RootedCON 2014: Playing and Hacking with Digital Latches
•Télécharger en tant que PPTX, PDF•
2 j'aime•10,526 vues
Talk about Latch (https://latch.elevenpaths.com) delivered by Chema Alonso in RootedCON 2014. Charla sobre Latch (https://latch.elevenpaths.com) y los distintos escenarios de uso de la tecnología realizada durante la RootedCON 2014
Recommandé
Recommandé
Contenu connexe
En vedette
En vedette (20)
Similaire à RootedCON 2014: Playing and Hacking with Digital Latches
Similaire à RootedCON 2014: Playing and Hacking with Digital Latches (20)
Plus de Chema Alonso
Plus de Chema Alonso (11)
Dernier
Dernier (20)
RootedCON 2014: Playing and Hacking with Digital Latches
- 1. Hacking with Digital Latches Chema Alonso (@chemaalonso) Eleven Paths 1 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 2. Security Incidents 2 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 3. Identity Dumps 3 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 4. We use our digital services just a tiny portion of time everyday. Why should we left them open through the day? If we reduce availability, we reduce exposure, and therefore risk. Those developing new security proposals in online purchase are seizing all of the market. 4 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 5. Passwords+OTP SMS TOKEN 8762134 5 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 6. One-Time Passwords User needs to type a code SMS Deployment Matrix is static Hardware tokens are expensive User needs to type a code People don´t like typing codes 6 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 7. People like naps (with remotes) 7 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 8. Keep it Simple, Stupid. 8 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 9. Taking a cab To make her trip easier she decides to pay everything using a service, on her way to the office at the destination point she switches service on, so she can pay the taxi fare. Once done she switches her account off, minimizing the exposure to improper usage. 9 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 10. Login into a Web 3.- asks about Latch1 status Latch Server 4.- Latch 1 is OFF 6.- Someone try to get Access to Latch 1 id. Latch app Latch1: OFF Latch2:ON Latch3:OTP Latch4:OFF …. My Bank Users DB: Login: XXXX Pass: YYYY Latch: Latch1 2.- Web checks Credentials with Its users DB 2.- Check user/pass 1.- Client sends Login/password 5.- Login Error Login Page: Login:AAAA Pass:BBBB 10 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 11. Demo 1: Using Latch 11 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 12. Latch a digital ID 4.-AppID+Temp pairing Token Latch Server 5.- OK+Unique Latch 1.- Generate pairing code 2.- Temporary Pariring token 6.-ID Latch appears in app My Site User Settings: Login: XXXX Pass: YYYY Latch: U L a t c h 12 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 13. Demo 2: Latch Shodan ID 13 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 14. Granularity 3.- asks Latch1:Op1 status Latch Server 4.- Latch 1:Op1 is OFF 6.- Someone try to do a Latch 1:Op1 Operation Latch app Latch1: ON Op1:OFF Op2:ON OP3:OTP Latch 2: OFF …. My Bank Login: XXXX Pass: YYYY Latch: Latch1 Int_Trnas: Op1 1.- Client orders International Transactions 5.- Denied Online Banking Send Money: 1231124343 14 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 15. Users Developers Control all digital identities from one single point. ON/OFF. Sites Integrate Plugins and develop solutions with SDKs to adapt Latch technology to their needs · Deploy 2FAuth · Opt-in/mandatory · Detect identity theft · Granularity · Reduce Fraud SDKs: PHP, Java, .NET, C, Ruby, Python · Parental Control · 4 Eyes verification & WebService API Plugins: WordPress, PrestaShop, RedMine, Cpanel, Moodle, OpenVPN, SSH, Drupal, DotNetNuke, Joomla!, … more than 20 Tools · Control Dashboard · Usage Statistics · Internal appliance (beta) 15 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 16. Demo 3: Latching SSH 16 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 17. Windows pGina http://unstableequilibrium.com/2014/02/07/using-pgina-and-latch-to-protect-your-windows-login/ Rooted CON 2014 6-7-8 Marzo // 6-7-8 March 17
- 18. Parental Control Login: User Pass: Pass Latch: Latch User Pass 18 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 19. 4-eyes verification Login: User1 Pass: Pass1 Latch: Latch1 User1 Pass1 Login: User2 Pass: Pass2 Latch: Latch2 User2 Pass2 19 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 20. 2 keys activation Asset Latch: Latch1 Latch: Latch 2 User1 Pass1 User2 Pass2 20 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 21. One-Time Password 3.- asks about Latch1 status 4.- Latch Server Generates OTP Latch Server 5.- Latch 1 is ON(OTP) My Bank Users DB: Login: XXXX Pass: YYYY Latch: Latch1 2.- Web checks Credentials with Its users DB 7.- Use this (OTP). 1.- Client sends Login/password Latch app Latch1: OFF Latch2:ON Latch3:OTP Latch4:OFF …. 6.- OTP? Login Page: Login:AAAA Pass:BBBB 21 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 22. OTP Verification 22 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 23. Supervision Login: User Pass: Pass Latch: Latch Op1:Unlock Op2: OTP Why? Answer User Pass OTP 23 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 24. Monitoring Switch With one latch – – – – As many granularity as needed Two status OTP User confs • Schedulle • AutoLock Possible to re-act at status If Lock then {} Else {} Goto fail; Goto fail: 24 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 25. Demo 4: SCCAID 25 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 26. Triggering actions at events 26 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 27. Demo 5: Latch Event Monitor 27 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 28. Coming Soon Physical World Biometry AD Plugins New Plugins – – – – – Open Exchange PHP MyAdmin Django? LDAP Bridge Etc… 28 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 29. Consumer Apps Firefox OS On development: · Blackberry & BlackBerry z10 29 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March
- 30. https://latch.elevenpaths.com 30 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March