User:Dkeeler/Notes:BSidesPDX2014

From MozillaWiki
< User:Dkeeler
Revision as of 21:39, 7 October 2014 by Dkeeler (talk | contribs) (Created page with "Notes from BSidesPDX 2014 === Jack Daniel - The History of Infosec === A list of interesting people that were charged with securing various systems before infosec was a thing...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notes from BSidesPDX 2014

Jack Daniel - The History of Infosec

A list of interesting people that were charged with securing various systems before infosec was a thing. Probably a good reminder that historical perspective is important.

Daniel Reichert - PGP For The Web

Argued that JS-implemented PGP could be implemented as a browser extension. Seems promising, but he glossed over some details (e.g. side-channel attacks). Also didn't seem aware of how far along WebCrypto has come. Maybe we should reach out to him. More information here: https://priv.ly/pages/about

Jeff Bryner - MozDef: The Mozilla Defense Platform

Jeff showed off MozDef, which seems like a pretty neat network event visualization/categorization/defense tool.

Maggie Jauregui - Girl... Fault Interrupted

Cheap GCFI circuits can be tripped or even reduced to smoking/flaming ruins with a handheld radio. Time to wrap everything in copper mesh.

Jeremy Brown - Microsoft Vulnerability Research: How to be a Finder as a Vendor

Apparently Microsoft has a program that formalizes how they report vulnerabilities their employees find in 3rd party products. Maybe we could follow some of their guidelines, but I think it's rare that we find and report vulnerabilities to 3rd parties, and when we do, we already have a strong relationship with them (e.g. Google).

Joe Grand - Deconstructing the Circuit Board Sandwich

Reported on various ways to expose the inner layers of circuit boards to get an idea of how they work. Sandpaper appears to be surprisingly cost-effective.

Joe Fitz - NSA Playset: PCIe

Demonstrated how devices with direct memory access (DMA) can basically plug-and-play slurp a machine's memory contents. For example, this can be done with Thunderbolt (and firewire, but that's less common now).

Jeff Forristal - (Mis)Managing Mobile Trust

Examined some thoughts on what implicit trust decisions are made when purchasing and using a particular mobile device. For example, many Android devices come with 100s of pre-installed apps from 3rd parties or using 3rd party libraries. If any of these apps have vulnerabilities and use privileged APIs, the phone is essentially untrustworthy. Also talked about the "Fake ID" bug, in which access to a restricted (and dangerous) API was gated by a faulty signature check (basically, the code checked for the presence of a particular certificate in the certificate chain, without actually checking that each signature in the chain was valid).

Retrieved from "https://wiki.allizom.org/index.php?title=User:Dkeeler/Notes:BSidesPDX2014&oldid=1023232"