Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security Not Guaranteed - 2017 Cleveland GiveCa...
Search
James Gifford
July 22, 2017
Programming
0
130
Security Not Guaranteed - 2017 Cleveland GiveCamp Presentation
James Gifford
July 22, 2017
Tweet
Share
More Decks by James Gifford
See All by James Gifford
2016 Akron Linux User Group Ansible Presentation
jrgifford
0
860
Other Decks in Programming
See All in Programming
OSS開発者という働き方
andpad
5
1.7k
AIでLINEスタンプを作ってみた
eycjur
1
230
Android 16 × Jetpack Composeで縦書きテキストエディタを作ろう / Vertical Text Editor with Compose on Android 16
cc4966
0
140
Swift Updates - Learn Languages 2025
koher
2
460
CloudflareのChat Agent Starter Kitで簡単!AIチャットボット構築
syumai
2
460
[FEConf 2025] 모노레포 절망편, 14개 레포로 부활하기까지 걸린 1년
mmmaxkim
0
1.6k
旅行プランAIエージェント開発の裏側
ippo012
2
880
デザイナーが Androidエンジニアに 挑戦してみた
874wokiite
0
270
Protocol Buffersの型を超えて拡張性を得る / Beyond Protocol Buffers Types Achieving Extensibility
linyows
0
110
AWS発のAIエディタKiroを使ってみた
iriikeita
1
180
CJK and Unicode From a PHP Committer
youkidearitai
PRO
0
110
ぬるぬる動かせ! Riveでアニメーション実装🐾
kno3a87
1
200
Featured
See All Featured
A better future with KSS
kneath
239
17k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
910
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
The Cult of Friendly URLs
andyhume
79
6.6k
Statistics for Hackers
jakevdp
799
220k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Balancing Empowerment & Direction
lara
3
610
Making Projects Easy
brettharned
117
6.4k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Transcript
Security Not Guaranteed Or, how to hold off the bad
guys for another day.
James Gifford Software developer, startups, 7-time GiveCamper.
This Talk is NOT About... A. Protecting Against Three Letter
Agencies (KGB, FSB, CIA, NSA, FBI, DOJ) B. Protecting Against a Targeted Attack C. Protecting Your Corporation D. How The Cloud Is Evil And Should Be Avoided At All Costs™
Would it surprise you if...
67% of consumers... Don’t have password protection on their devices.
(Sophos, August 2011)
Now, this isn’t a problem in itself... But, it can
be disastrous if your device is LOST or, STOLEN.
All devices can be Password Protected
{ 9/10 } The estimated number of break-in attempts that
would be thwarted if people simply locked their computers.
And, it doesn’t have to be too complicated.
The password: do graze irk has 49 bits of entropy.
It’s also a password that can be remembered, in some
way.
And it can be typed fairly quickly.
It really takes about as much effort as: password1234 But,
is far more secure.
Now, you’re probably wondering about fingerprint unlocks: The short answer
is...
Please don't.
Video
Passwords are a start.
How do you keep your passwords together?
Believe it or not… Some people still use pencil, and
paper, or try to keep it in their heads.
There are a lot of good password managers.
Raise your hand if you’re using KeePass.
KeePass is very popular.
KeePass is also probably not secure.
The French ANSSI (Their version of the FBI) Did an
Audit...
And it checked out.
All of these are pretty cool.
Password managers are flawed.
It doesn’t often matter to the consumer which manager they
use.
Just as long as it works. For consumers stuff like
LastPass is a good start.
Just as long as it’s not a notebook.
Mr. T. pities the fool who doesn’t have a password
manager.
Mentioning passwords...
Device encryption is an important security tool.
Many people fail to encrypt even the most important data.
Or, overlook critical points.
You can encrypt almost anything.
Desktops, phones, tablets; OS X, Windows, etc
If you do it, do it right.
Sometimes built in tools are the best you’ve got.
None
It’s still just a deterrent.
None
Enough about passwords.
Let’s talk about two-factor authentication.
First off, what is it?
2 factor is: 1. Something you know (password) 2. Something
you have (token)
Now we know what it is...
Let’s talk about why.
It’s mostly to make your password half-useless.
There are many different “tokens”.
The Text Message
The App
None
The RSA Token
The Hardware Token
None
None
Malicious Program Protection
There are different kinds of threats, and different solutions.
Anti-Malware Versus Anti-Virus
It helps consumers to understand the threats out there.
It helps to have multiple lines of defense.
There are some fairly decent products.
And, some questionable services.
Product choice starts fights.
There are different measures of success.
Nothing’s perfect.
Fin.
Resources page is at: j.mp/SecurityNotGuaranteed
Tomatoes? James Gifford
[email protected]