Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Security Not Guaranteed - 2017 Cleveland GiveCa...
Search
James Gifford
July 22, 2017
Programming
0
130
Security Not Guaranteed - 2017 Cleveland GiveCamp Presentation
James Gifford
July 22, 2017
Tweet
Share
More Decks by James Gifford
See All by James Gifford
2016 Akron Linux User Group Ansible Presentation
jrgifford
0
860
Other Decks in Programming
See All in Programming
Swift Updates - Learn Languages 2025
koher
2
520
「手軽で便利」に潜む罠。 Popover API を WCAG 2.2の視点で安全に使うには
taitotnk
0
870
Design Foundational Data Engineering Observability
sucitw
3
210
Tool Catalog Agent for Bedrock AgentCore Gateway
licux
7
2.6k
Testing Trophyは叫ばない
toms74209200
0
890
アルテニア コンサル/ITエンジニア向け 採用ピッチ資料
altenir
0
110
API Platform 4.2: Redefining API Development
soyuka
0
240
AWS発のAIエディタKiroを使ってみた
iriikeita
1
190
テストコードはもう書かない:JetBrains AI Assistantに委ねる非同期処理のテスト自動設計・生成
makun
0
560
請來的 AI Agent 同事們在寫程式時,怎麼用 pytest 去除各種幻想與盲點
keitheis
0
130
Updates on MLS on Ruby (and maybe more)
sylph01
1
180
2025 年のコーディングエージェントの現在地とエンジニアの仕事の変化について
azukiazusa1
24
12k
Featured
See All Featured
Unsuck your backbone
ammeep
671
58k
4 Signs Your Business is Dying
shpigford
184
22k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Docker and Python
trallard
46
3.6k
For a Future-Friendly Web
brad_frost
180
9.9k
The Power of CSS Pseudo Elements
geoffreycrofte
77
6k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
530
Context Engineering - Making Every Token Count
addyosmani
3
63
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
188
55k
A Tale of Four Properties
chriscoyier
160
23k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
285
14k
Transcript
Security Not Guaranteed Or, how to hold off the bad
guys for another day.
James Gifford Software developer, startups, 7-time GiveCamper.
This Talk is NOT About... A. Protecting Against Three Letter
Agencies (KGB, FSB, CIA, NSA, FBI, DOJ) B. Protecting Against a Targeted Attack C. Protecting Your Corporation D. How The Cloud Is Evil And Should Be Avoided At All Costs™
Would it surprise you if...
67% of consumers... Don’t have password protection on their devices.
(Sophos, August 2011)
Now, this isn’t a problem in itself... But, it can
be disastrous if your device is LOST or, STOLEN.
All devices can be Password Protected
{ 9/10 } The estimated number of break-in attempts that
would be thwarted if people simply locked their computers.
And, it doesn’t have to be too complicated.
The password: do graze irk has 49 bits of entropy.
It’s also a password that can be remembered, in some
way.
And it can be typed fairly quickly.
It really takes about as much effort as: password1234 But,
is far more secure.
Now, you’re probably wondering about fingerprint unlocks: The short answer
is...
Please don't.
Video
Passwords are a start.
How do you keep your passwords together?
Believe it or not… Some people still use pencil, and
paper, or try to keep it in their heads.
There are a lot of good password managers.
Raise your hand if you’re using KeePass.
KeePass is very popular.
KeePass is also probably not secure.
The French ANSSI (Their version of the FBI) Did an
Audit...
And it checked out.
All of these are pretty cool.
Password managers are flawed.
It doesn’t often matter to the consumer which manager they
use.
Just as long as it works. For consumers stuff like
LastPass is a good start.
Just as long as it’s not a notebook.
Mr. T. pities the fool who doesn’t have a password
manager.
Mentioning passwords...
Device encryption is an important security tool.
Many people fail to encrypt even the most important data.
Or, overlook critical points.
You can encrypt almost anything.
Desktops, phones, tablets; OS X, Windows, etc
If you do it, do it right.
Sometimes built in tools are the best you’ve got.
None
It’s still just a deterrent.
None
Enough about passwords.
Let’s talk about two-factor authentication.
First off, what is it?
2 factor is: 1. Something you know (password) 2. Something
you have (token)
Now we know what it is...
Let’s talk about why.
It’s mostly to make your password half-useless.
There are many different “tokens”.
The Text Message
The App
None
The RSA Token
The Hardware Token
None
None
Malicious Program Protection
There are different kinds of threats, and different solutions.
Anti-Malware Versus Anti-Virus
It helps consumers to understand the threats out there.
It helps to have multiple lines of defense.
There are some fairly decent products.
And, some questionable services.
Product choice starts fights.
There are different measures of success.
Nothing’s perfect.
Fin.
Resources page is at: j.mp/SecurityNotGuaranteed
Tomatoes? James Gifford
[email protected]