Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Training for Everyone (PagerDuty)

Avatar for Rich Adams Rich Adams
February 27, 2018
Programming
0
88

Security Training for Everyone (PagerDuty)

This is an open-source version of "Security Training for Everyone", PagerDuty's internal employee security training, given to all PagerDuty employees as part of our annual security training program.

Full notes and details are available at https://sudo.pagerduty.com/for_everyone/

Avatar for Rich Adams

Rich Adams

February 27, 2018
Tweet

More Decks by Rich Adams

See All by Rich Adams
Incident Response Training (PagerDuty)
Avatar for Rich Adams richadams
1
170
Security Training for Engineers (PagerDuty)
Avatar for Rich Adams richadams
0
200
Failure Friday (Ignite Talk)
Avatar for Rich Adams richadams
1
190
SRE in the Cloud
Avatar for Rich Adams richadams
1
210

Other Decks in Programming

See All in Programming
監視 やばい
Avatar for syossan27 syossan27
12
10k
個人開発の学生アプリが企業譲渡されるまで
Avatar for akidon0000 akidon0000
2
1.2k
Storybookの情報をMCPサーバー化する
Avatar for Shota Iwamatsu shota_tech
2
1.1k
flutter_kaigi_mini_4.pdf
Avatar for Hiroki Nobuta nobu74658
0
150
データベースの技術選定を突き詰める ~複数事例から考える最適なデータベースの選び方~
Avatar for nnaka2992 nnaka2992
1
1.2k
KawaiiLT 登壇資料 キャリアとモチベーション
Avatar for 柊 hiiragi
0
160
AIコーディングエージェントを 「使いこなす」ための実践知と現在地 in ログラス / How to Use AI Coding Agent in Loglass
Avatar for r-kagaya rkaga
4
1.4k
ComposeでのPicture in Picture
Avatar for takathemax takathemax
0
140
Laravel × Clean Architecture
Avatar for Takayuki bumptakayuki
PRO
0
150
カオスに立ち向かう小規模チームの装備の選択〜フルスタックTSという装備の強み _ 弱み〜/Choosing equipment for a small team facing chaos ~ Strengths and weaknesses of full-stack TS~
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
1
140
JAWS DAYS 2025 re_Cheers: WEB
Avatar for komakichi komakichi
0
120
GitHub Copilot for Azureを使い倒したい
Avatar for Kento.Yamada ymd65536
1
330

Featured

See All Featured
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
462
33k
Faster Mobile Websites
Avatar for Dean Hume deanohume
307
31k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
13
840
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
53
11k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
7
420
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
223
9.6k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.7k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
205
24k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
245
12k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
32
2.3k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
251
21k

Transcript

  1. SECURITY TRAINING, FEB 2018 Security Training For Everyone FEBRUARY 2018

    Rich Adams Security & Incident Response PUBLIC VERSION

  2. Gain insight into the threats we face, and learn how

    to protect us from them. PUBLIC SECURITY TRAINING, FEB 2018

  3. “Best training I’ve ever been to. Rich is awesome! I

    should give him a promotion, a raise, and $100 from my own pocket right this instant!” PUBLIC SECURITY TRAINING, FEB 2018 Arup Chakrabarti Security Enthusiast But seriously, all joking aside, this stuff is important. Please pay attention. Also Rich’s boss. Assuming Rich still has a job after this.

  4. PUBLIC SECURITY TRAINING, FEB 2018 PUBLIC RESTRICTED INTERNAL ONLY Slide

    can be shared publicly with family/friends, Twitter, etc. Slide can only be shared with customers under an NDA. Slide is not to be shared with anyone outside of PagerDuty.

  5. Slide can be shared publicly with family/friends, Twitter, etc. Slide

    can only be shared with customers under an NDA. Slide is not to be shared with anyone outside of PagerDuty. PUBLIC RESTRICTED INTERNAL ONLY PUBLIC SECURITY TRAINING, FEB 2018

  6. SECURITY TRAINING, FEB 2018 [ REDACTED ]

  7. Our job is to make it easy for you to

    do the right thing. PUBLIC SECURITY TRAINING, FEB 2018

  8. BLUE PUBLIC SECURITY TRAINING, FEB 2018

  9. PUBLIC SECURITY TRAINING, FEB 2018 Do you use no lock,

    or 100 locks?

  10. “Given the choice between security and convenience, people complain about

    security, but opt for convenience.” PUBLIC SECURITY TRAINING, FEB 2018

  11. Be Secure, But Usable PUBLIC SECURITY TRAINING, FEB 2018

  12. No Lies, No Pretending PUBLIC SECURITY TRAINING, FEB 2018

  13. PUBLIC SECURITY TRAINING, FEB 2018 Totally real quote from Star

    Wars. “Faking security is the path to the dark side. Faking leads to false hope. False hope leads to false security. False security leads to suffering.”

  14. “Security theater is the practice of investing in countermeasures intended

    to provide the feeling of improved security while doing little or nothing to actually achieve it.” PUBLIC SECURITY TRAINING, FEB 2018 https://en.wikipedia.org/wiki/Security_theater

  15. PUBLIC SECURITY TRAINING, FEB 2018 https://www.washingtonpost.com/local/trafficandcommuting/where-oh-where-did-my-luggage-go/

  16. PUBLIC SECURITY TRAINING, FEB 2018 https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys/

  17. Social Engineering PUBLIC SECURITY TRAINING, FEB 2018

  18. “Psychological manipulation of people into performing actions or divulging confidential

    information.” PUBLIC SECURITY TRAINING, FEB 2018 https://en.wikipedia.org/wiki/Social_engineering_(security)

  19. PUBLIC SECURITY TRAINING, FEB 2018 https://www.youtube.com/watch?v=iJIc16aqpO8

  20. Building Trust • Little bits of info can snowball. •

    Attackers will claim to be a new employee to get info. • Human nature is to want to help others. • Confirm via another channel. PUBLIC SECURITY TRAINING, FEB 2018

  21. SECURITY TRAINING, FEB 2018 [ REDACTED ]

  22. Fishing Phishing PUBLIC SECURITY TRAINING, FEB 2018

  23. PUBLIC SECURITY TRAINING, FEB 2018 Lots of money for you!

    Dear friend, I am a Nigerian prince. I want to give you lots of money: $2,400,000 Just send me your bank account details, social security number, a photocopy of your passport, your birth certificate, and your first born child.

  24. PUBLIC SECURITY TRAINING, FEB 2018 http://ismycreditcardstolen.com/

  25. PUBLIC SECURITY TRAINING, FEB 2018 https://twitter.com/needadebitcard

  26. Reel or Fish? PUBLIC SECURITY TRAINING, FEB 2018

  27. PUBLIC SECURITY TRAINING, FEB 2018 Reel or Fish? Real or

    Phish?

  28. PUBLIC SECURITY TRAINING, FEB 2018

  29. PUBLIC SECURITY TRAINING, FEB 2018 Sites will usually use your

    real name. Rarely will it just be “Customer”. Attacker has left in some code. Choosing random digit from 10-99. Beware of ZIP attachments. Invoices would usually be PDF. Not to scale.

  30. PUBLIC SECURITY TRAINING, FEB 2018

  31. PUBLIC SECURITY TRAINING, FEB 2018 Not the real docusign.com domain!

    Hover over and see link goes to http://…/file.php?email=….

  32. SECURITY TRAINING, FEB 2018 [ REDACTED ]

  33. Spear Phishing PUBLIC SECURITY TRAINING, FEB 2018 For illustrative purposes

    only. Real attacks may not contain spears, or fishes.

  34. SECURITY TRAINING, FEB 2018 [ REDACTED ]

  35. Protecting Yourself! • Watch out for suspicious emails. • “From:”

    addresses can be spoofed! • To verify if from employee, ask them via IM or in person. • If suspicious, forward the original email to us! PUBLIC SECURITY TRAINING, FEB 2018

  36. PUBLIC SECURITY TRAINING, FEB 2018

  37. PUBLIC SECURITY TRAINING, FEB 2018 We need to get the

    original message with all headers.

  38. PUBLIC SECURITY TRAINING, FEB 2018 Click this to get all

    the info we need in your clipboard.

  39. PUBLIC SECURITY TRAINING, FEB 2018 Send it to the security

    team. We’ll take care of the rest!

  40. YOU are our greatest asset in the fight against phishing!

    PUBLIC SECURITY TRAINING, FEB 2018 Seriously! We’ve preemptively blocked several phishing attacks thanks to employee reports.

  41. Not Just Phishing • Pretexting. • Baiting. • Quid Pro

    Quo. PUBLIC SECURITY TRAINING, FEB 2018 https://en.wikipedia.org/wiki/Social_engineering_(security)#Techniques_and_terms

  42. If you’re not sure, ask us! PUBLIC SECURITY TRAINING, FEB

    2018 KEY TAKEAWAY

  43. Passwords PUBLIC SECURITY TRAINING, FEB 2018

  44. PUBLIC SECURITY TRAINING, FEB 2018 “A string of characters used

    to prove identity or access, which should be kept secret from those not allowed access.”

  45. 1337 Haxx0rs!!! PUBLIC SECURITY TRAINING, FEB 2018

  46. Hashing PUBLIC SECURITY TRAINING, FEB 2018 “5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8” “password” SHA-1 https://en.wikipedia.org/wiki/Cryptographic_hash_function

  47. Hashing PUBLIC SECURITY TRAINING, FEB 2018 “5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8” “password” SHA-1 https://en.wikipedia.org/wiki/Cryptographic_hash_function

  48. Magic PUBLIC SECURITY TRAINING, FEB 2018 “5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8” “password” MAGIC

  49. Repeatable PUBLIC SECURITY TRAINING, FEB 2018 “5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8” “password” MAGIC “5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8”

    “password” MAGIC

  50. Irreversible PUBLIC SECURITY TRAINING, FEB 2018 “5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8” “password” ???

  51. PUBLIC SECURITY TRAINING, FEB 2018 Magic 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 Create Account Password

    ************ Username rich

  52. PUBLIC SECURITY TRAINING, FEB 2018 Magic 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 Create Account Password

    ************ Username rich Login Password ************ Username rich Magic 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

  53. PUBLIC SECURITY TRAINING, FEB 2018 Magic 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 Create Account Password

    ************ Username rich Login Password ************ Username rich Magic 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 ✓

  54. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 77ba9cd915c8e359d9733edcfe9c61e5aca92afb NULL 2 rich 410114109270c8ffe4af1706adcad6e29c421f4d fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james 410114109270c8ffe4af1706adcad6e29c421f4d Freddie Mercury’s band 5 arup d9bc17fe6fdf4909187612e5374b74a7d593975e scary movie 6 allison 7c4a8d09ca3762af61e59520943dc26494f8941b NULL 7 pumpkin22 d9bc17fe6fdf4909187612e5374b74a7d593975e fav holiday Evil Corp™ Customer Database

  55. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 77ba9cd915c8e359d9733edcfe9c61e5aca92afb NULL 2 rich 410114109270c8ffe4af1706adcad6e29c421f4d fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james 410114109270c8ffe4af1706adcad6e29c421f4d Freddie Mercury’s band 5 arup d9bc17fe6fdf4909187612e5374b74a7d593975e scary movie 6 allison 7c4a8d09ca3762af61e59520943dc26494f8941b NULL 7 pumpkin22 d9bc17fe6fdf4909187612e5374b74a7d593975e fav holiday Evil Corp™ Customer Database

  56. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 77ba9cd915c8e359d9733edcfe9c61e5aca92afb NULL 2 rich 410114109270c8ffe4af1706adcad6e29c421f4d fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james 410114109270c8ffe4af1706adcad6e29c421f4d Freddie Mercury’s band 5 arup d9bc17fe6fdf4909187612e5374b74a7d593975e scary movie 6 allison 7c4a8d09ca3762af61e59520943dc26494f8941b NULL 7 pumpkin22 d9bc17fe6fdf4909187612e5374b74a7d593975e fav holiday Evil Corp™ Customer Database

  57. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 77ba9cd915c8e359d9733edcfe9c61e5aca92afb NULL 2 rich 410114109270c8ffe4af1706adcad6e29c421f4d fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james 410114109270c8ffe4af1706adcad6e29c421f4d Freddie Mercury’s band 5 arup halloween scary movie 6 allison 7c4a8d09ca3762af61e59520943dc26494f8941b NULL 7 pumpkin22 halloween fav holiday Evil Corp™ Customer Database

  58. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 77ba9cd915c8e359d9733edcfe9c61e5aca92afb NULL 2 rich 410114109270c8ffe4af1706adcad6e29c421f4d fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james 410114109270c8ffe4af1706adcad6e29c421f4d Freddie Mercury’s band 5 arup halloween scary movie 6 allison 7c4a8d09ca3762af61e59520943dc26494f8941b NULL 7 pumpkin22 halloween fav holiday Evil Corp™ Customer Database

  59. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 77ba9cd915c8e359d9733edcfe9c61e5aca92afb NULL 2 rich 410114109270c8ffe4af1706adcad6e29c421f4d fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james 410114109270c8ffe4af1706adcad6e29c421f4d Freddie Mercury’s band 5 arup halloween scary movie 6 allison 7c4a8d09ca3762af61e59520943dc26494f8941b NULL 7 pumpkin22 halloween fav holiday Evil Corp™ Customer Database

  60. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 77ba9cd915c8e359d9733edcfe9c61e5aca92afb NULL 2 rich queen fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james queen Freddie Mercury’s band 5 arup halloween scary movie 6 allison 7c4a8d09ca3762af61e59520943dc26494f8941b NULL 7 pumpkin22 halloween fav holiday Evil Corp™ Customer Database

  61. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 77ba9cd915c8e359d9733edcfe9c61e5aca92afb NULL 2 rich queen fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james queen Freddie Mercury’s band 5 arup halloween scary movie 6 allison 7c4a8d09ca3762af61e59520943dc26494f8941b NULL 7 pumpkin22 halloween fav holiday Evil Corp™ Customer Database

  62. PUBLIC SECURITY TRAINING, FEB 2018 “356a192b7913b04c54574d18c28d46e6395428ab” “1” MAGIC “da4b9237bacccdf19c0760cab7aec4a8359010b0” “2”

    MAGIC “77de68daecd823babbb58edb1c8e14d7106e83bb” “3” MAGIC “1b6453892473a467d07372d45eb05abc2031647a” “4” MAGIC “ac3478d69a3c81fa62e60f5c3696165a4e5e6ac4” “5” MAGIC

  63. PUBLIC SECURITY TRAINING, FEB 2018 require 'digest/sha1' (1..1000000).each do |n|

    sha1 = Digest::SHA1.hexdigest n.to_s puts "#{sha1} = #{n}" end RUBY

  64. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 1337 NULL 2 rich queen fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james queen Freddie Mercury’s band 5 arup halloween scary movie 6 allison 123456 NULL 7 pumpkin22 halloween fav holiday Evil Corp™ Customer Database

  65. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 1337 NULL 2 rich queen fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james queen Freddie Mercury’s band 5 arup halloween scary movie 6 allison 123456 NULL 7 pumpkin22 halloween fav holiday Evil Corp™ Customer Database

  66. PUBLIC SECURITY TRAINING, FEB 2018 “86f7e437faa5a7fce15d1ddcb9eaeaea377667b8” “a” MAGIC “e61e506ca0fd8251f850bc313f709cc07cbcecf2” “aal”

    MAGIC “f60f98341248eca0d2270cb0145d4d17f818366c” “aalil” MAGIC “ff49abca9701606b01b6245d587d26c31b63a433” “aardvark” MAGIC “661e46b960572398e02f82878e2dfeadb4518899” “aardwolf” MAGIC

  67. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 1337 NULL 2 rich queen fav person 3 sarah 34ea99829a8df97f54dddc3c747c13c6b34c2a93 NULL 4 james queen Freddie Mercury’s band 5 arup halloween scary movie 6 allison 123456 NULL 7 pumpkin22 halloween fav holiday Evil Corp™ Customer Database

  68. Trying everything will take too long. PUBLIC SECURITY TRAINING, FEB

    2018

  69. PUBLIC SECURITY TRAINING, FEB 2018 http://project-rainbowcrack.com/table.htm Rainbow Tables Magic Lists

    Magic Lists

  70. PUBLIC SECURITY TRAINING, FEB 2018 id username password_hash password_hint 1

    admin 1337 NULL 2 rich queen fav person 3 sarah gLCbYt9MX NULL 4 james queen Freddie Mercury’s band 5 arup halloween scary movie 6 allison 123456 NULL 7 pumpkin22 halloween fav holiday Evil Corp™ Customer Database

  71. gLCbYt9MX PUBLIC SECURITY TRAINING, FEB 2018 Lowercase letters. Uppercase letters.

    Numbers. Special characters. ✔ ! ✔ ✔

  72. PUBLIC SECURITY TRAINING, FEB 2018 Wat? Salting is a technique

    to combat this.

  73. Password Leaks • LinkedIn (2012) - Unsalted SHA-1 • Evernote

    (2013) - Unsalted MD5 • Last.fm (2012) - Unsalted MD5 • eHarmony (2012) - Unsalted MD5 • Yahoo (2013) - MD5 PUBLIC SECURITY TRAINING, FEB 2018 WTF!?! (Not joking, they have it in their FAQ!) This is exactly how I just showed you passwords being stored! http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

  74. PUBLIC SECURITY TRAINING, FEB 2018 https://hotforsecurity.bitdefender.com/blog/1800-minecraft-usernames-and-passwords-leak-online-11209.html

  75. Best Practices • Long (15+ chars). • Random. • Unique.

    • Private. PUBLIC SECURITY TRAINING, FEB 2018

  76. Long • Longer = Harder to break (mostly). • Break

    8 characters in less than a day*. • DoD Standards say 15+ chars. • You should use 50+ if you can. PUBLIC SECURITY TRAINING, FEB 2018 http://www.lockdown.co.uk/?pg=combi&s=articles

  77. WAe(H%PXQeVUM5DLE8re((xdfag#JmYj0X*pL77OJ&YDOoE^^@$5rWvPXOiFl^IO5wq1MQd7i1ZD7Fl8R03pP8DXnyH$aD*31KBW xtb274uX9IQk2oVPPbvvXL!TEKPf!%2Y3UN9ag@rYGp$vt%tjun0(XyM6L1P$ZPD*&pMmZZAvr&vh%!Pd5ywaki7sTaSmRD!)0Qm 6QRQt($(i&BX3NhJcKsaRwojisDwRl8uQGXE0C7Nf1qPfwA9jqt5VPor@ug8vJZ@Z^y(kjFxm*M4&njS5z17mlvJM)k0C#b&IWNA RlcV5O$e)snYh&JS&tCStd%oisuGzarJJtxLCO&jYQ4SGkUhAOhWsZP#uynY)ee5l#Szfp*BECsiTqNo*edMnUnRW18atB58&tun 1cEe1Qs*0D@4%KYq9%uKx(1atTq*vf@hVXmn4@v0f*P#8xbzJaDAx@CnNdNsZBhpXXU8mYsDP#x^FHpU6TLFpJTMkyjR%i0GI$T( 6(ybMpBFULQmzlJ1UM0qRhERG8Ru&dqOeKe8v9W!G)mGTkHm@unWJFYVb0J5wP5S6Hlji3FnRPSgF6bG0Sz&wiM9kVFBhaE2JsUR 4cDCx5twl7Sl!&oRb6poM3OZCxFjrFl!9np0z)d%8XG75%0kOnS&$rg!j8SGUgjIa6#JSGs8Ygj2C2QL0RFkMD27BmAAMUpR*LyF DvWpmhcLu^DjOIo#r7RNC1BanJWE)1^%vTFP2v71DtcOAS6c9VZUF$YaRp3N^qzx2#H1((jeD#j10vFaSY8TJ*KCnuyVfp*vnP^T p4ctm)20RQp4D^v1V3iglTlhb^jKIn00YDQxU8a!siy*njLGQ6T&Fr1#T8#oXgww$gpGNkkJqb^e1vSQ*CcqH*9yKO@JPh6Qa7dz 1p%oo!LesyrY#0eQbQf^!^^)@yhg#Uw!m@NM(9I75JfZUZ0cW55UFeokP5iJ)iBJ4Q@aDmz$xE7fp4HF1lzO@TVizbC3P%&JJGTj

    yx1W@2tfu9EDivJd)mP^l7oeessViV(chxcgtelzKt9QrpaNh3K*ZG@&!nqyHkwAvr2f4%EwYdBYyT1ga(29Z*@O7EZg)%zXrmfz jo48%v0wCAqJp*CYyQBKPQtV2hS&4IqqWULe5I!E#VLclW&2D*OQqu7#)MKg%DDjOLsOa&XcZTJCHM98d84qOBfrqJ$!5Ry#T608 *AVxD&#bwQ5#ReczyECdXiBohn%zft6k*)vbN@UGO4L!ubfzgA*%slKxX&#SFnGt3JLs70NRY!mDRgqu@u6n*hZhb$JjN%kRiokR gut3$hBmQH6Tg9KJmgPHJ6sKCK8d)QH(93^2RL^dn6A@ejd5(XEbW3j9DvL@^WLI)WlN^H%s$D8K#6i5xfGR$UuNqfxJ5E!26j%$ S!b74qrrB0IozF*wnPumns&Cx)JqIF%&F^m&qrpfms1lNE)bde)8PfW@RfB3dZY!iSGUKd45F0^#LhmC%S*J(Tc$2f(Ax6(e%y30 7VwWS3ET8^F%SXchCE&@eQn%juM&5JRikmx7PQg1^9$cl07lVOua%^3QQsY4Czv@n)xwZsuEYYe8&5b%9I7zjFvPClemL$Rq!)5W 5Xw0J)oL6t)5nbfbRm4d8m@s#908J4GZjAtuDFlLFIJMsPtQkfKaEX7*Dn$&LM!dV7a^8u3SAHH&iFm@xB5wnO%0MIQq748!DtmX %IjRf7(JZ5XUC)ccaUajrpSo8PN#9@c*KIP77GH)x@EKaZ*1M^yGR1M45btcMz3(8$J1hvgZJm9^7^n7BvWtCHFA^o3w^CNIp1CN 4cnA&QnuBPR5xF9fVMNuG%sF@MBh*4XR*qT94&C#6W1l&fAilg2@!AVL2(^Ts4t!Nl)G)QOy(Uadf7E5N^4nPrEJzQ%$9hspj$qe 5qRg8FyFM)c6MH%3oqwI*oY(1rOhq)hS6mm#np7p8b8lR(UwR6Z2sQe*U0*Ku0qP^*ZW(BMkRxKDngGqu4NbSxN!Ww&n2AbWi9gj &YwTM5zTF1l27$Jr1$r4bfqiU!n$C#YGCbOWYeA@%VihK&bDgS&8WL^R6QqcJ)^poXq8RQBWrjNHFIAI%2tzx7GQ862Fczl4IUTy I&9t5&VlQqVHvu7EAKk4*^h#hxtNFow)gpKNHmwmJs5lFkvHM1r$WVEE%8S(mrIB$zwyxm)YuDl1LavI3ptgfz!#vZEjaHoA8bIB 15cf00u%$7r(K$*VyW*Q)nX3Va@Km)8N7Vk0XUMzp@ngYsMfp*2O%DN9bcNc%S*HkXS06YyDNlZ29GfuHgGhXYhY1#WFxmtZGKM1 izqq6S%tnl84&gbV3qHFapUWApcG(No!Xr(ir%4!I6D7uf#OJCksKH%nQHVGN$@7jWnJ9O4Si@erx5GJtk55f@AGGedc58@x!VDT Ij37EEc2GBtMZ4&nI8)TTp)ME%mh$9t)9U3u8#mjm^UE*RK)wP*5uPr1l4syG#cxhn&(ZPkxdbW#B#f7Q3WKo5hwzyOx@p^DvyrU fKkFzgs8@*@AkPn3T5p648Y#u33YlqxhN&uj2i9o7y#JrGqtkR2zUksenNTQ(QxU02$d93zh^3lm5mR@s)c7sQE)Au&5*5Xry8qm VeC^Qbt)ND!y%rN4gHhjRm$^z!5Qmj#ggRPf)tCuicF@rtCE*uLQao^QncU9RT$*rHJqBERkPOx^ltx2wiXM(4k!GV^6XkcyYe^Z %ii76&2j)0Jta#owkn7L1#wWWrdmczmpMpCAvE0h82(7z4gf8q#NE0$eNLuVq&HUTJLFND8&6Vl(g%6n)lMl!zlDyRlQaCDwcoeI mNif*2SFhpnJ7$HEm8dh3@ikXE8MU^NJ9VkK8WaNEAr)*n)LiGQB*fF&ShLgPg7K1QhqWFWqTUs3pVkbI)9viYsVL7x%yCmw(N$& 5KbG%OzALnko$zrc6WWo6tx(Pu#K^lQ4ae^QPWxTUAXXvPkoLrjw7wcgHRs@^xS9^M0Tu35X75wBaf8F7W2y5*dcZLjjfl#p%E6K XC&lBLu5Hwmc#zwta0M!bXzD*3LywvcLLX^7myRS1#@0i&kJlWoaxn&lPK@0vuzMsllxy4m0%D5XVEK7ineKYqc(NC#1JN@7*Ih* C!u$OLt($I!J1e$Ssmhl%OHU#cp1vOdXs9yrNJW%OZv&xrhqG&yxPbjK#*KP4L8MZeXcBgCPa4jJLvwUsQv8x3Vapa9Yu$hB3uHM ^k@3u4cVP4Q&6DSXwKyo6mcsGYNCtYdBWpT*3uWe!M(b$q$b2QwTYR92**1#^Q^k&a4bb@5ShGkHFhDCXc05%xWu*nyIF%VJnnZ$ ecd2w&()VDJG7%!6JJ6e6N$E8x5Z4EOs@X0u6Z2yZ%ld3IE@7nVRBJ%CI8TOz^C3bVm(!GNx#RgsPw&)3t%77YN&X)wkY15bU#1d jQnjABQ0@#dsmy2ntkkp*M^SJdpuhAQncbJYSesnoPcG$gAlRj62RDm00zjp&iIXdl5Z16YyrW)@mtAzcV7N@4gefrP15O@LXX66 H#@Y5Lu9kcA1kbKpo5)HRs5Df5B4cQrR$7H6RV#hTzb0o(u^cMXZtJNVI*MNJw1S2JfIHs6H#CyMmG$Bvq6u2W29VE8CP)oXF)J# gOJ!GPxK$mu(V^6VEoi5cNlVzEjRJsbjy@&eozEKePVlM6GLdyEJcj1hdodQHS#5Qn5yc9E(u&Lzpqk@XRpRuAPfP16D7aL(e6dV Pr9Men$a%Y*ZRq5zMtjOpxC7J79KcbBdn0Ul4WBqv%lhtM8yt%!%AibK#D$cl12V)Q7j1ZHnkB$@weraUJ$w^SnrEzPtTONgt4Rf ^*#%IJcA9VZD31EmzYNkUS*ET(AP*8ed84IoCmPpSr184J1ei7FsoMHtyg*7#1vpOpxpB5IfmkF16F6KPC1*WC^^bH*2Yj6IZIFm &1(N11H)35te1TUi7&YfS6h12pMjS3oCY$B5ix4%e1FmcP@9QfzvwJqpC&lDnoFuIM!x^sUwLXfDZmsx!^Nl2bW1$aLJqM!H5eR& WAe(H%PXQeVUM5DLE8re((xdfag#JmYj0 xtb274uX9IQk2oVPPbvvXL!TEKPf!%2Y3 6QRQt($(i&BX3NhJcKsaRwojisDwRl8uQ RlcV5O$e)snYh&JS&tCStd%oisuGzarJJ 1cEe1Qs*0D@4%KYq9%uKx(1atTq*vf@hV 6(ybMpBFULQmzlJ1UM0qRhERG8Ru&dqOe 4cDCx5twl7Sl!&oRb6poM3OZCxFjrFl!9 DvWpmhcLu^DjOIo#r7RNC1BanJWE)1^%v p4ctm)20RQp4D^v1V3iglTlhb^jKIn00Y 1p%oo!LesyrY#0eQbQf^!^^)@yhg#Uw!m yx1W@2tfu9EDivJd)mP^l7oeessViV(ch jo48%v0wCAqJp*CYyQBKPQtV2hS&4IqqW *AVxD&#bwQ5#ReczyECdXiBohn%zft6k* gut3$hBmQH6Tg9KJmgPHJ6sKCK8d)QH(9 S!b74qrrB0IozF*wnPumns&Cx)JqIF%&F 7VwWS3ET8^F%SXchCE&@eQn%juM&5JRik 5Xw0J)oL6t)5nbfbRm4d8m@s#908J4GZj %IjRf7(JZ5XUC)ccaUajrpSo8PN#9@c*K 4cnA&QnuBPR5xF9fVMNuG%sF@MBh*4XR* 5qRg8FyFM)c6MH%3oqwI*oY(1rOhq)hS6 &YwTM5zTF1l27$Jr1$r4bfqiU!n$C#YGC I&9t5&VlQqVHvu7EAKk4*^h#hxtNFow)g 15cf00u%$7r(K$*VyW*Q)nX3Va@Km)8N7 izqq6S%tnl84&gbV3qHFapUWApcG(No!X Ij37EEc2GBtMZ4&nI8)TTp)ME%mh$9t)9 fKkFzgs8@*@AkPn3T5p648Y#u33YlqxhN VeC^Qbt)ND!y%rN4gHhjRm$^z!5Qmj#gg %ii76&2j)0Jta#owkn7L1#wWWrdmczmpM mNif*2SFhpnJ7$HEm8dh3@ikXE8MU^NJ9 5KbG%OzALnko$zrc6WWo6tx(Pu#K^lQ4a XC&lBLu5Hwmc#zwta0M!bXzD*3LywvcLL C!u$OLt($I!J1e$Ssmhl%OHU#cp1vOdXs ^k@3u4cVP4Q&6DSXwKyo6mcsGYNCtYdBW ecd2w&()VDJG7%!6JJ6e6N$E8x5Z4EOs@ jQnjABQ0@#dsmy2ntkkp*M^SJdpuhAQnc H#@Y5Lu9kcA1kbKpo5)HRs5Df5B4cQrR$ gOJ!GPxK$mu(V^6VEoi5cNlVzEjRJsbjy Pr9Men$a%Y*ZRq5zMtjOpxC7J79KcbBdn ^*#%IJcA9VZD31EmzYNkUS*ET(AP*8ed8 &1(N11H)35te1TUi7&YfS6h12pMjS3oCY Random • Don’t use “dictionary” words. • Completely random. Humans are bad at random. • Most complex you can make it given rules of website. PUBLIC SECURITY TRAINING, FEB 2018

  78. Unique • Don’t follow patterns. • Different password for every

    single account. • Can’t assume websites store your password properly. • If you use same one everywhere, everywhere is vulnerable. PUBLIC SECURITY TRAINING, FEB 2018

  79. Private • They’re yours. Be selfish. Never share. • Don’t

    send over “insecure channels”: • i.e. Email, IM, Facebook, Slack, etc. • We’ll never ask you for your password. PUBLIC SECURITY TRAINING, FEB 2018 Selfish.. get it? Cos it’s a fish, taking a selfie. Hello? Is this thing on?

  80. “Treat your password like your toothbrush. Don't let anybody else

    use it, and get a new one every six months.” PUBLIC SECURITY TRAINING, FEB 2018 Clifford Stoll Please get a new toothbrush more frequently than this.

  81. Bad Passwords password P4ssw0rd P&sSw0~d I Like Rainbows! CorrectHorseBatteryStaple PUBLIC

    SECURITY TRAINING, FEB 2018 ಠ_ಠ !

  82. Good Passwords lakuSj>qP&^`H;Bk^jo]3%}&'iTH\VU*7iw">k:WOZC:t/3A? -#!frWr[:pGYur=R5E:,gpr%h;]t#}#FjZpwesims(dvRw<!c Q2D”g(l^C34sNqFv^huED{n*ljmqZ;,3`ROQ$,y2(2dt7|+1z +}J*%hH!;F&?-f$yUKv.-f&8ZT!y[L]`O\SVV,H}#^[\\nk1e .urydi3;!NPcy9T*wjXFYK<UCJT}]bL(:)ob0`("V;jF<A14p PUBLIC SECURITY TRAINING,

    FEB 2018 Except these are now public, and are no longer good passwords. ✔

  83. PUBLIC SECURITY TRAINING, FEB 2018 Let’s talk about the elephant

    in the room.

  84. PUBLIC SECURITY TRAINING, FEB 2018 “I can’t remember that!”

  85. Use a Password Manager PUBLIC SECURITY TRAINING, FEB 2018 KEY

    TAKEAWAY https://1password.com/

  86. Password Managers • Generate secure passwords based on any criteria.

    • Remember all your passwords for you. • Allow you to easily use different passwords for everything. PUBLIC SECURITY TRAINING, FEB 2018

  87. Password Managers • Not going to lie, they are annoying

    at first. • Much better in the long run! • Not just for work! Use for personal stuff! PUBLIC SECURITY TRAINING, FEB 2018

  88. Putting all our eggs in one basket? PUBLIC SECURITY TRAINING,

    FEB 2018

  89. “Password managers don’t have to be perfect, they just have

    to be better than not having one.” PUBLIC SECURITY TRAINING, FEB 2018 Troy Hunt Creator of haveibeenpwned.com https://www.troyhunt.com/password-managers-dont-have-to-be-perfect-they-just-have-to-be-better-than-not-having-one/

  90. Use a really good master password! PUBLIC SECURITY TRAINING, FEB

    2018

  91. PUBLIC SECURITY TRAINING, FEB 2018 a7hD %^Ht #0Fd {-1G A8Th

    • Generate the password the same way as any other. • Split into chunks of 4 or 5 characters. • Sit down and memorize it (much easier than you think!) • Type it out lots of times to get it into muscle memory.

  92. But Wait, There’s More! PUBLIC SECURITY TRAINING, FEB 2018 Billy

    Mays, not Drew from HelpDesk.

  93. Password Equivalency • Security question answers. • Personal information. •

    Two-factor authentication secrets (sort of). PUBLIC SECURITY TRAINING, FEB 2018

  94. PUBLIC SECURITY TRAINING, FEB 2018 https://www.reddit.com/r/ProgrammerHumor/comments/7r3vea/pizzacatlover/

  95. Security Questions • Never use real information. • Answers should

    follow same rules as passwords. • Most websites store these in the clear. Beware! PUBLIC SECURITY TRAINING, FEB 2018

  96. PUBLIC SECURITY TRAINING, FEB 2018 “ “

  97. Multi-Factor? • Knowledge. • Possession. • Inherence. PUBLIC SECURITY TRAINING,

    FEB 2018 https://en.wikipedia.org/wiki/Multi-factor_authentication

  98. Multi-Factor? • Knowledge. Something you know. • Possession. Something you

    have. • Inherence. Something you are. PUBLIC SECURITY TRAINING, FEB 2018 https://en.wikipedia.org/wiki/Multi-factor_authentication

  99. Multi-Factor? • Knowledge. Something you know. Password. • Possession. Something

    you have. Device. • Inherence. Something you are. Fingerprint. PUBLIC SECURITY TRAINING, FEB 2018 https://en.wikipedia.org/wiki/Multi-factor_authentication

  100. Two-Factor • Pick two of the factors. e.g. Password +

    Phone. • Don’t store two-factor secret with passwords! • Keep backup codes separate too. PUBLIC SECURITY TRAINING, FEB 2018 This is a Yubikey. They’re awesome!

  101. PUBLIC SECURITY TRAINING, FEB 2018 We use Yubikeys!

  102. Use Two-Factor Authentication PUBLIC SECURITY TRAINING, FEB 2018 KEY TAKEAWAY

  103. Physical Security PUBLIC SECURITY TRAINING, FEB 2018

  104. PUBLIC SECURITY TRAINING, FEB 2018 “Security measures that are designed

    to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm.”

  105. Basic Guidelines • Question unknown people (politely). • Verify if

    unsure. • Alert Security Team to suspicious activities! PUBLIC SECURITY TRAINING, FEB 2018

  106. Ask questions if suspicious. PUBLIC SECURITY TRAINING, FEB 2018 KEY

    TAKEAWAY But ask politely. We’re not animals.

  107. PUBLIC SECURITY TRAINING, FEB 2018 Lock your computers! KEY TAKEAWAY

  108. PUBLIC SECURITY TRAINING, FEB 2018 Beware of “piggybacking”.

  109. Building Keycards • Always carry your keycard with you. •

    Keycards required on all doors. • Photos will likely be required soon. • Don’t leave your keycard at your desk! PUBLIC SECURITY TRAINING, FEB 2018 Rich Adams Yet another Hackday project I never finished.

  110. Building Security • Do not prop open doors. • Make

    sure all visitors sign in. PUBLIC SECURITY TRAINING, FEB 2018

  111. Laptop Stolen?! PUBLIC SECURITY TRAINING, FEB 2018 New MacBook Pro.

    Coming soon!

  112. PUBLIC SECURITY TRAINING, FEB 2018

  113. PUBLIC SECURITY TRAINING, FEB 2018 DON’T PANIC

  114. Page HelpDesk or Security at any time for lost/stolen devices.

    PUBLIC SECURITY TRAINING, FEB 2018 KEY TAKEAWAY You will not get into trouble!

  115. Personally Identifiable Information PUBLIC SECURITY TRAINING, FEB 2018 Also known

    as “PII”.

  116. PUBLIC SECURITY TRAINING, FEB 2018 “Information that can be used

    on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.”

  117. Basic Guidelines • Don’t discuss company info in public. •

    Don’t look at info you shouldn’t. • Don’t disable encryption! • Be careful with company data… PUBLIC SECURITY TRAINING, FEB 2018

  118. PUBLIC SECURITY TRAINING, FEB 2018 Company Data? No, not this

    kind of data. Wonder if this comes with an unlimited data plan.

  119. Data Classification PUBLIC SECURITY TRAINING, FEB 2018 General Data Business

    Data Customer Data Anything intentionally available to the public. Anything used to operate the business. Anything provided by the customer.

  120. ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔

    ✔ ✔ ✔ ✔ General Business Customer Data Handling PUBLIC SECURITY TRAINING, FEB 2018 Authentication Access Control Storage Auditing Encryption Distribution Destruction

  121. PUBLIC SECURITY TRAINING, FEB 2018 Can only be shared with

    customers under an NDA. Can be shared with anyone, even outside PagerDuty. PUBLIC RESTRICTED INTERNAL ONLY Not to be shared with anyone outside of PagerDuty. Wiki Page Classifications Hey look, I used the same system for these slides! Default

  122. No PagerDuty data on personal devices! PUBLIC SECURITY TRAINING, FEB

    2018 X KEY TAKEAWAY

  123. No customer data on PagerDuty devices! PUBLIC SECURITY TRAINING, FEB

    2018 X KEY TAKEAWAY

  124. Be mindful of how you handle data. PUBLIC SECURITY TRAINING,

    FEB 2018 KEY TAKEAWAY Ask us if you’re unsure!

  125. Compliance PUBLIC SECURITY TRAINING, FEB 2018

  126. European General Data Protection Regulation (GDPR) is a thing. PUBLIC

    SECURITY TRAINING, FEB 2018

  127. GDPR • Data Controller vs Data Processor. • Privacy by

    design. • Data portability. • Right to be forgotten. • Intended purpose. • Big penalties! PUBLIC SECURITY TRAINING, FEB 2018 https://www.eugdpr.org/ GDPR goes into effect on 25th May, 2018.

  128. PUBLIC SECURITY TRAINING, FEB 2018 https://twitter.com/pwnallthethings/status/945353758137049088

  129. SECURITY TRAINING, FEB 2018 [ REDACTED ]

  130. PUBLIC SECURITY TRAINING, FEB 2018

  131. SECURITY TRAINING, FEB 2018 [ REDACTED ]

  132. LLAMA PUBLIC SECURITY TRAINING, FEB 2018

  133. Morbo DEMANDS Your Questions! PUBLIC SECURITY TRAINING, FEB 2018

  134. PUBLIC SECURITY TRAINING, FEB 2018 Gain Insight: http://o.aolcdn.com/hss/storage/midas/3feea042a6aabe431c0ce19a83d9281e/204753737/594644139.jpg Our Job:

    https://media-exp1.licdn.com/mpr/mpr/AAEAAQAAAAAAAAmaAAAAJDdiY2Q1NjM5LWRjNzMtNGM5NS05YjQ1LTU1NWQwODJlMDZiMA.jpg Bike Lock: https://www.flickr.com/photos/dustinq/501791705 Chains: https://wallup.net/chains-padlock-computer-notebooks-laptop/ Lying: https://steemit-production-imageproxy-upload.s3.amazonaws.com/DQmeL84DqBvLi5jYUg3gaWsR7DnUoLWVGyMwgTsexVhTQvX TSA Keys: http://1.bp.blogspot.com/-hu8Kr6-3nrs/VdtMPbThXhI/AAAAAAADjIA/3Mw-5akcpq8/s1600/tsa-master-keys-blurred.jpg Social Engineering: http://1.bp.blogspot.com/-jIfzV5Jp6fU/U90R09_puqI/AAAAAAAAC1E/r-xBTSkaNRM/s1600/telephone_scam.jpg Social Engineering (2): http://arsicha.info/wp-content/uploads/2017/11/social-engeener-1000x600.jpg Phishing: https://web-ster.com/img/other/password-thief-trans.png Spear Phishing: https://www.deeperblue.com/wp-content/uploads/2016/03/Evren-Wide-Kick-3.jpg We Want You: https://cdn.shakewellmagazine.com/wp-content/uploads/2016/01/16140712/we-want-you.png Ask Question: https://www.goldenmeadowsretrievers.com/wp-content/uploads/2014/08/iStock_000021006935_Medium1.jpg Passwords: https://cdn.someecards.com/someecards/usercards/MjAxMy1mYzEzN2U0NzhlZWZmNDU3.png Passwords (2): https://twitter.com/desmondholden/status/965747299468136448 Passwords (3): https://www.secplicity.org/wp-content/uploads/2012/06/password-magnifying-glass-cyber-crime-dreamstime_xl_1809270.jpg Hooded Hacker: https://i.warosu.org/data/g/img/0587/92/1486223405498.jpg Sad: http://coolwidewallpapers.com/uploads/389/208582-sad.jpg Salting: https://images-na.ssl-images-amazon.com/images/I/71VNlbjBHAL._UL1500_.jpg Borat: http://yourbrandlive.com/assets//images/blog/great_success_brandlive.png Giraffe: http://www.guibingzhuche.com/data/out/273/1736834.png Selfish: https://i.pinimg.com/originals/ce/54/f8/ce54f88dbdb69ed5be679e738adcf1bb.jpg Elephant: http://www.elephantsinthelivingroom.org/backgrounds/elephant-in-room.jpg Dory: https://i.ytimg.com/vi/ixVaAQVEiSM/maxresdefault.jpg Password Manager: https://cdn.vox-cdn.com/uploads/chorus_image/image/55851763/password_manager_stock.0.jpg Eggs: http://moziru.com/images/drawn-egg-faces-wallpaper-9.jpg Password: http://byteshunt.com/wp-content/uploads/2017/12/1513652650558-shutterstock_414545476.jpeg Billy Mays: http://i0.kym-cdn.com/entries/icons/original/000/000/233/billymays1.png Two Factor: https://www.revesecure.com/wp-content/uploads/2017/02/Two-Factor-Authentication-Makes-Your-Password-Unusable-for-Hackers-6.jpg Physical Security: https://yt3.ggpht.com/-IBn3WjnwfBY/AAAAAAAAAAI/AAAAAAAAAAA/C1xM-oTt7os/s900-c-k-no/photo.jpg Padlock: https://passwd.org/sites/default/files/styles/passwd_fullnode/public/chain-padlock-security-fail.jpg?itok=IM2DDncW Suspicious: http://i0.kym-cdn.com/entries/icons/original/000/006/026/NOTSUREIF.jpg Lock Computer: http://i.imgur.com/RIN87.jpg Piggybacking: http://cdn2.itpro.co.uk/sites/itpro/files/styles/article_main_wide_image/public/images/dir_142/it_photo_71118.jpg?itok=lmjU-RuU Propped Door: http://www.barkinganddagenhampost.co.uk/polopoly_fs/1.4529708!/image/image.jpg_gen/derivatives/landscape_630/image.jpg Laptop Stolen?: https://motherboard-images.vice.com/content-images/contentimage/no-id/1423588697646224.jpg Fry Panic: https://alice961994.files.wordpress.com/2014/11/futurama-fry-stress.png Hack the Planet: https://i.imgur.com/xjtVvON.jpg PII: https://i.pinimg.com/originals/9f/36/da/9f36da538d12b2387825b0b3a3ac617f.jpg Personal Information: http://mrsc.org/getmedia/a0ba5128-d6fb-4008-bf30-893a43abf131/personal_info_618x353.jpg.aspx?width=618&height=353&ext=.jpg Company Data: https://vignette.wikia.nocookie.net/memoryalpha/images/b/bd/Data_phone.jpg/revision/latest?cb=20141214221139&path-prefix=en Handling Data: http://www.treknologic.com/wp-content/uploads/2015/09/02-touching-data.jpg Compliance: https://assets1.ignimgs.com/vid/thumbnails/user/2012/11/28/naviTN_1280w.jpg GDPR: https://zdnet4.cbsistatic.com/hub/i/r/2017/11/15/be5d1ea8-0ad7-45e6-8588-e2c7eafecd79/resize/770xauto/1f9ea28914a62218eb8a5d8c5c92a3a7/istock-gdpr-concept-image.jpg Would You Like To Know More?: https://static1.squarespace.com/static/574f0b9a37013b939ab0b866/t/5936b0e717bffc7a44df2ca0/1496756488470/ Morbo: https://orig00.deviantart.net/baf4/f/2009/364/2/f/morbo_by_kornykattos.png