Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Saturday, October 20, 2012

SUMIT 2012 - Security at U of M IT

Yesterday was a lot of fun: I attended the SUMIT security conference at the University of Michigan. This is an annual conference, and every year I'm reinvigorated to learn more about security. The guy next to me was showing me Droidsheep on his Galaxy Tab, and successfully intercepted another attendee's Facebook connection over the open wireless. We made an innocuous post on his wall touting the conference.

Some interesting things I learned:

  • I NEED to start playing with the Backtrack Linux distro. 
  • I now have zero faith in the security of unencrypted files stored on computers that are connected to the internet. The hackers are too good, and too numerous. I wonder what will happen when no one can rely on proof of identity anymore? When everyone's identity is out there, how can any agreements be trusted that aren't made in person? I asked the group I was with that question, and they immediately said biometric devices, but that's just another digital system that can and will be manipulated.
  • On your network, you should block any outgoing UDP traffic where the sender's address is not within your network (in other words, spoofed). Evidently, this act is considered just being a good netizen. This prevents many different kinds of attacks that use spoofed UDP packets from being perpetrated from your network.
  • I never thought about it before, but I wonder what Google thinks of all of the insecure Android devices out in the public? Think about it: If you own an Android device (and you're not rooted) you don't get updates for Google's OS until your carrier releases them. I'm on Sprint and I've only had Ice Cream Sandwich for 2 months! I've now found a very wonderful reason to root my phone: security! Isn't that ironic?
  • There was a presenter from the ACLU speaking about how easy and pervasive wiretapping is now. Cellphone companies track your every movement, sure. We all know this. But do you know how long the different companies keep your data? AT&T is the worst offender at 3 years. How many requests from law enforcement were made last year? Something like 1.5 million!

No comments:

Post a Comment