NSA-Proof communications (mostly)

NSA-proof communicationsNSA-proof communications
(mostly)(mostly)
Jan SeidlJan Seidl

$ whoami$ whoami
Full Name:Full Name: Jan SeidlJan Seidl
Origin:Origin: Rio de Janeiro, RJ – BrazilRio de Janeiro, RJ – Brazil
Work:Work:
● CTO @ TI SafeCTO @ TI Safe
● OpenSource contributor for: PEV, LogstashOpenSource contributor for: PEV, Logstash
● Codes and snippets @ github.com/jseidlCodes and snippets @ github.com/jseidl
Features:Features:
● UNIX Evangelist/Addict/Freak (but no fanboy!)UNIX Evangelist/Addict/Freak (but no fanboy!)
● Digital tools blacksmith / Python and C loverDigital tools blacksmith / Python and C lover
● Guitarist @ UmInEGuitarist @ UmInE
● Coffee dependentCoffee dependent
● Hates printers and social networksHates printers and social networks
● Proud DC Labs ResearcherProud DC Labs Researcher NSA-Proof Communications. SEIDL, Jan
FISL 2014 – Porto Alegre, Brasil

$ agenda$ agenda
0x0 Quick summary on privacy0x0 Quick summary on privacy
0x1 Who, why and how can you be spied on0x1 Who, why and how can you be spied on
0x2 Cryptography primer0x2 Cryptography primer
0x3 Insecure communications0x3 Insecure communications
0x4 False sense of security0x4 False sense of security
0x5 E-Mail never meant to be secure0x5 E-Mail never meant to be secure
0x6 Secure communications (mostly)0x6 Secure communications (mostly)
0x7 Creating a mostly secure communication infrastructure0x7 Creating a mostly secure communication infrastructure
0x8 The remaining points of failure0x8 The remaining points of failure
0x9 Closing up0x9 Closing up
0xA Questions?0xA Questions?
NSA-Proof Communications. SEIDL, Jan

Quick summary on privacyQuick summary on privacy
https://xkcd.com/1269/

Why privacy matters?Why privacy matters?
YouYou do notdo not hold only info about yourselfhold only info about yourself
You may hold key informationYou may hold key information about other people's lifesabout other people's lifes
Less information about your target =Less information about your target = Harder to engageHarder to engage
OPSECOPSEC
http://en.wikipedia.org/wiki/Operations_securityhttp://en.wikipedia.org/wiki/Operations_security

Are we more public than before?Are we more public than before?
Most people know about physical world threatsMost people know about physical world threats
Most peopleMost people don'tdon't know about digital threatsknow about digital threats
And it's not their fault (mostly)And it's not their fault (mostly)

Q: Do you stop a random stranger on the street and tell him:Q: Do you stop a random stranger on the street and tell him:
- Your past locations (incl. Home, work, school, shops, parties)- Your past locations (incl. Home, work, school, shops, parties)
- Your parents & kids' names, location, ages and pictures- Your parents & kids' names, location, ages and pictures
- Your favorite interests (movies, books, sports etc)- Your favorite interests (movies, books, sports etc)
- Confirm that you'll be at a given event- Confirm that you'll be at a given event

Q: Would you easily engage conversation with someone thatQ: Would you easily engage conversation with someone that
shared interest or experiences aboutshared interest or experiences about
- Being at your past locations (incl. Home, work, school, shops, parties)- Being at your past locations (incl. Home, work, school, shops, parties)
- Having parents & kids' with same names, ages and locations- Having parents & kids' with same names, ages and locations
- Sharing your favorite interests (movies, books, sports etc)- Sharing your favorite interests (movies, books, sports etc)
- Going to that given event- Going to that given event

Q: Do you think agencies, criminals and spies can easilyQ: Do you think agencies, criminals and spies can easily
sufficiently profile you using publicly available information?sufficiently profile you using publicly available information?
Yes, there's also a cool term for it:Yes, there's also a cool term for it: OSINTOSINT
http://en.wikipedia.org/wiki/Open-source_intelligencehttp://en.wikipedia.org/wiki/Open-source_intelligence

PLEASEPLEASE STOPSTOP
sharingsharing everythingeverything
on theon the INTERNETINTERNET!!

Sharing is definitely not caringSharing is definitely not caring
There's a huge chance you're anThere's a huge chance you're an overshareroversharer..
Yes. There is. Stop your internal dialog.Yes. There is. Stop your internal dialog.

The Internet isThe Internet is FINOFINO –– First-In-Never-OutFirst-In-Never-Out
Even with court orders. There's always a copy somewhere.Even with court orders. There's always a copy somewhere.
Eg: Google Caches, The Internet Archive, someone's hard diskEg: Google Caches, The Internet Archive, someone's hard disk
The Internet never forgets!!1!The Internet never forgets!!1!

Who/why/how can you be spied on?Who/why/how can you be spied on?

Commercial competitorsCommercial competitors
Haters (are you from a race/religion someone doesn't likes?)Haters (are you from a race/religion someone doesn't likes?)
AgenciesAgencies
““Data miners”Data miners”
““Marketing research”Marketing research”
Criminals / PsychosCriminals / Psychos
Who would spy on me?Who would spy on me?

YES YOU DO!YES YOU DO!
You might have key intelligence files / information about your companyYou might have key intelligence files / information about your company
You might don't know the value of themYou might don't know the value of them
Why would someone spy on me?Why would someone spy on me?
I have no valuable data!I have no valuable data!

SOMETIMES IT'S NOT ABOUT YOU!SOMETIMES IT'S NOT ABOUT YOU!
You may know / be communicating with someone worth spying onYou may know / be communicating with someone worth spying on
Your identity can be stolen to gain leverage on a targetYour identity can be stolen to gain leverage on a target
Why would someone spy on me?Why would someone spy on me?
I have no valuable data!I have no valuable data!

Local machine compromiseLocal machine compromise
Communications interception (local LAN, ISP, remote LAN)Communications interception (local LAN, ISP, remote LAN)
Remote server compromiseRemote server compromise
How would someone (digitally) spy on me?How would someone (digitally) spy on me?

Where can your data be stolenWhere can your data be stolen

Where can your data be stolenWhere can your data be stolen
Here
Here
Here
Here Here Here
Here
Here
HereHere

Do you still feel safe?Do you still feel safe?
Relax, me neither.Relax, me neither.

Cryptography primerCryptography primer

What the heck is encryption?What the heck is encryption?
Long story short: It makes plaintextLong story short: It makes plaintext unreadableunreadable, unless, unless keykey is providedis provided
No! Perl is not ciphertext (I think...)No! Perl is not ciphertext (I think...)

What the heck is encryption?What the heck is encryption?
Sample dumbest example everSample dumbest example ever
f(text, key)f(text, key) →→ 22··text ^ (key/3)text ^ (key/3)

What does it provide?What does it provide?
Two out of three of the CIA-Triad (no, not the agency!)Two out of three of the CIA-Triad (no, not the agency!)
Confidentiality & IntegrityConfidentiality & Integrity
Also: Identification, Authentication & Non-repudiationAlso: Identification, Authentication & Non-repudiation

Key-pairKey-pair
Diff. Keys for encr. / decr.Diff. Keys for encr. / decr.
SlowerSlower
Easier to maintainEasier to maintain
Single KeySingle Key
Same key for bothSame key for both
FasterFaster
Harder to maintainHarder to maintain
Asymmetric vs SymmetricAsymmetric vs Symmetric

Key-pairKey-pair
Diff. Keys for encr. / decr.Diff. Keys for encr. / decr.
SlowerSlower
Easier to maintainEasier to maintain
Single KeySingle Key
Same key for bothSame key for both
FasterFaster
Harder to maintainHarder to maintain
Asymmetric vs SymmetricAsymmetric vs Symmetric
MUST be kept privateMUST be kept private
Can be publicCan be public

How HTTPS worksHow HTTPS works

How HTTPS worksHow HTTPS works
AsymmetricAsymmetricSymmetricSymmetric

Is cryptography gonna make me safe?Is cryptography gonna make me safe?
Well... that depends...Well... that depends...

It supposed so... but then...It supposed so... but then...
http://heartbleed.com/

It supposed so... but then...It supposed so... but then...
https://www.imperialviolet.org/2014/02/22/applebug.html

FACT:FACT: PeoplePeople make mistakes.make mistakes. PeoplePeople make code. Code getsmake code. Code gets bugsbugs..

Legal issuesLegal issues
Encryption is not allowed everywhere.Encryption is not allowed everywhere.
Might be seen as sign of illegal activity!Might be seen as sign of illegal activity!
So be advised!So be advised!
http://en.wikipedia.org/wiki/Cryptography_lawhttp://en.wikipedia.org/wiki/Cryptography_law
http://bit.ly/RbsYgohttp://bit.ly/RbsYgo

Insecure communicationsInsecure communications
http://xkcd.com/257/

Which services are insecure?Which services are insecure?
** **
****

Whaa? But they don't use HTTPs?Whaa? But they don't use HTTPs?
HTTPs protects you fromHTTPs protects you from traffic eavesdroppingtraffic eavesdropping
Traffic gets decipheredTraffic gets deciphered at company server before going to destinationat company server before going to destination
Agencies mayAgencies may request your data to be forwardedrequest your data to be forwarded to them (court orders)to them (court orders)
Agencies mayAgencies may request company private keysrequest company private keys for interception (same above)for interception (same above)
Booya!Booya!

Should I break up with them?Should I break up with them?
You could. But you don't really need to.You could. But you don't really need to.
Just don't say anything there that you wouldn't say to a random stranger.Just don't say anything there that you wouldn't say to a random stranger.
If you need to exchange sensitive information, escalate to a secure medium.If you need to exchange sensitive information, escalate to a secure medium.

What about DNS servers?What about DNS servers?
Responsible for connecting us to the hostResponsible for connecting us to the host we wantwe want..
Can be perverted to use the hostCan be perverted to use the host THEYTHEY want.want.

What about DNS servers?What about DNS servers?
It is not that hard at all.It is not that hard at all.
DNS is aDNS is a plaintextplaintext protocol.protocol.
ewww...ewww...

The case of the famous Brazilian ISPThe case of the famous Brazilian ISP
Google servers DNS lookup from a foreign (USA) connectionGoogle servers DNS lookup from a foreign (USA) connection
(ping + dig using Google's DNS server)(ping + dig using Google's DNS server)

The case of the famous Brazilian ISPThe case of the famous Brazilian ISP
Google servers DNS lookup from the ISP connectionGoogle servers DNS lookup from the ISP connection
(ping + dig using Google's DNS server)(ping + dig using Google's DNS server)

Keep that motto in mindKeep that motto in mind
Don'tDon't thinkthink someone may be watching.someone may be watching.
KNOWKNOW that someonethat someone ISIS watching!watching!

False sense of securityFalse sense of security

HTTPs is not gonna save youHTTPs is not gonna save you
Don't feel safe only because of that padlock iconDon't feel safe only because of that padlock icon
Certificates/keys may be stolen/taken overCertificates/keys may be stolen/taken over
Didn't I say that already?Didn't I say that already?

Private key custody = Ability to plaintext!Private key custody = Ability to plaintext!
ssldump is an SSL/TLS network protocol analyzer. (…)ssldump is an SSL/TLS network protocol analyzer. (…) If providedIf provided
with the appropriate keying material, it will also decrypt thewith the appropriate keying material, it will also decrypt the
connections and display the application data trafficconnections and display the application data traffic..
http://www.rtfm.com/ssldump/Ssldump.htmlhttp://www.rtfm.com/ssldump/Ssldump.html

Server Name Indication (SNI)Server Name Indication (SNI) is an extension to the TLS protocol[1]is an extension to the TLS protocol[1]
that indicates what hostname the client is attempting to connect tothat indicates what hostname the client is attempting to connect to
at the start of the handshaking processat the start of the handshaking process. This allows a server to. This allows a server to
present multiple certificates on the same IP address and portpresent multiple certificates on the same IP address and port
number and hence allows multiple secure (HTTPS) websites (or anynumber and hence allows multiple secure (HTTPS) websites (or any
other Service over TLS) to be served off the same IP addressother Service over TLS) to be served off the same IP address
without requiring all those sites to use the same certificate. Itwithout requiring all those sites to use the same certificate. It
is the conceptual equivalent to HTTP/1.1 virtual hosting for HTTPS.is the conceptual equivalent to HTTP/1.1 virtual hosting for HTTPS.
http://en.wikipedia.org/wiki/Server_Name_Indicationhttp://en.wikipedia.org/wiki/Server_Name_Indication

Always keep in mind theAlways keep in mind the EvilEvil ServerServer

Server/network owners and admins might intercept your dataServer/network owners and admins might intercept your data
Criminals may have foothold on target serverCriminals may have foothold on target server
Generally data flows unencrypted on internal infrastructureGenerally data flows unencrypted on internal infrastructure
Data can be found unencrypted on memory and session filesData can be found unencrypted on memory and session files

User-land libraries may dump your SSLUser-land libraries may dump your SSL
(…) attempts to(…) attempts to MITMMITM these communications at the network level havethese communications at the network level have
been fruitless. To get at this sensitive data we will interceptbeen fruitless. To get at this sensitive data we will intercept
calls tocalls to SSL_writeSSL_write, the function, the function responsible for encrypting thenresponsible for encrypting then
sending data over a socketsending data over a socket. Intercepting SSL_write will allow us to. Intercepting SSL_write will allow us to
log the string sent to the function and pass the originallog the string sent to the function and pass the original
parameters along,parameters along, effectively bypassing the encryption protectionseffectively bypassing the encryption protections
while allowing the application to run normallywhile allowing the application to run normally
https://www.netspi.com/DesktopModules/SunBlog/Handlers/Print.aspx?id=191https://www.netspi.com/DesktopModules/SunBlog/Handlers/Print.aspx?id=191

Man-in-the-App Proof-of-ConceptMan-in-the-App Proof-of-Concept
Credential SnifferCredential Sniffer
https://github.com/jseidl/mitahttps://github.com/jseidl/mita
(…) will(…) will detect and logdetect and log anyany
credential communicationcredential communication overover
cookies and get/post requestscookies and get/post requests
and exfiltrate somewhere.and exfiltrate somewhere.
(…) monitors data from inside(…) monitors data from inside
application context/env. thusapplication context/env. thus
can't be defeated by the usecan't be defeated by the use
of SSLof SSL..

Truth is, email is ooooooldTruth is, email is oooooold
E-mail never meant to be secureE-mail never meant to be secure
First concept ~1962 (AUTODIN)First concept ~1962 (AUTODIN)
From host-based, to LAN-based, to ARPANET-based, to INTERNET-basedFrom host-based, to LAN-based, to ARPANET-based, to INTERNET-based
In IT, old pans doesn't makes good food.In IT, old pans doesn't makes good food.

Second, email is also plaintextSecond, email is also plaintext
You're starting to hate this word, aren't you?You're starting to hate this word, aren't you?

–– But hey, I've heard of this PGP thingy...But hey, I've heard of this PGP thingy...
–– It has that encryption thing you were talking about...It has that encryption thing you were talking about...
Yeap! And can also be used to verify the identity of the sender!Yeap! And can also be used to verify the identity of the sender!

And there's also a GNU version!And there's also a GNU version!
Isn't that beautiful?Isn't that beautiful?

Fact is: PGP is quite complicatedFact is: PGP is quite complicated
Did I mentioned the lack of mail client support?Did I mentioned the lack of mail client support?

Fact is: PGP doesn't protects metadataFact is: PGP doesn't protects metadata
Servers involvedServers involved
People's names and e-mail addressesPeople's names and e-mail addresses
Lots of other informationLots of other information

Fact is: E-mail can't be fixedFact is: E-mail can't be fixed
(in my opinion)(in my opinion)
Encryption breaks search.Encryption breaks search.
Indexing hurts security.Indexing hurts security.
Decrypt all your messages to search? Good luck with that.Decrypt all your messages to search? Good luck with that.
If perfect-forward, messages will be lost over time.If perfect-forward, messages will be lost over time.
Key handling would be nightmare.Key handling would be nightmare.

Secure communicationsSecure communications

As Jack the Ripper would say, let's go by partsAs Jack the Ripper would say, let's go by parts
Secure communications (mostly)Secure communications (mostly)

Now that you know you can't trust the partiesNow that you know you can't trust the parties
There's no way you want your data in plaintext over the circuitThere's no way you want your data in plaintext over the circuit
The service machine may be evil and under 3rd party controlThe service machine may be evil and under 3rd party control
Your own network may be compromisedYour own network may be compromised
You definitely can't trust no ISPYou definitely can't trust no ISP
You better not trust no one ;)You better not trust no one ;)

Make sure your workstation is secureMake sure your workstation is secure
https://tails.boum.org/https://tails.boum.org/
Prefer live-cd operating systemsPrefer live-cd operating systems

Roll your own local DNS serverRoll your own local DNS server
Configure-it properly!Configure-it properly!
Completely block outside accessCompletely block outside access
Listen on loopback onlyListen on loopback only
Etc...Etc...

Embrace the darknessEmbrace the darkness
Darknets are the new blackDarknets are the new black
http://en.wikipedia.org/wiki/Darknet_(file_sharinghttp://en.wikipedia.org/wiki/Darknet_(file_sharing))
A darknet is a private network where connections are made only between trusted peers (…)A darknet is a private network where connections are made only between trusted peers (…)
Darknets are distinct from other distributed peer-to-peer networks as sharing is anonymous (…)Darknets are distinct from other distributed peer-to-peer networks as sharing is anonymous (…)
and therefore users can communicate with little fear of governmental or corporate interference.and therefore users can communicate with little fear of governmental or corporate interference.

Embrace the darknessEmbrace the darkness
Popular darknetsPopular darknets
https://www.torproject.org/https://www.torproject.org/
http://geti2p.net/en/http://geti2p.net/en/
https://freenetproject.org/https://freenetproject.org/

Perfect-forward secrecyPerfect-forward secrecy
““(...) Allows today information to be kept secret even if the private key is(...) Allows today information to be kept secret even if the private key is
compromised in the future.”compromised in the future.”
–– Vincent Bernat, PhDVincent Bernat, PhD

Without forward-secrecy (TLS-AES128-SHA)Without forward-secrecy (TLS-AES128-SHA)
http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.htmlhttp://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html

With forward-secrecy (Ephemeral Diffie-Hellman)With forward-secrecy (Ephemeral Diffie-Hellman)
http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.htmlhttp://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
““Because the Diffie-Hellman exchange described above always uses newBecause the Diffie-Hellman exchange described above always uses new
random values a and b, it is calledrandom values a and b, it is called EphemeralEphemeral Diffie-HellmanDiffie-Hellman (EDH or DHE).(EDH or DHE).
Cipher suites like DHE-RSA-AES128-SHA use this protocol to achieve perfectCipher suites like DHE-RSA-AES128-SHA use this protocol to achieve perfect
forward secrecy”forward secrecy”
Optional Forward-secrecy:Optional Forward-secrecy: ECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHAECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHA
Forward-secrecy only:Forward-secrecy only: ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:EDH-DSS-DES-CBC3-SHAECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:EDH-DSS-DES-CBC3-SHA

With forward-secrecy (TextSecure's OTR ratchet)With forward-secrecy (TextSecure's OTR ratchet)
https://whispersystems.org/blog/advanced-ratcheting/https://whispersystems.org/blog/advanced-ratcheting/

Apache & NGINXApache & NGINX
http://bit.ly/1hmsysRhttp://bit.ly/1hmsysR
““Configuring Apache, Nginx, and OpenSSL for Forward Secrecy”Configuring Apache, Nginx, and OpenSSL for Forward Secrecy”

Gtalk, Hangouts, Facebook Chat andGtalk, Hangouts, Facebook Chat and
any XMPP-based I.M.any XMPP-based I.M.
https://securityinabox.org/en/pidgin_mainhttps://securityinabox.org/en/pidgin_main
““Pidgin with OTR - Secure Instant Messaging”Pidgin with OTR - Secure Instant Messaging”
http://phrozenblog.com/?p=615http://phrozenblog.com/?p=615
““Encrypt your GTalk / Hangout / Facebook chat”Encrypt your GTalk / Hangout / Facebook chat”

Mobile messagingMobile messaging
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesmshttps://play.google.com/store/apps/details?id=org.thoughtcrime.securesms
TextSecure Private Messenger (Android only)TextSecure Private Messenger (Android only)
https://telegram.org/https://telegram.org/
Telegram (Android & iOS)Telegram (Android & iOS)

Voice callsVoice calls
http://en.wikipedia.org/wiki/ZRTPhttp://en.wikipedia.org/wiki/ZRTP
VoIP with ZRTPVoIP with ZRTP

Mobile ZRTPMobile ZRTP
https://play.google.com/store/apps/details?id=org.thoughtcrime.redphonehttps://play.google.com/store/apps/details?id=org.thoughtcrime.redphone
RedPhone (Android only)RedPhone (Android only)

Platform S/ZRTPPlatform S/ZRTP
https://jitsi.org/Main/HomePagehttps://jitsi.org/Main/HomePage

Platform S/ZRTPPlatform S/ZRTP
http://bit.ly/1jvlbo7http://bit.ly/1jvlbo7
““How To Encrypt Chat And VoIP With Jitsi and XMPP”How To Encrypt Chat And VoIP With Jitsi and XMPP”

Secure communication infrastructureSecure communication infrastructure

More load to process, more time to processMore load to process, more time to process
Encryptions makes things slowerEncryptions makes things slower

First, choose your preferred Linux flavorFirst, choose your preferred Linux flavor
or BSD if you want :)or BSD if you want :)

Let's start with some good full-disk encryptionLet's start with some good full-disk encryption
Most distro's installer offer this option nowadaysMost distro's installer offer this option nowadays
It's not hard to implement if you are already a sysadminIt's not hard to implement if you are already a sysadmin
https://library.linode.com/security/full-disk-encryptionhttps://library.linode.com/security/full-disk-encryption

Then harden that system, baby!Then harden that system, baby!
Fix your perms (least privilege principle)Fix your perms (least privilege principle)
Setup your services config. properlySetup your services config. properly
Uninstall bloatware + Apply security updatesUninstall bloatware + Apply security updates
Use host-firewall (at least)Use host-firewall (at least)
*Disable kernel module loading*Disable kernel module loading
*Install PaX / GRSecurity patches*Install PaX / GRSecurity patches
*Not for the faint of heart*Not for the faint of heart
http://grsecurity.net/http://grsecurity.net/

SSL EVERYWHERESSL EVERYWHERE
In every communication between services, SSL must be enforcedIn every communication between services, SSL must be enforced
Do certificate pinningDo certificate pinning
https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinninghttps://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning

LDAP for identity management &LDAP for identity management &
authenticationauthentication
Most software has support for LDAP as backendMost software has support for LDAP as backend

Pretty default mail stackPretty default mail stack
Postfix + Dovecot + dspam + postgrey + LDAP auth. backendPostfix + Dovecot + dspam + postgrey + LDAP auth. backend

We add auto PGP encryption to itWe add auto PGP encryption to it
–– Heyyyy, but you said PGP sucks!Heyyyy, but you said PGP sucks!
–– I never said that! It's still better than plaintext!I never said that! It's still better than plaintext!
https://github.com/mikecardwell/gpgithttps://github.com/mikecardwell/gpgit
https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sievehttps://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve

PGP supported softwarePGP supported software
Thunderbird handles well with Enigmail pluginThunderbird handles well with Enigmail plugin
K9 Mail (Android) only handles low quality PGP keys (due APG limitation)K9 Mail (Android) only handles low quality PGP keys (due APG limitation)
Other mail clients may support PGP tooOther mail clients may support PGP too
https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/

XMPP for chatXMPP for chat
Will use SSL for connection but clients need to do OTR on their sideWill use SSL for connection but clients need to do OTR on their side

XMPP for chatXMPP for chat
ejabberd + punjab BOSH proxy +ejabberd + punjab BOSH proxy +
LDAP auth. Backend + MySQL roster backendLDAP auth. Backend + MySQL roster backend
https://github.com/twonds/punjabhttps://github.com/twonds/punjab
http://www.ejabberd.im/http://www.ejabberd.im/

Compliant XMPP+OTR clientsCompliant XMPP+OTR clients
Win/Mac OS X/Linux: PidginWin/Mac OS X/Linux: Pidgin
Android: XabberAndroid: Xabber
IOS / Android: ChatSecureIOS / Android: ChatSecure
https://pidgin.im/https://pidgin.im/
http://www.xabber.org/http://www.xabber.org/
http://chrisballinger.info/apps/chatsecure/http://chrisballinger.info/apps/chatsecure/

XMPP+OTR clients + S/ZRTPXMPP+OTR clients + S/ZRTP
https://jitsi.org/Main/HomePagehttps://jitsi.org/Main/HomePage

Optional insecure feature: Web-mail InterfaceOptional insecure feature: Web-mail Interface
Browsers are vulnerable to many attacksBrowsers are vulnerable to many attacks
Open-source web-mail software code still needs maturityOpen-source web-mail software code still needs maturity
Crypto-in-the-browser is a little creepyCrypto-in-the-browser is a little creepy

Optional insecure feature: Web-mail InterfaceOptional insecure feature: Web-mail Interface
Roundcube + rc_openpgpjs + LDAP auth. BackendRoundcube + rc_openpgpjs + LDAP auth. Backend
converse.js for embedded chatconverse.js for embedded chat
http://roundcube.net/http://roundcube.net/
https://github.com/qnrq/rc_openpgpjshttps://github.com/qnrq/rc_openpgpjs
https://github.com/jcbrand/converse.js/https://github.com/jcbrand/converse.js/
https://github.com/priyadi/roundcube-converse.js-xmpp-pluginhttps://github.com/priyadi/roundcube-converse.js-xmpp-plugin

The final productThe final product

The remaining points of failureThe remaining points of failure

Metadata is gold and is always leaking outMetadata is gold and is always leaking out
Metadata is "data about data".Metadata is "data about data".
http://en.wikipedia.org/wiki/Metadatahttp://en.wikipedia.org/wiki/Metadata

Metadata is gold and is always leaking outMetadata is gold and is always leaking out
Metadata carries out lots ofMetadata carries out lots of Personal Identifiable Information (PII)Personal Identifiable Information (PII)
Can be very helpful on correlating people and eventsCan be very helpful on correlating people and events
Leaks everywhere.Leaks everywhere.
DNS, Web, Email, Documents, Images, Photos from cameras and cellphones etcDNS, Web, Email, Documents, Images, Photos from cameras and cellphones etc

Code may haveCode may have bugsbugs
Even the ones meant to secure us.Even the ones meant to secure us.
Just likeJust like OpenSSL's HeartbleedOpenSSL's Heartbleed andand Apple's goto failApple's goto fail

Code may haveCode may have featuresfeatures
http://bit.ly/18DOX71http://bit.ly/18DOX71

http://cnet.co/1rVzAL0http://cnet.co/1rVzAL0

http://bit.ly/1hO99Uohttp://bit.ly/1hO99Uo

Agencies can be very persuasiveAgencies can be very persuasive

–– So I'll never be completely safe?So I'll never be completely safe?
Closing upClosing up

–– Well, so I don't need to do security at allWell, so I don't need to do security at all

We know security is not easyWe know security is not easy
Security = UsabilitySecurity = Usability-1-1

Sometimes can be a painSometimes can be a pain

But you gotta take care out there!But you gotta take care out there!

That's all folks!That's all folks!
http://wroot.orghttp://wroot.org @jseidl@jseidl
jseidl@wroot.orgjseidl@wroot.orghttps://github.com/jseidl/https://github.com/jseidl/
http://www.slideshare.net/jseidlhttp://www.slideshare.net/jseidl

NSA-Proof communications (mostly)

Recomendados

Recomendados

Mais conteúdo relacionado

Destaque

Destaque (11)

Semelhante a NSA-Proof communications (mostly)

Semelhante a NSA-Proof communications (mostly) (20)

Último

Último (20)

NSA-Proof communications (mostly)