digitalks #15 - sicherheit im netz
TRANSCRIPT
Digitalks #15
Digitalks #15
Sicherheit im Netz
Martin Leyrer
Themenbersicht
Pestizide
Brandmauern
Service
Wer lauscht mit
Krmelmonster
Passwrter
Vertrauen
Temporre E-Mails
Anonym Online
Buchtips
http://www.flickr.com/photos/57402879@N00/362127198/
Pestizide (Virenschutz)
Schutz vor Viren, Wrmern, ...
Pflicht fr alle E-Mail Lucky Lukes
Anbieter mischen
Unter Windows eigentlich ein must have
http://www.flickr.com/photos/moritzbernoully/3411252063/
Brandmauern (Firewalls)
Schtzt vor Angriffen von auen
ev. auch von innen
Intrusion Detection & Prevention (IDS, IPS) ?
Werden sehr schnell sehr komplex
Pflicht unter Windows
http://www.flickr.com/photos/disaster_area/3640293101/
Service (Aktualisierungen)
Pflicht (egal welches Betriebssystem)
Anwendungen nicht vergessen (PDF, Flash, Java, Office, )
Am besten automatisieren
Tipp fr Windows: Secunia Personal Software Inspector
http://www.flickr.com/photos/smoovey/3297533849/
Wer lauscht mit (Verschlsselung)
Im Browser (SSL/TLS)
E-Mail bertragung (SSL/TLS)
E-Mail Inhalte (S/MIME oder GNUPG)
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1
Last year, my novel Makers was published and syndicated free as a seriesof 81 blog-posts on Tor.com. Tor had the insanely creative people atIdiots' Books produce 81 interlocking, tesselating illustrations, onefor each installment, and made a sweet little Flash toy that let youplay with making your own meta-illo by moving the tiles around.
...
READ CAREFULLY. By reading this email, you agree, on behalf of youremployer, to release me from all obligations and waivers arising fromany and all NON-NEGOTIATED agreements, licenses, terms-of-service,shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure,non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I haveentered into with your employer, its partners, licensors, agents andassigns, in perpetuity, without prejudice to my ongoing rights andprivileges. You further represent that you have the authority to releaseme from any BOGUS AGREEMENTS on behalf of your employer.
-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.9 (GNU/Linux)Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkwMgeAACgkQkCbbvh/CN6+LDQCgg9F8dQ8AzuqU/fiPo7LNYF4K+C8AniOh2ec0Z/S26UYgmbYvK3J57b+X=fFi4-----END PGP SIGNATURE-----
http://www.flickr.com/photos/newbirth/4484884179/
Krmelmonster
Normale Cookies
Flash-cookies (Local Shared Objects, LSO)
Ghostery
CookieSafe
View Cookies
BetterPrivacy
Adblock Plus
Some flash LSO-cookie properties in short...- they are never expiring - staying on your computer for an unlimited time.- by default they offer a storage of 100 KB (compare: Usual cookies 4 KB).- browsers are not aware of those cookies, LSO's usually cannot be removed by browsers.- via Flash they can access and store highly specific personal and technical information (system, user name, files,...).- ability to send the stored information to the appropriate server, without user's permission.- flash applications do not need to be visible- there is no easy way to tell which flash-cookie sites are tracking you.- shared folders allow cross-browser tracking, LSO's work in every flash-enabled application- the company doesn't provide a user-friendly way to manage LSO's, in fact it's incredible cumbersome.- many domains and tracking companies make extensive use of flash-cookies.
http://www.flickr.com/photos/parmiter/2505803867/
Passwrter
... people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. - B. Schneier
KeePass Password Safe
Vertrauen Sie mir,
ich wei was ich tue!
Vertrauen
Delivered-To: [email protected]: by 10.204.10.132 with SMTP id p4cs3051bkp; Mon, 7 Jun 2010 22:52:17 -0700 (PDT)Received: by 10.231.196.220 with SMTP id eh28mr818375ibb.198.1275976335525; Mon, 07 Jun 2010 22:52:15 -0700 (PDT)Return-Path: Received: from weblinux04.bighost.com.br (weblinux04.bighost.com.br [200.219.245.41]) by mx.google.com with SMTP id f19si7825272ibj.96.2010.06.07.22.52.14; Mon, 07 Jun 2010 22:52:15 -0700 (PDT)Received-SPF: neutral (google.com: 200.219.245.41 is neither permitted nor denied by domain of [email protected]) client-ip=200.219.245.41;Authentication-Results: mx.google.com; spf=neutral (google.com: 200.219.245.41 is neither permitted nor denied by domain of [email protected]) [email protected]: Tue, 8 Jun 2010 02:44:09 +0300To: From: Facebook Subject: You have deactivated your Facebook account (56289)Message-ID: X-Priority: 3MIME-Version: 1.0Content-Type: text/html; charset="UTF-8"Content-Transfer-Encoding: 7bit
Temporre E-Mail
Mailinator
http://mailinator.com/
Gmail +
[email protected]
http://www.flickr.com/photos/cobalt/247564799/
Anonym Online
The Onion Routing
www.torproject.org/
FoeBuD PrivacyDongle
Ubit Wien PrivaSEC forte
http://www.flickr.com/photos/98469445@N00/327471676/
Die Kunst der Tuschung
Kevin D. Mitnick
ISBN: 3826615697
In Die Kunst der Tuschung dreht sich alles um die Mglichkeit, jemandes Vertrauen mit Lgen zu erschleichen, um dieses Vertrauen dann zum eigenen Spa und Vorteil zu missbrauchen.
Practical Cryptography
Niels Ferguson and Bruce Schneier
ISBN: 0471223573
This book is about how to apply the cryptographic functions in a real-world setting in such a way that you actually get a secure system.
Little Brother
Cory Doctorow
ISBN: 0765319853
Download for Free
This book is action-packed with tales of courage, technology, and demonstrations of digital disobedience as the technophiles civil protest.
Danke fr die Aufmerksamkeit!
Links: http://delicious.com/MartinLeyrer/Digitalks15
Kontakt:
E-Mail: [email protected]
Twitter/Identi.ca: leyrer
Blog: http://martin.leyrer.priv.at
Jabber/GTalk: [email protected]