SlideShare une entreprise Scribd logo

WordCamp for Publishers: Security for Newsrooms

Paul Schreiber
Paul Schreiber

Hands-on workshop on information security basics: - how to think about security - threat modelling / risk assessment - authentication - device security Handouts: https://drive.google.com/file/d/13FZBhEY2kSsThkq7-5fTXf8eqGaSI5pg/view?usp=sharing

Technologie
1  sur  93
Télécharger pour lire hors ligne
information SECURITY for publishers
Paul Schreiberpaulschreiber@gmail.com @paulschreiber
tradeoffs
continuum
average people✔
under government surveillance whistleblowers political campaigners activists celebrities victims of stalking and violence
encrypted email (PGP, GPG) messaging (Signal) SecureDrop Physical security VPNs Tor
Tails Social media Airgap Firmware passwords On-premises vs cloud
corporate espionage criminal gangs zero-day exploits Mossad, CIA, MI6, NSA
password reuse✔ password guessing✔ lost and stolen devices✔ phishing✔
threat model
how much they want to know howmuchyoucare $$$$$$ 0 $
assets
adversaries
capabilities
consequences
defenses
memorizing passwords
password managers
Create View Edit Delete Web Sync 2FA Mac Windows Linux iOS Android Chrome ✔ ✔ ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Firefox ✘ ✔ ✔ ✔ ✘ ✔ ✘ ✔ ✔ ✔ ✔ ✔ Safari ✔ ✔ ✔ ✔ ✘ ✔ ✔ ✔ ✘ ✘ ✔ ✘ browser password management
Preferences > Passwords
chrome://flags
chrome://settings/passwords
about:preferences#privacy
security questions
“security” questions
password policies
NIST Special Publication 800-63BDigital Identity Guidelines Authentication and Lifecycle Management
§ 5.1.1.2 Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length. length
composition § 5.1.1.2 All printing ASCII [RFC 20] characters as well as the space character SHOULD be acceptable in memorized secrets. Unicode [ISO/ISC 10646] characters SHOULD be accepted as well. Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets.
§ 5.1.1.2 Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). rotation
password sharing
password resets
know
are
have
backup codes
device migration
WordPress VIP
Many graphics from The Noun Project Bear by Gan Khoon Lay; Computer Fire by Ian Ransley; Computer by Azis; Credit card Gonzalo Bravo; Fingerprint by Ben Davis; Lock with keyhole by Brennan Novak; Marker by Jeff Seevers; Nokia 3310 by Stan Fisher; Notification by vijay sekhar; Shield by Wayne Thayer; Spy by Alen Krummenacher; iPhone by Ross Sokolovski.

Recommandé

Brooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital securityBrooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital security
Paul Schreiber
 
CreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folksCreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folks
Paul Schreiber
 
WordPress NYC: Information Security
WordPress NYC: Information SecurityWordPress NYC: Information Security
WordPress NYC: Information Security
Paul Schreiber
 
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacyTehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Mohammad Reza Kamalifard
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Ryan Terrenal
Ryan TerrenalRyan Terrenal
Ryan Terrenal
RYAN T.
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
Jarrod Overson
 
Social Media Technologies for Business Intelligence (Crisis, Security, Travel...
Social Media Technologies for Business Intelligence (Crisis, Security, Travel...Social Media Technologies for Business Intelligence (Crisis, Security, Travel...
Social Media Technologies for Business Intelligence (Crisis, Security, Travel...
Enterprise Security Risk Management
 

Recommandé

Brooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital securityBrooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital security
Paul Schreiber
 
CreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folksCreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folks
Paul Schreiber
 
WordPress NYC: Information Security
WordPress NYC: Information SecurityWordPress NYC: Information Security
WordPress NYC: Information Security
Paul Schreiber
 
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacyTehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Mohammad Reza Kamalifard
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Ryan Terrenal
Ryan TerrenalRyan Terrenal
Ryan Terrenal
RYAN T.
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
Jarrod Overson
 
Social Media Technologies for Business Intelligence (Crisis, Security, Travel...
Social Media Technologies for Business Intelligence (Crisis, Security, Travel...Social Media Technologies for Business Intelligence (Crisis, Security, Travel...
Social Media Technologies for Business Intelligence (Crisis, Security, Travel...
Enterprise Security Risk Management
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
Greg Stromire
 
SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction
Speakinprivate
 
AI is Hacking You - How Cybercriminals Leveral Artificial Intelligence - DWCN...
AI is Hacking You - How Cybercriminals Leveral Artificial Intelligence - DWCN...AI is Hacking You - How Cybercriminals Leveral Artificial Intelligence - DWCN...
AI is Hacking You - How Cybercriminals Leveral Artificial Intelligence - DWCN...
Michael Noel
 
How passwords are costly
How passwords are costlyHow passwords are costly
How passwords are costly
Andy32903
 
Cybersecurity Cyber Usalama
Cybersecurity Cyber UsalamaCybersecurity Cyber Usalama
Cybersecurity Cyber Usalama
MuhammadRadwan10
 
Cybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdfCybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdf
Infosec Train
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding Keylogger
Phannarith Ou, G-CISO
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
Abdelfatah hegazy
 
So whats in a password
So whats in a passwordSo whats in a password
So whats in a password
Rob Gillen
 
How to keep Your Gadgets Safe When Travelling
How to keep Your Gadgets Safe When TravellingHow to keep Your Gadgets Safe When Travelling
How to keep Your Gadgets Safe When Travelling
Danae Rosville
 
Cyber security
Cyber securityCyber security
Cyber security
Rishav Sadhu
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
Ashley Zimmerman
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
JFashant
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
Samvel Gevorgyan
 
Protect your Privacy
Protect your PrivacyProtect your Privacy
Protect your Privacy
Marcos Lopez-Carlson
 
Big Game Hunting - Peculiarities In Nation State Malware Research
Big Game Hunting - Peculiarities In Nation State Malware ResearchBig Game Hunting - Peculiarities In Nation State Malware Research
Big Game Hunting - Peculiarities In Nation State Malware Research
pinkflawd
 
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseSANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
John Bambenek
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)
Michele Chubirka
 
Magazine Febuary-2023-Preview.pdf
Magazine Febuary-2023-Preview.pdfMagazine Febuary-2023-Preview.pdf
Magazine Febuary-2023-Preview.pdf
preetichaubey4
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
Greg Foss
 
BigWP live blogs
BigWP live blogsBigWP live blogs
BigWP live blogs
Paul Schreiber
 
VIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development TeamsVIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development Teams
Paul Schreiber
 

Contenu connexe

Similaire à WordCamp for Publishers: Security for Newsrooms

E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
Abdelfatah hegazy
 
How to keep Your Gadgets Safe When Travelling
How to keep Your Gadgets Safe When TravellingHow to keep Your Gadgets Safe When Travelling
How to keep Your Gadgets Safe When Travelling
Danae Rosville
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
Ashley Zimmerman
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
JFashant
 
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseSANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
John Bambenek
 

Similaire à WordCamp for Publishers: Security for Newsrooms (20)

Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
 
SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction SpeakInPrivate Phones - Introduction
SpeakInPrivate Phones - Introduction
 
AI is Hacking You - How Cybercriminals Leveral Artificial Intelligence - DWCN...
AI is Hacking You - How Cybercriminals Leveral Artificial Intelligence - DWCN...AI is Hacking You - How Cybercriminals Leveral Artificial Intelligence - DWCN...
AI is Hacking You - How Cybercriminals Leveral Artificial Intelligence - DWCN...
 
How passwords are costly
How passwords are costlyHow passwords are costly
How passwords are costly
 
Cybersecurity Cyber Usalama
Cybersecurity Cyber UsalamaCybersecurity Cyber Usalama
Cybersecurity Cyber Usalama
 
Cybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdfCybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdf
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding Keylogger
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
So whats in a password
So whats in a passwordSo whats in a password
So whats in a password
 
How to keep Your Gadgets Safe When Travelling
How to keep Your Gadgets Safe When TravellingHow to keep Your Gadgets Safe When Travelling
How to keep Your Gadgets Safe When Travelling
 
Cyber security
Cyber securityCyber security
Cyber security
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
 
Computer And Internet Security
Computer And Internet SecurityComputer And Internet Security
Computer And Internet Security
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
 
Protect your Privacy
Protect your PrivacyProtect your Privacy
Protect your Privacy
 
Big Game Hunting - Peculiarities In Nation State Malware Research
Big Game Hunting - Peculiarities In Nation State Malware ResearchBig Game Hunting - Peculiarities In Nation State Malware Research
Big Game Hunting - Peculiarities In Nation State Malware Research
 
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseSANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)
 
Magazine Febuary-2023-Preview.pdf
Magazine Febuary-2023-Preview.pdfMagazine Febuary-2023-Preview.pdf
Magazine Febuary-2023-Preview.pdf
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
 

Plus de Paul Schreiber

Plus de Paul Schreiber (15)

BigWP live blogs
BigWP live blogsBigWP live blogs
BigWP live blogs
 
VIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development TeamsVIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development Teams
 
BigWP Security Keys
BigWP Security KeysBigWP Security Keys
BigWP Security Keys
 
WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPS
 
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPSNICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
 
WordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPSWordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPS
 
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPSBigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
 
Delivering the news over HTTPS
Delivering the news over HTTPSDelivering the news over HTTPS
Delivering the news over HTTPS
 
Web Scraping with Python
Web Scraping with PythonWeb Scraping with Python
Web Scraping with Python
 
D'oh! Avoid annoyances with Grunt.
D'oh! Avoid annoyances with Grunt.D'oh! Avoid annoyances with Grunt.
D'oh! Avoid annoyances with Grunt.
 
Getting to Consistency
Getting to ConsistencyGetting to Consistency
Getting to Consistency
 
Junk Mail
Junk MailJunk Mail
Junk Mail
 
EqualityCamp: Lessons learned from the Obama Campaign
EqualityCamp: Lessons learned from the Obama CampaignEqualityCamp: Lessons learned from the Obama Campaign
EqualityCamp: Lessons learned from the Obama Campaign
 
Mac Productivity 101
Mac Productivity 101Mac Productivity 101
Mac Productivity 101
 
How NOT to rent a car
How NOT to rent a carHow NOT to rent a car
How NOT to rent a car
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Dernier (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 

WordCamp for Publishers: Security for Newsrooms