Codemotion ES 2014: Love Always Takes Care & Humility
-
Upload
chema-alonso -
Category
Technology
-
view
17.404 -
download
1
description
Transcript of Codemotion ES 2014: Love Always Takes Care & Humility
![Page 2: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/2.jpg)
![Page 3: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/3.jpg)
![Page 4: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/4.jpg)
![Page 5: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/5.jpg)
Hacker & Developer
![Page 6: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/6.jpg)
Worried About Security
![Page 7: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/7.jpg)
She thinks security is “do the things
right”Creating a Strong Password:
Variety – Don’t use the same password on all the sites you visit. Don’t use a word
from the dictionary.
Length – Select strong passwords that can’t easily be guessed with 10 or more
characters.
Think of a meaningful phrase, song or quote and turn it into a complex password
using the first letter of each word.
Complexity – Randomly add capital letters, punctuation or symbols. Substitute
numbers for letters that look similar (for example, substitute “0” for “o” or “3″ for “E”.
Never give your password to others or write it down.
![Page 8: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/8.jpg)
He doesn´t
![Page 9: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/9.jpg)
Working “common way” is
useless• WireTyping
• Trojans & malware
• Phishing
• Shoulder Surfing
• Insiders
• Server-Side bugs
– Heartbleed, ShellShock, Schannel, PHP CGI, ….
• Client-Side bugs
• Enemies everywhere...
![Page 10: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/10.jpg)
P@sswords, P@sswords,
Dam’t!!
![Page 11: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/11.jpg)
P@sswords, P@sswords,
Dam’t!!
![Page 12: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/12.jpg)
P@sswords, P@sswords,
Dam’t!!
![Page 13: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/13.jpg)
![Page 14: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/14.jpg)
We need to apply Science on “new”
way• 99 % of purity
• Good for all users
• Not past errors
• Second Factor Auth
• Side-Channel
• Stealth
![Page 15: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/15.jpg)
![Page 16: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/16.jpg)
She doesn´t like “new” ways to
security
• 2FA with OTP on
SMS
• RSA Hardware
Tokens
• Matrix of numbers
• G Authenticator-
Likes
• Biometry
• Etc….
![Page 17: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/17.jpg)
She Complaints
G-Authenticator-likesNot stolen-passwords adviseUser needs to type OTP
BiometryLost once / Lost foreverWho has my biometry?iOS Case
RSA Hardware TokensExpensiveUnconfortableUser needs to type OTP
SMS way:Not anonymousTied to SIMSIM Swapping attacksGSM AttacksUser needs to type OTPRoaming services
MatrixFiniteTrojans ask for itUsually on walletUser needs to type OTP
![Page 18: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/18.jpg)
What a hacker does?
A hacker provides because…
![Page 19: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/19.jpg)
{Love Always Takes Care & Humility}
L A T C H
![Page 20: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/20.jpg)
LatchServer
1.- Generate pairing code
2.- TemporaryPariring token
User Settings:Login: XXXXPass: YYYYLatch:
4.-AppID+Temp pairing Token
5.- OK+Unique Latch
6.-ID Latchappears in app
ULatch
Latch Security “Way”
![Page 21: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/21.jpg)
LatchServer
Users DB:Login: XXXXPass: YYYY
Latch: Latch1
Login Page:
Login:AAAAPass:BBBB
1.- Client sendsLogin/password
3.- asks about Latch1 status
4.- Latch 1 is OFF
5.- Login Error
6.- Someone try to getAccess to Latch 1 id.
2.- Check user/pass
Latch Security “Way”
![Page 22: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/22.jpg)
Cares & Humility
• No users. No passwords. No personal data. No trace.
• If anyone try to get access -> Can´t + Warning
• if anyone access when open -> Warning
• if anyone try to unpair -> Latch + Warning
![Page 23: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/23.jpg)
Latch Periodic Table
![Page 24: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/24.jpg)
Cooking
![Page 25: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/25.jpg)
A PHP Recipe
![Page 26: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/26.jpg)
User1Pass1
Login: User2Pass: Pass2
Latch: Latch2
Login: User1Pass: Pass1
Latch: Latch1
4-eyes verification
![Page 27: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/27.jpg)
AssetLatch: Latch1
Latch: Latch 2
2 Keys Activation
User1Pass1
![Page 28: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/28.jpg)
UserPass
Login: UserPass: Pass
Latch: Latch
Access Control
![Page 29: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/29.jpg)
Why?
Answer
OTP
Double Supervision
Login: User
Pass: Pass
Latch: Latch
Op1:Unlock
Op2: OTP
User
Pass
![Page 30: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/30.jpg)
Latch Plugin Contest
![Page 31: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/31.jpg)
Mooooney
![Page 32: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/32.jpg)
![Page 33: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/33.jpg)
Latch Talks
![Page 34: Codemotion ES 2014: Love Always Takes Care & Humility](https://reader034.fdocuments.net/reader034/viewer/2022052601/559445e61a28ab02738b45e2/html5/thumbnails/34.jpg)
See you in Codemotion 2015:
The end of the Trilogy
“Love After Death”