nsa-proof communications (mostly)
TRANSCRIPT
NSA-proof communications
(mostly)
Jan Seidl
$ whoami
Full Name: Jan SeidlOrigin: Rio de Janeiro, RJ Brazil
Work:CTO @ TI Safe
OpenSource contributor for: PEV, Logstash
Codes and snippets @ github.com/jseidl
Features:UNIX Evangelist/Addict/Freak (but no fanboy!)
Digital tools blacksmith / Python and C lover
Guitarist @ UmInE
Coffee dependent
Hates printers and social networks
Proud DC Labs Researcher
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
$ agenda
0x0 Quick summary on privacy0x1 Who, why and how can you be spied on0x2 Cryptography primer0x3 Insecure communications0x4 False sense of security0x5 E-Mail never meant to be secure0x6 Secure communications (mostly)0x7 Creating a mostly secure communication infrastructure0x8 The remaining points of failure0x9 Closing up0xA Questions?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Quick summary on privacy
https://xkcd.com/1269/
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Why privacy matters?
You do not hold only info about yourselfYou may hold key information about other people's lifesLess information about your target = Harder to engageOPSEC
http://en.wikipedia.org/wiki/Operations_security
Quick summary on privacy
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Are we more public than before?
Most people know about physical world threatsMost people don't know about digital threats
And it's not their fault (mostly)
Quick summary on privacy
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Q: Do you stop a random stranger on the street and tell him:- Your past locations (incl. Home, work, school, shops, parties)- Your parents & kids' names, location, ages and pictures- Your favorite interests (movies, books, sports etc)- Confirm that you'll be at a given event
Are we more public than before?
Quick summary on privacy
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Q: Would you easily engage conversation with someone that shared interest or experiences about- Being at your past locations (incl. Home, work, school, shops, parties)- Having parents & kids' with same names, ages and locations- Sharing your favorite interests (movies, books, sports etc)- Going to that given event
Are we more public than before?
Quick summary on privacy
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Q: Do you think agencies, criminals and spies can easily sufficiently profile you using publicly available information?
Yes, there's also a cool term for it: OSINT
http://en.wikipedia.org/wiki/Open-source_intelligence
Quick summary on privacy
Are we more public than before?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
PLEASE STOP sharing everything on the INTERNET!
Are we more public than before?
Quick summary on privacy
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Sharing is definitely not caringThere's a huge chance you're an oversharer.Yes. There is. Stop your internal dialog.
Are we more public than before?
Quick summary on privacy
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
The Internet is FINO First-In-Never-OutEven with court orders. There's always a copy somewhere.
Eg: Google Caches, The Internet Archive, someone's hard disk
The Internet never forgets!!1!
Quick summary on privacy
Who/why/how can you be spied on?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Commercial competitorsHaters (are you from a race/religion someone doesn't likes?)AgenciesData minersMarketing researchCriminals / Psychos
Who would spy on me?
Who/why/how can you be spied on?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
YES YOU DO!You might have key intelligence files / information about your companyYou might don't know the value of them
Why would someone spy on me? I have no valuable data!
Who/why/how can you be spied on?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
SOMETIMES IT'S NOT ABOUT YOU!You may know / be communicating with someone worth spying onYour identity can be stolen to gain leverage on a target
Why would someone spy on me? I have no valuable data!
Who/why/how can you be spied on?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Local machine compromiseCommunications interception (local LAN, ISP, remote LAN)Remote server compromise
How would someone (digitally) spy on me?
Who/why/how can you be spied on?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Where can your data be stolen
Who/why/how can you be spied on?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Where can your data be stolen
Here
Here
Here
Here
Here
Here
Here
Here
Here
Who/why/how can you be spied on?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Do you still feel safe?
Relax, me neither.
Who/why/how can you be spied on?
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
What the heck is encryption?
Long story short: It makes plaintext unreadable, unless key is provided
No! Perl is not ciphertext (I think...)
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
What the heck is encryption?
Sample dumbest example everf(text, key) 2text ^ (key/3)
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
What does it provide?
Two out of three of the CIA-Triad (no, not the agency!)Confidentiality & IntegrityAlso: Identification, Authentication & Non-repudiation
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Cryptography primer
Key-pairDiff. Keys for encr. / decr.SlowerEasier to maintain
Single KeySame key for bothFasterHarder to maintain
Asymmetric vs Symmetric
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Cryptography primer
Key-pairDiff. Keys for encr. / decr.SlowerEasier to maintain
Single KeySame key for bothFasterHarder to maintain
Asymmetric vs Symmetric
MUST be kept private
Can be public
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
How HTTPS works
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
How HTTPS works
Asymmetric
Symmetric
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Is cryptography gonna make me safe?
Well... that depends...
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Is cryptography gonna make me safe?
It supposed so... but then...
http://heartbleed.com/
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Is cryptography gonna make me safe?
It supposed so... but then...
https://www.imperialviolet.org/2014/02/22/applebug.html
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Is cryptography gonna make me safe?
FACT: People make mistakes. People make code. Code gets bugs.
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Legal issues
Encryption is not allowed everywhere.Might be seen as sign of illegal activity! So be advised!
http://en.wikipedia.org/wiki/Cryptography_law
http://bit.ly/RbsYgo
Cryptography primer
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Insecure communications
http://xkcd.com/257/
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Which services are insecure?
*
*
*
*
Insecure communications
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Whaa? But they don't use HTTPs?
HTTPs protects you from traffic eavesdroppingTraffic gets deciphered at company server before going to destinationAgencies may request your data to be forwarded to them (court orders)Agencies may request company private keys for interception (same above)
Booya!
Insecure communications
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Should I break up with them?
You could. But you don't really need to.Just don't say anything there that you wouldn't say to a random stranger.If you need to exchange sensitive information, escalate to a secure medium.
Insecure communications
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
What about DNS servers?
Responsible for connecting us to the host we want.Can be perverted to use the host THEY want.
Insecure communications
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
What about DNS servers?
It is not that hard at all.DNS is a plaintext protocol.
ewww...
Insecure communications
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
The case of the famous Brazilian ISP
Google servers DNS lookup from a foreign (USA) connection
Insecure communications
(ping + dig using Google's DNS server)
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
The case of the famous Brazilian ISP
Google servers DNS lookup from the ISP connection
(ping + dig using Google's DNS server)
Insecure communications
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Keep that motto in mind
Don't think someone may be watching. KNOW that someone IS watching!
Insecure communications
False sense of security
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
False sense of security
HTTPs is not gonna save you
Don't feel safe only because of that padlock iconCertificates/keys may be stolen/taken overDidn't I say that already?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
HTTPs is not gonna save you
Private key custody = Ability to plaintext!
ssldump is an SSL/TLS network protocol analyzer. () If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.
http://www.rtfm.com/ssldump/Ssldump.html
False sense of security
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
HTTPs is not gonna save you
Server Name Indication (SNI) is an extension to the TLS protocol[1] that indicates what hostname the client is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 virtual hosting for HTTPS.
http://en.wikipedia.org/wiki/Server_Name_Indication
False sense of security
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Always keep in mind the Evil Server
False sense of security
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Always keep in mind the Evil Server
Server/network owners and admins might intercept your dataCriminals may have foothold on target serverGenerally data flows unencrypted on internal infrastructureData can be found unencrypted on memory and session files
False sense of security
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Always keep in mind the Evil Server
User-land libraries may dump your SSL
() attempts to MITM these communications at the network level have been fruitless. To get at this sensitive data we will intercept calls to SSL_write, the function responsible for encrypting then sending data over a socket. Intercepting SSL_write will allow us to log the string sent to the function and pass the original parameters along, effectively bypassing the encryption protections while allowing the application to run normally
https://www.netspi.com/DesktopModules/SunBlog/Handlers/Print.aspx?id=191
False sense of security
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Always keep in mind the Evil Server
Man-in-the-App Proof-of-Concept Credential Sniffer
https://github.com/jseidl/mita
() will detect and log any credential communication over cookies
and get/post requests and exfiltrate somewhere.
() monitors data from inside application context/env. thus can't be
defeated by the use of SSL.
False sense of security
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Truth is, email is oooooold
E-mail never meant to be secure
First concept ~1962 (AUTODIN)From host-based, to LAN-based, to ARPANET-based, to INTERNET-basedIn IT, old pans doesn't makes good food.
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Second, email is also plaintext
E-mail never meant to be secure
You're starting to hate this word, aren't you?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
But hey, I've heard of this PGP thingy...
E-mail never meant to be secure
It has that encryption thing you were talking about...
Yeap! And can also be used to verify the identity of the sender!
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
And there's also a GNU version!
E-mail never meant to be secure
Isn't that beautiful?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Fact is: PGP is quite complicated
E-mail never meant to be secure
Did I mentioned the lack of mail client support?
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Fact is: PGP doesn't protects metadata
E-mail never meant to be secure
Servers involvedPeople's names and e-mail addressesLots of other information
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Fact is: E-mail can't be fixed
E-mail never meant to be secure
(in my opinion)
Encryption breaks search.Indexing hurts security.Decrypt all your messages to search? Good luck with that.If perfect-forward, messages will be lost over time.Key handling would be nightmare.
Secure communications
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
As Jack the Ripper would say, let's go by parts
Secure communications (mostly)
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Now that you know you can't trust the parties
Secure communications (mostly)
There's no way you want your data in plaintext over the circuitThe service machine may be evil and under 3rd party controlYour own network may be compromisedYou definitely can't trust no ISPYou better not trust no one ;)
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Make sure your workstation is secure
Secure communications (mostly)
https://tails.boum.org/
Prefer live-cd operating systems
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Roll your own local DNS server
Secure communications (mostly)
Configure-it properly!Completely block outside accessListen on loopback onlyEtc...
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Embrace the darkness
Secure communications (mostly)
Darknets are the new black
http://en.wikipedia.org/wiki/Darknet_(file_sharing)
A darknet is a private network where connections are made only between trusted peers () Darknets are distinct from other distributed peer-to-peer networks as sharing is anonymous () and therefore users can communicate with little fear of governmental or corporate interference.
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Embrace the darkness
Secure communications (mostly)
Popular darknets
https://www.torproject.org/
http://geti2p.net/en/
https://freenetproject.org/
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
(...) Allows today information to be kept secret even if the private key is compromised in the future. Vincent Bernat, PhD
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
Without forward-secrecy (TLS-AES128-SHA)
http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
With forward-secrecy (Ephemeral Diffie-Hellman)
http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
Because the Diffie-Hellman exchange described above always uses new random values a and b, it is called Ephemeral Diffie-Hellman (EDH or DHE). Cipher suites like DHE-RSA-AES128-SHA use this protocol to achieve perfect forward secrecy
Optional Forward-secrecy: ECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHAForward-secrecy only: ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:EDH-DSS-DES-CBC3-SHA
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
With forward-secrecy (TextSecure's OTR ratchet)
https://whispersystems.org/blog/advanced-ratcheting/
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
Apache & NGINX
http://bit.ly/1hmsysR
Configuring Apache, Nginx, and OpenSSL for Forward Secrecy
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
Gtalk, Hangouts, Facebook Chat and any XMPP-based I.M.
https://securityinabox.org/en/pidgin_main
Pidgin with OTR - Secure Instant Messaging
http://phrozenblog.com/?p=615
Encrypt your GTalk / Hangout / Facebook chat
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
Mobile messaging
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
TextSecure Private Messenger (Android only)
https://telegram.org/
Telegram (Android & iOS)
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
Voice calls
http://en.wikipedia.org/wiki/ZRTP
VoIP with ZRTP
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
Mobile ZRTP
https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone
RedPhone (Android only)
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
Platform S/ZRTP
https://jitsi.org/Main/HomePage
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Perfect-forward secrecy
Secure communications (mostly)
Platform S/ZRTP
http://bit.ly/1jvlbo7
How To Encrypt Chat And VoIP With Jitsi and XMPP
Secure communication infrastructure
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
More load to process, more time to process
Secure communication infrastructure
Encryptions makes things slower
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
First, choose your preferred Linux flavor
Secure communication infrastructure
or BSD if you want :)
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Let's start with some good full-disk encryption
Secure communication infrastructure
Most distro's installer offer this option nowadaysIt's not hard to implement if you are already a sysadmin
https://library.linode.com/security/full-disk-encryption
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Then harden that system, baby!
Secure communication infrastructure
Fix your perms (least privilege principle)Setup your services config. properlyUninstall bloatware + Apply security updatesUse host-firewall (at least)*Disable kernel module loading*Install PaX / GRSecurity patches*Not for the faint of heart
http://grsecurity.net/
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
SSL EVERYWHERE
Secure communication infrastructure
In every communication between services, SSL must be enforcedDo certificate pinning
https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
LDAP for identity management & authentication
Secure communication infrastructure
Most software has support for LDAP as backend
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Pretty default mail stack
Secure communication infrastructure
Postfix + Dovecot + dspam + postgrey + LDAP auth. backend
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
We add auto PGP encryption to it
Secure communication infrastructure
Heyyyy, but you said PGP sucks! I never said that! It's still better than plaintext!
https://github.com/mikecardwell/gpgithttps://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
PGP supported software
Secure communication infrastructure
Thunderbird handles well with Enigmail pluginK9 Mail (Android) only handles low quality PGP keys (due APG limitation)Other mail clients may support PGP too
https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
XMPP for chat
Secure communication infrastructure
Will use SSL for connection but clients need to do OTR on their side
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
XMPP for chat
Secure communication infrastructure
ejabberd + punjab BOSH proxy + LDAP auth. Backend + MySQL roster backend
https://github.com/twonds/punjabhttp://www.ejabberd.im/
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Compliant XMPP+OTR clients
Secure communication infrastructure
Win/Mac OS X/Linux: PidginAndroid: XabberIOS / Android: ChatSecure
https://pidgin.im/http://www.xabber.org/http://chrisballinger.info/apps/chatsecure/
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
XMPP+OTR clients + S/ZRTP
Secure communication infrastructure
https://jitsi.org/Main/HomePage
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Optional insecure feature: Web-mail Interface
Secure communication infrastructure
Browsers are vulnerable to many attacksOpen-source web-mail software code still needs maturityCrypto-in-the-browser is a little creepy
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Optional insecure feature: Web-mail Interface
Secure communication infrastructure
Roundcube + rc_openpgpjs + LDAP auth. Backendconverse.js for embedded chat
http://roundcube.net/https://github.com/qnrq/rc_openpgpjshttps://github.com/jcbrand/converse.js/https://github.com/priyadi/roundcube-converse.js-xmpp-plugin
The final product
Secure communication infrastructure
The remaining points of failure
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Metadata is gold and is always leaking out
The remaining points of failure
Metadata is "data about data".
http://en.wikipedia.org/wiki/Metadata
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Metadata is gold and is always leaking out
The remaining points of failure
Metadata carries out lots of Personal Identifiable Information (PII)Can be very helpful on correlating people and eventsLeaks everywhere. DNS, Web, Email, Documents, Images, Photos from cameras and cellphones etc
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Code may have bugs
The remaining points of failure
Even the ones meant to secure us.Just like OpenSSL's Heartbleed and Apple's goto fail
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Code may have features
The remaining points of failure
http://bit.ly/18DOX71
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Code may have features
The remaining points of failure
http://cnet.co/1rVzAL0
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Code may have features
The remaining points of failure
http://bit.ly/1hO99Uo
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Agencies can be very persuasive
The remaining points of failure
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
So I'll never be completely safe?
Closing up
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Well, so I don't need to do security at all
Closing up
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Closing up
We know security is not easy
Security = Usability-1
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
Sometimes can be a pain
Closing up
NSA-Proof Communications. SEIDL, Jan
FISL 2014 Porto Alegre, Brasil
But you gotta take care out there!
Closing up
That's all folks!
http://wroot.org
@jseidl
https://github.com/jseidl/
http://www.slideshare.net/jseidl