fixing the internet of sh t
play

Fixing The Internet Of Sh*t a.k.a. How to design secure web apps A - PowerPoint PPT Presentation

Nov 13, 2022 •117 likes •814 views

Fixing The Internet Of Sh*t a.k.a. How to design secure web apps A presentation by Greg Slepak at Greg Slepak @taoeffect okTurtles GroupIncome Espionage What Is The Internet of ? The Internet of ? Source:

  1. Fixing The Internet Of Sh*t a.k.a. “How to design secure web apps” A presentation by Greg Slepak at

  2. Greg Slepak @taoeffect okTurtles GroupIncome Espionage

  3. What

  4. Is

  5. The Internet of 💪 ?

  6. The Internet of 💪 ?

  7. Source: https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/

  8. Source: http://www.telegraph.co.uk/news/2017/02/17/germany-bans-internet-connected-dolls-fears-hackers-could-target/

  9. Source: https://motherboard.vice.com/en_us/article/hacker-obtained-childrens-headshots-and-chatlogs-from-toymaker-vtech

  10. Source: https://www.forbes.com/sites/thomasbrewster/2016/09/20/keen-team-remotely-hack-tesla-cars/

  11. Source: http://www.npr.org/sections/thetwo-way/2017/03/14/520123490/vibrator-maker-to-pay-millions-over-claims-it-secretly-tracked-use

  12. It’s more than that.

  14. It’s more than that.

  15. Already, *currently*, do! 1.Injecting undetectable, undeletable tracking cookies in all of your HTTP traffic 2.Pre-installing software on your phone and recording every URL you visit 3.Snooping through your traffic and inserting ads 4.Hijacking your searches 5.Selling your data to marketers Source: https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections

  16. It’s more than that.

  18. Alt video link: https://youtu.be/7QLaKW8ABy4?t=21s

  19. It’s more than that.

  20. Source: https://twitter.com/dchest/status/846786101020909568

  21. Source: https://twitter.com/taoeffect/status/750200660272885764

  22. Source: https://twitter.com/FiloSottile/status/835269932929667072 Source: https://bugs.chromium.org/p/chromium/issues/detail?id=694593

  23. They’re listening to this company. Not you. Compromising your home Internet connection to secretly spy on employees. Source: https://surveillance.rsf.org/en/blue-coat-2/

  25. Source: https://www.dailydot.com/layer8/search-engine-manipulation-effect-election/ Source: http://www.pnas.org/content/112/33/E4512.abstract

  26. Source: https://twitter.com/taoeffect/status/741330301943615490 Source: https://twitter.com/taoeffect/status/741355355448303616 Source: https://lobste.rs/s/5har3y/google_appears_be_manipulating_election/comments/agd297#c_agd297

  28. “Sorry about that.”

  29. Speaking of censorship…

  30. Source: http://www.zerohedge.com/news/2017-03-23/busted-twitter-caught-manipulating-tweets-former-blackrock-fund-manager-critical-cia

  31. Source: http://www.zerohedge.com/news/2017-03-23/busted-twitter-caught-manipulating-tweets-former-blackrock-fund-manager-critical-cia

  32. Source: https://twitter.com/Cernovich/status/829814703656357889

  33. Source: https://twitter.com/taoeffect/status/844312296981639168

  34. Source: https://twitter.com/taoeffect/status/841410104125620225

  35. Source: https://twitter.com/taoeffect/status/834537993985679360

  36. “Bugs”?

  37. 🐟

  38. 💪

  39. The “Internet of Sh*t” is “The Internet”

  40. …ok. … what happened to “fixing it”?

  41. A better question is: Do you want to fix it?

  42. Raise your hand if you want this fixed

  43. Raise your hand if you would help fix this (if you could)

  46. Before we start, a few inspirational quotes :-)

  47. “Be the change you want to see in the world.” “Insanity is doing the same thing over and over and expecting a different result.” “80% of solving a problem is understanding it.” so… you’re 80% there already???

  48. Break Down The Problem Into Manageable Pieces

  49. 1. Economic 2. Technological

  50. Economic

  51. Invest in solutions instead of problems

  52. Invest in decentralization And use small(er) VPS providers

  53. Brave

  54. Explore new economic systems GroupIncome Patreon

  55. Technological

  56. The decentralization of a system can be measured. Alt video link: https://www.youtube.com/watch?v=7S1IqaSLrq8

  57. Centralized systems are incapable of censorship-resistance. Screenshot of the 3rd “Short” here: https://groupincome.org/shorts/

  58. Last time… ? “Decentralized Zooko’s Triangle Consensus-based Namespaces”

  59. Answer: DPKI A “decentralized consensus-based namespace” provides censorship-resistance and user-owned and controlled identities

  60. Answer: DPKI That means security.

  61. Source: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/final-documents/dpki.pdf Source: https://blog.okturtles.com/2016/02/turtle-status-letter-1-browser-extension-dnschain-dpki-more/#DPKI

  62. Comparison https://blog.okturtles.com/2017/02/coniks-vs-key-transparency-vs-certificate-transparency-vs-blockchains/

  63. Potential Partial Implementations Blockstack

  64. DCS / Slepak’s Triangle Source: https://blog.bigchaindb.com/the-dcs-triangle-5ce0e9e0f1dc Source: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/topics-and-advance-readings/Slepaks-Triangle.pdf

  65. Source: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/topics-and-advance-readings/Slepaks-Triangle.pdf

  66. Recap

  67. Avoid centralized systems (when possible, but especially for key management)

  68. Use + support + design decentralized systems

  69. D e A c l e l Questions? n T t h r e a l T i z h e i n g GroupIncome s ! okTurtles Patreon <- DPKI blog.okturtles.com Blockstack ZeroNet Bitcoin Ethereum Brave IPFS

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet

Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet

Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet Photos Tobias Weyand, Chih-Yun Tsai, Bastian Leibe Fixing WTFs Poster No. 26 Overview Many Computer Vision Applications use Internet photos,

818 views • 38 slides
Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12,

Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12,

Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12, 2009 Joseph Bonneau, Computer Laboratory Today I) Culture gap on social networks is hurting security II) The future of the internet is social

762 views • 17 slides
Breaking and Fixing IoT Apps Andrei Sabelfeld Joint work with Iulia Bastys and Musard Balliu

Breaking and Fixing IoT Apps Andrei Sabelfeld Joint work with Iulia Bastys and Musard Balliu

Breaking and Fixing IoT Apps Andrei Sabelfeld Joint work with Iulia Bastys and Musard Balliu Appeared in CCS18 Web of Things Internet of Things (IoT) Incompatible standards, platforms, technologies World Wide Web Consortium (W3C)

661 views • 48 slides
Building your future Who thinks the world needs fixing? Who wants to be a part of fixing the

Building your future Who thinks the world needs fixing? Who wants to be a part of fixing the

Building your future Who thinks the world needs fixing? Who wants to be a part of fixing the world? Building the solutions is where the future will be made Math is essential to building these solutions You are getting ready to make some

440 views • 16 slides
DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD ABOUT ME ABOUT ME maya@NetBSD.org coypu@sdf.org NetBSD/pkgsrc for the last 3 years THIS TALK THIS TALK Mix of a bunch of bugs Not solo work

695 views • 31 slides
No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides
The extent of match fixing in German soccer Results of an online survey with honest answers to

The extent of match fixing in German soccer Results of an online survey with honest answers to

The extent of match fixing in German soccer Results of an online survey with honest answers to embarrassing questions Dr. Werner Pitsch Saarland University Institute for Sport Sciences Match Fixing as a subject of scientific research

421 views • 15 slides
COG: COG: Fixing the Intertemporal Intertemporal Pricing Problem Pricing Problem Fixing the

COG: COG: Fixing the Intertemporal Intertemporal Pricing Problem Pricing Problem Fixing the

COG: COG: Fixing the Intertemporal Intertemporal Pricing Problem Pricing Problem Fixing the &amp; Other Comments &amp; Other Comments CAISO MSC Meeting, 8 Feb. 2008 CAISO MSC Meeting, 8 Feb. 2008 Benjamin F. Hobbs bhobbs@jhu.edu Dept. of

290 views • 12 slides
Half-Year Results and Investor Presentation 8th August 2019 2019: Fixing the Basics 3-12

Half-Year Results and Investor Presentation 8th August 2019 2019: Fixing the Basics 3-12

Half-Year Results and Investor Presentation 8th August 2019 2019: Fixing the Basics 3-12 Creating The Ethical Digital Bank 13-16 Financial Results 17-29 Building Our Future 30-32 Appendix 33-35 Contents Page 2019: Fixing the Basics

590 views • 35 slides
Fixing MC for ARM v7-A Just a few corner cases how hard can it be? 1 MC Hammer?

Fixing MC for ARM v7-A Just a few corner cases how hard can it be? 1 MC Hammer?

Fixing MC for ARM v7-A Just a few corner cases how hard can it be? 1 MC Hammer? Framework for exhaustive testing of MC layer implementation for ARM First introduced at Euro LLVM 2012 35 issues found, fixes open sourced

445 views • 6 slides
Fixing problems with grammars Informatics 2A: Lecture 12 John Longley &amp; Alex Simpson School

Fixing problems with grammars Informatics 2A: Lecture 12 John Longley &amp; Alex Simpson School

LL(1) grammars: summary Fixing problems with non-LL(1) grammars Self-assessment on context-free grammars Chomsky Normal Form Fixing problems with grammars Informatics 2A: Lecture 12 John Longley &amp; Alex Simpson School of Informatics

384 views • 21 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

5/15/2012 How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been tremendously successful From Architecture to Network Has sustained tremendous growth g Supports very diverse set of applications

484 views • 10 slides
How to Make it Stick! With Therese Skelly You may be fixing the wrong

How to Make it Stick! With Therese Skelly You may be fixing the wrong

How to Make it Stick! With Therese Skelly You may be fixing the wrong thing This work isnt sexy. But its necessary! This is where the problem really lies You have hidden

544 views • 23 slides
Datalog-based Scalable Semantic Diffing of Concurrent Programs Chungha Sung | Shuvendu K. Lahiri

Datalog-based Scalable Semantic Diffing of Concurrent Programs Chungha Sung | Shuvendu K. Lahiri

ASE 2018 Datalog-based Scalable Semantic Diffing of Concurrent Programs Chungha Sung | Shuvendu K. Lahiri | Constantin Enea Chao Wang Concurrent Programs Evolving Software becoming better Fixing bugs Fixing bugs Fixing bugs or or

585 views • 44 slides
IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet

IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet

IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites Robert Bjekovic, University of applied sciences Ravensburg Weingarten, Weingarten, Germany Michael Elwert, University of applied

351 views • 32 slides
Mobility Enhancement of 2DHG in an In 0 2 Ga 0 in an In 0.24 Ga 0.76 As Quantum 6 As Quantum Well

Mobility Enhancement of 2DHG in an In 0 2 Ga 0 in an In 0.24 Ga 0.76 As Quantum 6 As Quantum Well

Mobility Enhancement of 2DHG in an In 0 2 Ga 0 in an In 0.24 Ga 0.76 As Quantum 6 As Quantum Well by &lt;110&gt; Uniaxial Strain Ling Xia 1 , Vadim Tokranov 2 , Serge Oktyabrsky 2 and Jess del Alamo 1 1 MIT 2 SUNY Alb 1 MIT , 2 SUNY Albany

320 views • 11 slides
CA system and CyberScience Infrastructure Shinji Shimojo Cybermedia Center Osaka University

CA system and CyberScience Infrastructure Shinji Shimojo Cybermedia Center Osaka University

CA system and CyberScience Infrastructure Shinji Shimojo Cybermedia Center Osaka University Multimedia-based Science Education Multimedia-based Science Education from computer literacy to advanced computer from computer literacy to advanced

420 views • 15 slides
HEAP Laboratory Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano,

HEAP Laboratory Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano,

HEAP Laboratory Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano, Milano, Italy Research and Achievements of the HEAPLab IWES 2018 Sept. 13, Siena, Italy Contact : prof . William FORNACIARI Politecnico di

449 views • 17 slides
WMAP final nine-year results David Larson Johns Hopkins University June 10, 2013 OIST,

WMAP final nine-year results David Larson Johns Hopkins University June 10, 2013 OIST,

WMAP final nine-year results David Larson Johns Hopkins University June 10, 2013 OIST, Okinawa, Japan Monday, June 10, 2013 WMAP Science Team Chuck Bennett (PI) Chris Barnes Steve Meyer Rachel Bean Mike Nolta Olivier Dor Nils Odegard

803 views • 56 slides
Improving the bootup speed of AOSP Bernhard Bero Rosenkrnzer &lt;bero@linaro.org&gt; ELC

Improving the bootup speed of AOSP Bernhard Bero Rosenkrnzer &lt;bero@linaro.org&gt; ELC

Improving the bootup speed of AOSP Bernhard Bero Rosenkrnzer &lt;bero@linaro.org&gt; ELC 2017-02-23 CC-BY-SA 3.0 Quick overview 2 different possible approaches: Reduce regular bootup time Problem: Lots of initialization

538 views • 15 slides
Verifying security invariants in ExpressOS Haohui Mai, Edgar Pek, Hui Xue, Samuel T. King, P .

Verifying security invariants in ExpressOS Haohui Mai, Edgar Pek, Hui Xue, Samuel T. King, P .

Verifying security invariants in ExpressOS Haohui Mai, Edgar Pek, Hui Xue, Samuel T. King, P . Madhusudan University of Illinois at Urbana-Champaign Mobiles devices are powerful Security of mobile devices is important High value

912 views • 89 slides
How to optimize drilling strategies and reservoir management: lessons learned from the Soultz EGS

How to optimize drilling strategies and reservoir management: lessons learned from the Soultz EGS

How to optimize drilling strategies and reservoir management: lessons learned from the Soultz EGS project? Leiden, The Netherlands 7-9 November 2007 Risk Analysis for Development of Geothermal Energy Cuenot N., Genter A., Naville Ch. ENGINE

478 views • 21 slides
CS 488 Computer Graphics 1 Introduction to Real-Time Rendering Dr. Angus Forbes, Instructor Kyle

CS 488 Computer Graphics 1 Introduction to Real-Time Rendering Dr. Angus Forbes, Instructor Kyle

CS 488 Computer Graphics 1 Introduction to Real-Time Rendering Dr. Angus Forbes, Instructor Kyle Almryde, TA Creative Coding Research Group at EVL Department of Computer Science University of Illinois at Chicago

515 views • 14 slides

More recommend