Termin:Chaotic-Congress-Cinema-28C3 Nr. 37

Aus Attraktor Wiki

Wechseln zu: Navigation, Suche


Chaotic Congress Cinema Nr. 37

Beginn:

The date "2012/09/19 20:00:00 PM" was not understood.The date "2012/09/19 20:00:00 PM" was not understood.

Ende:

The date "2012/09/19 22:00:00 PM" was not understood.The date "2012/09/19 22:00:00 PM" was not understood.


Needs to be there, but does not need to be seen by a visitor Yes


The coming war on general computation

The copyright war was just the beginning

The last 20 years of Internet policy have been dominated by the copyright war, but the war turns out only to have been a skirmish. The coming century will be dominated by war against the general purpose computer, and the stakes are the freedom, fortune and privacy of the entire human race.

The problem is twofold: first, there is no known general-purpose computer that can execute all the programs we can think of except the naughty ones; second, general-purpose computers have replaced every other device in our world. There are no airplanes, only computers that fly. There are no cars, only computers we sit in. There are no hearing aids, only computers we put in our ears. There are no 3D printers, only computers that drive peripherals. There are no radios, only computers with fast ADCs and DACs and phased-array antennas. Consequently anything you do to "secure" anything with a computer in it ends up undermining the capabilities and security of every other corner of modern human society.

And general purpose computers *can* cause harm -- whether it's printing out AR15 components, causing mid-air collisions, or snarling traffic. So the number of parties with legitimate grievances against computers are going to continue to multiply, as will the cries to regulate PCs.

The primary regulatory impulse is to use combinations of code-signing and other "trust" mechanisms to create computers that run programs that users can't inspect or terminate, that run without users' consent or knowledge, and that run even when users don't want them to.

The upshot: a world of ubiquitous malware, where everything we do to make things better only makes it worse, where the tools of liberation become tools of oppression.

Our duty and challenge is to devise systems for mitigating the harm of general purpose computing without recourse to spyware, first to keep ourselves safe, and second to keep computers safe from the regulatory impulse.

Links

+ `Bio Cory Doctorow <http://craphound.com/bio.php>`__



The engineering part of social engineering

Why just lying your way in won't get you anywhere

All the talks i saw about SE so far just showed which good SE's the speakers are. I try to do another approach, what if i get in and don't know what to do then. The talk is about the reconn. before the assessment, the different approaches of SE. Which techniques can one use, how to do a proper intel. and what is useful. How things work and more important why. Which skill set should one have before entering a engagement. And last but not least how do one counter a SE attack.

Preface:

Needed Skillset:

-physical (ie.NLP)

-logical Customer Preparation:

-theoretical models of attack

-check customer needs by his business

-Contract

Preparation & Reconnaissance:

-threat modeling

-physical

-logical

Project Planing:

-Storyboard

-the target

-infiltration

-fetching data/reaching the target

-exfiltrate

-backup plans

Infiltration:

Find & fetch the data:

Exfiltrate the data:

Writing report:

Business impact analyses:

customer meeting:

Links

+ `the slide deck <http://www.slideshare.net/theAluc/28c3-version-of-

 the-engineering-part-of-social-engineering>`__

+ `http:// <http://>`__


Diese Seite wurde zuletzt am 18. September 2012 um 21:52 Uhr geändert. Diese Seite wurde bisher 2.539 mal abgerufen.