Open solutions, smarter people Security You are also part of the game This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
May 20, 2015
Open solutions, smarter people
Security
You are also part of the game
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
Open solutions, smarter people
Who is that guy?
• Bert Desmet• 23 years old• Fedora – Ambassador, mentor, packager• Loadays – Co organizer • Numius – System Engineer, Consultant • Devnox – Developer, System Engineer
Open solutions, smarter people
Today's topics
• I'm a good hacker.• Why I love USB sticks.• Remember your password? • Shhhhhhht!
Open solutions, smarter people
I am a good hacker.
Open solutions, smarter people
No tech hacking?
Open solutions, smarter people
Shoulder surfing
Open solutions, smarter people
Dumpster diving
Open solutions, smarter people
Social engineering
Open solutions, smarter people
Taking pictures
Open solutions, smarter people
Why I love USB sticks.
Open solutions, smarter people
They are easy
Open solutions, smarter people
And small
Open solutions, smarter people
They are easily..
• Forgotten • Stolen
Open solutions, smarter people
Some thoughts about it
• Encrypt your sensitive data• Never put passwords on your system• Use the intranet • Never leave your portable gear alone• Never forget your gear
Open solutions, smarter people
Some statistics
• 53% of UK workers lost portable devices– >50% at a drinking venue
• Taxis and public transport
• 1 lost data record cost more than $187– 70% indirect cost
• Lost costumers
Open solutions, smarter people
Remember your password?
Open solutions, smarter people
How to choose a password
• Avoid using dictionary words• Use special characters and numbers• Change your password every month • Blah blah blah
Open solutions, smarter people
How to choose a password
• Avoid using dictionary words• Use special characters and numbers• Change your password every month • Blah blah blah
Open solutions, smarter people
Entropy
• H : Entropy• N : Possible symbols• Length of string
H=L∗log2 N
Open solutions, smarter people
Example time!
• This is.obviously a.bad passw0rd:-(– L : 35– W : 94 – H : ±230
• PrXyc.N(n4k77#L!eVdAfp9– L : 23– W : 94– H : ±151
Open solutions, smarter people
Time to crack a password
• [[Guesses before string is found = 2H]]• This is.obviously a.bad passw0rd:-(
– 2230 = 1.72543659 × 1069– 1000 guesses /s = 5.5 x 1058 years
• PrXyc.N(n4k77#L!eVdAfp9– 2151 = 2.85449539 × 1045– 1000 guesses /s = 9 × 1034 years
Open solutions, smarter people
Password Strenght
Open solutions, smarter people
Lastpass
• Fully encrypted • Generate extremely hard passwords • Choose a good master password!
Open solutions, smarter people
Some tips
• Never store passwords on pc • Never use autologin
Open solutions, smarter people
Shhhhhhhht!
Open solutions, smarter people
I want you to shut up!
Open solutions, smarter people
Security through obscurity
• Don't tell anyone • Security based on secrecy
Open solutions, smarter people
Kerckhoffs' doctrine
• Security can't depend on secrecy
Open solutions, smarter people
Reality
• There are always leaks – By accident – Deliberately
• Try to keep 'secrets'
Open solutions, smarter people
Wait! There is more!
Open solutions, smarter people
In a perfect world..
Open solutions, smarter people
There is always a hole.
Open solutions, smarter people
I like onions
Open solutions, smarter people
Multi Level Security
• Multiple systems • Building fort Knox • You are the first line of defense
Open solutions, smarter people
Extra! Extra!
Open solutions, smarter people
Something you have..
Open solutions, smarter people
Yubikey
Open solutions, smarter people
I preach.And I practice.
Open solutions, smarter people
Questions?
• Bert Desmet• Security, you are also part of the game
• Mail: [email protected]• Twitter: @bdesmet_• Website: http://blog.bdesmet.be• Website: http://www.devnox.eu • This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
Open solutions, smarter people
Sources• Chess game: http://www.flickr.com/photos/seeminglee/1479932683/
• Closed vault: http://www.flickr.com/photos/mstyne/3654056683/
• Open vault: http://www.flickr.com/photos/spotsgot/156025944/
• Onion: http://www.flickr.com/photos/inferis/107293622/
• Laptop + usb stick: http://www.flickr.com/photos/wstryder/2780310027/
• New York Public Library: http://www.flickr.com/photos/paul_lowry/2616820493/
• Statistics on loosing gear: http://www.securestix.com/bad_news.php
• Shoulder surfing: http://www.flickr.com/photos/bonzoesc/209474964/
• Dumpster: http://www.flickr.com/photos/urbanjacksonville/1803065217/
• Telephone call: http://www.flickr.com/photos/lst1984/994531885/
• Taking pictures: http://www.flickr.com/photos/glenpooh/708845839/
• Xkcd joke: http://xkcd.com/936/
• Shut up: http://www.flickr.com/photos/lorenia/934705558/
• 3way handhake: http://media.photobucket.com/image/3%20way%20handshake/Haley_Bug/Mission%20Trip%20Choir%20Tour%202006/100_0087.jpg?o=1
• Yubikey: http://www.flickr.com/photos/thofle/3206443137/
• Special thanks to: Johnny Long
Open solutions, smarter people