Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Computer Insecurity Essentials

No description
by

Brad Templeton

on 24 October 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Computer Insecurity Essentials

Almost everybody is vulnerable
Attacks are frequent and widespread
Total harm is real but easily manged

Why do we in the 1st world largely get away with poor security both in computers and the physical world?
Why does it work?
Phishing & Social Engineering
Algorithm vs. Protocol vs Deployment
ZUI: Hard to use means rarely used
Skype, SSH only real successes
Even TLS/SSL/HTTPS rarely used
Design vs. Deployment
Underworld
Intelligence
30% of computers botted!
DDOS Attack (Hello, Wikileaks)
Botnets
But it's amazing how well we get along
Most people are pretty decent
The automation of good and evil
Smart parasites don't kill the host
It sucks
Brad Templeton
Electronic Frontier Foundation
Singularity University
bt@eff.org
Computer Insecurity & Privacy
Throwing people in the mix
Attractive targets
Liability and insurance won't work
Lulzsec & Anonymous exploit simple SQL injection attacks
Monoculture
Stuxnet Attacks
60%

90% with logo
Almost every security system will also block the access of authorized users
"A system should be made as secure is will be easy to use, but no more secure."
Extra topics
Click to Agree Contracts replacing the law
Trusted Computing & DRM
Cheap sensors coming everywhere
Strong cockpit doors
Capability Operating Systems
The Cloud
Apps in the cloud:
Roaming, scaling
What does it look like?
Timesharing
to Personal Computing
to Timesharing
No "reasonable expectation of privacy" says the supreme court, though some statutes

Moving to the cloud means...
Moving data out of your hands
We must think before doing something this dramatic with our software
A question of policy,
or a question of...
Scalability is the key
Surveillance didn't use to scale
Now AI takes it further...
Robots from
the Future

Time-traveling robots
from the future
Understanding natural language in bulk
Face and person recognition
Speech recognition
Facial expressions
and body language
Patterns of network
activity
This leads to...
“Are you now or have you ever been...”
Cheap!
We don't know the sins of the future
Today, AI isn't very good at...
Team
Edward
Weakening Crypto
Mapping your social network
Attack Honeypots
And fake linkedin, too!
And
lots of other
leaders too
NSA Co-Traveler
Watching sysadmins
89% of files were
innocent, non-targeted American
s
And if you look at some security and privacy tools and some sites.
Counter-Intuitive Approach
Accept that Advanced Persistent Threats can get ordinary users if targeted
Make security easy enough to use to get wide adoption
Block bulk surveillance mainly, less so targeted attacks
MITM-OFU, self-signed certs should be embraced

Ease of use is an essential part of computer security
Full transcript