Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security Not Guaranteed - 2017 Cleveland GiveCa...
Search
James Gifford
July 22, 2017
Programming
0
120
Security Not Guaranteed - 2017 Cleveland GiveCamp Presentation
James Gifford
July 22, 2017
Tweet
Share
More Decks by James Gifford
See All by James Gifford
2016 Akron Linux User Group Ansible Presentation
jrgifford
0
850
Other Decks in Programming
See All in Programming
NEWT Backend Evolution
xpromx
1
110
技術同人誌をMCP Serverにしてみた
74th
1
680
ペアプロ × 生成AI 現場での実践と課題について / generative-ai-in-pair-programming
codmoninc
2
20k
AI Agent 時代のソフトウェア開発を支える AWS Cloud Development Kit (CDK)
konokenj
5
650
Git Sync を超える!OSS で実現する CDK Pull 型デプロイ / Deploying CDK with PipeCD in Pull-style
tkikuc
4
240
システム成長を止めない!本番無停止テーブル移行の全貌
sakawe_ee
1
220
Startups on Rails in Past, Present and Future–Irina Nazarova, RailsConf 2025
irinanazarova
0
200
PHPで始める振る舞い駆動開発(Behaviour-Driven Development)
ohmori_yusuke
2
420
GPUを計算資源として使おう!
primenumber
1
200
なぜ「共通化」を考え、失敗を繰り返すのか
rinchoku
1
670
#QiitaBash MCPのセキュリティ
ryosukedtomita
1
1.5k
The Modern View Layer Rails Deserves: A Vision For 2025 And Beyond @ RailsConf 2025, Philadelphia, PA
marcoroth
2
670
Featured
See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
830
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
KATA
mclloyd
30
14k
Code Review Best Practice
trishagee
69
19k
Navigating Team Friction
lara
187
15k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.1k
Adopting Sorbet at Scale
ufuk
77
9.5k
GitHub's CSS Performance
jonrohan
1031
460k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
Balancing Empowerment & Direction
lara
1
440
Transcript
Security Not Guaranteed Or, how to hold off the bad
guys for another day.
James Gifford Software developer, startups, 7-time GiveCamper.
This Talk is NOT About... A. Protecting Against Three Letter
Agencies (KGB, FSB, CIA, NSA, FBI, DOJ) B. Protecting Against a Targeted Attack C. Protecting Your Corporation D. How The Cloud Is Evil And Should Be Avoided At All Costs™
Would it surprise you if...
67% of consumers... Don’t have password protection on their devices.
(Sophos, August 2011)
Now, this isn’t a problem in itself... But, it can
be disastrous if your device is LOST or, STOLEN.
All devices can be Password Protected
{ 9/10 } The estimated number of break-in attempts that
would be thwarted if people simply locked their computers.
And, it doesn’t have to be too complicated.
The password: do graze irk has 49 bits of entropy.
It’s also a password that can be remembered, in some
way.
And it can be typed fairly quickly.
It really takes about as much effort as: password1234 But,
is far more secure.
Now, you’re probably wondering about fingerprint unlocks: The short answer
is...
Please don't.
Video
Passwords are a start.
How do you keep your passwords together?
Believe it or not… Some people still use pencil, and
paper, or try to keep it in their heads.
There are a lot of good password managers.
Raise your hand if you’re using KeePass.
KeePass is very popular.
KeePass is also probably not secure.
The French ANSSI (Their version of the FBI) Did an
Audit...
And it checked out.
All of these are pretty cool.
Password managers are flawed.
It doesn’t often matter to the consumer which manager they
use.
Just as long as it works. For consumers stuff like
LastPass is a good start.
Just as long as it’s not a notebook.
Mr. T. pities the fool who doesn’t have a password
manager.
Mentioning passwords...
Device encryption is an important security tool.
Many people fail to encrypt even the most important data.
Or, overlook critical points.
You can encrypt almost anything.
Desktops, phones, tablets; OS X, Windows, etc
If you do it, do it right.
Sometimes built in tools are the best you’ve got.
None
It’s still just a deterrent.
None
Enough about passwords.
Let’s talk about two-factor authentication.
First off, what is it?
2 factor is: 1. Something you know (password) 2. Something
you have (token)
Now we know what it is...
Let’s talk about why.
It’s mostly to make your password half-useless.
There are many different “tokens”.
The Text Message
The App
None
The RSA Token
The Hardware Token
None
None
Malicious Program Protection
There are different kinds of threats, and different solutions.
Anti-Malware Versus Anti-Virus
It helps consumers to understand the threats out there.
It helps to have multiple lines of defense.
There are some fairly decent products.
And, some questionable services.
Product choice starts fights.
There are different measures of success.
Nothing’s perfect.
Fin.
Resources page is at: j.mp/SecurityNotGuaranteed
Tomatoes? James Gifford
[email protected]