I promised to upload the slides, so here they are. They're all in Polish, sorry.
It was mainly for RPG players and other lay audience, so I didn't demonstrate any new exploit technique ;-), just the basics in highly simplified and easily digestible form.
For those who weren't there, here's a short summary:
- What's wrong with the way media talk about computer security
- Matrix Reloaded as a surprising exception
- What is security, and how far can we go by pretending the problem doesn't exist
- Major classes of security problems - buffer overflows, sql injections, cross-site scripting, not patching regularly enough, using known-to-be-broken software like IE and sendmail, plain lack of responsibility
- A short movie from 21c3 talk on physical security and lockpicking showing that even protecting against every known problem doesn't guarantee security (movie - skip to minutes 34 to 38, more info)
- Highly abridged version of how networking, TCP/IP, and packet dumpers work
- Live demonstration of tcpdump, tcpflow, and ettercap
- Theory and live demonstration of nmap
- Diffie-Hellman key exchange, man-in-the-middle attacks, and certificates that users ignore anyway
- Full disclosure and why is it so important. How software vendors really react to reported security issues
- Exploits and exploit data bases
- Scarying people by showing them how many exploits are there in ExploitTree data base
- SQL injections and anti-PHP rant
- Buffer overflows and anti-C rant
No comments:
Post a Comment