Rootconf 2014

On devops and cloud infrastructure

When the Internet Bleeded

Submitted by Anant Shrivastava (@anantshri) on Apr 19, 2014

Section: Full talk Technical level: Intermediate Status: Confirmed & scheduled

Abstract

The objective of the session is

  • Provide a basic understanding of SSL / TLS related issues identified in and past year.
  • Its wide spread implications for the new age internet
  • What it means for the Developers and Administrators

Outline

The talk will talk about various TLS / SSL related bugs that are identified in past year.

  • HeartBleed
  • GNUTLS Bug
  • Apple SSL Bug
  • Lucky 13
  • BEAST
  • CRIME

These bugs have shaken the core premise of Secure communication. The talk will focus on bringing a basic understanding of these issues to the administrators or developers. Besides this the talk will also focus on some burning questions that are now raised in wild. Such as

  • How secure are secure Socket Libraries?
  • Is opensource code really secure?
  • Is it really true that "given enough eyeballs, all bugs are shallow"?
  • Should we move towards higher abstract languages?

and most important.

  • What it really means for a Administrator / DevOps person

Speaker bio

  • I am a server administrator gone rouge to become a security consultant.
  • I have spoken and trained at multiple security focused conferences like Nullcon, c0c0n, ClubHack, g0s.
  • Primarily focused towards web application security and Mobile Security.
  • Active member of Null and Garage4Hackers open security Communities.
  • Creator of Android Tamer.
  • More about me here

Links

Slides

http://www.slideshare.net/anantshri/when-the-internet-bleeded-rootconf-2014

Preview video

https://www.youtube.com/watch?v=xiTf6fLnSBo

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('You need to be a participant to comment.') }}

{{ formTitle }}
{{ gettext('Post a comment...') }}
{{ gettext('New comment') }}

{{ errorMsg }}