I gave a 2h talk on computer security ("Hacking na żywo") at fantasy convent CoolKon.I promised to upload the slides, so here they are. They're all in Polish, sorry.
It was mainly for RPG players and other lay audience, so I didn't demonstrate any new exploit technique ;-), just the basics in highly simplified and easily digestible form.
For those who weren't there, here's a short summary:
- What's wrong with the way media talk about computer security
- Matrix Reloaded as a surprising exception
- What is security, and how far can we go by pretending the problem doesn't exist
- Major classes of security problems - buffer overflows, sql injections, cross-site scripting, not patching regularly enough, using known-to-be-broken software like IE and sendmail, plain lack of responsibility
- A short movie from 21c3 talk on physical security and lockpicking showing that even protecting against every known problem doesn't guarantee security (movie - skip to minutes 34 to 38, more info)
- Highly abridged version of how networking, TCP/IP, and packet dumpers work
- Live demonstration of tcpdump, tcpflow, and ettercap
- Theory and live demonstration of nmap
- Diffie-Hellman key exchange, man-in-the-middle attacks, and certificates that users ignore anyway
- Full disclosure and why is it so important. How software vendors really react to reported security issues
- Exploits and exploit data bases
- Scarying people by showing them how many exploits are there in ExploitTree data base
- SQL injections and anti-PHP rant
- Buffer overflows and anti-C rant
No comments:
Post a Comment