Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Chargement dans…3
×
1 sur 123

Everything is Broken: A Story of Hope - Ruby Kaigi 2014

1

Partager

Télécharger pour lire hors ligne

I once trusted the dream of a secure internet. I gleefully entered my card number when I saw a green lock, genuinely believing that I was safe in my force field of encryption.

This is the story of how that dream died, and how we're going to get it back.

Through the eyes of a simple web request we'll explore the life cycle of a secure transaction including DNSSEC, TLS/SSL, HSTS, EDH and a long list of other technologies. We'll talk about how we might mitigate attacks like Heartbleed, and prepare for what comes next.

Come rebuild the dream with me. You'll be surprised by what you learn.

Plus De Contenu Connexe

Vous Pourriez Aussi Aimer

Livres associés

Gratuit avec un essai de 30 jours de Scribd

Tout voir

Everything is Broken: A Story of Hope - Ruby Kaigi 2014

  1. 1. OREGON
  2. 2. ツイッター:@1337807 @1337807
  3. 3. LEET SPEAK @1337807
  4. 4. @1337807 -> LEET BOT @1337807
  5. 5. OYAJI LEET BOT @1337807
  6. 6. デカGAIJIN @1337807
  7. 7. JONAN SCHEFFLER @1337807 EVERYTHING IS BROKEN: A STORY OF HOPE
  8. 8. @1337807
  9. 9. DOMAIN NAME SYSTEM @1337807
  10. 10. @1337807
  11. 11. @1337807
  12. 12. @1337807
  13. 13. @1337807
  14. 14. @1337807
  15. 15. @1337807
  16. 16. @1337807
  17. 17. @1337807
  18. 18. @1337807
  19. 19. @1337807
  20. 20. @1337807
  21. 21. @1337807
  22. 22. @1337807
  23. 23. @1337807
  24. 24. @1337807
  25. 25. @1337807
  26. 26. @1337807
  27. 27. @1337807
  28. 28. @1337807
  29. 29. @1337807
  30. 30. @1337807
  31. 31. TRANSMISSION CONTROL PROTOCOL @1337807
  32. 32. @1337807
  33. 33. @1337807
  34. 34. @1337807
  35. 35. @1337807
  36. 36. @1337807
  37. 37. TRANSPORT LAYER SECURITY @1337807
  38. 38. @1337807
  39. 39. CLIENT HELLO @1337807 TLS VERSION, CIPHER SUITES, RANDOM BYTE
  40. 40. @1337807
  41. 41. SERVER HELLO CHOSEN CIPHER, SESSION ID, RANDOM BYTE, CERTIFICATE @1337807
  42. 42. @1337807
  43. 43. SYMMETRIC CIPHERS @1337807
  44. 44. ASYMMETRIC CIPHERS @1337807
  45. 45. PUBLIC KEY CRYPTOGRAPHY @1337807
  46. 46. @1337807
  47. 47. @1337807
  48. 48. @1337807
  49. 49. CERTIFICAT E AUTHORITIES @1337807
  50. 50. @1337807
  51. 51. @1337807
  52. 52. @1337807
  53. 53. @1337807
  54. 54. ONLINE CERTIFICAT E STATUS PROTOCOL @1337807
  55. 55. @1337807
  56. 56. PRIVACY @1337807
  57. 57. @1337807
  58. 58. @1337807
  59. 59. @1337807
  60. 60. SOFT- FAIL @1337807
  61. 61. 10 SECOND TIMEOUT @1337807
  62. 62. @1337807
  63. 63. OCSP STAPLING @1337807
  64. 64. @1337807
  65. 65. OCSP MUST-STAPLE @1337807
  66. 66. HARD FAIL @1337807
  67. 67. @1337807
  68. 68. CLIENT KEY EXCHANGE PREMASTER KEY ENCRYPTED WITH PUBLIC KEY FROM CERT @1337807
  69. 69. @1337807
  70. 70. CLIENT FINISHED @1337807 ENCRYPTED WITH THE MASTER SECRET KEY
  71. 71. @1337807
  72. 72. SERVER FINISHED @1337807 ENCRYPTED WITH THE MASTER SECRET KEY
  73. 73. WE HAVE A SHARED SECRET! @1337807
  74. 74. WE’RE INVINCIBLE! @1337807
  75. 75. HEARTBLEED @1337807
  76. 76. PERFECT FORWARD SECRECY (PFS) @1337807
  77. 77. DIFFIE-HELLMAN KEY EXCHANGE @1337807
  78. 78. @1337807
  79. 79. @1337807
  80. 80. @1337807
  81. 81. @1337807
  82. 82. @1337807
  83. 83. @1337807
  84. 84. @1337807
  85. 85. @1337807
  86. 86. @1337807
  87. 87. @1337807
  88. 88. @1337807
  89. 89. @1337807
  90. 90. @1337807
  91. 91. @1337807
  92. 92. @1337807
  93. 93. @1337807
  94. 94. N @1337807 X Y ( ) = NY X ( )
  95. 95. CHOOSE A PRIME: 17 @1337807
  96. 96. CHOOSE A BASE: 3 @1337807
  97. 97. 3%17 3%17 @1337807
  98. 98. 3%17 3%17 3%17 @1337807
  99. 99. 3%17 3%17 3%17 @1337807 7
  100. 100. 3%17 3^7%17 3%17 @1337807 7
  101. 101. 3%17 3%17 7 6 @1337807 3^7%17
  102. 102. 3%17 3^7%17 3^6%17 7 6 @1337807
  103. 103. 3%17 2 1 8 7%1 7 3^6%1 7 7 6 @1337807
  104. 104. 3%17 2187%17 729%17 7 6 @1337807
  105. 105. 3%17 1 1 7 2 9%1 7 7 6 @1337807
  106. 106. 3%17 7 6 @1337807 11 15
  107. 107. @1337807 3%17 15 15 11 11 7 6
  108. 108. 15 15^7%17 11^6%17 7 6 @1337807 3%17 11
  109. 109. 15 7 6 @1337807 8 3%17 11 8
  110. 110. 15 8 8 @1337807 3%17 11
  111. 111. @1337807
  112. 112. OUR WORLD @1337807
  113. 113. NGINX @1337807
  114. 114. @1337807
  115. 115. @1337807
  116. 116. @1337807
  117. 117. @1337807 HTTP://BIT. LY/RACK_LOGO
  118. 118. @1337807
  119. 119. @1337807 ROUTES
  120. 120. CONTROLLER ACTION @1337807
  121. 121. @1337807 RENDER VIEW
  122. 122. @1337807
  123. 123. @1337807 THANK YOU

×