Can we teach people about security issues during awkward BBQ banter?
#Kawaiicon #KawaiiconNZ @CERTNZ @sneakybakerpic.twitter.com/aHzmjIY74Q
U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
How can we fingerprint when the traffic is encrypted? Look at the handshake!pic.twitter.com/W6uujK0lAK
Use aspects of the client hello and fingerprint using JA3, then hash with MD5 to get a fingerprint that is replicable.
#Kawaiicon #KawaiiconNZ @0x4D31pic.twitter.com/K4u4jolJLN
Can do the same with RDP Enhanced Security as it uses TLS.
Can fingerprint to tell which client application is requesting the connection.
#Kawaiicon #KawaiiconNZ @0x4D31pic.twitter.com/NDHHOZEMAE
In RDP standard you can concatenate other values and hash with MD5 to get fingerprints.
And... A DEFINITELY safe QR code to the blog post.
#Kawaiicon #KawaiiconNZ @0x4D31pic.twitter.com/9zkAXm4gzg
Visualising the results allows the easy identification of outliers and connections that wouldn't be obvious otherwise.
#Kawaiicon #KawaiiconNZ @0x4D31pic.twitter.com/d65TCqRAce
There are also much more detailed tweets for this talk here:
https://twitter.com/jpdanner/status/1182416513250185216 …
#Kawaiicon #KawaiiconNZ @0x4D31
Now Matthew is talking about an "unhackable" lock box
#Kawaiicon #KawaiiconNZpic.twitter.com/Tp8ih58Z0Y
About TimeLock encryption program:
#Kawaiicon #KawaiiconNZpic.twitter.com/SnIgrYOkj0
Here is s much more in-depth tweetstorm on this talk:
https://twitter.com/jpdanner/status/1182052012118069248 …
#Kawaiicon #KawaiiconNZ
First loot gotten by modifying the conditions in the program to just allow decrypt.
#Kawaiicon #KawaiiconNZpic.twitter.com/6zkqpXppuG
Modify the timestamp and... Loot for challenge 2!
And sparkles.
#Kawaiicon #KawaiiconNZpic.twitter.com/cNcMPgwroD
Challenge 4 & 5 plan of attack: let's look at the crypto!
#Kawaiicon #KawaiiconNZpic.twitter.com/X41Td9zAmC
And challenge 5 is just... Moar encryption!
#Kawaiicon #KawaiiconNZpic.twitter.com/ADgQ9s913E
Now its @smrtgirl talking about how we use data!
#Kawaiicon #KawaiiconNZpic.twitter.com/mQc173TlqO
A more in-depth tweetstorm of this talk is here:
https://twitter.com/jpdanner/status/1182038620481277953 …
#Kawaiicon #KawaiiconNZ @smrtgirl
Have you actually thought about what data you're collecting and why?
How much data do you really need?
#Kawaiicon #KawaiiconNZ @smrtgirlpic.twitter.com/6XzsqhsVIg
The # of bytes of data every single day....
#Kawaiicon #KawaiiconNZ @smrtgirlpic.twitter.com/JsDngDyxyA
If you're collecting any personally identifiable information these are your obligations. And you need s privacy officer!
Do you have one? Do you know who they are?
GDPR is even more intense.
#Kawaiicon #KawaiiconNZ @smrtgirlpic.twitter.com/2rN81dgbC6
Do you need all the PII in this form? Can it be more generalised?
"preferred name" rather than legal name.
Birth month instead of birthday?
#Kawaiicon #KawaiiconNZ @smrtgirlpic.twitter.com/JMYrEW7XM0
People in this talk are probably savvy enough to avoid some of this, but most people aren't.
How do we protect them?
#Kawaiicon #KawaiiconNZ @smrtgirl
http://Depression.org.nz was leaking people's results in the URL.
In addition to running a large number of 3rd party tools and who knows what data they're collecting?
Can this be correlated with my other internet activity? That's not great.
#Kawaiicon #KawaiiconNZ @smrtgirlpic.twitter.com/7GllA5PiAy
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.