by Seth Schoen
The most common way of using SSL/TLS encryption relies on a public-key infrastructure that puts near-absolute trust in a large number of entities around the world, any one of which could accidentally or deliberately empower anyone in between us and our communication partners to impersonate any site or service and spy on all of our communications. We've seen that these certificate authorities can make mistakes. CA mistakes, or collaboration with attackers, can expose us to undetectable man-in-the-middle attacks, so we need new mechanisms to meaningfully double-check that they're doing the right thing.
I will discuss a whitepaper and research collaboration that are exploring the available sources of information that could help address this problem.
by Paul Fenwick
Want to find out what your friends were doing on the weekend? Curious which parties you aren't getting invited to? Wish you could contact that interesting person you met at a 3,000 person event, but you only got their first name? Want to know what your potential new employee really does in their spare time? Or do you just like data, and lots of it?
In this talk we'll learn some simple tricks with open source tools that can help you access a wealth of information from the largest collection of social data ever created. We will also examine techniques and practices to help control what data you expose to the techniques presented.
Using FTP, telnet (some of you must still be using telnet), sending mail, surfing gopher, and visiting web sites can all give away personal information and passwords.
We'll show how easy it is for your traffic to be intercepted (using open source tools) and what you can do to protect yourself (also using open source tools).
Including such excitement as:
* Packet sniffers and you
* The dark and ancient magic of SSL certificates
* Man/woman in the middle attacks
* Working around and tunneling through insecure networks
* Quitting passwords cold turkey with public keys and other tools
* Charts! Graphs!
* Public shaming!
* (and possibly more)
1st–4th June 2010