address numerous challenges plaguing the agri-food industry such as waste management, food fraud, and the lack of price transparency. So it stands to reason that tech firms, both startups and behemoths, are working towards transforming this age-old industry with innovative blockchain-enabled solutions and business models. With a steady stream of projects being undertaken across food farming, processing, transportation and distribution, this report looks under the hood to find answers to key questions, such as:
• What does the value chain of blockchain enabled solutions supporting the agri-food industry consist?
• How do major blockchain companies fit in the value chain and how they collaborate with each other to meet various blockchain-enabled solutions in agri-food?
• What is the state of blockchain adoption across global regions and various sectors in the industry?
• What has been the outcome of real-world blockchain implementations, including pilot projects?
• How does the startup landscape look like?
• What does the future of blockchain in the agri-food industry look like?
For the full report, contact info@netscribes.com
Visit www.netscribes.com
Multi-Signature Crypto-Wallets: Nakov at Blockchain Berlin 2018Svetlin Nakov
Multi-Signature Crypto-Wallets: Nakov at Blockchain Berlin 2018
Speaker: Dr. Svetlin Nakov (co-founder of SoftUni)
Multisig Wallets. Sign / Execute Transactions. Implementation in Bitcoin and Ethereum
Single-User-Managed Wallets: Problems
Multi-Signature Wallets: Concepts
Multi-Signature Wallets in Bitcoin
Multi-Signature Wallets in Ethereum
The Gnosis Multisig Wallet: Demo
Slides, demos and videos: https://nakov.com/blog/2018/09/26/speaker-at-the-blockchain-technology-conference-2018-berlin/
Blockchain and Smart Contracts (Series: Blockchain Basics)Financial Poise
Blockchain is a tool. Samson Williams likens blockchain to a group text message, in which each participant receives a distributed, time-stamped, tamper-resistant (and encrypted) record of data transactions. Each group text has these characteristics. Everyone in the group “sees” the data, and none can change or gainsay any group message. Smart contracts are computer code put on the blockchain (how, exactly?) that establishes self-executing terms and conditions of a transaction. Are smart contracts smart? If certain data comes in and fulfills a pre-set term or condition, then rights and responsibilities are formed, terminated, modified, or shifted among the parties. Ah certainty and transparency, but also ah garbage in and garbage out. Are some contractual terms not amenable to smart contracting? And are smart contracts necessarily contracts? If not, can they still be useful? If a smart contract is a contract, what is the governing document? Is it the words business people and lawyers use, or is it the code that is supposed to reflect the words?
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/blockchain-and-smart-contracts-2021/
***** Blockchain Training : https://www.edureka.co/blockchain-training *****
This Edureka video on "Blockchain Explained" is to guide you through the fundamentals of the new revolutionary technology called Blockchain and its defining concepts. Below are the topics covered in this tutorial:
1. History of blockchain
2. What is Blockchain
3. Traditional Transaction vs Blockchain
4. How Blockchain Works
5. Benefits of Blockchain
6. Blockchain Transaction Demo
Here is the link to the Blockchain blog series: https://goo.gl/DPoAHR
You can also refer this playlist on Blockchain: https://goo.gl/V5iayd
Blockchain technology and its impact on the supply chain Artur Gowin
Disruptive technologies such as Artificial Intelligence (AI), Blockchain, Virtual/Augmented Reality, or the Internet of Things (IoT), have already revolutionized almost every industry in the world. The four main trends in the automotive sector are diverse mobility, electrification, autonomous driving, and connectivity.
I invite you to read the material on how Blockchain can revolutionize the Finished Vehicle Logistics market!
Presentation on blockchains for Webbdagarna in Gothenburg, Sweden and for BISS (Brightlands Smart Services Campus) in Heerlen, the Netherlands in September 2016
TTA에서 좋은 주제를 주시고, 발표기회를 주셔서,
실감형 원격회의에 대해 생각해 봤습니다.
COVID19 대유행 영향으로 비대면 회의, 행사가 일상이 되면서, 사용시간이 늘어났습니다.
사용시간이 늘어나면서 점점 아쉬워지는 것은 실감형, 몰임감, 재미 요소등이 필요해 지기 시작했습니다.
아주 어려운 기술이 아니더라도, 가능한 것들도 있을 것입니다.
WebRTC는 다른 웹표준기술과 이기종의 기술과도 융합하여, 어떻게 실감나게 할 수 있을지, 벌써 오래전 Demo에서는 어떤 것들이 있었는지 알아봅니다.
Blockchain in Agri-Food – Industry Adoption AnalysisNetscribes
With the ability to track every movement of food – from the farm to the customer’s basket – blockchain has the power to address numerous challenges plaguing the agri-food industry such as waste management, food fraud, and the lack of price transparency. So it stands to reason that tech firms, both startups and behemoths, are working towards transforming this age-old industry with innovative blockchain-enabled solutions and business models. With a steady stream of projects being undertaken across food farming, processing, transportation and distribution, this report looks under the hood to find answers to key questions, such as:
• What does the value chain of blockchain enabled solutions supporting the agri-food industry consist?
• How do major blockchain companies fit in the value chain and how they collaborate with each other to meet various blockchain-enabled solutions in agri-food?
• What is the state of blockchain adoption across global regions and various sectors in the industry?
• What has been the outcome of real-world blockchain implementations, including pilot projects?
• How does the startup landscape look like?
• What does the future of blockchain in the agri-food industry look like?
For the full report, contact info@netscribes.com
Visit www.netscribes.com
Multi-Signature Crypto-Wallets: Nakov at Blockchain Berlin 2018Svetlin Nakov
Multi-Signature Crypto-Wallets: Nakov at Blockchain Berlin 2018
Speaker: Dr. Svetlin Nakov (co-founder of SoftUni)
Multisig Wallets. Sign / Execute Transactions. Implementation in Bitcoin and Ethereum
Single-User-Managed Wallets: Problems
Multi-Signature Wallets: Concepts
Multi-Signature Wallets in Bitcoin
Multi-Signature Wallets in Ethereum
The Gnosis Multisig Wallet: Demo
Slides, demos and videos: https://nakov.com/blog/2018/09/26/speaker-at-the-blockchain-technology-conference-2018-berlin/
RSA 2015 Realities of Private Cloud SecurityScott Carlson
My 2015 Talk at the RSA US Conference on Private Cloud Security and ways that companies need to think about their cloud as they built it within their private data center
Slides from talk given on Java/Scala Lab 2014 in Odessa, Ukraine. Describes of how Java can be used as platform for latency-restricted applications such as High Frequency Trading and demonstrates how latencies 15-30µsec can be achieved on vanilla Oracle JDK.
Load testing, Lessons learnt and Loadzen - Martin Buhr at DevTank - 31st Janu...Loadzen
Talk by Martin Buhr, Founder of Loadzen.com at Devtank on the 31st of January about the importance of load testing your site as a startup, how http://loadzen.com was built and the lessons learned.
This is the slides accompanying the talk I gave at BSides Hannover 2015, discussing the reverse engineering and exploitation of numerous vulnerabilities in Icomera Moovmanage products along with the post exploitation of such, including the potential creation of a firmware rootkit
Things that can go wrong when you're writing a cloud orchestration suite, or pretty much any other kind of highly available distributed system in Erlang (or other programming languages)
In this talk, we discuss white box cryptography, a technique used to protect cryptographic keys from a local attacker. In keeping with the theme of building and breaking security, we will discuss the challenges involved in building a white-box crypto system.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
1. Yet Another Dan Kaminsky Talk
(About much more than RNG)
Dan Kaminsky
Chief Scientist
White Ops
Special Guest: Ryan Castellucci, Security Engineer, White Ops
2. Back To Defcon!
• This is my thirteenth rodeo
• Why?
• It’s fun tech, but why this tech, why this place, why this way?
• Fundamentally subversive, even for Defcon
• Defcon loves to show what can be broken
• I love to show what’s possible
• We can scan the whole Internet, in seconds!
• We can bust violators of Network Neutrality!
• We can play video of Darth Vader doing Riverdance over DNS!
• Among other tricks involving DNS
• Like DNS rebinding and hacking home routers
• These are not actually the same thing
• So why are we here?
3. Subjects For Today
• Why do we keep getting owned by bad Random Number Generation?
• Users are expected to recognize and maybe even repeat complex
patterns, and they’re failing. Can we do better?
• What do we do about the infinite supply of Browser 0day?
• What do we do about DDoS, which is actually growing substantially?
• So, just how much did the NSA shit the bed?
• But first…I want to talk about why all this stuff we do is useful. By
discussing hard drives.
4. A Scenario
• An attacker has compromised a system, and put something malicious
on the hard drive. How bad could it be?
• Added an autolaunching daemon?
• Replaced core OS files?
• Put a virus in the MBR?
• Can you just wipe out the drive and be done with this?
5. What Is The Difference Between…
A Hard Drive A Brick
8. Xzibit’s Iron Law Of Computer Architecture
• Yo Dawg, I heard you liked computers, so I put a computer in your
computer so you could compute while you compute
• This is basically how computers work – hard work is offloaded to hardware,
which is really just another computer that has a fast way to influence you
• Fast == trusted == insecure
• Everything is generic now – the iPhone has seven ARM chips
• The biggest lie about your computer is that it’s just one computer
• That hard drive is just another computer with direct access to your system
memory via specially designed protocols
• Doubt me?
9. From An Old Project with Travis Goodspeed:
Lets Get A Shell On This Here Seagate!
18. …or that I was kidding about making bricks
• Fate: Platters exposed, fingerprinted. Firmware dumped as 001.rom.
• Fate: Bricked by Dan when he wrote to the buffer. Probably
repairable.
• Fate: Bricked by dan with HDPARM, then sawed apart by Travis for
post-mortem firmware analysis.
• Fate: Semi-bricked by Dan by raising the serial port rate to 625000.
Repairable.
19. The Paper That Eventually Followed
• Implementation and Implications of a Steath Hard-Drive Backdoor
Jonas Zoldach, Anil Kurmus, Davide Balzarotti, Erik-Oliver Blass,
Aurelien Francillon, Travis Goodspeed, Moitrayee Gupta, and Ioannis
Koltsidas
• I’m an unindicted co-coconspirator
• 10 months of solid reverse engineering to create the malicious
firmware payload
• Not at all the first time this has been done, but maybe the first time
publicly/academically
20. The Significance of the Research:
S^X (Storage XOR Execution)
• Highly desirable property for secure clouds
• “It’s not about ownage, it’s about continued ownage. It’s about coming back in a year and
having the door still open for you”
• Requires exploitation and persisted storage
• If your storage doesn’t parse, it can’t be exploited
• If your execution doesn’t store, there’s nowhere to persist
• You can’t start thinking about S^X if you think you already have it
• There are ways of building S^X out of existing gear – but nobody thinks you have to
• Nobody thinks you have to have exclusive hosts on cloud providers either
• Thus, the value of hacker engineering
• No delusions
• Operation from first principles
• The best thing hackers break are assumptions
• We are needed.
22. The Internet Is Not Just For Us
• I believe in TexasGirly1979 having six and a half MILLION people loving her
damn cat
• Without Bob Saget, a laugh track, and a baseball to the testicles as followup
• I believe in responding to being told your music sounds like “rats being
strangled” by becoming a dubstep violinist and getting a half billion hits on
YouTube
• Remixing Skyrim and Zelda and Halo may have something to do with my opinion
• I believe in email over Interoffice memos, Skype over (very) plain old
telephone service, online banking over waiting for a bank teller
• And I believe we could lose it all, and there are some who might even
prefer that
23. The Thing To Remember
• The Internet was not the first time we tried to create the Internet
• It was like the 8th
• Prodigy tried
• Minitel tried
• America Online really, really tried
• Spent a billion dollars on modem lines!
• (They actually still make $160M/yr off that.)
• The Internet was free
• Not just free as in murka
• It was free as in no rent – all of the above wanted to charge transaction fees
• The Internet just wanted a few pennies a year for a domain name
• The free Internet has disrupted a heck of a lot
• Don’t think there are those who wouldn’t like to disrupt back
24. The Challenge
• We know what’s really possible
• We know that breaking everything, is really possible
• We don’t know that fixing everything, is really possible…
• …but technically, we don’t actually know fixing everything is impossible
• Technically correct is the best kind of correct
• So why do I do this, and why do I do this here?
• Because here, I see openness to possibility
• Including the possibility the Internet might turn into AOL
• I see the sheer joy of understanding the actual mechanisms at play
• I see the skepticism that allows BS – especially security BS – to be discussed
and recognized
25. Let’s Talk Random Number Generators
• “The generation of random numbers is too important to be left to
chance”
• Many processes require a generator of unpredictable numbers
• Last 1000 numbers don’t tell you the next number
• Last 1000 numbers also don’t tell you the number 1001 times ago
• That they require such a generator doesn’t mean they’re using such a
generator
26. What’s happening to all these web
frameworks
• You actually don’t log in very frequently
• Top 10 e-commerce platform: 7 logins a second, worldwide
• Logging in gives you a token
• If you’re lucky, it’s HMAC(who_you_are, key)
• In the real world, it’s often Random()
• Sure would suck if that wasn’t actually random…
28. Details
• WPS Protocol assumes 128 bits of entropy in AES keys
• Reality: 32 bit LFSR, 32 bit LFSR, 0 bit (aeskey is always 0)
• 2**128: Big
• 2**32: Not so big (~4B, remember your CPU does that many operations in
seconds)
29. Why Do We Keep Getting Owned By Random
Number Generators?
• Wrong Answers
• “Because we used SHA-1 instead of SHA-256”
• Freaking MD4 would work
• “Because we used HASH_DBRG instead of HMAC_DBRG”
• “Because we used the same entropy for too long”
• “Because we had only one pool for mixing entropy instead of thirty two”
• There’s a thousand ways to build a CSPRNG (cryptographically secure
pseudo random number generator) and all of them would fail less than
what we’re doing
• Even forking/cloning VMs doesn’t fail this frequently
• Right Answers
• 1) No entropy
• 2) No CSPRNG by default
30. A Little Dab’ll Do Ya
• CSPRNG’s expand a little bit of entropy (128 bits) into billions of
gigabytes
• Best attack would be to brute force the 2**128 possible initial seeds and find
the one that matches the stream
• Good luck with that…unless there’s actually not even 128 bits
• There’s often actually not even 128 bits
• Turn on a machine, no keyboard, no mouse, no disk…no entropy.
• 1/200 RSA keys on the Internet were badly generated, meaning actually
probably 1/50
• Heninger attack only found all identical private keys, not similar keys
• Private keys are just small chunks of randomness that ended up prime
• Shouldn’t /dev/random or /dev/urandom have prevented this?
31. Perfection Is The Enemy Of The Good
• Why we like kernel RNGs (/dev/random, /dev/urandom)
• Kernel code gets events from hardware
• General thinking is that event timing from foreign hardware is on a separate clock
• All good entropy is a fast clocked system measuring a slow clocked system
• Inter-keystroke timing from a human to the CPU nanosecond
• There’s also only one kernel
• If anyone gets entropy everyone gets entropy
• Operating systems are supposed to provide services that are easy to screw up
• Can get more complexity/correctness encapsulated in the OS rather than monkey-shoved into
each language or application
• What went wrong
• /dev/[u]random still fails when there’s no events coming in from the hardware
• No keyboard, no mouse, no disk == no events
• Yes, it’d be nice if there was hardware entropy generators, but not happening
32. Solving The True Entropy Problem
• You don’t have to be perfect every time
• You just need to be better than the ONE NINE OF RELIABILITY the status quo has
achieved
• Be embarrassed
• 1) Force synthesis of events
• 2) Don’t necessarily be afraid to do this in userspace
• Especially in a world of VMs, kernel is nothing but a single threaded process
• What this means
• Measure the real time clock (kilohertz at best) with the CPU (megahertz to gigahertz)
• Possibly do some work with non-deterministic time (atomic memory writes)
• Do standard whitening (Von Neumann – drop 00 and 11, 01 is a 0, 10 is a 1)
• This is the Dakarand (Truerand) approach. It may fail in some very rare scenario. It will
fail less than the status quo.
• Security means it’s OK to fail less.
33. Solving The True Problem
• Operating systems have /dev/urandom which is generally pretty good – but does
anything use it?
• JavaScript Math.Random(): no
• Ruby Random.rand(): no
• Java.util.Random(): no
• PHP rand(): no
• Glibc rand(): hellllllllllllllll no
• Standard RNG is LFSR or Mersenne Twister – if you want security, you’ve got to hunt
down some other API
• And it’s always funky and different!
Math.random();
var a = new Uint32Array(1); window.crypto.getRandomValues(a);
• How well does insecure by default work anywhere else?
• Pretty badly
34. The Obvious Question: Why not be secure by
default?
• Instead of requiring some special, magic, and consistently overcomplicated
API for Secure Random™, why not just have all random calls not be crap?
• Liburandy
• Silently hijacks standard randomness functions in common languages, backs them
with /dev/urandom (on Linux)
• Would be CryptGenRandom on Windows
• The OS already does this right, lets just hook dev intent to something that’s not busted
• Initial support for JS(Node, Browsers), Ruby, LD_PRELOAD (arbitrary libc), PHP,
Python. OpenJDK soon
• Ryan Castellucci of White Ops helping to write this
• Will eventually support some important runtime features
• Entropy Metadata (runtime will be defining security rather than source code)
• Fixed seed
• High speed mode
35. What’s Wrong With Liburandy
(Lets play chess against myself a bit)
• Two General Objection: Seed and Speed
• Seed: Useful for getting consistent test results (Random, but the same
random set)
• 99% of the time you see seeding, it’s C seeding time because people don’t want the
same random results
• Can set a special flag (environment variable)
• Speed: urandom is slower than LFSR/MT
• If you wanted it to be fast why are you writing in in ruby
• This is actually why things have been left crappy – so as to not lose benchmarks
36. The Headaches Of Speed
• /dev/urandom is fast enough for almost all uses
• That being said, it’s still a lot slower than LFSR/MT
• Linux: Only 3.7MB/sec – that’s only 947K ints/sec (and that’s with CPU drain)
37. Should we use a userspace CSPRNG, just not a
crappy one?
• Seed with [u]random from time to time to still absorb whatever entropy it does
get
• Minimal/Fast CSPRNG: SipHash(Seed, Counter++);
• Yes, this actually works
• ~20x speed of /dev/urandom on Linux
• Possible improvement: CLOCK_MONOTONIC
• Ideally, we’d just be able to ask the CPU for some random bits whenever userspace wanted a
few
• That’s way too easy (and we’d probably never trust the output anyway)
• But we can ask the CPU for time
• Even forked, likelihood near zero of repeated return value
• For VMs, you don’t get a surfaced event on clone, but you do get to plunge into the host to find out
nanosecond time
• Also can be done on a per query basis, which cleans up a bunch of buffering issues from
reading off a file handle
38. My preferred CSPRNG
• SipHash(Secret || Counter++ || Previous_Output || ShiftedTime)
• ShiftedTime is CLOCK_MONOTONIC, shifted by some absolute amount so the
attacker can’t just look up the global time and predict bits
• Previous_Output means if ShiftedTime only has one shot to repeat
• Not using this yet, because I’m an ornery member of Team Just Use
Urandom
• Let’s not debate userspace vs. kernelspace
• We agree: DEATH TO LFSR
• Also possible that other hashes besides SipHash are good
• Blake
• Skein (can actually be 2x speed of SipHash, due to larger output)
• Maybe we make /dev/urandom fast on Linux?
• Probably need an API to probe for metadata about urandom?
39. The Other Entropy Problem
• d3b07384d113edec49eaa6238ad5ff00
• 1Ngju42mHfxJJDEKA15rHUum17rcDEf699
• A1$jh-89)&@4bc (oh wait, no: **************)
•
41. The Problem At Hand
• Computers need Humans to recognize and remember larger numbers
of bits
• Human face recognition only works to about 16 bits (1/65536)
• Computers want 24-128 bits depending on context
• Recognition: Is this the hash from before?
• Repetition: What is your password?
• Standard Bit Representations are terrible
• Humans did not evolve to recognize hex, Base64, Base58, or…squiggly
42. Previous Work On Cryptomnemonics
• Some previous work from 2006: Names
• 512 Male Names (9 bits), 1024 Female Names (10 bits), 8192 Last Names (13
bits) == 32 bits per couple
• Heteronormative, but surprisingly diverse!
• Julio and Epifania Dezzutti
Luther and Rolande Doornbos
Manual and Twyla Imbesi
Dirk and Cuc Kolopajlo
Omar and Jeana Hymel
• Important to show names every time a connection is made, not just on
challenge
• Would you remember a face you saw only the one time there was an auth challenge?
43. Can We Do Better?
• Humans do have memory capacity, it’s just not for arbitrary bits
• We remember objects, and specifically stories, more than we remember 1’s
and 0’s
• So if you can represent 1’s and 0’s as stories, humans will recognize and
repeat them better
• Also, you’ll be able to put a password in and have it spell check
• Experiment: Use triads of adjective/noun/verbs, set up to be
“maximally distant” from eachother
• Encode them in a way that is order independent, i.e. it doesn’t matter if the
dog or the cow is brown or orange
• Ryan Castellucci has been implementing this, here’s how he did it and
where we’re seeing this being immediately useful
44. Storybits v0.1
• Hex bits: 5e4dcc3b5aa765d61d83 (80 bits)
• Story encoding (early):
• macho acid answering
rustic cable fetching
stuffy jacket forbidding
wacky riot opening
• Story decoder autocorrects
• node demo.js "wckay jacket forbidrustic fetch cableacid mache answering
open riot$$"
• 5e4dcc3b5aa765d61d83
• Words are misspelled, out of order, in different tenses, missing spaces, etc.
45. Details
• Implementations in JavaScript and Python
• Rough, but releasing soon
• Two major components
• Combinatic Encoder
• Encodes information with symbols that may not repeat
• BADFGC is legal, AABBCC is not
• Because symbols are independent, order doesn’t matter
• Word Mapper
• Maps combinatorial numbers to words in part-of-speech wordlists
• Adjectives, nouns, verbs
• Instead of 321, 561, 312, it’s “rustic fetching acid”
• Allows for strong correction from word variants to original numbers
• Words are chosen to have maximum distance for maximum correctability
46. On The Selection Of Passwords
• We have to get past l33tspeak as a security technology
• We punt generation of passwords to users because we don’t want to
“screw it up” and we imagine if the user does it, it’s at least their fault for
failing
• This scheme lets passwords be generated server side, that have a hope of
being memorable
• Passwords that can be corrected are passwords that are more easily
remembered
• Faster recovery from silly typos allows password stretching to be more aggressive
• Don’t suffer the stretch delay because you missed a key – it autocorrects and still
works
47. Major Use Case: Phidelius Approaches Are
Going Mainstream
• Phidelius: Trick from a previous talk that seeded RNG w/ a passphrase
• Allowed passphrases for SSH, SSL certs, pretty much mapped words to asymmetric
crypto
• A little fragile because it was a /dev/[u]random hijack
• These approaches are now popular for asymmetric key management
• Brainwallet:”Word/phrase to a Bitcoin address”
• Minilock: “Word/phrase to a PGP key”
• Incredibly vulnerable to insufficient entropy in the word or phrase
• Because the public key is public, and the whole world can try to crack it
• Has been an expensive problem in Brainwallet
• Tens of thousands of dollars worth of BTC have been taken
48. Squaring The Circle
• Brainwallet and Minilock need human-memorable entropy
• Actual security needs more entropy
• Storybits increase memorable entropy, allow the entropy to come from
the machine (which can generate it) and not the user (who clearly can’t)
• Extensions
• Split Mode – Allow entropy to be split between two words, one that’s easily
remembered (but very slow to crack), another that’s kept on a hard drive or offline
to allow fast transfer of the key to a new device
• The user gets to transfer in seconds
• The attacker has to try to crack for hours per guess
• Breaks the ~20 bit limit on how much you can stretch a key
49. Two More Tricks (Not Necessarily Advisable)
• Local Shrinking
• Will always be easier to recognize 24-32 bits instead of 80-128 bits
• If you only force the attacker to match 24 bits, he can brute force random keys until he finally gets
one that matches just the 24 bits you’re looking for
• Olde trick against PGP KeyIds – “DEADBEEF attack”
• But what if the attacker doesn’t know which 24 bits to match?
• If you have a local shrinking code – sort of a password for recognition – it’s hashed against the full size 128 bit
hash and truncated secretly to 24 bits
• The attacker doesn’t know the code for the truncation, so he has to match everything. You do know the code
so you only have to match a little.
• Local Stretching
• Technically can have a “master password” that’s mixed with all your otherwise small passwords
and shared across many sites
• Whether the site uses scrypt or some other key stretcher, its stored password is guaranteed to be
stretched outside of cracking range
• Password Policy Survival: We have mutually exclusive requirements (symbols, no symbols,
numbers, no numbers). Can infer server policy from supplied password, persist it post-stretch
50. Browser 0day: The Shoe Finally Dropped
• IE had more attacks in 2013 than Java
• How is this possible? MS has been working to secure IE for a decade!
• IE is basically Windows: The Remix (feat. The Internet)
• Take a local object model (COM), hand it to bad guys, wait
• This ultimately applies to every browser, because the spec ends up encoding a COM-like
implementation (there’s an interface description language / IDL).
• Plugins were nice because they were across browsers and tended to be the thing outside
the “sandboxes” but now the browsers themselves are the low hanging fruit
• “My TOR deanon has a first name, it’s Firefox 0day” as the Grugq would sing
51. Use After Free: The Infinite Well Of Browser
Vulns
• Browsers are constantly allocating memory for objects of all sorts of
interesting types
• Objects can point to eachother
• When nothing points to an object, then you can free/reuse that memory
• Lots and lots of ways to point to an object
• Ever screw it up, all hell breaks loose
• Allocate a table (0x12341234 == Pointer to Table)
• Free the table (0x12341234 == Available For Allocation)
• Allocate an image (0x12341234 == Pointer to Image)
• Access the image via its old context as a table (0x12341234 contains contents of Image, being
accessed via handlers for Table)
• “Use After Free” == 90%-95% of the “deep vulnerable” attack surface for the web
52. Google and Microsoft Have Solutions
Firefox Doesn’t, And Is Suffering For It
• Google Solution: Typed Heap
• Chrome is allocating all objects of the same type, in the same “sub-heap”
• Memory once used for a table, will never be used for an Image, because that’s going into
the Image heap
• Microsoft Solution: Nondeterministic Freeing
• (Oversimplifying, they’re doing a lot of stuff)
• They’re making it so you don’t quite know when the memory has been freed,
and thus aren’t guaranteed a reliable or rapid attack
• This is great. Attack the unique needs of an exploit – this is counterexploitation
53. My Trick: Iron Heap
• (Thanks Rob Graham for the name!)
• You can’t Use After Free if you don’t free!
• This is too expensive if you do it with physical memory
• But on 64 bit machines, we have a damn near infinite amount of virtual
memory
• The basic idea is to never reuse an allocation – the physical memory is reused
but the handles aren’t
• 0x1234123412341234, once freed, stops pointing to any physical memory
• Exploit that
54. Iron Heap Efficiency
• Efficiency
• Finite number of active allocations allowed – you’re leveraging the page tables which
don’t like to be that stressed
• Can have a “hot list” of pages that are directly mapped, and a secondary list that’s
“swapped in” on demand
• How compressed RAM works
• Can potentially add guard pages between allocations to prevent overflows
• Overflows have actually gotten kinda rare
• Forces 8K per alloc, which is a bit high, though the compressed backing store can be fully
packed (no pointers to it are exposed in user space)
• Implementation
• Can be run in both userspace (with libsigsegv to catch the extra accesses) and in
kernel (which is already handling this sort of swapping for, well, swap)
• Don’t necessarily object to kernel dependencies or modules
• Linux has a crazy limitation where you can’t get page permissions without parsing text!
55. Downsides of Iron Heap
• No code available (yet, just PoC’s are built)
• Really leans on 64 bit
• Browsers aren’t entirely fantastic at that yet
56. What May Work Today: Diehard(er)
• Interesting secure allocator from Emery Berger @ UMass
• Advanced ASLR implementation w/ out of band heap metadata
• Supports Linux and Windows (and Mac, to some nonzero degree)
• Suppresses Use After Free, mostly by delaying free (similar to MS
approach)
• Available today (you do need to recompile with --disable-jemalloc)
• Probably worth exploring for Tails etc.
• ASLR, NX/DEP, other methods assume corruption has occurred and try to
enforce limits to make the corruption unexploitable
• UAF blockers actually prevent the initial corrupting moment
• There’s nothing going on in Infosec that’s killing more 0day
57. The Plan
• Firefox needs a story around memory hardening
• It’ll take quite a bit to get them to give up their incredibly efficient jemalloc
• First step, let’s get something production worthy for “special Firefox
installs”
• Tor
• Tails
• Then let’s look at getting it mainstream
• “Like millions of 0day cried out all at once, and were silenced”
• Dr. Emery Berger has agreed to join this effort – we’re going to make
something production worthy!
58. Need To Start Thinking about DDoS Again
• 1 >100GB flood in 2013
• 114 >100GB floods in 2014
• Generally, we think of DDoS involving botnets firing their hordes at
some poor web server
• The largest and most damaging floods are actually involving spoofed
traffic that’s reflecting off Internet DNS and NTP servers
• No DNSSEC involved or required
• Important to understand why spoofed reflection is so dangerous
59. Why Reflected Floods
Are Nasty
• Here’s a network.
• Lots of routes
around the core
• Fewer routes from
each source, to each
destination
60. An unreflected packet
stream
• Packets are always
taking the “fastest”
next hop to the
target network
• Bandwidth ==
maximum available
for the slowest
single hop
(wherever that is)
61. The Reflected And
Spoofed Packet
Stream
• It goes out to
everywhere,
spreading the load
across all the
inbound hops
• Everyone replies to
just one place, via all
inbound links
• Boom.
62. What To Do?
• BCP38/URPF
• Ideally, there wouldn’t be networks that allowed you to lie about who you are
• Every network link would have a computed range of addresses it could speak
for, and that would be that
• This actually is a complete success in the DSL/Cable world
• Not saying we shouldn’t continue to strive for BCP38 compliance
• At least 2300 networks w/ no BCP38 compliance
• Can we do more?
63. Stochastic Tracing: Bringing Back An Old Idea
• This is at least 12-13 years old of an idea (roughly, I’m adding some quirks)
• The Internet and it’s problems were different that long ago. What wasn’t
ideal then might be good now
• Basic idea: One out of every 100K-10M packets, a “tracer” goes out
declaring a hop along the route that sent traffic
• Sort of like a “background traceroute”
• Irrelevant network load for normal streams, but DDoS would become traceable
instantaneously – the bigger the DDoS, the faster degraded networks would identify
themselves
• Implementation receives a GRE stream of a small subset of packets – well supported
• Probably a way to do this w/ command line haxory as well
64. Maintaining Privacy and Security
• Tracing traffic only goes to hosts that should otherwise be able to see the original
payloads
• Destination IP for all traffic
• Source IP for DNS and NTP (and any other blind responding protocols that pop up)
• Haven’t decided what the payload would be – ICMP, HTTP, etc.
• To be on the open Internet is to get random stuff, so the only question is what’s easily catchable by a
DDoS victim
• One variation: Allow alternate destination to be declared in Reverse DNS space
• 4.3.2.1.in-addr.arpa IN PTR blabla.foo.com
• The in-addr.arpa space could be used for more than just PTR records
• Could declare an alternate destination for tracer traffic, or flags for format / multidrop
• Still under the authority of the IP address
• Obviously should sign tracer payloads with ED25519 keys, possibly declared in
DNS
65. Long Term Vision
• Reduce the time between receiving a DDoS and tracing the involved
networks
• Ultimately, automatic suppression of DDoS (though this gets really
messy really fast, because so many hops on route see enough to send
the shutdown signal)
• There are large enough floods growing at fast enough frequency
that work like this is necessary
• And since Paul Vixie would kill me if I didn’t say it, please update your DNS
server to support RRD, which dramatically reduces DDoS participation
66. What I’m Really Nervous About
• Can’t just not talk about the NSA revelations
• Not here to recapitulate Bruce Schneier et al.
• I’m nervous about people’s reactions to them.
67. Competing on Political FUD instead of
Technical Merit
• “Sure, you could go with that competitor, that’s cheaper, faster, nicer,
more powerful…but OOGA BOOGA $NATIONSTATE”
• Seems ridiculous, until you hear proposals to keep all traffic to and from a
country, within that country
• “Sure, BGP does say you should use this route, because it’s
cheaper/faster/nicer/network neutral/peered…but the law says you have to
keep it within our borders where we’re the only provider, because NSA”
• Again: The Internet was not the first attempt at large scale Internetworking!
It was the first one that worked at large scale, because everything else
demanded gatekeepers and rentiers
• This is the network made by nerds, not by bizdudes and certainly not by politicians
• It seems to work pretty well
68. Not to put too fine a point on it, but…
• We didn’t exactly want the Chinese Internet, or the Iranian Internet,
before Snowden
• I’m hoping we don’t want that now.
70. The Nuanced, Even More Disturbing Reality
• There’s a reason we were asking the NSA’s advice to avoid
cryptographic vulnerabilities
• Most cryptographic functions do not need the NSA’s help to be fatally
flawed
• That comes for free
• It takes an enormous amount of time and effort to find functions that might
not be flawed, and the NSA seemed good at telling us when we were wrong
• DES
• It’d be nice if we had a governmental department focused on
defensive operations…
• Or maybe a conference…
71. Even Obviously Good Advice Is Being Treated
With Deep Suspicion
• NIST: Heh, Keccak (SHA-3) is actually too slow. Performance matters.
• Zooko Wilcox-O’Hearn, creator of Tahoe-LAFS (probably the best
cryptographic distributed file system out there right now): Heh,
Keccak (SHA-3) is actually too slow. Performance matters.
• Community: NIST IS DOING MORE EVIL
72. …are we about to replace NIST with DJB?
(Who keeps releasing fast crypto functions)
73. No, seriously, I’m actually a huge DJB fan
• I’ve been advocating Curve25519 for use in a TLS-replacing protocol
for years
• But, uh, fewer trusted resources in a time of great need is not helpful
• “Linux scales. Linus does not scale.”
75. We’re All Kind Of Waiting For The Other Shoe
To Drop
• Not implementers, everything new keeps using DJBsec
• Academics aren’t really allowed to “know things” without some degree of
evidence
• Science!
• We do know that DUAL_EC_DBRG is compromised, but nobody was using that
except other feds (sadface)
• Pretty much everyone assumes the NIST P curves are compromised
• Big complex process to turn a “nothing up your sleeve” number (like pi) into a safe ECC curve
• Innocent string used by NIST P curve is c49d360886e704936a6678e1139d26b7819f7e90
• Every shirt has two sleeves
• NIST took the time to declare two curves, a P curve and a K curve, almost as if they assumed
eventually there would be a problem and it’d be nice if the standard could survive it
• The above does not pass scientific epistemology. Nobody cares.
76. The Larger Issue
• It’s not like cryptography worked particular well before the NSA
revelations
• The hard problems in crypto are not in the math, or the
implementation. They’re not even in “side channel vulnerabilities”, as
Shamir has said.
• Key management is the hard part, because that actually touches
users.
• Cryptography keeps getting seen as Math and Implementation. There
is a third aspect
• There is a complexity that generally goes unmodeled: Operations
77. My First Law of Operations
• Every project must be measured by the number of meetings required
to accomplish it
• If there is a meeting with someone outside your department, it’s 5x the cost.
If outside your company, 25x the cost.
• When’s the last time you saw meeting count in a crypto function?
• We have to learn to respect usability, and the sacrifices it may
demand
• Alex Stamos at Yahoo backing PGP for their mail interface is actually a pretty
big step – Yahoo knows UX
78. Summary
• Don’t let an attacker touch your storage – S^X
• Actively gather true entropy and kill the non-CS PRNGs with fire!
• Represent entropy in a way other than bit vomit
• Browsers become vastly more secure once UaF is prevented
• The NSA crypto fallout continues
• Yahoo’s PGP news is fantastic
• And…just one more thing
79. It’s Apple Related, So I Totally Get To Pull That
Line
• “Safari now blocks ads from automatically redirecting to the App
Store without user interaction. If you still see the previous behavior,
or find legitimate redirection to the App Store to be broken in some
way, please file a bug.”
-- IOS 8 Beta Release Notes from Apple
• YES ACTUALLY, THIS DRIVES ME CRAZY
• “I know you’re trying to browse this website, but I bet what you really want to
do is buy our ****ty game”
• **** THOSE GUYS
• Apple wants help? Hackers, lets do it
• And not for free
80. Third Party Bug Bounty
• I’ve become a believer in bug bounties
• This is new
• External bug quality can sometimes be of poor quality
• If you want richer bugs, maybe we should enrich bug hunters
• White Ops hereby sponsors an enhanced bug bounty for this particular
Apple bug
• $5,000 to the first autoredirection bug finder
• $2,500 to the second finder
• $1K to the next five finders
• We offered $250 six weeks ago, sorry, my bad
• We believe hackers can help fix things, and we’re putting our money
where our mouth is