When the Internet Bleeded
Submitted by Anant Shrivastava (@anantshri) on Saturday, 19 April 2014
Section: Full talk Technical level: Intermediate Status: Confirmed & Scheduled
The objective of the session is
- Provide a basic understanding of SSL / TLS related issues identified in and past year.
- Its wide spread implications for the new age internet
- What it means for the Developers and Administrators
The talk will talk about various TLS / SSL related bugs that are identified in past year.
- GNUTLS Bug
- Apple SSL Bug
- Lucky 13
These bugs have shaken the core premise of Secure communication. The talk will focus on bringing a basic understanding of these issues to the administrators or developers. Besides this the talk will also focus on some burning questions that are now raised in wild. Such as
- How secure are secure Socket Libraries?
- Is opensource code really secure?
- Is it really true that "given enough eyeballs, all bugs are shallow"?
- Should we move towards higher abstract languages?
and most important.
- What it really means for a Administrator / DevOps person
- I am a server administrator gone rouge to become a security consultant.
- I have spoken and trained at multiple security focused conferences like Nullcon, c0c0n, ClubHack, g0s.
- Primarily focused towards web application security and Mobile Security.
- Active member of Null and Garage4Hackers open security Communities.
- Creator of Android Tamer.
- More about me here