@CreativeConnard

The Guideof Security

Jerk

Code of conduct is for bastards

RMLL Sec 2016 – Rump session

@CreativeConnard

Previous edition

Le Guide du Connard du Logiciel Libre

https://2015.rmll.info/le-guide-du-connard-du-logiciel-libre

~ 3 ~@CreativeConnard

HOW TObe a security jerk

~ Developer ~

~ Sysadmin ~

~ End user ~

~ 4 ~@CreativeConnard

Developer

Store passwords in base64 (or in base32 for 32bits systems)※Require specific lib versions and discourage any upgrade※

Invent your own cryptographic algorithm※

~ 5 ~@CreativeConnard

Sysadmin

export TLS_REQCERT=never (aka Malware In The Middle)※Write your own Config Management (SSH for kids)※

Always run processes as root and disable SELINUX※

~ 6 ~@CreativeConnard

End user

Don’t trust One Time Password as is it always changing※Click everywhere, IT is a game※

Use pastebin as password manager※

~ 7 ~@CreativeConnard

@CreativeConnard

Links for bastards

@DonJon_Legacyhttp://donjonlegacy.com/