Paweł Ngei

What is this
meeting about?

https://slides.com/
pawelngei/
cryptoparty-2020-en/

Who is 'a hacker'?

CC-BY-NC Brian Klug

hacker

CC-BY-NC Rain Rabbit

Conor Russomanno

maker

CC-BY-NC-SA Adafruit Industries

Limor Fried

hacktivist

CC-BY-NC-ND Yann Beauson

cybercriminal

Copyright

Legal ≠ Ethical

CC0

Copyleft!

How to support artists?

Software
Does it always require a license?

Yes

Źródło: Prawo Kultury

Free Software

Freedom to

run
study
redistribute
improve

Strong passphrases
are a must

Cybersecurity

What is not protected
by a passphrase
is free for the taking

Locking your screen

Windows  +    L

Ctrl   +   Command   +   Q

Convenience

the biggest threat
to security

Źródło własne

The most popular Polish passphrases

46818  123456
16682  qwerty
13093  123456789
10138  12345
10113  zaq12wsx
 6538  polska
 6220  111111
 5774  1234
 5182  misiek
 4776  monika
 4418  marcin
 4369  12345678
 4240  mateusz
 4108  123qwe
 4086  123

No one will guess this is my actual Facebook password.

Long

Unique

Non-obvious

Password wallets

KeePassXC

Pay for the cloud passwords

Multi Factor Authentication

sms

code

key

Google Auth CC BY-SA 4.0 Smorteza

YubiKey CC BY 2.0 Tony Webster

SMS App CC BY-SA 4.0 Silenzefx

Z Yeah so if you ever need info about anyone at Harvard

Z Just ask.

Z I have over 4,000 emails, pictures, addresses, Social Network      Services

 

 What? How'd you manage that one? F

Z People just submitted it. 

Z I don't know why. 

Z They "trust me" 

Z Dumb fucks.

Źródło: http://www.businessinsider.com/well-these-new-zuckerberg-ims-wont-help-facebooks-privacy-problems-2010-5

Mark Zuckerberg

Photo CC-BY Anthony Quintano

if you don't pay for a service,
you are its product, not a client

alxd
after blue_beetle

Terms and conditions

問日結幸臣編線験務得見音訴。見本変山養晴会京能月相必造阪。着否金策男化用気赤追入生政左変。力増木書帰日普望和含紛族楽。用植記避甲敗掲合流時銀瞬国議列続土特付推。写費職主盗安賞比館索課様。人血歌相家小定下完覧黒扶勢禁。負際信三局負阪捕父題量発上債大文活。弁校阻選完事球環演宗達消橋。東町上覧素楽告店題訃明税格真加署。

夏見読気舞犠習離場社断高僕善祈行。三阪根社彦供却理気請能者夜。禁待変治圏帯今面旬変民代視変分県。射加給作試力稿知最遺撃社己稿。記全歴議処変同意道者京根覧迫男表風海権国。同体方報紹活敏店野稿分給刊敵稿鈴意技。載体災暮辞稿著勝在読出軽米届論営。学灯込見表転戸素殺入判権入季刈追。一研搬分談期点邦将込戒作。

公映火料短審月命贈手去責。動月下府載空面辺亀品竹第作。社軽中今固組図梨平自日後防。権来軸問済手時査開役形意緑明抗前。険標線詳女建端事厚掲教競聞夫韓。院味並右見芸発図株無落神現見縦隠。乗属稿出声育棋写転売物京化型。米断聞格載評卵電岡全討一情。掲内悔影次江続民派郎月少展作。経決毎治教四照近断増笑保信。

午齢稿売属庭西比木信各立組日作給。確良期活確着運来屋平母東調。能芸話著諭藤件間局結程騰戒画覧賞増置供男。肉展史属種画形計省最松一想得聴聞。強本述療季園成購田変週目名思探山弘根釣。青浜井念属票全目長聞互面将。密提境森家料事側情終緒省育決要雪官。経化科局握視届提載農所作。稿庭調航約約申雄日恒打没段角呼記宰大態。

profiling

 

ads

 

data mining

Zdjęcie CC-BY bookcatalog

microtargeting

Mozilla Firefox

uBlock Origin

Spying on the net

what are all those cookies?

Videoconferencing
Meet Jitsi

Melissa Bour 

Copyright by Melissa Bour 

The Streisand Effect

Copyright (C) 2002 Kenneth & Gabrielle Adelman, California Coastal Records Project

Do I really want to share this?

CC-BY-NC-SA Emilio Quintana

Multiple accounts

When your sensitive data
is leaked

1. Service administrator

3. Police

0. Asking for deletion

2. Hosting company

CC0

GDPR

Cyber crime

CC BY-NC-ND 72388119@N00

Conning & phishing

CC BY-SA by Kleuske

From: me <alxd@alxd.org>
To: me <alxd@alxd.org>
Subject: Security Warning. Third party accessed to alxd@alxd.org.

Hello!

I'm is very good coder.
I am known by my nickname nikolaus94.
I hacked this mailbox more than six months ago, 
through it I infected your operating system with a virus (trojan)
created by me and have been spying for you a very long time.

I understand it is hard to believe, but you can check it yourself.
I'm sent this e-mail from your account. Try it yourself. 

Even if you changed the password after that - it does not matter,
my virus intercepted all the caching data on your computer
and automatically saved access for me.

email sender data

mbanḳ

and other homoglyphs

0 ≠ O

w ≠ vv

a ≠ a

d ≠ d

infected attachments

CC BY-SA 4.0 Leoncastro

CC BY-SA 4.0 Gnome

.zip

.exe

Anti-virus software effectiveness?

spying antivirus

Source: Forbes

Viruses & ransomware

Regular backups

Botnets

CC BY-SA-NC tom-b

Man in the middle

HTTP & HTTPS

secure connection
not only to your bank

Syncing on by default

Global accounts

Telekonferencje
Meet Jitsi

Signal

if you don't pay for a service,
you are its product, not a client

alxd
after blue_beetle

What now?

1. Start using Firefox and two addons:

uBlock Origin, Privacy Badger

2. Install KeePassXC and change all your repeating pass-phrases to at least 20 characters long. Make a backup.

3. Star making backups of the most important data.
External HD, your own OwnCloud is a good solution.

Need more?

https://slides.com/
pawelngei/cryptoparty-2020-en
/

Cryptoparty 2021

By Pawel Ngei

Cryptoparty 2021

English version of Cryptoparty: cybersecurity basics, 90 min

  • 1,478