Rootconf 2014

On devops and cloud infrastructure

Up next

When the Internet Bleeded

Anant Shrivastava

@anantshri

The objective of the session is

  • Provide a basic understanding of SSL / TLS related issues identified in and past year.
  • Its wide spread implications for the new age internet
  • What it means for the Developers and Administrators

Outline

The talk will talk about various TLS / SSL related bugs that are identified in past year.

  • HeartBleed
  • GNUTLS Bug
  • Apple SSL Bug
  • Lucky 13
  • BEAST
  • CRIME

These bugs have shaken the core premise of Secure communication. The talk will focus on bringing a basic understanding of these issues to the administrators or developers. Besides this the talk will also focus on some burning questions that are now raised in wild. Such as

  • How secure are secure Socket Libraries?
  • Is opensource code really secure?
  • Is it really true that “given enough eyeballs, all bugs are shallow”?
  • Should we move towards higher abstract languages?

and most important.

  • What it really means for a Administrator / DevOps person

Speaker bio

  • I am a server administrator gone rouge to become a security consultant.
  • I have spoken and trained at multiple security focused conferences like Nullcon, c0c0n, ClubHack, g0s.
  • Primarily focused towards web application security and Mobile Security.
  • Active member of Null and Garage4Hackers open security Communities.
  • Creator of Android Tamer.
  • More about me here

Links

Slides

http://www.slideshare.net/anantshri/when-the-internet-bleeded-rootconf-2014

Comments