Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Intro to digital security

Ba0668208a6e892c6849d75e083c4b41?s=47 FHV
March 16, 2017

Intro to digital security

Part I of workshop given with @denkiii for the Concordia Student Union. (second part included Signal, Tor, Yubikeys)

Ba0668208a6e892c6849d75e083c4b41?s=128

FHV

March 16, 2017
Tweet

Transcript

  1. intro to digital security Florencia Herra-Vega (@flohdot) CTO, Peerio (peerio.com)

    Concordia Student Union, March 2017
  2. what are you protecting? Against whom? a.k.a. “Threat Modelling”

  3. Case Study #1 Amy is an aid worker coordinating a

    number of colleagues and volunteers in an area that is recovering from a natural disaster, which has a number of sensitive resource/land disputes. She gathers some information in the field that could be of interest to local businesspeople, politicians, and police.
  4. Case Study #2 Roger is a teenager in a tightly

    knit, extremely conservative community. He lives at home with his tech-savvy parents and brother. He thinks he might be gay.
  5. Case Study #3 Marie is a journalist working on a

    big scoop about police and construction industry corruption. She has anonymous sources, and she needs to discuss some aspects of the case with colleagues and experts.
  6. where is your data? who owns it? how is it

    secured? who does it share its data with? what can it see about you? who owns it? who can access it? how is it secured?
  7. where is your data? who owns it? how is it

    secured? who does it share its data with? what can it see about you? who owns it? who can access it? how is it secured? who owns it? how is it secured? who does it share its data with? what can it see about you? what data are you sending?
  8. where is your data? who owns it? how is it

    secured? who does it share its data with? what can it see about you? who owns it? who can access it? how is it secured? who owns it? how is it secured? who does it share its data with? what can it see about you? what metadata are you sending?
  9. who’s between you and your data? wi-fi network corporate network

    ISPs wi-fi network corporate network ISPs
  10. where’s the crypto? “at rest” disk encryption ? ?

  11. where’s the crypto? “at rest” disk/database encryption ? ?

  12. where’s the crypto? “in transit” TLS/HTTPS ? ? ? ?

  13. where’s the crypto? “in transit” TLS/HTTPS

  14. where’s the crypto? “in transit” TLS/HTTPS

  15. where’s the crypto? “end to end” (sometimes “zero knowledge”)

  16. why isn’t everything end-to-end encrypted? 1. someone is making money

    off your data
  17. why isn’t everything end-to-end encrypted? 1. someone is making money

    off your data 2. encryption is (REALLY) hard
  18. why isn’t everything end-to-end encrypted? 1. someone is making money

    off your data 2. encryption is (REALLY) hard You have a secret you can’t share and can’t lose.
  19. why isn’t everything end-to-end encrypted? 1. someone is making money

    off your data 2. encryption is (REALLY) hard You have to verify other people’s “identity” through math.
  20. how do i pick my tools?

  21. how do i pick my tools? do they protect the

    right things?
  22. how do i pick my tools? are they worth the

    time + money?
  23. how do i pick my tools? are they worth the

    hassle and rage?
  24. You control your own computer (so keep it clean!) •

    update your operating system (mobile & desktop) • update applications • browse securely with extensions: uBlock origin (adblocker) & privacy badger (tracking blocker) & https everywhere • disk encryption (FileVault & Bitlocker) or file encryption (Veracrypt)
  25. Use good passwords • don’t repeat them everywhere • long

    is better than complicated • use a password manager • two-factor authentication
  26. last tips • your security is only as good as

    your weakest endpoint • don’t forget about physical security • think about economics • create solutions you & your friends/ colleagues will actually use