331 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
331 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
332 |
332 |
333 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
333 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
334 \mode<presentation>{ |
334 \mode<presentation>{ |
335 \begin{frame}[c] |
335 \begin{frame}[c] |
336 \frametitle{\begin{tabular}{c}Web Application\end{tabular}} |
336 \frametitle{\begin{tabular}{c}Web Applications\end{tabular}} |
337 |
337 |
338 |
338 |
339 \begin{textblock}{1}(2,5) |
339 \begin{textblock}{1}(2,5) |
340 \begin{tabular}{c} |
340 \begin{tabular}{c} |
341 \includegraphics[scale=0.15]{pics/servers.png}\\[-2mm] |
341 \includegraphics[scale=0.15]{pics/servers.png}\\[-2mm] |
358 \end{textblock} |
358 \end{textblock} |
359 |
359 |
360 \end{frame}} |
360 \end{frame}} |
361 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
361 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
362 |
362 |
363 |
363 % linkedIn password |
|
364 % http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html |
|
365 |
|
366 % rainbow tables |
|
367 % http://en.wikipedia.org/wiki/Rainbow_table |
|
368 |
|
369 % Unix password |
|
370 % http://ubuntuforums.org/showthread.php?p=5318038 |
|
371 |
|
372 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
373 \mode<presentation>{ |
|
374 \begin{frame}[c] |
|
375 \frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}} |
|
376 |
|
377 \begin{itemize} |
|
378 \item How fast can hackers crack passwords? \pause |
|
379 |
|
380 \item The answer is 2 billion per second using a Radeon HD 7970 |
|
381 \end{itemize} |
|
382 |
|
383 |
|
384 \begin{center} |
|
385 \begin{tabular}{rl} |
|
386 password length & time\smallskip\\\hline |
|
387 5 letters & 5 secs\\ |
|
388 6 letters & 500 secs\\ |
|
389 7 letters & 13 hours\\ |
|
390 8 letters & 57 days\\ |
|
391 9 letters & 15 years\\ |
|
392 \end{tabular} |
|
393 \end{center} |
|
394 |
|
395 \small |
|
396 5 letters $=$ 100$^5$ $=$ 10 billion combinations\\ |
|
397 (1 letter $\approx$ upper case, lower case, digits, symbols) |
|
398 |
|
399 \end{frame}} |
|
400 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
401 |
|
402 |
|
403 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
404 \mode<presentation>{ |
|
405 \begin{frame}[c] |
|
406 \frametitle{\begin{tabular}{c}Passwords\end{tabular}} |
|
407 |
|
408 \begin{itemize} |
|
409 \item How do recover from a break in? |
|
410 \end{itemize} |
|
411 |
|
412 \end{frame}} |
|
413 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
414 |
|
415 |
|
416 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
417 \mode<presentation>{ |
|
418 \begin{frame}[c] |
|
419 \frametitle{\begin{tabular}{c}Thinking as a Defender\end{tabular}} |
|
420 |
|
421 \begin{itemize} |
|
422 \item What are we trying to protect? |
|
423 \item What properties are we trying to enforce?\medskip |
|
424 |
|
425 \item Who are the attackers? Capabilities? Motivations? |
|
426 \item What kind of attack are we trying to protect? |
|
427 \item Who can fix any vulnerabilities?\medskip |
|
428 |
|
429 \item What are the weaknesses of the system? |
|
430 \item What will successful attacks cost us? |
|
431 \item How likely are the attacks?\medskip |
|
432 |
|
433 \item Security almost always is {\bf not} free! |
|
434 \end{itemize} |
|
435 |
|
436 \end{frame}} |
|
437 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
364 |
438 |
365 |
439 |
366 |
440 |
367 |
441 |
368 |
442 |