Here are the slides for my presentation, Building and Breaking Privacy Barriers, at this year’s RSA Asia Pacific and Japan conference in Singapore.
The slides convey more theory than practical examples, but the ideas should come across without too much confusion. I expect to revisit the idea of a Rot network (a play on Tor) and toy with an implementation. Instead of blocking tracking bugs, the concept is to reduce their utility by sharing them across unrelated browsers — essentially polluting the data.
In any case, with this presentation over and out of the way, it’s time to start working on more articles!
Here are the slides for my presentation, Using HTML5 WebSockets Securely, at this year’s RSA US conference in San Francisco.
It’s a continuation of the content created for last year’s BlackHat and BayThreat presentations. RSA wants slides to be in a specific template. So, these slides are less visually stimulating than I usually have the freedom to create. (RSA demands an “Apply” slide at the end. Otherwise they don’t know if you told attendees how to apply what you were talking about for the last 45 minutes.) Still, the slides should convey some useful concepts for understanding and working with WebSockets.
This is hardly the end for this topic. But there’s a long list of other material that I need to finish before this protocol gets more attention.
And thanks in advance to all who attended.
Last week San Francisco hosted the RSA USA 2010 Conference. I gave a presentation with the buzzword-heavy title, “Does Web 2.0 Need Web Security 2.0?“. (The presentation was lamentably labeled Advanced, even though it didn’t touch on in-depth technical details.)
The basic premise is that the term “web 2.0” as typically used bears little meaning for security (or otherwise). Most of the security problems of today, let alone the types of web sites, have precedents at least 10 years old. The distinguishing factor is that, although most of the vulnerabilities have remained the same, the number and sophistication of threats has increased.
As developers continue to struggle with securing complex web applications, consumers of these allegedly 2.0 sites, i.e. Infrastructure, Platform, or Software as a Service, face security and privacy concerns outside of technical vulnerabilities like XSS or SQL injection. Information has value and when the information resides solely in the browser, attackers don’t need to worry about buffer overflows or firewalls in order to compromise that data.