mikegerwitz
/
sapsf
1
0
Fork 0
Code Releases Activity

slides.org (Stationary): Finish initial note breakout 

* notes.org (Topics): Check Mirai.
master
Mike Gerwitz 2017-03-06 23:22:57 -05:00
parent 59756ebae0
commit d901e6546e
1 changed files with 190 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

327
slides.org
View File

@ -13,129 +13,129 @@
#+BEGIN: columnview :hlines 3 :id global
| ITEM | DURATION | TODO | ENVIRONMENT |
|-------------------------------------+----------+---------+---------------|
| * Slides | | | |
|-------------------------------------+----------+---------+---------------|
| ** Introduction / Opening | 00:00:30 | DRAFT | fullframe |
|-------------------------------------+----------+---------+---------------|
| ** Mobile [0/5] | | LACKING | |
|-------------------------------------+----------+---------+---------------|
| *** Introduction | | DRAFT | ignoreheading |
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|-------------------------------------+----------+---------+---------------|
| *** Cell Towers [0/2] | 00:01 | LACKING | |
| **** Fundamentally Needed | | DRAFT | |
| **** Cell-Site Simulators | | LACKING | |
|-------------------------------------+----------+---------+---------------|
| *** Wifi [0/3] | 00:01 | LACKING | |
| **** Wifi | | DRAFT | |
| **** Ubiquitous Access Points | | LACKING | |
| **** Mitigations | | DRAFT | |
|-------------------------------------+----------+---------+---------------|
| *** Location Services [0/2] | 00:01 | DRAFT | |
| **** GPS | | DRAFT | |
| **** Access Points | | DRAFT | |
|-------------------------------------+----------+---------+---------------|
| *** Operating System [0/3] | 00:01 | DRAFT | |
| **** Untrusted/Proprietary OS | | DRAFT | |
| **** Free/Libre Mobile OS? | | DRAFT | |
| **** Modem | | DRAFT | |
|-------------------------------------+----------+---------+---------------|
| ** Stationary [0/5] | | RAW | |
|-------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | DRAFT | ignoreheading |
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|-------------------------------------+----------+---------+---------------|
| *** Surveillance Cameras [0/2] | | DRAFT | |
| **** Unavoidable Surveillance | | DRAFT | |
| **** Access to Data | 00:00:30 | DRAFT | |
|-------------------------------------+----------+---------+---------------|
| *** Internet of Things [0/4] | | RAW | |
| **** Wide Open | 00:00:30 | RAW | |
| **** Lack of Security | 00:01:30 | RAW | |
| **** Who's Watching? | 00:00:30 | RAW | |
| **** Facial Recognition | 00:01 | RAW | |
|-------------------------------------+----------+---------+---------------|
| *** Social Media [0/1] | | RAW | |
| **** Collateral Damage | 00:01 | RAW | |
|-------------------------------------+----------+---------+---------------|
| *** Driving [0/3] | | RAW | |
| **** Introduction | 00:00:30 | RAW | fullframe |
| **** ALPRs | 00:01 | RAW | |
| **** Car Itself | 00:00:30 | RAW | |
|-------------------------------------+----------+---------+---------------|
| ** The Web [0/6] | | RAW | |
|-------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | RAW | ignoreheading |
| **** Introduction | | RAW | fullframe |
|-------------------------------------+----------+---------+---------------|
| *** Bridging the Gap [0/1] | | RAW | |
| **** Ultrasound Tracking | 00:01 | RAW | |
|-------------------------------------+----------+---------+---------------|
| *** Incentive to Betray [0/1] | | RAW | |
| **** Summary | 00:00:30 | RAW | fullframe |
|-------------------------------------+----------+---------+---------------|
| *** Analytics [0/2] | | RAW | |
| **** Trackers | 00:01 | RAW | |
| **** Like Buttons | 00:01 | RAW | |
|-------------------------------------+----------+---------+---------------|
| *** Fingerprinting [0/2] | | RAW | |
| **** Summary | 00:03 | RAW | fullframe |
| **** Browser Addons | 00:01 | RAW | |
|-------------------------------------+----------+---------+---------------|
| *** Anonymity [0/3] | | RAW | |
| **** Summary | 00:01 | RAW | fullframe |
| **** The Tor Network | 00:01 | RAW | |
| **** TorBrowser, Tails, and Whonix | 00:02 | RAW | |
|-------------------------------------+----------+---------+---------------|
| ** Data Analytics [0/2] | | LACKING | |
|-------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | RAW | ignoreheading |
| **** Introduction | 00:00 | RAW | fullframe |
|-------------------------------------+----------+---------+---------------|
| *** Headings [0/3] | | LACKING | |
| **** Advertisers | 00:02 | LACKING | |
| **** Social Media | 00:01 | LACKING | |
| **** Governments | 00:00:30 | LACKING | |
|-------------------------------------+----------+---------+---------------|
| ** Policy and Government [0/6] | | RAW | |
|-------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | RAW | ignoreheading |
| **** Introduction | 00:00:30 | RAW | fullframe |
|-------------------------------------+----------+---------+---------------|
| *** Surveillance [0/4] | | LACKING | |
| **** History of NSA Surveillance | 00:02 | LACKING | |
| **** Verizon Metadata | 00:00:30 | LACKING | |
| **** Snowden | 00:01 | LACKING | |
| **** Tools | 00:02 | LACKING | |
|-------------------------------------+----------+---------+---------------|
| *** Crypto Wars [0/3] | | LACKING | |
| **** Introduction | 00:00 | RAW | fullframe |
| **** Bernstein v. United States | 00:01 | LACKING | |
| **** Makes Us Less Safe | 00:02 | LACKING | |
|-------------------------------------+----------+---------+---------------|
| *** Espionage [0/1] | | LACKING | |
| **** US Can't Keep Its Own Secrets | 00:01 | LACKING | |
|-------------------------------------+----------+---------+---------------|
| *** Subpoenas, Warrants, NSLs [0/1] | | LACKING | |
| **** National Security Letters | 00:01 | LACKING | |
|-------------------------------------+----------+---------+---------------|
| *** Law [0/1] | | LACKING | |
| **** Summary | 00:01 | LACKING | fullframe |
|-------------------------------------+----------+---------+---------------|
| ** Your Fight [0/1] | | RAW | |
|-------------------------------------+----------+---------+---------------|
| *** Headings [0/5] | | RAW | |
| **** Feeding | 00:00 | RAW | fullframe |
| **** SaaSS and Centralization | 00:01 | RAW | |
| **** Corporate Negligence | 00:01 | RAW | |
| **** Status Quo | 00:02 | RAW | |
| **** Push Back | 00:01 | RAW | |
|-------------------------------------+----------+---------+---------------|
| * Exporting | | | |
|-------------------------------------+----------+---------+---------------|
| * Local Variables | | | |
| ITEM | DURATION | TODO | ENVIRONMENT |
|-----------------------------------------------+----------+---------+---------------|
| * Slides | | | |
|-----------------------------------------------+----------+---------+---------------|
| ** Introduction / Opening | 00:00:30 | DRAFT | fullframe |
|-----------------------------------------------+----------+---------+---------------|
| ** Mobile [0/5] | | LACKING | |
|-----------------------------------------------+----------+---------+---------------|
| *** Introduction | | DRAFT | ignoreheading |
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|-----------------------------------------------+----------+---------+---------------|
| *** Cell Towers [0/2] | 00:01 | LACKING | |
| **** Fundamentally Needed | | DRAFT | |
| **** Cell-Site Simulators | | LACKING | |
|-----------------------------------------------+----------+---------+---------------|
| *** Wifi [0/3] | 00:01 | LACKING | |
| **** Wifi | | DRAFT | |
| **** Ubiquitous Access Points | | LACKING | |
| **** Mitigations | | DRAFT | |
|-----------------------------------------------+----------+---------+---------------|
| *** Location Services [0/2] | 00:01 | DRAFT | |
| **** GPS | | DRAFT | |
| **** Access Points | | DRAFT | |
|-----------------------------------------------+----------+---------+---------------|
| *** Operating System [0/3] | 00:01 | DRAFT | |
| **** Untrusted/Proprietary OS | | DRAFT | |
| **** Free/Libre Mobile OS? | | DRAFT | |
| **** Modem | | DRAFT | |
|-----------------------------------------------+----------+---------+---------------|
| ** Stationary [0/5] | | RAW | |
|-----------------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | DRAFT | ignoreheading |
| **** Introduction | 00:00:30 | DRAFT | fullframe |
|-----------------------------------------------+----------+---------+---------------|
| *** Surveillance Cameras [0/2] | | DRAFT | |
| **** Unavoidable Surveillance | | DRAFT | |
| **** Access to Data | 00:00:30 | DRAFT | |
|-----------------------------------------------+----------+---------+---------------|
| *** Internet of Things [0/4] | | LACKING | |
| **** Internet-Connected Cameras | 00:00:30 | DRAFT | |
| **** The ``S'' In IoT Stands For ``Security'' | 00:01:30 | LACKING | |
| **** Who's Watching? | 00:00:30 | LACKING | |
| **** Facial Recognition | 00:01 | DRAFT | |
|-----------------------------------------------+----------+---------+---------------|
| *** Social Media [0/1] | | DRAFT | |
| **** Collateral Damage | 00:01 | DRAFT | |
|-----------------------------------------------+----------+---------+---------------|
| *** Driving [0/3] | | RAW | |
| **** Introduction | 00:00:30 | DRAFT | fullframe |
| **** ALPRs | 00:01 | LACKING | |
| **** Car Itself | 00:00:30 | LACKING | |
|-----------------------------------------------+----------+---------+---------------|
| ** The Web [0/6] | | RAW | |
|-----------------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | RAW | ignoreheading |
| **** Introduction | | RAW | fullframe |
|-----------------------------------------------+----------+---------+---------------|
| *** Bridging the Gap [0/1] | | RAW | |
| **** Ultrasound Tracking | 00:01 | RAW | |
|-----------------------------------------------+----------+---------+---------------|
| *** Incentive to Betray [0/1] | | RAW | |
| **** Summary | 00:00:30 | RAW | fullframe |
|-----------------------------------------------+----------+---------+---------------|
| *** Analytics [0/2] | | RAW | |
| **** Trackers | 00:01 | RAW | |
| **** Like Buttons | 00:01 | RAW | |
|-----------------------------------------------+----------+---------+---------------|
| *** Fingerprinting [0/2] | | RAW | |
| **** Summary | 00:03 | RAW | fullframe |
| **** Browser Addons | 00:01 | RAW | |
|-----------------------------------------------+----------+---------+---------------|
| *** Anonymity [0/3] | | RAW | |
| **** Summary | 00:01 | RAW | fullframe |
| **** The Tor Network | 00:01 | RAW | |
| **** TorBrowser, Tails, and Whonix | 00:02 | RAW | |
|-----------------------------------------------+----------+---------+---------------|
| ** Data Analytics [0/2] | | LACKING | |
|-----------------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | RAW | ignoreheading |
| **** Introduction | 00:00 | RAW | fullframe |
|-----------------------------------------------+----------+---------+---------------|
| *** Headings [0/3] | | LACKING | |
| **** Advertisers | 00:02 | LACKING | |
| **** Social Media | 00:01 | LACKING | |
| **** Governments | 00:00:30 | LACKING | |
|-----------------------------------------------+----------+---------+---------------|
| ** Policy and Government [0/6] | | RAW | |
|-----------------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | RAW | ignoreheading |
| **** Introduction | 00:00:30 | RAW | fullframe |
|-----------------------------------------------+----------+---------+---------------|
| *** Surveillance [0/4] | | LACKING | |
| **** History of NSA Surveillance | 00:02 | LACKING | |
| **** Verizon Metadata | 00:00:30 | LACKING | |
| **** Snowden | 00:01 | LACKING | |
| **** Tools | 00:02 | LACKING | |
|-----------------------------------------------+----------+---------+---------------|
| *** Crypto Wars [0/3] | | LACKING | |
| **** Introduction | 00:00 | RAW | fullframe |
| **** Bernstein v. United States | 00:01 | LACKING | |
| **** Makes Us Less Safe | 00:02 | LACKING | |
|-----------------------------------------------+----------+---------+---------------|
| *** Espionage [0/1] | | LACKING | |
| **** US Can't Keep Its Own Secrets | 00:01 | LACKING | |
|-----------------------------------------------+----------+---------+---------------|
| *** Subpoenas, Warrants, NSLs [0/1] | | LACKING | |
| **** National Security Letters | 00:01 | LACKING | |
|-----------------------------------------------+----------+---------+---------------|
| *** Law [0/1] | | LACKING | |
| **** Summary | 00:01 | LACKING | fullframe |
|-----------------------------------------------+----------+---------+---------------|
| ** Your Fight [0/1] | | RAW | |
|-----------------------------------------------+----------+---------+---------------|
| *** Headings [0/5] | | RAW | |
| **** Feeding | 00:00 | RAW | fullframe |
| **** SaaSS and Centralization | 00:01 | RAW | |
| **** Corporate Negligence | 00:01 | RAW | |
| **** Status Quo | 00:02 | RAW | |
| **** Push Back | 00:01 | RAW | |
|-----------------------------------------------+----------+---------+---------------|
| * Exporting | | | |
|-----------------------------------------------+----------+---------+---------------|
| * Local Variables | | | |
#+END
@ -400,7 +400,7 @@ So even with Replicant,
** RAW Stationary [0/5]
** LACKING Stationary [0/5]
*** DRAFT Introduction [0/1] :B_ignoreheading:
:PROPERTIES:
:BEAMER_env: ignoreheading
@ -466,11 +466,17 @@ The best form of privacy is to avoid having the data be collected to begin
with.
#+END_COMMENT
*** RAW Internet of Things [0/4]
**** RAW Wide Open
*** LACKING Internet of Things [0/4]
**** DRAFT Internet-Connected Cameras
:PROPERTIES:
:DURATION: 00:00:30
:END:
- Cameras used to be ``closed-circuit''
- Today\ldots not always so much
#+BEGIN_COMMENT
In the past, these cameras were "closed-circuit"---
they were on their own segregated network.
You'd _have_ to subpoena the owner,
@ -487,11 +493,18 @@ Because it's not just businesses that use Internet-connected cameras.
They're also popular among individuals for personal/home use.
Home security systems.
Baby monitors.
#+END_COMMENT
**** RAW Lack of Security
**** LACKING The ``S'' In IoT Stands For ``Security''
:PROPERTIES:
:DURATION: 00:01:30
:END:
- Shodan---IoT search engine
- Mirai
- ...<other concerns>
#+BEGIN_COMMENT
Who here has heard of Shodan?
Shodan is a search engine for the Internet of Things.
@ -501,7 +514,18 @@ Maybe that wouldn't be a problem if people knew proper NAT configuration
that isn't subverted by UPnP.
Maybe it wouldn't be a problem if these devices even gave a moment of
thought to security.
#+END_COMMENT
**** LACKING Who's Watching?
:PROPERTIES:
:DURATION: 00:00:30
:END:
- Insecam
- <Add information>
#+BEGIN_COMMENT
Anyone heard of Insecam?
It's a site that aggregates live video feeds of unsecured IP cameras.
I can tell you personally that you feel like a scumbag looking at the site.
@ -528,21 +552,25 @@ They remove things that are too deeply personal.
This is an excellent example to demonstrate to others why this is such a big
deal.
**** RAW Who's Watching?
:PROPERTIES:
:DURATION: 00:00:30
:END:
So that's what your average person can do.
That's what some of you are going to be doing as soon as you leave this
talk, if you haven't started looking already!
That's what law enforcement is going to do.
That's what the NSA, GHCQ, et. al. are going to do.
#+END_COMMENT
**** RAW Facial Recognition
**** DRAFT Facial Recognition
:PROPERTIES:
:DURATION: 00:01
:END:
- <1-> Humans no longer need to scour video feeds
- <2-> Facial recognition widely used even for entertainment
- <3-> No face? Check your gait.
#+BEGIN_COMMENT
Now let's couple that with facial recognition.
Consider the breadth of devices we just covered.
@ -559,14 +587,21 @@ You can also be identified by your gait.
There's a lot to say about IoT.
We'll come back to it.
#+END_COMMENT
*** RAW Social Media [0/1]
**** RAW Collateral Damage
*** DRAFT Social Media [0/1]
**** DRAFT Collateral Damage
:PROPERTIES:
:DURATION: 00:01
:END:
- <1-> Don't put pictures of me on Facebook
- <1-> Don't put pictures of my children _anywhere_
- <2-> That person in the distance that happens to be in your photo has
been inflicted with collateral damage
#+BEGIN_COMMENT
So you don't have any unsecured IoT cameras in your home.
Or in this conference.
But you do have unsecured people running wild with their photos and their
@ -590,14 +625,20 @@ What they're actually doing is inflicting collateral damage.
If I'm off in the background when you take a picture of your friends in the
foreground,
I'm still in the photo.
#+END_COMMENT
*** RAW Driving [0/3]
**** RAW Introduction :B_fullframe:
**** DRAFT Introduction :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:30
:BEAMER_env: fullframe
:END:
- Do you drive a vehicle?
#+BEGIN_COMMENT
Okay.
So you have no phone.
You sneak around public areas like a ninja.
@ -611,11 +652,17 @@ Well if you flew here,
That's not even worth discussing.
But what about if you drove?
#+END_COMMENT
**** RAW ALPRs
**** LACKING ALPRs
:PROPERTIES:
:DURATION: 00:01
:END:
- Automated License Plate Readers (ALPRs)
#+BEGIN_COMMENT
ALPRs possibly tracked your movements.
Automated License Plate Readers.
@ -635,17 +682,23 @@ But the rental place probably took your name, license, and other
You could take a cab and pay with cash.
But that can get expensive.
And they might have cameras and such anyway.
#+END_COMMENT
**** RAW Car Itself
**** LACKING Car Itself
:PROPERTIES:
:DURATION: 00:00:30
:END:
- Your vehicle itself might be a spy
#+BEGIN_COMMENT
Maybe your car itself is a tracking device (e.g. OnStar).
(Move into Mobile?)
<...>
#+END_COMMENT
** RAW The Web [0/6]