# HG changeset patch # User Christian Urban # Date 1348451384 -3600 # Node ID 6e3e2786c17532d4d399e061aeef70aa535a6520 # Parent baa2e2231f50a601409f5acf148a2b053dd00497 added diff -r baa2e2231f50 -r 6e3e2786c175 slides01.pdf Binary file slides01.pdf has changed diff -r baa2e2231f50 -r 6e3e2786c175 slides01.tex --- a/slides01.tex Sun Sep 23 23:22:10 2012 +0100 +++ b/slides01.tex Mon Sep 24 02:49:44 2012 +0100 @@ -333,7 +333,7 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] -\frametitle{\begin{tabular}{c}Web Application\end{tabular}} +\frametitle{\begin{tabular}{c}Web Applications\end{tabular}} \begin{textblock}{1}(2,5) @@ -360,7 +360,81 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% linkedIn password +% http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html +% rainbow tables +% http://en.wikipedia.org/wiki/Rainbow_table + +% Unix password +% http://ubuntuforums.org/showthread.php?p=5318038 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] +\frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}} + +\begin{itemize} +\item How fast can hackers crack passwords? \pause + +\item The answer is 2 billion per second using a Radeon HD 7970 +\end{itemize} + + +\begin{center} +\begin{tabular}{rl} +password length & time\smallskip\\\hline +5 letters & 5 secs\\ +6 letters & 500 secs\\ +7 letters & 13 hours\\ +8 letters & 57 days\\ +9 letters & 15 years\\ +\end{tabular} +\end{center} + +\small +5 letters $=$ 100$^5$ $=$ 10 billion combinations\\ +(1 letter $\approx$ upper case, lower case, digits, symbols) + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] +\frametitle{\begin{tabular}{c}Passwords\end{tabular}} + +\begin{itemize} +\item How do recover from a break in? +\end{itemize} + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] +\frametitle{\begin{tabular}{c}Thinking as a Defender\end{tabular}} + +\begin{itemize} +\item What are we trying to protect? +\item What properties are we trying to enforce?\medskip + +\item Who are the attackers? Capabilities? Motivations? +\item What kind of attack are we trying to protect? +\item Who can fix any vulnerabilities?\medskip + +\item What are the weaknesses of the system? +\item What will successful attacks cost us? +\item How likely are the attacks?\medskip + +\item Security almost always is {\bf not} free! +\end{itemize} + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%