mikegerwitz
/
sapsf
1
0
Fork 0
Code Releases Activity

slides.org (Stationary): Finish initial note breakout 

* notes.org (Topics): Check Mirai.
master
Mike Gerwitz 2017-03-06 23:22:57 -05:00
parent 59756ebae0
commit d901e6546e
1 changed files with 190 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

327
slides.org
View File

@ -13,129 +13,129 @@
#+BEGIN: columnview :hlines 3 :id global #+BEGIN: columnview :hlines 3 :id global
| ITEM | DURATION | TODO | ENVIRONMENT | | ITEM | DURATION | TODO | ENVIRONMENT |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| * Slides | | | | | * Slides | | | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| ** Introduction / Opening | 00:00:30 | DRAFT | fullframe | | ** Introduction / Opening | 00:00:30 | DRAFT | fullframe |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| ** Mobile [0/5] | | LACKING | | | ** Mobile [0/5] | | LACKING | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Introduction | | DRAFT | ignoreheading | | *** Introduction | | DRAFT | ignoreheading |
| **** Introduction | 00:00:30 | DRAFT | fullframe | | **** Introduction | 00:00:30 | DRAFT | fullframe |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Cell Towers [0/2] | 00:01 | LACKING | | | *** Cell Towers [0/2] | 00:01 | LACKING | |
| **** Fundamentally Needed | | DRAFT | | | **** Fundamentally Needed | | DRAFT | |
| **** Cell-Site Simulators | | LACKING | | | **** Cell-Site Simulators | | LACKING | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Wifi [0/3] | 00:01 | LACKING | | | *** Wifi [0/3] | 00:01 | LACKING | |
| **** Wifi | | DRAFT | | | **** Wifi | | DRAFT | |
| **** Ubiquitous Access Points | | LACKING | | | **** Ubiquitous Access Points | | LACKING | |
| **** Mitigations | | DRAFT | | | **** Mitigations | | DRAFT | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Location Services [0/2] | 00:01 | DRAFT | | | *** Location Services [0/2] | 00:01 | DRAFT | |
| **** GPS | | DRAFT | | | **** GPS | | DRAFT | |
| **** Access Points | | DRAFT | | | **** Access Points | | DRAFT | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Operating System [0/3] | 00:01 | DRAFT | | | *** Operating System [0/3] | 00:01 | DRAFT | |
| **** Untrusted/Proprietary OS | | DRAFT | | | **** Untrusted/Proprietary OS | | DRAFT | |
| **** Free/Libre Mobile OS? | | DRAFT | | | **** Free/Libre Mobile OS? | | DRAFT | |
| **** Modem | | DRAFT | | | **** Modem | | DRAFT | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| ** Stationary [0/5] | | RAW | | | ** Stationary [0/5] | | RAW | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | DRAFT | ignoreheading | | *** Introduction [0/1] | | DRAFT | ignoreheading |
| **** Introduction | 00:00:30 | DRAFT | fullframe | | **** Introduction | 00:00:30 | DRAFT | fullframe |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Surveillance Cameras [0/2] | | DRAFT | | | *** Surveillance Cameras [0/2] | | DRAFT | |
| **** Unavoidable Surveillance | | DRAFT | | | **** Unavoidable Surveillance | | DRAFT | |
| **** Access to Data | 00:00:30 | DRAFT | | | **** Access to Data | 00:00:30 | DRAFT | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Internet of Things [0/4] | | RAW | | | *** Internet of Things [0/4] | | LACKING | |
| **** Wide Open | 00:00:30 | RAW | | | **** Internet-Connected Cameras | 00:00:30 | DRAFT | |
| **** Lack of Security | 00:01:30 | RAW | | | **** The ``S'' In IoT Stands For ``Security'' | 00:01:30 | LACKING | |
| **** Who's Watching? | 00:00:30 | RAW | | | **** Who's Watching? | 00:00:30 | LACKING | |
| **** Facial Recognition | 00:01 | RAW | | | **** Facial Recognition | 00:01 | DRAFT | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Social Media [0/1] | | RAW | | | *** Social Media [0/1] | | DRAFT | |
| **** Collateral Damage | 00:01 | RAW | | | **** Collateral Damage | 00:01 | DRAFT | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Driving [0/3] | | RAW | | | *** Driving [0/3] | | RAW | |
| **** Introduction | 00:00:30 | RAW | fullframe | | **** Introduction | 00:00:30 | DRAFT | fullframe |
| **** ALPRs | 00:01 | RAW | | | **** ALPRs | 00:01 | LACKING | |
| **** Car Itself | 00:00:30 | RAW | | | **** Car Itself | 00:00:30 | LACKING | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| ** The Web [0/6] | | RAW | | | ** The Web [0/6] | | RAW | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | RAW | ignoreheading | | *** Introduction [0/1] | | RAW | ignoreheading |
| **** Introduction | | RAW | fullframe | | **** Introduction | | RAW | fullframe |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Bridging the Gap [0/1] | | RAW | | | *** Bridging the Gap [0/1] | | RAW | |
| **** Ultrasound Tracking | 00:01 | RAW | | | **** Ultrasound Tracking | 00:01 | RAW | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Incentive to Betray [0/1] | | RAW | | | *** Incentive to Betray [0/1] | | RAW | |
| **** Summary | 00:00:30 | RAW | fullframe | | **** Summary | 00:00:30 | RAW | fullframe |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Analytics [0/2] | | RAW | | | *** Analytics [0/2] | | RAW | |
| **** Trackers | 00:01 | RAW | | | **** Trackers | 00:01 | RAW | |
| **** Like Buttons | 00:01 | RAW | | | **** Like Buttons | 00:01 | RAW | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Fingerprinting [0/2] | | RAW | | | *** Fingerprinting [0/2] | | RAW | |
| **** Summary | 00:03 | RAW | fullframe | | **** Summary | 00:03 | RAW | fullframe |
| **** Browser Addons | 00:01 | RAW | | | **** Browser Addons | 00:01 | RAW | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Anonymity [0/3] | | RAW | | | *** Anonymity [0/3] | | RAW | |
| **** Summary | 00:01 | RAW | fullframe | | **** Summary | 00:01 | RAW | fullframe |
| **** The Tor Network | 00:01 | RAW | | | **** The Tor Network | 00:01 | RAW | |
| **** TorBrowser, Tails, and Whonix | 00:02 | RAW | | | **** TorBrowser, Tails, and Whonix | 00:02 | RAW | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| ** Data Analytics [0/2] | | LACKING | | | ** Data Analytics [0/2] | | LACKING | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | RAW | ignoreheading | | *** Introduction [0/1] | | RAW | ignoreheading |
| **** Introduction | 00:00 | RAW | fullframe | | **** Introduction | 00:00 | RAW | fullframe |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Headings [0/3] | | LACKING | | | *** Headings [0/3] | | LACKING | |
| **** Advertisers | 00:02 | LACKING | | | **** Advertisers | 00:02 | LACKING | |
| **** Social Media | 00:01 | LACKING | | | **** Social Media | 00:01 | LACKING | |
| **** Governments | 00:00:30 | LACKING | | | **** Governments | 00:00:30 | LACKING | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| ** Policy and Government [0/6] | | RAW | | | ** Policy and Government [0/6] | | RAW | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Introduction [0/1] | | RAW | ignoreheading | | *** Introduction [0/1] | | RAW | ignoreheading |
| **** Introduction | 00:00:30 | RAW | fullframe | | **** Introduction | 00:00:30 | RAW | fullframe |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Surveillance [0/4] | | LACKING | | | *** Surveillance [0/4] | | LACKING | |
| **** History of NSA Surveillance | 00:02 | LACKING | | | **** History of NSA Surveillance | 00:02 | LACKING | |
| **** Verizon Metadata | 00:00:30 | LACKING | | | **** Verizon Metadata | 00:00:30 | LACKING | |
| **** Snowden | 00:01 | LACKING | | | **** Snowden | 00:01 | LACKING | |
| **** Tools | 00:02 | LACKING | | | **** Tools | 00:02 | LACKING | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Crypto Wars [0/3] | | LACKING | | | *** Crypto Wars [0/3] | | LACKING | |
| **** Introduction | 00:00 | RAW | fullframe | | **** Introduction | 00:00 | RAW | fullframe |
| **** Bernstein v. United States | 00:01 | LACKING | | | **** Bernstein v. United States | 00:01 | LACKING | |
| **** Makes Us Less Safe | 00:02 | LACKING | | | **** Makes Us Less Safe | 00:02 | LACKING | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Espionage [0/1] | | LACKING | | | *** Espionage [0/1] | | LACKING | |
| **** US Can't Keep Its Own Secrets | 00:01 | LACKING | | | **** US Can't Keep Its Own Secrets | 00:01 | LACKING | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Subpoenas, Warrants, NSLs [0/1] | | LACKING | | | *** Subpoenas, Warrants, NSLs [0/1] | | LACKING | |
| **** National Security Letters | 00:01 | LACKING | | | **** National Security Letters | 00:01 | LACKING | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Law [0/1] | | LACKING | | | *** Law [0/1] | | LACKING | |
| **** Summary | 00:01 | LACKING | fullframe | | **** Summary | 00:01 | LACKING | fullframe |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| ** Your Fight [0/1] | | RAW | | | ** Your Fight [0/1] | | RAW | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| *** Headings [0/5] | | RAW | | | *** Headings [0/5] | | RAW | |
| **** Feeding | 00:00 | RAW | fullframe | | **** Feeding | 00:00 | RAW | fullframe |
| **** SaaSS and Centralization | 00:01 | RAW | | | **** SaaSS and Centralization | 00:01 | RAW | |
| **** Corporate Negligence | 00:01 | RAW | | | **** Corporate Negligence | 00:01 | RAW | |
| **** Status Quo | 00:02 | RAW | | | **** Status Quo | 00:02 | RAW | |
| **** Push Back | 00:01 | RAW | | | **** Push Back | 00:01 | RAW | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| * Exporting | | | | | * Exporting | | | |
|-------------------------------------+----------+---------+---------------| |-----------------------------------------------+----------+---------+---------------|
| * Local Variables | | | | | * Local Variables | | | |
#+END #+END
@ -400,7 +400,7 @@ So even with Replicant,
** RAW Stationary [0/5] ** LACKING Stationary [0/5]
*** DRAFT Introduction [0/1] :B_ignoreheading: *** DRAFT Introduction [0/1] :B_ignoreheading:
:PROPERTIES: :PROPERTIES:
:BEAMER_env: ignoreheading :BEAMER_env: ignoreheading
@ -466,11 +466,17 @@ The best form of privacy is to avoid having the data be collected to begin
with. with.
#+END_COMMENT #+END_COMMENT
*** RAW Internet of Things [0/4]
**** RAW Wide Open *** LACKING Internet of Things [0/4]
**** DRAFT Internet-Connected Cameras
:PROPERTIES: :PROPERTIES:
:DURATION: 00:00:30 :DURATION: 00:00:30
:END: :END:
- Cameras used to be ``closed-circuit''
- Today\ldots not always so much
#+BEGIN_COMMENT
In the past, these cameras were "closed-circuit"--- In the past, these cameras were "closed-circuit"---
they were on their own segregated network. they were on their own segregated network.
You'd _have_ to subpoena the owner, You'd _have_ to subpoena the owner,
@ -487,11 +493,18 @@ Because it's not just businesses that use Internet-connected cameras.
They're also popular among individuals for personal/home use. They're also popular among individuals for personal/home use.
Home security systems. Home security systems.
Baby monitors. Baby monitors.
#+END_COMMENT
**** RAW Lack of Security **** LACKING The ``S'' In IoT Stands For ``Security''
:PROPERTIES: :PROPERTIES:
:DURATION: 00:01:30 :DURATION: 00:01:30
:END: :END:
- Shodan---IoT search engine
- Mirai
- ...<other concerns>
#+BEGIN_COMMENT
Who here has heard of Shodan? Who here has heard of Shodan?
Shodan is a search engine for the Internet of Things. Shodan is a search engine for the Internet of Things.
@ -501,7 +514,18 @@ Maybe that wouldn't be a problem if people knew proper NAT configuration
that isn't subverted by UPnP. that isn't subverted by UPnP.
Maybe it wouldn't be a problem if these devices even gave a moment of Maybe it wouldn't be a problem if these devices even gave a moment of
thought to security. thought to security.
#+END_COMMENT
**** LACKING Who's Watching?
:PROPERTIES:
:DURATION: 00:00:30
:END:
- Insecam
- <Add information>
#+BEGIN_COMMENT
Anyone heard of Insecam? Anyone heard of Insecam?
It's a site that aggregates live video feeds of unsecured IP cameras. It's a site that aggregates live video feeds of unsecured IP cameras.
I can tell you personally that you feel like a scumbag looking at the site. I can tell you personally that you feel like a scumbag looking at the site.
@ -528,21 +552,25 @@ They remove things that are too deeply personal.
This is an excellent example to demonstrate to others why this is such a big This is an excellent example to demonstrate to others why this is such a big
deal. deal.
**** RAW Who's Watching?
:PROPERTIES:
:DURATION: 00:00:30
:END:
So that's what your average person can do. So that's what your average person can do.
That's what some of you are going to be doing as soon as you leave this That's what some of you are going to be doing as soon as you leave this
talk, if you haven't started looking already! talk, if you haven't started looking already!
That's what law enforcement is going to do. That's what law enforcement is going to do.
That's what the NSA, GHCQ, et. al. are going to do. That's what the NSA, GHCQ, et. al. are going to do.
#+END_COMMENT
**** RAW Facial Recognition
**** DRAFT Facial Recognition
:PROPERTIES: :PROPERTIES:
:DURATION: 00:01 :DURATION: 00:01
:END: :END:
- <1-> Humans no longer need to scour video feeds
- <2-> Facial recognition widely used even for entertainment
- <3-> No face? Check your gait.
#+BEGIN_COMMENT
Now let's couple that with facial recognition. Now let's couple that with facial recognition.
Consider the breadth of devices we just covered. Consider the breadth of devices we just covered.
@ -559,14 +587,21 @@ You can also be identified by your gait.
There's a lot to say about IoT. There's a lot to say about IoT.
We'll come back to it. We'll come back to it.
#+END_COMMENT
*** RAW Social Media [0/1] *** DRAFT Social Media [0/1]
**** RAW Collateral Damage **** DRAFT Collateral Damage
:PROPERTIES: :PROPERTIES:
:DURATION: 00:01 :DURATION: 00:01
:END: :END:
- <1-> Don't put pictures of me on Facebook
- <1-> Don't put pictures of my children _anywhere_
- <2-> That person in the distance that happens to be in your photo has
been inflicted with collateral damage
#+BEGIN_COMMENT
So you don't have any unsecured IoT cameras in your home. So you don't have any unsecured IoT cameras in your home.
Or in this conference. Or in this conference.
But you do have unsecured people running wild with their photos and their But you do have unsecured people running wild with their photos and their
@ -590,14 +625,20 @@ What they're actually doing is inflicting collateral damage.
If I'm off in the background when you take a picture of your friends in the If I'm off in the background when you take a picture of your friends in the
foreground, foreground,
I'm still in the photo. I'm still in the photo.
#+END_COMMENT
*** RAW Driving [0/3] *** RAW Driving [0/3]
**** RAW Introduction :B_fullframe: **** DRAFT Introduction :B_fullframe:
:PROPERTIES: :PROPERTIES:
:DURATION: 00:00:30 :DURATION: 00:00:30
:BEAMER_env: fullframe :BEAMER_env: fullframe
:END: :END:
- Do you drive a vehicle?
#+BEGIN_COMMENT
Okay. Okay.
So you have no phone. So you have no phone.
You sneak around public areas like a ninja. You sneak around public areas like a ninja.
@ -611,11 +652,17 @@ Well if you flew here,
That's not even worth discussing. That's not even worth discussing.
But what about if you drove? But what about if you drove?
#+END_COMMENT
**** RAW ALPRs
**** LACKING ALPRs
:PROPERTIES: :PROPERTIES:
:DURATION: 00:01 :DURATION: 00:01
:END: :END:
- Automated License Plate Readers (ALPRs)
#+BEGIN_COMMENT
ALPRs possibly tracked your movements. ALPRs possibly tracked your movements.
Automated License Plate Readers. Automated License Plate Readers.
@ -635,17 +682,23 @@ But the rental place probably took your name, license, and other
You could take a cab and pay with cash. You could take a cab and pay with cash.
But that can get expensive. But that can get expensive.
And they might have cameras and such anyway. And they might have cameras and such anyway.
#+END_COMMENT
**** RAW Car Itself **** LACKING Car Itself
:PROPERTIES: :PROPERTIES:
:DURATION: 00:00:30 :DURATION: 00:00:30
:END: :END:
- Your vehicle itself might be a spy
#+BEGIN_COMMENT
Maybe your car itself is a tracking device (e.g. OnStar). Maybe your car itself is a tracking device (e.g. OnStar).
(Move into Mobile?) (Move into Mobile?)
<...> <...>
#+END_COMMENT
** RAW The Web [0/6] ** RAW The Web [0/6]