SlideShare ist ein Scribd-Unternehmen logo

Tor talk-prosa-screen

Henrik Kramshøj
Henrik Kramshøj

TOR talk at PROSA the IT workers union in Denmark

Technologie
1 von 37
Downloaden Sie, um offline zu lesen
Welcome to TOR Paranoia and government hacking Henrik Lund Kramshøj, internet samurai hlk@solido.net http://www.solidonetworks.com c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 1
˚ Bjarne Jess Hansen - Vi voksne kan ogsa være bange https://www.youtube.com/watch?v=ApRPz9FzkQM Source: Lyrics to the old-skool protest song about nuclear war http://www.fredsakademiet.dk/abase/sange/sang29.htm c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 2
Syria: Protest singer Ibrahim Kashoush Four days later, his body was found dumped in the Assi River (also spelled: Isa River), with a big, open and bloody wound in his neck where his adam’s apple and voice chord had been removed. A clear message to those who dare to raise their voice against the Syrian President Bashar al-Assad. ’Yalla Erhal Ya Bashar’ (It’s time to leave, Bashar), demanding an end to President Bashar al-Assads regime. https://www.youtube.com/watch?v=nox6sVyhBYk http://freemuse.org/archives/5054 c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 3
Democracy now: Why do we bother? In a democracy we need the citizens with freedom that can act without constant surveillance Democracy requires that we can actively select which personal data to give up and to whom Cryptography is peaceful protest against blanket surveillance c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 4
Data collected will be abused Data collected will be abused either by criminals or for criminal purposes, commercial purposes no matter what the original intentions were. Today data is gathered to protect us from terrorists, extremism, nazis, pedophiles, abuse of children ... Le mal du jour. but also enables stalking, employers doing abusive monitoring, spouses and parents abusing power, politicians abusing power, police investigations into legal protests You should take control of your data - that is democracy c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 5
Why think of security? Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world. A Cypherpunk’s Manifesto by Eric Hughes, 1993 Copied from https://cryptoparty.org/wiki/CryptoParty c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 6
Paranoia defined Source: google paranoia definition - Er du passende paranoid? c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 7
Face reality From the definition: suspicion and mistrust of people or their actions without evidence or justification. ”the global paranoia about hackers and viruses” It is not paranoia when: • • • • • Criminals sell your credit card information and identity theft Trade infected computers like a commodity Governments write laws that allows them to introduce back-doors - and use these Governments do blanket surveillance of their population Governments implement censorship, threaten citizens and journalist You are not paranoid when there are people actively attacking you! c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 8
Risk management defined Source: Shon Harris CISSP All-in-One Exam Guide c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 9
Using crypto is a peaceful protest and it is not magic c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 10
Government back-doors What if I told you: Governments will introduce back-doors Intercepting encrypted communications with fake certificates - check May 5, 2011 A Syrian Man-In-The-Middle Attack against Facebook ”Yesterday we learned of reports that the Syrian Telecom Ministry had launched a man-in-the-middle attack against the HTTPS version of the Facebook site.” Source: https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook Mapping out social media and finding connections - check c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 11
Infecting activist machines Infecting activist machines - check Tibet activists are repeatedly being targeted with virus and malware, such as malicious apps for Android like KakaoTalk TOR-users infected with malicious code to reveal their real IPs https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting Copying journalist data in airports - check c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 12
Governments blanket surveillance NSA - need we say more? http://en.wikipedia.org/wiki/PRISM_(surveillance_program) Governments also implementing censorship Outlaw and/or discredit crypto Go after TOR exit nodes c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 13
TOR is BAD The only users of TOR are bad people, BAD people I tell you! Criminals Drugs - lots of drugs Terrorists planning World War IIIII Pedophiles More drugs - and high quality! Copyright infringement Did you know the roads are being used by criminals in the physical world c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 14
TOR History Inception http://www.onion-router.net/ This website comprises the onion-router.net site formerly hosted at the Center for High Assurance Computer Systems of the U.S. Naval Research Laboratory. It primarily covers the work done at NRL during the first decade of onion routing and reflects the onion-router.net site roughly as it existed circa 2005. As a historical site it may contain dead external links and other signs of age. c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 15
TOR today • Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. • Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others. • Tor’s hidden services let users publish web sites and other services Source: https://www.torproject.org/about/overview.html.en c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 16
TOR users 2007 Dan Egerstad, Swedish computer security consultant obtained log-in and password information for 1,000 e-mail accounts belonging to foreign embassies, corporations and human rights organizations. Use encryption and secure protocols AND TOR! Note: I have no knowledge about the danish embassies using or not using TOR, but probably they do. c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 17
Denmark Danish police and TAX authorities have the legals means, even for small tax-avoidance cases, see Rockerloven Danish prime minister Helle Thorning-Schmidt does NOT criticize the USA c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 18
Use protection - always c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 19
A vulnerability can and will be abused What if I told you: Criminals will be happy to leverage backdoors created by government It does not matter if the crypto product has a weakness to allow investigations or the software has a backdoor to help law enforcement. Data and vulnerabilities WILL be abused and exploited. If nothing else Snowden leaks have shown us - trust nobody! c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 20
Tor project - how it works 1 pictures from https://www.torproject.org/about/overview.html.en c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 21
Tor project - how it works 2 pictures from https://www.torproject.org/about/overview.html.en c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 22
Tor project - how it works 3 pictures from https://www.torproject.org/about/overview.html.en c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 23
Using TOR Recommendation is to run TOR browser Also plugins to Firefox etc. beware of browser fingerprint and DNS leaks! c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 24
Whonix - a better idea Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network[5], Debian GNU/Linux[6] and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP. https://www.whonix.org/ c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 25
TOR crypto Use version 2.4+ Tor is still DHE 1024 (NSA crackable) By Robert Graham After more revelations, and expert analysis, we still aren’t precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no ”breakthroughs”, the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they’ve got fairly public deals with IBM foundries to build chips. The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys. Source: http://blog.erratasec.com/2013/09/tor-is-still-dhe-1024-nsa-crackable.html c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 26
The future of Tor cryptography After the last round of revelations from Edward Snowden, described as ”explosive” by Bruce Schneier, several threads started on the tor-talk mailing list to discuss Tor cryptography. A lot of what has been written is speculative at this point. But some have raised concerns about 1024 bit Diffie-Hellman key exchange. This has already been addressed with the introduction of the ”ntor” handshake in 0.2.4 and Nick Mathewson encourages everybody to upgrade. Source: https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-september-11th-2013 c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 27
TOR news • TOR blogGreat news stories about TOR https://blog.torproject.org/blog/ • Electronic Frontier Foundation (EFF) https://www.eff.org/ • TOR users are also Access users https://www.accessnow.org/ • cryptoparty.org and Asher Wolf, https://twitter.com/Asher_Wolf https://en.wikipedia. org/wiki/CryptoParty • Schneier on Security https://www.schneier.com/ Sample analysis How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html • Cryptome welcomes documents for publication that are prohibited by governments worldwide cryptome.org/ c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 28
Accessnow.org Access defends and extends the digital rights of users at risk around the world. By combining innovative policy, user engagement, and direct technical support, we fight for open and secure communications for all. c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 29
Helping out - run a relay solidaritetskryptering more expensive to do blanket surveillance and focus will switch to targeted monitoring! c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 30
Be careful - questions? Hey, Lets be careful out there! Henrik Lund Kramshøj, internet samurai hlk@solido.net Source: Michael Conrad http://www.hillstreetblues.tv/ c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 31
Cryptography Engineering Cryptography Engineering by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno https://www.schneier.com/book-ce.html c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 32
HTTPS Everywhere HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. http://www.eff.org/https-everywhere And configure your browser to not activate content like Flash before you click Plugins like NoScript for Firefox and NotScripts for Chrome is highly recommended c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 33
UK: Seize smart phones and download data Officers use counter-terrorism laws to remove a mobile phone from any passenger they wish coming through UK air, sea and international rail ports and then scour their data. The blanket power is so broad they do not even have to show reasonable suspicion for seizing the device and can retain the information for ”as long as is necessary”. Data can include call history, contact books, photos and who the person is texting or emailing, although not the contents of messages. Source: http://www.telegraph.co.uk/technology/10177765/Travellers-mobile-phone-data-seized-by-policeat-border.html c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 34
UK wouldn’t seize data like that, you are lying (Reuters) - British authorities came under pressure on Monday to explain why anti-terrorism powers were used to detain for nine hours the partner of a journalist who has written articles about U.S. and British surveillance programs based on leaks from Edward Snowden. Brazilian David Miranda, the partner of American journalist Glenn Greenwald, was detained on Sunday at London’s Heathrow Airport where he was in transit on his way from Berlin to Rio de Janeiro. He was released without charge. Source: http://www.reuters.com/article/2013/08/19/us-britain-snowden-detention-idUSBRE97I0J520130819 c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 35
Government backdoors is not news Nothing new really, see for example D.I.R.T and Magic Lantern D.I.R.T - Data Interception by Remote Transmission since the late 1990s http://cryptome.org/fbi-dirt.htm http://cryptome.org/dirty-secrets2.htm They will always use Le mal du jour to increase monitoring c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 36
Government monitoring is not news FBI Carnivore ”... that was designed to monitor email and electronic communications. It used a customizable packet sniffer that can monitor all of a target user’s Internet traffic.” http: //en.wikipedia.org/wiki/Carnivore_(software) NarusInsight ”Narus provided Egypt Telecom with Deep Packet Inspection equipment, a content-filtering technology that allows network managers to inspect, track and target content from users of the Internet and mobile phones, as it passes through routers on the information superhighway. Other Narus global customers include the national telecommunications authorities in Pakistan and Saudi Arabia, ...” http://en.wikipedia.org/wiki/NarusInsight c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 37

Empfohlen

Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013Henrik Kramshøj
 
ISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisLars Hilse Global Thought Leader in #CyberSecurity, #CyberTerrorism, #CyberDefence, #CyberCrime
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreInMobi Technology
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kkajairo
 
Ce hv8 module 15 hacking wireless networks
Ce hv8 module 15 hacking wireless networksCe hv8 module 15 hacking wireless networks
Ce hv8 module 15 hacking wireless networksMehrdad Jingoism
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
The ClearScore Darkpaper: The danger of the dark web 2020
The ClearScore Darkpaper: The danger of the dark web 2020The ClearScore Darkpaper: The danger of the dark web 2020
The ClearScore Darkpaper: The danger of the dark web 2020Jayna Mistry
 

Empfohlen

Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013Henrik Kramshøj
 
ISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisLars Hilse Global Thought Leader in #CyberSecurity, #CyberTerrorism, #CyberDefence, #CyberCrime
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreInMobi Technology
 
What if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usWhat if Petraeus was a hacker? Email privacy for the rest of us
What if Petraeus was a hacker? Email privacy for the rest of usPhil Cryer
 
kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kkajairo
 
Ce hv8 module 15 hacking wireless networks
Ce hv8 module 15 hacking wireless networksCe hv8 module 15 hacking wireless networks
Ce hv8 module 15 hacking wireless networksMehrdad Jingoism
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
The ClearScore Darkpaper: The danger of the dark web 2020
The ClearScore Darkpaper: The danger of the dark web 2020The ClearScore Darkpaper: The danger of the dark web 2020
The ClearScore Darkpaper: The danger of the dark web 2020Jayna Mistry
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...Vania_Chaker
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revistathe_ro0t
 
RSTREET17
RSTREET17RSTREET17
RSTREET17Steven Titch
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywordskhansalman19
 
Malta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewMalta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewFabian Borg
 
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Fakrul Alam
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Clt3328fisk
Clt3328fiskClt3328fisk
Clt3328fiskJulesroa
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs
 
Cyber war
Cyber warCyber war
Cyber warPraveen
 
HR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataHR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataParsons Behle & Latimer
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Bangladesh Network Operators Group
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 
Don't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateDon't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateFabio Chiusi
 
Cyber Security Whitepaper 2018 | vTech Solution
Cyber Security Whitepaper 2018 | vTech SolutionCyber Security Whitepaper 2018 | vTech Solution
Cyber Security Whitepaper 2018 | vTech SolutionSimrat Singh
 
Ipv6 internetdagen-print
Ipv6 internetdagen-printIpv6 internetdagen-print
Ipv6 internetdagen-printHenrik Kramshøj
 
Ctf intro-print
Ctf intro-printCtf intro-print
Ctf intro-printHenrik Kramshøj
 

Weitere ähnliche Inhalte

Was ist angesagt?

2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...Vania_Chaker
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revistathe_ro0t
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywordskhansalman19
 
Malta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewMalta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewFabian Borg
 
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Fakrul Alam
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Clt3328fisk
Clt3328fiskClt3328fisk
Clt3328fiskJulesroa
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs
 
HR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataHR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataParsons Behle & Latimer
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 
Don't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateDon't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateFabio Chiusi
 
Cyber Security Whitepaper 2018 | vTech Solution
Cyber Security Whitepaper 2018 | vTech SolutionCyber Security Whitepaper 2018 | vTech Solution
Cyber Security Whitepaper 2018 | vTech SolutionSimrat Singh
 

Was ist angesagt? (20)

2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
 
RSTREET17
RSTREET17RSTREET17
RSTREET17
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
 
Malta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewMalta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interview
 
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Clt3328fisk
Clt3328fiskClt3328fisk
Clt3328fisk
 
Qrator Labs annual report 2017
Qrator Labs annual report 2017Qrator Labs annual report 2017
Qrator Labs annual report 2017
 
Cyber war
Cyber warCyber war
Cyber war
 
HR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataHR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company Data
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
 
Don't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' DebateDon't Panic. Making Progress on the 'Going Dark' Debate
Don't Panic. Making Progress on the 'Going Dark' Debate
 
Cyber Security Whitepaper 2018 | vTech Solution
Cyber Security Whitepaper 2018 | vTech SolutionCyber Security Whitepaper 2018 | vTech Solution
Cyber Security Whitepaper 2018 | vTech Solution
 

Andere mochten auch

Andere mochten auch (6)

Ipv6 internetdagen-print
Ipv6 internetdagen-printIpv6 internetdagen-print
Ipv6 internetdagen-print
 
Ctf intro-print
Ctf intro-printCtf intro-print
Ctf intro-print
 
2013 april-screen
2013 april-screen2013 april-screen
2013 april-screen
 
Superhelt 2013-screen
Superhelt 2013-screenSuperhelt 2013-screen
Superhelt 2013-screen
 
Hackerworkshop print
Hackerworkshop printHackerworkshop print
Hackerworkshop print
 
Basic Hacking Print
Basic Hacking PrintBasic Hacking Print
Basic Hacking Print
 

Ähnlich wie Tor talk-prosa-screen

darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxdarkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxGeetha982072
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet ReportAhmed Mater
 
Security Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsSecurity Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsMaurice Dawson
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The DarknetAhmed Mater
 
In ur-internets
In ur-internetsIn ur-internets
In ur-internets55020
 
Dark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic SeDark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic SeOllieShoresna
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
 
78751355 cryptomorphosis
78751355 cryptomorphosis78751355 cryptomorphosis
78751355 cryptomorphosisP-e-t-a-r
 
Fears about Computer Technology
Fears about Computer TechnologyFears about Computer Technology
Fears about Computer Technology100656472mercier
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...IAEME Publication
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...IAEME Publication
 

Ähnlich wie Tor talk-prosa-screen (20)

darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxdarkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
 
NS Civil Liberties & Security Supplement Sept 2014
NS Civil Liberties & Security Supplement Sept 2014NS Civil Liberties & Security Supplement Sept 2014
NS Civil Liberties & Security Supplement Sept 2014
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentation
 
Dark Web
Dark WebDark Web
Dark Web
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and Encryption
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
 
Security Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsSecurity Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of Things
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
 
Dw communication
Dw communicationDw communication
Dw communication
 
In ur-internets
In ur-internetsIn ur-internets
In ur-internets
 
Drm and crypto
Drm and cryptoDrm and crypto
Drm and crypto
 
Dark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic SeDark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic Se
 
Tor
TorTor
Tor
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
 
FOSS and Security
FOSS and SecurityFOSS and Security
FOSS and Security
 
78751355 cryptomorphosis
78751355 cryptomorphosis78751355 cryptomorphosis
78751355 cryptomorphosis
 
Fears about Computer Technology
Fears about Computer TechnologyFears about Computer Technology
Fears about Computer Technology
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot Project
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...
 
A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...A framework for practical vulnerabilities of the tor (the onion routing) anon...
A framework for practical vulnerabilities of the tor (the onion routing) anon...
 

Mehr von Henrik Kramshøj

Mehr von Henrik Kramshøj (7)

Superhelt 2012-screen
Superhelt 2012-screenSuperhelt 2012-screen
Superhelt 2012-screen
 
Hackerworkshop exercises
Hackerworkshop exercisesHackerworkshop exercises
Hackerworkshop exercises
 
Basic tcpip-print
Basic tcpip-printBasic tcpip-print
Basic tcpip-print
 
Basic tcpip-exercises
Basic tcpip-exercisesBasic tcpip-exercises
Basic tcpip-exercises
 
IPv6 introduction
IPv6 introductionIPv6 introduction
IPv6 introduction
 
Security Tools Foss
Security Tools FossSecurity Tools Foss
Security Tools Foss
 
Krimihacking
KrimihackingKrimihacking
Krimihacking
 

Kürzlich hochgeladen

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Tor talk-prosa-screen

  • 1. Welcome to TOR Paranoia and government hacking Henrik Lund Kramshøj, internet samurai hlk@solido.net http://www.solidonetworks.com c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 1
  • 2. ˚ Bjarne Jess Hansen - Vi voksne kan ogsa være bange https://www.youtube.com/watch?v=ApRPz9FzkQM Source: Lyrics to the old-skool protest song about nuclear war http://www.fredsakademiet.dk/abase/sange/sang29.htm c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 2
  • 3. Syria: Protest singer Ibrahim Kashoush Four days later, his body was found dumped in the Assi River (also spelled: Isa River), with a big, open and bloody wound in his neck where his adam’s apple and voice chord had been removed. A clear message to those who dare to raise their voice against the Syrian President Bashar al-Assad. ’Yalla Erhal Ya Bashar’ (It’s time to leave, Bashar), demanding an end to President Bashar al-Assads regime. https://www.youtube.com/watch?v=nox6sVyhBYk http://freemuse.org/archives/5054 c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 3
  • 4. Democracy now: Why do we bother? In a democracy we need the citizens with freedom that can act without constant surveillance Democracy requires that we can actively select which personal data to give up and to whom Cryptography is peaceful protest against blanket surveillance c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 4
  • 5. Data collected will be abused Data collected will be abused either by criminals or for criminal purposes, commercial purposes no matter what the original intentions were. Today data is gathered to protect us from terrorists, extremism, nazis, pedophiles, abuse of children ... Le mal du jour. but also enables stalking, employers doing abusive monitoring, spouses and parents abusing power, politicians abusing power, police investigations into legal protests You should take control of your data - that is democracy c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 5
  • 6. Why think of security? Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world. A Cypherpunk’s Manifesto by Eric Hughes, 1993 Copied from https://cryptoparty.org/wiki/CryptoParty c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 6
  • 7. Paranoia defined Source: google paranoia definition - Er du passende paranoid? c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 7
  • 8. Face reality From the definition: suspicion and mistrust of people or their actions without evidence or justification. ”the global paranoia about hackers and viruses” It is not paranoia when: • • • • • Criminals sell your credit card information and identity theft Trade infected computers like a commodity Governments write laws that allows them to introduce back-doors - and use these Governments do blanket surveillance of their population Governments implement censorship, threaten citizens and journalist You are not paranoid when there are people actively attacking you! c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 8
  • 9. Risk management defined Source: Shon Harris CISSP All-in-One Exam Guide c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 9
  • 10. Using crypto is a peaceful protest and it is not magic c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 10
  • 11. Government back-doors What if I told you: Governments will introduce back-doors Intercepting encrypted communications with fake certificates - check May 5, 2011 A Syrian Man-In-The-Middle Attack against Facebook ”Yesterday we learned of reports that the Syrian Telecom Ministry had launched a man-in-the-middle attack against the HTTPS version of the Facebook site.” Source: https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook Mapping out social media and finding connections - check c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 11
  • 12. Infecting activist machines Infecting activist machines - check Tibet activists are repeatedly being targeted with virus and malware, such as malicious apps for Android like KakaoTalk TOR-users infected with malicious code to reveal their real IPs https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting Copying journalist data in airports - check c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 12
  • 13. Governments blanket surveillance NSA - need we say more? http://en.wikipedia.org/wiki/PRISM_(surveillance_program) Governments also implementing censorship Outlaw and/or discredit crypto Go after TOR exit nodes c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 13
  • 14. TOR is BAD The only users of TOR are bad people, BAD people I tell you! Criminals Drugs - lots of drugs Terrorists planning World War IIIII Pedophiles More drugs - and high quality! Copyright infringement Did you know the roads are being used by criminals in the physical world c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 14
  • 15. TOR History Inception http://www.onion-router.net/ This website comprises the onion-router.net site formerly hosted at the Center for High Assurance Computer Systems of the U.S. Naval Research Laboratory. It primarily covers the work done at NRL during the first decade of onion routing and reflects the onion-router.net site roughly as it existed circa 2005. As a historical site it may contain dead external links and other signs of age. c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 15
  • 16. TOR today • Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. • Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others. • Tor’s hidden services let users publish web sites and other services Source: https://www.torproject.org/about/overview.html.en c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 16
  • 17. TOR users 2007 Dan Egerstad, Swedish computer security consultant obtained log-in and password information for 1,000 e-mail accounts belonging to foreign embassies, corporations and human rights organizations. Use encryption and secure protocols AND TOR! Note: I have no knowledge about the danish embassies using or not using TOR, but probably they do. c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 17
  • 18. Denmark Danish police and TAX authorities have the legals means, even for small tax-avoidance cases, see Rockerloven Danish prime minister Helle Thorning-Schmidt does NOT criticize the USA c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 18
  • 19. Use protection - always c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 19
  • 20. A vulnerability can and will be abused What if I told you: Criminals will be happy to leverage backdoors created by government It does not matter if the crypto product has a weakness to allow investigations or the software has a backdoor to help law enforcement. Data and vulnerabilities WILL be abused and exploited. If nothing else Snowden leaks have shown us - trust nobody! c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 20
  • 21. Tor project - how it works 1 pictures from https://www.torproject.org/about/overview.html.en c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 21
  • 22. Tor project - how it works 2 pictures from https://www.torproject.org/about/overview.html.en c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 22
  • 23. Tor project - how it works 3 pictures from https://www.torproject.org/about/overview.html.en c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 23
  • 24. Using TOR Recommendation is to run TOR browser Also plugins to Firefox etc. beware of browser fingerprint and DNS leaks! c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 24
  • 25. Whonix - a better idea Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network[5], Debian GNU/Linux[6] and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP. https://www.whonix.org/ c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 25
  • 26. TOR crypto Use version 2.4+ Tor is still DHE 1024 (NSA crackable) By Robert Graham After more revelations, and expert analysis, we still aren’t precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no ”breakthroughs”, the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they’ve got fairly public deals with IBM foundries to build chips. The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys. Source: http://blog.erratasec.com/2013/09/tor-is-still-dhe-1024-nsa-crackable.html c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 26
  • 27. The future of Tor cryptography After the last round of revelations from Edward Snowden, described as ”explosive” by Bruce Schneier, several threads started on the tor-talk mailing list to discuss Tor cryptography. A lot of what has been written is speculative at this point. But some have raised concerns about 1024 bit Diffie-Hellman key exchange. This has already been addressed with the introduction of the ”ntor” handshake in 0.2.4 and Nick Mathewson encourages everybody to upgrade. Source: https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-september-11th-2013 c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 27
  • 28. TOR news • TOR blogGreat news stories about TOR https://blog.torproject.org/blog/ • Electronic Frontier Foundation (EFF) https://www.eff.org/ • TOR users are also Access users https://www.accessnow.org/ • cryptoparty.org and Asher Wolf, https://twitter.com/Asher_Wolf https://en.wikipedia. org/wiki/CryptoParty • Schneier on Security https://www.schneier.com/ Sample analysis How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html • Cryptome welcomes documents for publication that are prohibited by governments worldwide cryptome.org/ c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 28
  • 29. Accessnow.org Access defends and extends the digital rights of users at risk around the world. By combining innovative policy, user engagement, and direct technical support, we fight for open and secure communications for all. c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 29
  • 30. Helping out - run a relay solidaritetskryptering more expensive to do blanket surveillance and focus will switch to targeted monitoring! c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 30
  • 31. Be careful - questions? Hey, Lets be careful out there! Henrik Lund Kramshøj, internet samurai hlk@solido.net Source: Michael Conrad http://www.hillstreetblues.tv/ c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 31
  • 32. Cryptography Engineering Cryptography Engineering by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno https://www.schneier.com/book-ce.html c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 32
  • 33. HTTPS Everywhere HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. http://www.eff.org/https-everywhere And configure your browser to not activate content like Flash before you click Plugins like NoScript for Firefox and NotScripts for Chrome is highly recommended c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 33
  • 34. UK: Seize smart phones and download data Officers use counter-terrorism laws to remove a mobile phone from any passenger they wish coming through UK air, sea and international rail ports and then scour their data. The blanket power is so broad they do not even have to show reasonable suspicion for seizing the device and can retain the information for ”as long as is necessary”. Data can include call history, contact books, photos and who the person is texting or emailing, although not the contents of messages. Source: http://www.telegraph.co.uk/technology/10177765/Travellers-mobile-phone-data-seized-by-policeat-border.html c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 34
  • 35. UK wouldn’t seize data like that, you are lying (Reuters) - British authorities came under pressure on Monday to explain why anti-terrorism powers were used to detain for nine hours the partner of a journalist who has written articles about U.S. and British surveillance programs based on leaks from Edward Snowden. Brazilian David Miranda, the partner of American journalist Glenn Greenwald, was detained on Sunday at London’s Heathrow Airport where he was in transit on his way from Berlin to Rio de Janeiro. He was released without charge. Source: http://www.reuters.com/article/2013/08/19/us-britain-snowden-detention-idUSBRE97I0J520130819 c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 35
  • 36. Government backdoors is not news Nothing new really, see for example D.I.R.T and Magic Lantern D.I.R.T - Data Interception by Remote Transmission since the late 1990s http://cryptome.org/fbi-dirt.htm http://cryptome.org/dirty-secrets2.htm They will always use Le mal du jour to increase monitoring c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 36
  • 37. Government monitoring is not news FBI Carnivore ”... that was designed to monitor email and electronic communications. It used a customizable packet sniffer that can monitor all of a target user’s Internet traffic.” http: //en.wikipedia.org/wiki/Carnivore_(software) NarusInsight ”Narus provided Egypt Telecom with Deep Packet Inspection equipment, a content-filtering technology that allows network managers to inspect, track and target content from users of the Internet and mobile phones, as it passes through routers on the information superhighway. Other Narus global customers include the national telecommunications authorities in Pakistan and Saudi Arabia, ...” http://en.wikipedia.org/wiki/NarusInsight c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 37