SlideShare uma empresa Scribd logo

Codemotion ES 2014: Love Always Takes Care & Humility

Transferir como PPTX, PDF
Chema Alonso
Chema Alonso

Talk delivered by Chema Alonso in Codemotion 2014 ES {Madrid}. It is about passwords, second factor authentication and Second Factor Authorization using Latch... with a Breaking Bad touch.

Tecnologia
1 de 34
{Love Always Takes Care & Humility} Chema Alonso @chemaalonso chema@11paths.com
Hacker & Developer
Worried About Security
She thinks security is “do the things right” Creating a Strong Password: Variety – Don’t use the same password on all the sites you visit. Don’t use a word from the dictionary. Length – Select strong passwords that can’t easily be guessed with 10 or more characters. Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word. Complexity – Randomly add capital letters, punctuation or symbols. Substitute numbers for letters that look similar (for example, substitute “0” for “o” or “3″ for “E”. Never give your password to others or write it down.
He doesn´t
Working “common way” is useless • WireTyping • Trojans & malware • Phishing • Shoulder Surfing • Insiders • Server-Side bugs – Heartbleed, ShellShock, Schannel, PHP CGI, …. • Client-Side bugs • Enemies everywhere...
P@sswords, P@sswords, Dam’t!!
P@sswords, P@sswords, Dam’t!!
P@sswords, P@sswords, Dam’t!!
We need to apply Science on “new” way • 99 % of purity • Good for all users • Not past errors • Second Factor Auth • Side-Channel • Stealth
She doesn´t like “new” ways to security • 2FA with OTP on SMS • RSA Hardware Tokens • Matrix of numbers • G Authenticator- Likes • Biometry • Etc….
She Complaints G-Authenticator-likes Not stolen-passwords advise User needs to type OTP Biometry Lost once / Lost forever Who has my biometry? iOS Case RSA Hardware Tokens Expensive Unconfortable User needs to type OTP SMS way: Not anonymous Tied to SIM SIM Swapping attacks GSM Attacks User needs to type OTP Roaming services Matrix Finite Trojans ask for it Usually on wallet User needs to type OTP
What a hacker does? A hacker provides because…
{Love Always Takes Care & Humility} L A T C H
Latch Server 1.- Generate pairing code 2.- Temporary Pariring token User Settings: Login: XXXX Pass: YYYY Latch: 4.-AppID+Temp pairing Token 5.- OK+Unique Latch 6.-ID Latch appears in app ULatch Latch Security “Way”
Latch Server Users DB: Login: XXXX Pass: YYYY Latch: Latch1 1.- Client sends Login/password Login Page: Login:AAAA Pass:BBBB 3.- asks about Latch1 status 4.- Latch 1 is OFF 5.- Login Error 6.- Someone try to get Access to Latch 1 id. 2.- Check user/pass Latch Security “Way”
Cares & Humility • No users. No passwords. No personal data. No trace. • If anyone try to get access -> Can´t + Warning • if anyone access when open -> Warning • if anyone try to unpair -> Latch + Warning
Latch Periodic Table
Cooking
A PHP Recipe
User1 Pass1 4-eyes verification Login: User2 Pass: Pass2 Latch: Latch2 Login: User1 Pass: Pass1 Latch: Latch1
2 Keys Activation Asset Latch: Latch1 Latch: Latch 2 User1 Pass1
Login: User Pass: Pass Latch: Latch User Pass Access Control
Double Supervision Why? Answer OTP Login: User Pass: Pass Latch: Latch Op1:Unlock Op2: OTP User Pass
Latch Plugin Contest
Mooooney
Latch Talks
See you in Codemotion 2015: The end of the Trilogy “Love After Death”

Recomendados

RootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital LatchesRootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital LatchesChema Alonso
 
Web Security
Web SecurityWeb Security
Web SecuritySupankar Banik
 
OpenID Security
OpenID SecurityOpenID Security
OpenID Securityeugenet
 
No me indexes que me cacheo
No me indexes que me cacheoNo me indexes que me cacheo
No me indexes que me cacheoChema Alonso
 
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitChema Alonso
 
XSS Google Persistentes
XSS Google PersistentesXSS Google Persistentes
XSS Google PersistentesChema Alonso
 
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsTu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
 
Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with TacytChema Alonso
 

Recomendados

RootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital LatchesRootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital LatchesChema Alonso
 
Web Security
Web SecurityWeb Security
Web SecuritySupankar Banik
 
OpenID Security
OpenID SecurityOpenID Security
OpenID Securityeugenet
 
No me indexes que me cacheo
No me indexes que me cacheoNo me indexes que me cacheo
No me indexes que me cacheoChema Alonso
 
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitChema Alonso
 
XSS Google Persistentes
XSS Google PersistentesXSS Google Persistentes
XSS Google PersistentesChema Alonso
 
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsTu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
 
Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with TacytChema Alonso
 
Shuabang Botnet
Shuabang BotnetShuabang Botnet
Shuabang BotnetChema Alonso
 
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of MagicChema Alonso
 
Ingenieros y hackers
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackersChema Alonso
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
X Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
X Fórum AUSAPE 2014: Un Decálogo de Seguridad MálignaX Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
X Fórum AUSAPE 2014: Un Decálogo de Seguridad MálignaChema Alonso
 
El juego es el mismo
El juego es el mismoEl juego es el mismo
El juego es el mismoChema Alonso
 
Latch Security Scenarios
Latch Security ScenariosLatch Security Scenarios
Latch Security ScenariosChema Alonso
 
WebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataWebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataChema Alonso
 
Digital latches for your digital Life
Digital latches for your digital LifeDigital latches for your digital Life
Digital latches for your digital LifeChema Alonso
 
Ataques XSS Google Persistentes
Ataques XSS Google PersistentesAtaques XSS Google Persistentes
Ataques XSS Google PersistentesChema Alonso
 
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionChema Alonso
 
Codemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL InjectionCodemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL InjectionChema Alonso
 
Libro de Seguridad en Redes
Libro de Seguridad en RedesLibro de Seguridad en Redes
Libro de Seguridad en RedesTelefónica
 
Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Chema Alonso
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
 
Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordChema Alonso
 
Hachetetepé dos puntos SLAAC SLAAC
Hachetetepé dos puntos SLAAC SLAACHachetetepé dos puntos SLAAC SLAAC
Hachetetepé dos puntos SLAAC SLAACChema Alonso
 
Latch MyCar: Documentation
Latch MyCar: DocumentationLatch MyCar: Documentation
Latch MyCar: DocumentationTelefónica
 
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Chema Alonso
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
Internet Security
Internet SecurityInternet Security
Internet SecurityAvnish Jain
 

Mais conteúdo relacionado

Destaque

Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of MagicChema Alonso
 
Ingenieros y hackers
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackersChema Alonso
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
X Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
X Fórum AUSAPE 2014: Un Decálogo de Seguridad MálignaX Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
X Fórum AUSAPE 2014: Un Decálogo de Seguridad MálignaChema Alonso
 
El juego es el mismo
El juego es el mismoEl juego es el mismo
El juego es el mismoChema Alonso
 
Latch Security Scenarios
Latch Security ScenariosLatch Security Scenarios
Latch Security ScenariosChema Alonso
 
WebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataWebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataChema Alonso
 
Digital latches for your digital Life
Digital latches for your digital LifeDigital latches for your digital Life
Digital latches for your digital LifeChema Alonso
 
Ataques XSS Google Persistentes
Ataques XSS Google PersistentesAtaques XSS Google Persistentes
Ataques XSS Google PersistentesChema Alonso
 
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionChema Alonso
 
Codemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL InjectionCodemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL InjectionChema Alonso
 
Libro de Seguridad en Redes
Libro de Seguridad en RedesLibro de Seguridad en Redes
Libro de Seguridad en RedesTelefónica
 
Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Chema Alonso
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
 
Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordChema Alonso
 
Hachetetepé dos puntos SLAAC SLAAC
Hachetetepé dos puntos SLAAC SLAACHachetetepé dos puntos SLAAC SLAAC
Hachetetepé dos puntos SLAAC SLAACChema Alonso
 
Latch MyCar: Documentation
Latch MyCar: DocumentationLatch MyCar: Documentation
Latch MyCar: DocumentationTelefónica
 
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Chema Alonso
 

Destaque (20)

Shuabang Botnet
Shuabang BotnetShuabang Botnet
Shuabang Botnet
 
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of Magic
 
Ingenieros y hackers
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackers
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
 
X Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
X Fórum AUSAPE 2014: Un Decálogo de Seguridad MálignaX Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
X Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
 
El juego es el mismo
El juego es el mismoEl juego es el mismo
El juego es el mismo
 
Latch Security Scenarios
Latch Security ScenariosLatch Security Scenarios
Latch Security Scenarios
 
WebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataWebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big Data
 
Digital latches for your digital Life
Digital latches for your digital LifeDigital latches for your digital Life
Digital latches for your digital Life
 
Ataques XSS Google Persistentes
Ataques XSS Google PersistentesAtaques XSS Google Persistentes
Ataques XSS Google Persistentes
 
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
 
Codemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL InjectionCodemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL Injection
 
Libro de Seguridad en Redes
Libro de Seguridad en RedesLibro de Seguridad en Redes
Libro de Seguridad en Redes
 
Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
 
Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWord
 
Hachetetepé dos puntos SLAAC SLAAC
Hachetetepé dos puntos SLAAC SLAACHachetetepé dos puntos SLAAC SLAAC
Hachetetepé dos puntos SLAAC SLAAC
 
Latch MyCar: Documentation
Latch MyCar: DocumentationLatch MyCar: Documentation
Latch MyCar: Documentation
 
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0
 

Semelhante a Codemotion ES 2014: Love Always Takes Care & Humility

How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
Internet Security
Internet SecurityInternet Security
Internet SecurityAvnish Jain
 
How to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsHow to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsConnectSafely
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawConnectSafely
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
Network Security
Network SecurityNetwork Security
Network SecuritySOBXTECH
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleJarrod Overson
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based SecurityRare Input
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxssuser04fcec
 
Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)Aman Singh
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxFarhanaMariyam1
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesVi Tính Hoàng Nam
 
CYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptxCYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptxTapan Khilar
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 
zaki_anwer_cryptography.pptx
zaki_anwer_cryptography.pptxzaki_anwer_cryptography.pptx
zaki_anwer_cryptography.pptxMewar University
 

Semelhante a Codemotion ES 2014: Love Always Takes Care & Humility (20)

How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
How to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsHow to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique Passwords
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security Flaw
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Network Security
Network SecurityNetwork Security
Network Security
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key logger
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniques
 
CYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptxCYBER SECURITY AWARENESS.pptx
CYBER SECURITY AWARENESS.pptx
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
zaki_anwer_cryptography.pptx
zaki_anwer_cryptography.pptxzaki_anwer_cryptography.pptx
zaki_anwer_cryptography.pptx
 

Mais de Chema Alonso

Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoChema Alonso
 
CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarChema Alonso
 
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Chema Alonso
 
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIAuditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIChema Alonso
 
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?Chema Alonso
 
Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalLatch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalChema Alonso
 
Hacking con Python
Hacking con PythonHacking con Python
Hacking con PythonChema Alonso
 
Guía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIRGuía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIRChema Alonso
 
Curso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la CiberdefensaCurso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la CiberdefensaChema Alonso
 
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...Chema Alonso
 
LDAP Injection Techniques
LDAP Injection TechniquesLDAP Injection Techniques
LDAP Injection TechniquesChema Alonso
 
X Forum AUSAPE 2014
X Forum AUSAPE 2014X Forum AUSAPE 2014
X Forum AUSAPE 2014Chema Alonso
 
Código para Latch físico: Touch_calibrate.py
Código para Latch físico: Touch_calibrate.pyCódigo para Latch físico: Touch_calibrate.py
Código para Latch físico: Touch_calibrate.pyChema Alonso
 

Mais de Chema Alonso (14)

Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en Magento
 
CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajar
 
Foca API v0.1
Foca API v0.1Foca API v0.1
Foca API v0.1
 
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
 
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIAuditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase II
 
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?
 
Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalLatch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digital
 
Hacking con Python
Hacking con PythonHacking con Python
Hacking con Python
 
Guía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIRGuía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIR
 
Curso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la CiberdefensaCurso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la Ciberdefensa
 
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...
 
LDAP Injection Techniques
LDAP Injection TechniquesLDAP Injection Techniques
LDAP Injection Techniques
 
X Forum AUSAPE 2014
X Forum AUSAPE 2014X Forum AUSAPE 2014
X Forum AUSAPE 2014
 
Código para Latch físico: Touch_calibrate.py
Código para Latch físico: Touch_calibrate.pyCódigo para Latch físico: Touch_calibrate.py
Código para Latch físico: Touch_calibrate.py
 

Último

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Último (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Codemotion ES 2014: Love Always Takes Care & Humility

  • 1. {Love Always Takes Care & Humility} Chema Alonso @chemaalonso chema@11paths.com
  • 2.
  • 3.
  • 4.
  • 7. She thinks security is “do the things right” Creating a Strong Password: Variety – Don’t use the same password on all the sites you visit. Don’t use a word from the dictionary. Length – Select strong passwords that can’t easily be guessed with 10 or more characters. Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word. Complexity – Randomly add capital letters, punctuation or symbols. Substitute numbers for letters that look similar (for example, substitute “0” for “o” or “3″ for “E”. Never give your password to others or write it down.
  • 9. Working “common way” is useless • WireTyping • Trojans & malware • Phishing • Shoulder Surfing • Insiders • Server-Side bugs – Heartbleed, ShellShock, Schannel, PHP CGI, …. • Client-Side bugs • Enemies everywhere...
  • 13.
  • 14. We need to apply Science on “new” way • 99 % of purity • Good for all users • Not past errors • Second Factor Auth • Side-Channel • Stealth
  • 15.
  • 16. She doesn´t like “new” ways to security • 2FA with OTP on SMS • RSA Hardware Tokens • Matrix of numbers • G Authenticator- Likes • Biometry • Etc….
  • 17. She Complaints G-Authenticator-likes Not stolen-passwords advise User needs to type OTP Biometry Lost once / Lost forever Who has my biometry? iOS Case RSA Hardware Tokens Expensive Unconfortable User needs to type OTP SMS way: Not anonymous Tied to SIM SIM Swapping attacks GSM Attacks User needs to type OTP Roaming services Matrix Finite Trojans ask for it Usually on wallet User needs to type OTP
  • 18. What a hacker does? A hacker provides because…
  • 19. {Love Always Takes Care & Humility} L A T C H
  • 20. Latch Server 1.- Generate pairing code 2.- Temporary Pariring token User Settings: Login: XXXX Pass: YYYY Latch: 4.-AppID+Temp pairing Token 5.- OK+Unique Latch 6.-ID Latch appears in app ULatch Latch Security “Way”
  • 21. Latch Server Users DB: Login: XXXX Pass: YYYY Latch: Latch1 1.- Client sends Login/password Login Page: Login:AAAA Pass:BBBB 3.- asks about Latch1 status 4.- Latch 1 is OFF 5.- Login Error 6.- Someone try to get Access to Latch 1 id. 2.- Check user/pass Latch Security “Way”
  • 22. Cares & Humility • No users. No passwords. No personal data. No trace. • If anyone try to get access -> Can´t + Warning • if anyone access when open -> Warning • if anyone try to unpair -> Latch + Warning
  • 26. User1 Pass1 4-eyes verification Login: User2 Pass: Pass2 Latch: Latch2 Login: User1 Pass: Pass1 Latch: Latch1
  • 27. 2 Keys Activation Asset Latch: Latch1 Latch: Latch 2 User1 Pass1
  • 28. Login: User Pass: Pass Latch: Latch User Pass Access Control
  • 29. Double Supervision Why? Answer OTP Login: User Pass: Pass Latch: Latch Op1:Unlock Op2: OTP User Pass
  • 32.
  • 34. See you in Codemotion 2015: The end of the Trilogy “Love After Death”

Notas do Editor

  1. ejOcoAdG