fixing the internet of sh t
play

Fixing The Internet Of Sh*t a.k.a. How to design secure web apps A - PowerPoint PPT Presentation

Nov 13, 2022 •117 likes •814 views

Fixing The Internet Of Sh*t a.k.a. How to design secure web apps A presentation by Greg Slepak at Greg Slepak @taoeffect okTurtles GroupIncome Espionage What Is The Internet of ? The Internet of ? Source:

  1. Fixing The Internet Of Sh*t a.k.a. “How to design secure web apps” A presentation by Greg Slepak at

  2. Greg Slepak @taoeffect okTurtles GroupIncome Espionage

  3. What

  4. Is

  5. The Internet of 💪 ?

  6. The Internet of 💪 ?

  7. Source: https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/

  8. Source: http://www.telegraph.co.uk/news/2017/02/17/germany-bans-internet-connected-dolls-fears-hackers-could-target/

  9. Source: https://motherboard.vice.com/en_us/article/hacker-obtained-childrens-headshots-and-chatlogs-from-toymaker-vtech

  10. Source: https://www.forbes.com/sites/thomasbrewster/2016/09/20/keen-team-remotely-hack-tesla-cars/

  11. Source: http://www.npr.org/sections/thetwo-way/2017/03/14/520123490/vibrator-maker-to-pay-millions-over-claims-it-secretly-tracked-use

  12. It’s more than that.

  14. It’s more than that.

  15. Already, *currently*, do! 1.Injecting undetectable, undeletable tracking cookies in all of your HTTP traffic 2.Pre-installing software on your phone and recording every URL you visit 3.Snooping through your traffic and inserting ads 4.Hijacking your searches 5.Selling your data to marketers Source: https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections

  16. It’s more than that.

  18. Alt video link: https://youtu.be/7QLaKW8ABy4?t=21s

  19. It’s more than that.

  20. Source: https://twitter.com/dchest/status/846786101020909568

  21. Source: https://twitter.com/taoeffect/status/750200660272885764

  22. Source: https://twitter.com/FiloSottile/status/835269932929667072 Source: https://bugs.chromium.org/p/chromium/issues/detail?id=694593

  23. They’re listening to this company. Not you. Compromising your home Internet connection to secretly spy on employees. Source: https://surveillance.rsf.org/en/blue-coat-2/

  25. Source: https://www.dailydot.com/layer8/search-engine-manipulation-effect-election/ Source: http://www.pnas.org/content/112/33/E4512.abstract

  26. Source: https://twitter.com/taoeffect/status/741330301943615490 Source: https://twitter.com/taoeffect/status/741355355448303616 Source: https://lobste.rs/s/5har3y/google_appears_be_manipulating_election/comments/agd297#c_agd297

  28. “Sorry about that.”

  29. Speaking of censorship…

  30. Source: http://www.zerohedge.com/news/2017-03-23/busted-twitter-caught-manipulating-tweets-former-blackrock-fund-manager-critical-cia

  31. Source: http://www.zerohedge.com/news/2017-03-23/busted-twitter-caught-manipulating-tweets-former-blackrock-fund-manager-critical-cia

  32. Source: https://twitter.com/Cernovich/status/829814703656357889

  33. Source: https://twitter.com/taoeffect/status/844312296981639168

  34. Source: https://twitter.com/taoeffect/status/841410104125620225

  35. Source: https://twitter.com/taoeffect/status/834537993985679360

  36. “Bugs”?

  37. 🐟

  38. 💪

  39. The “Internet of Sh*t” is “The Internet”

  40. …ok. … what happened to “fixing it”?

  41. A better question is: Do you want to fix it?

  42. Raise your hand if you want this fixed

  43. Raise your hand if you would help fix this (if you could)

  46. Before we start, a few inspirational quotes :-)

  47. “Be the change you want to see in the world.” “Insanity is doing the same thing over and over and expecting a different result.” “80% of solving a problem is understanding it.” so… you’re 80% there already???

  48. Break Down The Problem Into Manageable Pieces

  49. 1. Economic 2. Technological

  50. Economic

  51. Invest in solutions instead of problems

  52. Invest in decentralization And use small(er) VPS providers

  53. Brave

  54. Explore new economic systems GroupIncome Patreon

  55. Technological

  56. The decentralization of a system can be measured. Alt video link: https://www.youtube.com/watch?v=7S1IqaSLrq8

  57. Centralized systems are incapable of censorship-resistance. Screenshot of the 3rd “Short” here: https://groupincome.org/shorts/

  58. Last time… ? “Decentralized Zooko’s Triangle Consensus-based Namespaces”

  59. Answer: DPKI A “decentralized consensus-based namespace” provides censorship-resistance and user-owned and controlled identities

  60. Answer: DPKI That means security.

  61. Source: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/final-documents/dpki.pdf Source: https://blog.okturtles.com/2016/02/turtle-status-letter-1-browser-extension-dnschain-dpki-more/#DPKI

  62. Comparison https://blog.okturtles.com/2017/02/coniks-vs-key-transparency-vs-certificate-transparency-vs-blockchains/

  63. Potential Partial Implementations Blockstack

  64. DCS / Slepak’s Triangle Source: https://blog.bigchaindb.com/the-dcs-triangle-5ce0e9e0f1dc Source: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/topics-and-advance-readings/Slepaks-Triangle.pdf

  65. Source: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/topics-and-advance-readings/Slepaks-Triangle.pdf

  66. Recap

  67. Avoid centralized systems (when possible, but especially for key management)

  68. Use + support + design decentralized systems

  69. D e A c l e l Questions? n T t h r e a l T i z h e i n g GroupIncome s ! okTurtles Patreon <- DPKI blog.okturtles.com Blockstack ZeroNet Bitcoin Ethereum Brave IPFS

Recommend

Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet

Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet

Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet Photos Tobias Weyand, Chih-Yun Tsai, Bastian Leibe Fixing WTFs Poster No. 26 Overview Many Computer Vision Applications use Internet photos,

818 views • 38 slides
Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12,

Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12,

Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12, 2009 Joseph Bonneau, Computer Laboratory Today I) Culture gap on social networks is hurting security II) The future of the internet is social

762 views • 17 slides
Breaking and Fixing IoT Apps Andrei Sabelfeld Joint work with Iulia Bastys and Musard Balliu

Breaking and Fixing IoT Apps Andrei Sabelfeld Joint work with Iulia Bastys and Musard Balliu

Breaking and Fixing IoT Apps Andrei Sabelfeld Joint work with Iulia Bastys and Musard Balliu Appeared in CCS18 Web of Things Internet of Things (IoT) Incompatible standards, platforms, technologies World Wide Web Consortium (W3C)

661 views • 48 slides
Building your future Who thinks the world needs fixing? Who wants to be a part of fixing the

Building your future Who thinks the world needs fixing? Who wants to be a part of fixing the

Building your future Who thinks the world needs fixing? Who wants to be a part of fixing the world? Building the solutions is where the future will be made Math is essential to building these solutions You are getting ready to make some

440 views • 16 slides
DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD ABOUT ME ABOUT ME maya@NetBSD.org coypu@sdf.org NetBSD/pkgsrc for the last 3 years THIS TALK THIS TALK Mix of a bunch of bugs Not solo work

695 views • 31 slides
No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides
The extent of match fixing in German soccer Results of an online survey with honest answers to

The extent of match fixing in German soccer Results of an online survey with honest answers to

The extent of match fixing in German soccer Results of an online survey with honest answers to embarrassing questions Dr. Werner Pitsch Saarland University Institute for Sport Sciences Match Fixing as a subject of scientific research

421 views • 15 slides
COG: COG: Fixing the Intertemporal Intertemporal Pricing Problem Pricing Problem Fixing the

COG: COG: Fixing the Intertemporal Intertemporal Pricing Problem Pricing Problem Fixing the

COG: COG: Fixing the Intertemporal Intertemporal Pricing Problem Pricing Problem Fixing the &amp; Other Comments &amp; Other Comments CAISO MSC Meeting, 8 Feb. 2008 CAISO MSC Meeting, 8 Feb. 2008 Benjamin F. Hobbs bhobbs@jhu.edu Dept. of

290 views • 12 slides
Half-Year Results and Investor Presentation 8th August 2019 2019: Fixing the Basics 3-12

Half-Year Results and Investor Presentation 8th August 2019 2019: Fixing the Basics 3-12

Half-Year Results and Investor Presentation 8th August 2019 2019: Fixing the Basics 3-12 Creating The Ethical Digital Bank 13-16 Financial Results 17-29 Building Our Future 30-32 Appendix 33-35 Contents Page 2019: Fixing the Basics

590 views • 35 slides
Fixing MC for ARM v7-A Just a few corner cases how hard can it be? 1 MC Hammer?

Fixing MC for ARM v7-A Just a few corner cases how hard can it be? 1 MC Hammer?

Fixing MC for ARM v7-A Just a few corner cases how hard can it be? 1 MC Hammer? Framework for exhaustive testing of MC layer implementation for ARM First introduced at Euro LLVM 2012 35 issues found, fixes open sourced

445 views • 6 slides
Fixing problems with grammars Informatics 2A: Lecture 12 John Longley &amp; Alex Simpson School

Fixing problems with grammars Informatics 2A: Lecture 12 John Longley &amp; Alex Simpson School

LL(1) grammars: summary Fixing problems with non-LL(1) grammars Self-assessment on context-free grammars Chomsky Normal Form Fixing problems with grammars Informatics 2A: Lecture 12 John Longley &amp; Alex Simpson School of Informatics

384 views • 21 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

5/15/2012 How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been tremendously successful From Architecture to Network Has sustained tremendous growth g Supports very diverse set of applications

484 views • 10 slides
How to Make it Stick! With Therese Skelly You may be fixing the wrong

How to Make it Stick! With Therese Skelly You may be fixing the wrong

How to Make it Stick! With Therese Skelly You may be fixing the wrong thing This work isnt sexy. But its necessary! This is where the problem really lies You have hidden

544 views • 23 slides
Datalog-based Scalable Semantic Diffing of Concurrent Programs Chungha Sung | Shuvendu K. Lahiri

Datalog-based Scalable Semantic Diffing of Concurrent Programs Chungha Sung | Shuvendu K. Lahiri

ASE 2018 Datalog-based Scalable Semantic Diffing of Concurrent Programs Chungha Sung | Shuvendu K. Lahiri | Constantin Enea Chao Wang Concurrent Programs Evolving Software becoming better Fixing bugs Fixing bugs Fixing bugs or or

585 views • 44 slides
IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet

IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet

IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites Robert Bjekovic, University of applied sciences Ravensburg Weingarten, Weingarten, Germany Michael Elwert, University of applied

351 views • 32 slides
Fixing software bugs in 10 minutes or less using evolutionary computation University of New

Fixing software bugs in 10 minutes or less using evolutionary computation University of New

Fixing software bugs in 10 minutes or less using evolutionary computation University of New Mexico Stephanie Forrest ThanhVu Nguyen University of Virginia Claire Le Goues Westley Weimer Summary of method Assume: Access to C source

695 views • 10 slides
Cell to Cell signalling and communication during the establishment of the nitrogen-fixing

Cell to Cell signalling and communication during the establishment of the nitrogen-fixing

Cell to Cell signalling and communication during the establishment of the nitrogen-fixing symbiosis Martina Beck Incoming fellow 1 Research background: Studying the dynamics of plant signalling processes PostDoc 2010-2014 PhD 2006-2009

307 views • 9 slides
Enabling the Internet of Everything with 3G The Internet of Everything The Next Era of

Enabling the Internet of Everything with 3G The Internet of Everything The Next Era of

Enabling the Internet of Everything with 3G The Internet of Everything The Next Era of Networking and Computing, Where Everything Is Intelligently Connected Family device layout. Think weve done in past. Add in printer, electric meter,

397 views • 22 slides
Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet

Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet

Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet Internet is international scope with users on every continent Asians make up 40% of Internet population Europeans about 20% North America

1.01k views • 56 slides
Fixing the API January 18, 2013 Morgan S. Polikoff, Ph.D. Andrew McEachin, Ph.D. Overview

Fixing the API January 18, 2013 Morgan S. Polikoff, Ph.D. Andrew McEachin, Ph.D. Overview

Fixing the API January 18, 2013 Morgan S. Polikoff, Ph.D. Andrew McEachin, Ph.D. Overview Brief history/background on Academic Performance Index (API) Seven lessons learned from accountability research Five steps to improving API

360 views • 22 slides
Internet Atlas: A Geographical Database of the Physical Internet Active Internet Measurement

Internet Atlas: A Geographical Database of the Physical Internet Active Internet Measurement

Internet Atlas: A Geographical Database of the Physical Internet Active Internet Measurement Systems Workshop (AIMS) February 6-8, 2013 Ram Durairajan Computer Sciences University of Wisconsin Motivation rkrish@cs.wisc.edu 2

505 views • 33 slides
Fixing the Lines Canarsie Tunnel 1 Agenda Welcome: Al Silvestri (NYCDOT) Panel

Fixing the Lines Canarsie Tunnel 1 Agenda Welcome: Al Silvestri (NYCDOT) Panel

Fixing the Lines Canarsie Tunnel 1 Agenda Welcome: Al Silvestri (NYCDOT) Panel Introductions Town Hall Ground Rules Timeline Sandy Video Presentation by NYCT President Andy Byford and NYCDOT Commissioner Polly

414 views • 22 slides
Measuring Damages from Price-Fixing to Direct and Indirect Purchasers FNE Competition Day

Measuring Damages from Price-Fixing to Direct and Indirect Purchasers FNE Competition Day

Measuring Damages from Price-Fixing to Direct and Indirect Purchasers FNE Competition Day Santiago November 17, 2016 Thomas W. Ross Sauder School of Business University of British Columbia Estimating Damages Two tasks we want to discuss

278 views • 26 slides

More recommend