From d901e6546ef64aab6fdb25a0ea64b8f4755b3318 Mon Sep 17 00:00:00 2001 From: Mike Gerwitz Date: Mon, 6 Mar 2017 23:22:57 -0500 Subject: [PATCH] slides.org (Stationary): Finish initial note breakout * notes.org (Topics): Check Mirai. --- slides.org | 327 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 190 insertions(+), 137 deletions(-) diff --git a/slides.org b/slides.org index 2239a8d..fb281d4 100644 --- a/slides.org +++ b/slides.org @@ -13,129 +13,129 @@ #+BEGIN: columnview :hlines 3 :id global -| ITEM | DURATION | TODO | ENVIRONMENT | -|-------------------------------------+----------+---------+---------------| -| * Slides | | | | -|-------------------------------------+----------+---------+---------------| -| ** Introduction / Opening | 00:00:30 | DRAFT | fullframe | -|-------------------------------------+----------+---------+---------------| -| ** Mobile [0/5] | | LACKING | | -|-------------------------------------+----------+---------+---------------| -| *** Introduction | | DRAFT | ignoreheading | -| **** Introduction | 00:00:30 | DRAFT | fullframe | -|-------------------------------------+----------+---------+---------------| -| *** Cell Towers [0/2] | 00:01 | LACKING | | -| **** Fundamentally Needed | | DRAFT | | -| **** Cell-Site Simulators | | LACKING | | -|-------------------------------------+----------+---------+---------------| -| *** Wifi [0/3] | 00:01 | LACKING | | -| **** Wifi | | DRAFT | | -| **** Ubiquitous Access Points | | LACKING | | -| **** Mitigations | | DRAFT | | -|-------------------------------------+----------+---------+---------------| -| *** Location Services [0/2] | 00:01 | DRAFT | | -| **** GPS | | DRAFT | | -| **** Access Points | | DRAFT | | -|-------------------------------------+----------+---------+---------------| -| *** Operating System [0/3] | 00:01 | DRAFT | | -| **** Untrusted/Proprietary OS | | DRAFT | | -| **** Free/Libre Mobile OS? | | DRAFT | | -| **** Modem | | DRAFT | | -|-------------------------------------+----------+---------+---------------| -| ** Stationary [0/5] | | RAW | | -|-------------------------------------+----------+---------+---------------| -| *** Introduction [0/1] | | DRAFT | ignoreheading | -| **** Introduction | 00:00:30 | DRAFT | fullframe | -|-------------------------------------+----------+---------+---------------| -| *** Surveillance Cameras [0/2] | | DRAFT | | -| **** Unavoidable Surveillance | | DRAFT | | -| **** Access to Data | 00:00:30 | DRAFT | | -|-------------------------------------+----------+---------+---------------| -| *** Internet of Things [0/4] | | RAW | | -| **** Wide Open | 00:00:30 | RAW | | -| **** Lack of Security | 00:01:30 | RAW | | -| **** Who's Watching? | 00:00:30 | RAW | | -| **** Facial Recognition | 00:01 | RAW | | -|-------------------------------------+----------+---------+---------------| -| *** Social Media [0/1] | | RAW | | -| **** Collateral Damage | 00:01 | RAW | | -|-------------------------------------+----------+---------+---------------| -| *** Driving [0/3] | | RAW | | -| **** Introduction | 00:00:30 | RAW | fullframe | -| **** ALPRs | 00:01 | RAW | | -| **** Car Itself | 00:00:30 | RAW | | -|-------------------------------------+----------+---------+---------------| -| ** The Web [0/6] | | RAW | | -|-------------------------------------+----------+---------+---------------| -| *** Introduction [0/1] | | RAW | ignoreheading | -| **** Introduction | | RAW | fullframe | -|-------------------------------------+----------+---------+---------------| -| *** Bridging the Gap [0/1] | | RAW | | -| **** Ultrasound Tracking | 00:01 | RAW | | -|-------------------------------------+----------+---------+---------------| -| *** Incentive to Betray [0/1] | | RAW | | -| **** Summary | 00:00:30 | RAW | fullframe | -|-------------------------------------+----------+---------+---------------| -| *** Analytics [0/2] | | RAW | | -| **** Trackers | 00:01 | RAW | | -| **** Like Buttons | 00:01 | RAW | | -|-------------------------------------+----------+---------+---------------| -| *** Fingerprinting [0/2] | | RAW | | -| **** Summary | 00:03 | RAW | fullframe | -| **** Browser Addons | 00:01 | RAW | | -|-------------------------------------+----------+---------+---------------| -| *** Anonymity [0/3] | | RAW | | -| **** Summary | 00:01 | RAW | fullframe | -| **** The Tor Network | 00:01 | RAW | | -| **** TorBrowser, Tails, and Whonix | 00:02 | RAW | | -|-------------------------------------+----------+---------+---------------| -| ** Data Analytics [0/2] | | LACKING | | -|-------------------------------------+----------+---------+---------------| -| *** Introduction [0/1] | | RAW | ignoreheading | -| **** Introduction | 00:00 | RAW | fullframe | -|-------------------------------------+----------+---------+---------------| -| *** Headings [0/3] | | LACKING | | -| **** Advertisers | 00:02 | LACKING | | -| **** Social Media | 00:01 | LACKING | | -| **** Governments | 00:00:30 | LACKING | | -|-------------------------------------+----------+---------+---------------| -| ** Policy and Government [0/6] | | RAW | | -|-------------------------------------+----------+---------+---------------| -| *** Introduction [0/1] | | RAW | ignoreheading | -| **** Introduction | 00:00:30 | RAW | fullframe | -|-------------------------------------+----------+---------+---------------| -| *** Surveillance [0/4] | | LACKING | | -| **** History of NSA Surveillance | 00:02 | LACKING | | -| **** Verizon Metadata | 00:00:30 | LACKING | | -| **** Snowden | 00:01 | LACKING | | -| **** Tools | 00:02 | LACKING | | -|-------------------------------------+----------+---------+---------------| -| *** Crypto Wars [0/3] | | LACKING | | -| **** Introduction | 00:00 | RAW | fullframe | -| **** Bernstein v. United States | 00:01 | LACKING | | -| **** Makes Us Less Safe | 00:02 | LACKING | | -|-------------------------------------+----------+---------+---------------| -| *** Espionage [0/1] | | LACKING | | -| **** US Can't Keep Its Own Secrets | 00:01 | LACKING | | -|-------------------------------------+----------+---------+---------------| -| *** Subpoenas, Warrants, NSLs [0/1] | | LACKING | | -| **** National Security Letters | 00:01 | LACKING | | -|-------------------------------------+----------+---------+---------------| -| *** Law [0/1] | | LACKING | | -| **** Summary | 00:01 | LACKING | fullframe | -|-------------------------------------+----------+---------+---------------| -| ** Your Fight [0/1] | | RAW | | -|-------------------------------------+----------+---------+---------------| -| *** Headings [0/5] | | RAW | | -| **** Feeding | 00:00 | RAW | fullframe | -| **** SaaSS and Centralization | 00:01 | RAW | | -| **** Corporate Negligence | 00:01 | RAW | | -| **** Status Quo | 00:02 | RAW | | -| **** Push Back | 00:01 | RAW | | -|-------------------------------------+----------+---------+---------------| -| * Exporting | | | | -|-------------------------------------+----------+---------+---------------| -| * Local Variables | | | | +| ITEM | DURATION | TODO | ENVIRONMENT | +|-----------------------------------------------+----------+---------+---------------| +| * Slides | | | | +|-----------------------------------------------+----------+---------+---------------| +| ** Introduction / Opening | 00:00:30 | DRAFT | fullframe | +|-----------------------------------------------+----------+---------+---------------| +| ** Mobile [0/5] | | LACKING | | +|-----------------------------------------------+----------+---------+---------------| +| *** Introduction | | DRAFT | ignoreheading | +| **** Introduction | 00:00:30 | DRAFT | fullframe | +|-----------------------------------------------+----------+---------+---------------| +| *** Cell Towers [0/2] | 00:01 | LACKING | | +| **** Fundamentally Needed | | DRAFT | | +| **** Cell-Site Simulators | | LACKING | | +|-----------------------------------------------+----------+---------+---------------| +| *** Wifi [0/3] | 00:01 | LACKING | | +| **** Wifi | | DRAFT | | +| **** Ubiquitous Access Points | | LACKING | | +| **** Mitigations | | DRAFT | | +|-----------------------------------------------+----------+---------+---------------| +| *** Location Services [0/2] | 00:01 | DRAFT | | +| **** GPS | | DRAFT | | +| **** Access Points | | DRAFT | | +|-----------------------------------------------+----------+---------+---------------| +| *** Operating System [0/3] | 00:01 | DRAFT | | +| **** Untrusted/Proprietary OS | | DRAFT | | +| **** Free/Libre Mobile OS? | | DRAFT | | +| **** Modem | | DRAFT | | +|-----------------------------------------------+----------+---------+---------------| +| ** Stationary [0/5] | | RAW | | +|-----------------------------------------------+----------+---------+---------------| +| *** Introduction [0/1] | | DRAFT | ignoreheading | +| **** Introduction | 00:00:30 | DRAFT | fullframe | +|-----------------------------------------------+----------+---------+---------------| +| *** Surveillance Cameras [0/2] | | DRAFT | | +| **** Unavoidable Surveillance | | DRAFT | | +| **** Access to Data | 00:00:30 | DRAFT | | +|-----------------------------------------------+----------+---------+---------------| +| *** Internet of Things [0/4] | | LACKING | | +| **** Internet-Connected Cameras | 00:00:30 | DRAFT | | +| **** The ``S'' In IoT Stands For ``Security'' | 00:01:30 | LACKING | | +| **** Who's Watching? | 00:00:30 | LACKING | | +| **** Facial Recognition | 00:01 | DRAFT | | +|-----------------------------------------------+----------+---------+---------------| +| *** Social Media [0/1] | | DRAFT | | +| **** Collateral Damage | 00:01 | DRAFT | | +|-----------------------------------------------+----------+---------+---------------| +| *** Driving [0/3] | | RAW | | +| **** Introduction | 00:00:30 | DRAFT | fullframe | +| **** ALPRs | 00:01 | LACKING | | +| **** Car Itself | 00:00:30 | LACKING | | +|-----------------------------------------------+----------+---------+---------------| +| ** The Web [0/6] | | RAW | | +|-----------------------------------------------+----------+---------+---------------| +| *** Introduction [0/1] | | RAW | ignoreheading | +| **** Introduction | | RAW | fullframe | +|-----------------------------------------------+----------+---------+---------------| +| *** Bridging the Gap [0/1] | | RAW | | +| **** Ultrasound Tracking | 00:01 | RAW | | +|-----------------------------------------------+----------+---------+---------------| +| *** Incentive to Betray [0/1] | | RAW | | +| **** Summary | 00:00:30 | RAW | fullframe | +|-----------------------------------------------+----------+---------+---------------| +| *** Analytics [0/2] | | RAW | | +| **** Trackers | 00:01 | RAW | | +| **** Like Buttons | 00:01 | RAW | | +|-----------------------------------------------+----------+---------+---------------| +| *** Fingerprinting [0/2] | | RAW | | +| **** Summary | 00:03 | RAW | fullframe | +| **** Browser Addons | 00:01 | RAW | | +|-----------------------------------------------+----------+---------+---------------| +| *** Anonymity [0/3] | | RAW | | +| **** Summary | 00:01 | RAW | fullframe | +| **** The Tor Network | 00:01 | RAW | | +| **** TorBrowser, Tails, and Whonix | 00:02 | RAW | | +|-----------------------------------------------+----------+---------+---------------| +| ** Data Analytics [0/2] | | LACKING | | +|-----------------------------------------------+----------+---------+---------------| +| *** Introduction [0/1] | | RAW | ignoreheading | +| **** Introduction | 00:00 | RAW | fullframe | +|-----------------------------------------------+----------+---------+---------------| +| *** Headings [0/3] | | LACKING | | +| **** Advertisers | 00:02 | LACKING | | +| **** Social Media | 00:01 | LACKING | | +| **** Governments | 00:00:30 | LACKING | | +|-----------------------------------------------+----------+---------+---------------| +| ** Policy and Government [0/6] | | RAW | | +|-----------------------------------------------+----------+---------+---------------| +| *** Introduction [0/1] | | RAW | ignoreheading | +| **** Introduction | 00:00:30 | RAW | fullframe | +|-----------------------------------------------+----------+---------+---------------| +| *** Surveillance [0/4] | | LACKING | | +| **** History of NSA Surveillance | 00:02 | LACKING | | +| **** Verizon Metadata | 00:00:30 | LACKING | | +| **** Snowden | 00:01 | LACKING | | +| **** Tools | 00:02 | LACKING | | +|-----------------------------------------------+----------+---------+---------------| +| *** Crypto Wars [0/3] | | LACKING | | +| **** Introduction | 00:00 | RAW | fullframe | +| **** Bernstein v. United States | 00:01 | LACKING | | +| **** Makes Us Less Safe | 00:02 | LACKING | | +|-----------------------------------------------+----------+---------+---------------| +| *** Espionage [0/1] | | LACKING | | +| **** US Can't Keep Its Own Secrets | 00:01 | LACKING | | +|-----------------------------------------------+----------+---------+---------------| +| *** Subpoenas, Warrants, NSLs [0/1] | | LACKING | | +| **** National Security Letters | 00:01 | LACKING | | +|-----------------------------------------------+----------+---------+---------------| +| *** Law [0/1] | | LACKING | | +| **** Summary | 00:01 | LACKING | fullframe | +|-----------------------------------------------+----------+---------+---------------| +| ** Your Fight [0/1] | | RAW | | +|-----------------------------------------------+----------+---------+---------------| +| *** Headings [0/5] | | RAW | | +| **** Feeding | 00:00 | RAW | fullframe | +| **** SaaSS and Centralization | 00:01 | RAW | | +| **** Corporate Negligence | 00:01 | RAW | | +| **** Status Quo | 00:02 | RAW | | +| **** Push Back | 00:01 | RAW | | +|-----------------------------------------------+----------+---------+---------------| +| * Exporting | | | | +|-----------------------------------------------+----------+---------+---------------| +| * Local Variables | | | | #+END @@ -400,7 +400,7 @@ So even with Replicant, -** RAW Stationary [0/5] +** LACKING Stationary [0/5] *** DRAFT Introduction [0/1] :B_ignoreheading: :PROPERTIES: :BEAMER_env: ignoreheading @@ -466,11 +466,17 @@ The best form of privacy is to avoid having the data be collected to begin with. #+END_COMMENT -*** RAW Internet of Things [0/4] -**** RAW Wide Open + +*** LACKING Internet of Things [0/4] +**** DRAFT Internet-Connected Cameras :PROPERTIES: :DURATION: 00:00:30 :END: + +- Cameras used to be ``closed-circuit'' +- Today\ldots not always so much + +#+BEGIN_COMMENT In the past, these cameras were "closed-circuit"--- they were on their own segregated network. You'd _have_ to subpoena the owner, @@ -487,11 +493,18 @@ Because it's not just businesses that use Internet-connected cameras. They're also popular among individuals for personal/home use. Home security systems. Baby monitors. +#+END_COMMENT -**** RAW Lack of Security +**** LACKING The ``S'' In IoT Stands For ``Security'' :PROPERTIES: :DURATION: 00:01:30 :END: + +- Shodan---IoT search engine +- Mirai +- ... + +#+BEGIN_COMMENT Who here has heard of Shodan? Shodan is a search engine for the Internet of Things. @@ -501,7 +514,18 @@ Maybe that wouldn't be a problem if people knew proper NAT configuration that isn't subverted by UPnP. Maybe it wouldn't be a problem if these devices even gave a moment of thought to security. +#+END_COMMENT + +**** LACKING Who's Watching? +:PROPERTIES: +:DURATION: 00:00:30 +:END: + +- Insecam + - + +#+BEGIN_COMMENT Anyone heard of Insecam? It's a site that aggregates live video feeds of unsecured IP cameras. I can tell you personally that you feel like a scumbag looking at the site. @@ -528,21 +552,25 @@ They remove things that are too deeply personal. This is an excellent example to demonstrate to others why this is such a big deal. -**** RAW Who's Watching? -:PROPERTIES: -:DURATION: 00:00:30 -:END: So that's what your average person can do. That's what some of you are going to be doing as soon as you leave this talk, if you haven't started looking already! That's what law enforcement is going to do. That's what the NSA, GHCQ, et. al. are going to do. +#+END_COMMENT -**** RAW Facial Recognition + +**** DRAFT Facial Recognition :PROPERTIES: :DURATION: 00:01 :END: + +- <1-> Humans no longer need to scour video feeds +- <2-> Facial recognition widely used even for entertainment +- <3-> No face? Check your gait. + +#+BEGIN_COMMENT Now let's couple that with facial recognition. Consider the breadth of devices we just covered. @@ -559,14 +587,21 @@ You can also be identified by your gait. There's a lot to say about IoT. We'll come back to it. +#+END_COMMENT -*** RAW Social Media [0/1] -**** RAW Collateral Damage +*** DRAFT Social Media [0/1] +**** DRAFT Collateral Damage :PROPERTIES: :DURATION: 00:01 :END: +- <1-> Don't put pictures of me on Facebook +- <1-> Don't put pictures of my children _anywhere_ +- <2-> That person in the distance that happens to be in your photo has + been inflicted with collateral damage + +#+BEGIN_COMMENT So you don't have any unsecured IoT cameras in your home. Or in this conference. But you do have unsecured people running wild with their photos and their @@ -590,14 +625,20 @@ What they're actually doing is inflicting collateral damage. If I'm off in the background when you take a picture of your friends in the foreground, I'm still in the photo. +#+END_COMMENT *** RAW Driving [0/3] -**** RAW Introduction :B_fullframe: +**** DRAFT Introduction :B_fullframe: :PROPERTIES: :DURATION: 00:00:30 :BEAMER_env: fullframe :END: + +- Do you drive a vehicle? + + +#+BEGIN_COMMENT Okay. So you have no phone. You sneak around public areas like a ninja. @@ -611,11 +652,17 @@ Well if you flew here, That's not even worth discussing. But what about if you drove? +#+END_COMMENT -**** RAW ALPRs + +**** LACKING ALPRs :PROPERTIES: :DURATION: 00:01 :END: + +- Automated License Plate Readers (ALPRs) + +#+BEGIN_COMMENT ALPRs possibly tracked your movements. Automated License Plate Readers. @@ -635,17 +682,23 @@ But the rental place probably took your name, license, and other You could take a cab and pay with cash. But that can get expensive. And they might have cameras and such anyway. +#+END_COMMENT -**** RAW Car Itself +**** LACKING Car Itself :PROPERTIES: :DURATION: 00:00:30 :END: + +- Your vehicle itself might be a spy + +#+BEGIN_COMMENT Maybe your car itself is a tracking device (e.g. OnStar). (Move into Mobile?) <...> +#+END_COMMENT ** RAW The Web [0/6]