Can we teach people about security issues during awkward BBQ banter?
#Kawaiicon #KawaiiconNZ @CERTNZ @sneakybakerpic.twitter.com/aHzmjIY74Q
Prikaži ovu nit
Now @0x4D31 is talking about fingerprinting encrypted traffic.
How do we know if the traffic is good or bad?
#Kawaiicon #KawaiiconNZpic.twitter.com/GenIIXvmN8
-
-
How can we fingerprint when the traffic is encrypted? Look at the handshake!pic.twitter.com/W6uujK0lAK
Prikaži ovu nit -
Use aspects of the client hello and fingerprint using JA3, then hash with MD5 to get a fingerprint that is replicable.
#Kawaiicon#KawaiiconNZ@0x4D31pic.twitter.com/K4u4jolJLN
Prikaži ovu nit -
Can do the same with RDP Enhanced Security as it uses TLS. Can fingerprint to tell which client application is requesting the connection.
#Kawaiicon#KawaiiconNZ@0x4D31pic.twitter.com/NDHHOZEMAE
Prikaži ovu nit -
In RDP standard you can concatenate other values and hash with MD5 to get fingerprints. And... A DEFINITELY safe QR code to the blog post.
#Kawaiicon#KawaiiconNZ@0x4D31pic.twitter.com/9zkAXm4gzg
Prikaži ovu nit -
Visualising the results allows the easy identification of outliers and connections that wouldn't be obvious otherwise.
#Kawaiicon#KawaiiconNZ@0x4D31pic.twitter.com/d65TCqRAce
Prikaži ovu nit -
There are also much more detailed tweets for this talk here: https://twitter.com/jpdanner/status/1182416513250185216 …
#Kawaiicon#KawaiiconNZ@0x4D31
Prikaži ovu nit -
-
Prikaži ovu nit -
Now Matthew is talking about an "unhackable" lock box
#Kawaiicon#KawaiiconNZpic.twitter.com/Tp8ih58Z0Y
Prikaži ovu nit -
About TimeLock encryption program:
#Kawaiicon#KawaiiconNZpic.twitter.com/SnIgrYOkj0
Prikaži ovu nit -
Here is s much more in-depth tweetstorm on this talk: https://twitter.com/jpdanner/status/1182052012118069248 …
#Kawaiicon#KawaiiconNZ
Prikaži ovu nit -
First loot gotten by modifying the conditions in the program to just allow decrypt.
#Kawaiicon#KawaiiconNZpic.twitter.com/6zkqpXppuG
Prikaži ovu nit -
-
Modify the timestamp and... Loot for challenge 2! And sparkles.
#Kawaiicon#KawaiiconNZpic.twitter.com/cNcMPgwroD
Prikaži ovu nit -
-
-
Challenge 4 & 5 plan of attack: let's look at the crypto!
#Kawaiicon#KawaiiconNZpic.twitter.com/X41Td9zAmC
Prikaži ovu nit -
-
-
And challenge 5 is just... Moar encryption!
#Kawaiicon#KawaiiconNZpic.twitter.com/ADgQ9s913E
Prikaži ovu nit -
-
-
Now its
@smrtgirl talking about how we use data!#Kawaiicon#KawaiiconNZpic.twitter.com/mQc173TlqOPrikaži ovu nit -
A more in-depth tweetstorm of this talk is here: https://twitter.com/jpdanner/status/1182038620481277953 …
#Kawaiicon#KawaiiconNZ@smrtgirl
Prikaži ovu nit -
Have you actually thought about what data you're collecting and why? How much data do you really need?
#Kawaiicon#KawaiiconNZ@smrtgirlpic.twitter.com/6XzsqhsVIg
Prikaži ovu nit -
The # of bytes of data every single day....
#Kawaiicon#KawaiiconNZ@smrtgirlpic.twitter.com/JsDngDyxyA
Prikaži ovu nit -
If you're collecting any personally identifiable information these are your obligations. And you need s privacy officer! Do you have one? Do you know who they are? GDPR is even more intense.
#Kawaiicon#KawaiiconNZ@smrtgirlpic.twitter.com/2rN81dgbC6
Prikaži ovu nit -
Do you need all the PII in this form? Can it be more generalised? "preferred name" rather than legal name. Birth month instead of birthday?
#Kawaiicon#KawaiiconNZ@smrtgirlpic.twitter.com/JMYrEW7XM0
Prikaži ovu nit -
People in this talk are probably savvy enough to avoid some of this, but most people aren't. How do we protect them?
#Kawaiicon#KawaiiconNZ@smrtgirlPrikaži ovu nit -
http://Depression.org.nz was leaking people's results in the URL. In addition to running a large number of 3rd party tools and who knows what data they're collecting? Can this be correlated with my other internet activity? That's not great.
#Kawaiicon#KawaiiconNZ@smrtgirlpic.twitter.com/7GllA5PiAy
Prikaži ovu nit - Još 184 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.