Security Workshops
In light of the orwellian nightmare we've built ourselves into, now is a good time for the CSClub to pick up the slack it usually picks and teach people how to be safe out there.
Topics, and slides
Related work and Telling Evidence
Related Work
EFF's Surveillance Self-Defense Guide
Pirate Party's EncryptEverything
Ken Thompson - Reflections on Trusting Trust
Evidence
http://readwrite.com/2010/08/04/google_ceo_schmidt_people_arent_ready_for_the_tech
IMPORTANT MEDIA
3 Dead Trolls in a Baggie - The Privacy Song
MC Frontalot - Secrets from the Future
Series by Term
Fall 2013
This information is fuzzy and subject to change. Do not trust it.
sharvey, m4, and nguenthe are adminning this term's series
- sharvey on Why Should You Care About Privacy
- ?????? on Snowden Roundup
- yd2dong on Traffic Mixing
- ?????? on Security Proofs: How Many Joules does the NSA Have?
- ?????? on Full Disk Encryption
- ?????? on SSH
- ?????? on Tunnelling and VPNs
- ?????? on Your Wifi Network is Insecure (cover: aircrack-ng and reaver. maybe nmap and metasploit)
- Stephen Palmateer of KWLUG on Tor (vs i2p vs Freenet vs /r/darknet?)
- Sean Howard on How your ISP owns you (UW grad, ex Watsfic president, currently working for sentex.ca, knows details of Bell's network infrastructure and where the chokepoints are)
- nguenthe on OTR -- or IanG if we can get him!
- nablack and m4farrel with a security demo + open ended question session
- m4farrel on Secrets of a DDoS
- wlritchi on Reversing SBeam and pnwing ur phone
- mtrberzi on GPG, Keyservers, and You and with a keysigning party to boot
- v2buterin on Bitcoin and Bitmessage (maybe? pretty please?)
- IST Security:
- Patrick Matlock on some combination or subset of oauth, identity, data privacy (Policy 8), and web pentesting
- csrf
- script injections
- ....
- Terry Labach on safer web browsing
- Colin Bell?
- Patrick Matlock on some combination or subset of oauth, identity, data privacy (Policy 8), and web pentesting
- Sapphyre?
- Hatguy!
- ?????? on Passwords (touch on security proofs, hashapass/pwdhash, alternatives to passwords (biometrics, one time pads, challenge-response, ssh keys), NOT SHARING YOUR DAMN PASSWORDS ACROSS SITES (cite: the ps3 attack, the linkedin attack, the ....) and how to use jacktheripper)
- ?????? on Browser Fingerprinting
- ?????? on Filesystem Forensics and the Dangers of Log-Structured Data Storage (live demo!)
- ?????? on SSL: It's Broken
- ?????? on Storytime: Exporting "Munitions"
- ?????? on Stegonography
- ?????? on Digital Watermarks
- ?????? on Getting root in 5 minutes with physical access
- ?????? on What is Identity (maybe toss this out to WPIRG?) with info on how sites and overlords (facebook, google) identify you, and how to split your identity digitally
And remember kids, educational-use only
WPIRG wants to cross-promote a "privacy forum" with us. They are imagining as an expert panel + QA session, during November. Probably the ideal distribution is csc events on the technical side ("how to shot pgp", "how to make tls go", "wat is passwurd") with WPIRG on the human-scale and politics side, with advertising to both of our cohorts for all events. Some ideas for expert participants:
- Ian Goldberg (sharvey)
- Michael Geist
- ????
- Terry Labach (this sort of thing is, actually, directly within his job description)
- Marlie Moxinspike