Alex “Jay” Balan in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
HTML Injection Attacks: Impact and Mitigation Strategies
Privacy: Between Hype and Need
1.
2. Presentation Time:
This presentation should take around 40min.
Your Host
Alex “Jay” Bălan
Chief Security Researcher - Bitdefender
PRIVACY: BETWEEN HYPE AND NEED
4. June 2013 – the frenzy begins
Media outlets love this (obviously)
Portreying Big Brother as an abuser
has an instant appeal to a society that
loves its country but hates the system
5.
6.
7.
8. What are the pros and cons
with regards those leaks?
Do you think those leaks were
a good or bad thing?
Are the whistleblowers heroes
or traitors?
17. • ML behind your keyboard (predictive text, swype, etc)
• WIFI
• Voice commands
• App permissions
• E.g. you give a QR code scanner access to the camera. The app will
be able to turn it on without your knowledge
• E.g. You give Shazam access to the microphone. It will be able to do
ambiental recordings and send them to 3rd parties
• Truecaller / sync.me / facebook / almost everything – when no matter
how paranoid you are, your friends may be idiotsless paranoid than
you are
• You have a very secure password but you type it? I guarantee it’s on
dozens of security camera feeds.
• Browser extensions have access to your whole browsing behaviour
• The list goes on
18. • CNP/SSN
• Last 4 digits of your credit card
• Date of birth
• Place of birth
• Mother’s maiden name
• School you went to
• Places you worked
• Your name. Your phone number. ”but they have to know my
name/phone number and that I work there in that position for
the attack to work”
A few words on static data.
Or what to treat as “already compromised”
20. • 2001 – Personal Identification Number, home address and
more of all Bucharest citizens leaks on the internet
• 2014 – ANAF accidentally displays the ID card data for tens of
thousands of Ploiesti citizens
• 2016 – Adult Friend Finder hacked. 412M accounts exposed.
Thousands of divorces. 2 suicides.
• 2018 – I dare you to try asking “I’d like to know how you’re
going to handle my information” at Public Administration
„WOOPS!” moments and hacks are not prevented by
GDPR!
21. By design, privacy is an utopia in today’s society. The old gossip
circle around the watercooler has been given a huge megaphone
through the internet. ALWAYS work under this assumption. With
that in mind, I ask you:
• Big brother claims they spy on citizens to prevent crime. Do
we believe them?
• The commercial sector claim they spy on us to better predict
our needs and make our life easier. Obviously we can’t believe
it’s just that but the question here is – do we accept it?
• The media hypes whatever gets them clicks: articles against
big brother and about people’s privacy always get them clicks.
Do we trust them?
22. Ask me anything :)
abalan@bitdefender.com | @jaymzu
Our red team is hiring! Send your
offensive security oriented CVs to
redteam@bitdefender.com
Notes de l'éditeur
Dacă sunt în leak-uri e trădător. Dacă nu, e erou.
De ce luptă lumea mai mult cu sistemul decât cu corporațiile. Gov ia 16% și corporațiile 84%
Avatar
You can use this slide when ending a presentation or during Q&A.
It can be even projected before you begin your presentation while the members of the audience arrive and take their seats.
Note: It should only be used when having the Title Slide and Bumper Slides on a black background.