Más contenido relacionado
Security is Everyone's Responsibility
- 21. STREAM CIPHER
KEY (SEED)
7894
KEY STREAM (PRNG)
ILOVEBT
OUTPUT
JUTVHKZ
#btsec
1950396
INPUT
- 22. HOW TO GET A
SHARED
SECRET
WITH THIS ONE WEIRD TRICK
#btsec
- 35. var lastTime = 0;!
function loop(time) {!
var delay = time – lastTime;!
var fps = 1000/delay;!
console.log(delay + ‘ ms’ + ‘ fps: ‘ + fps);!
updateAnimation();!
requestAnimationFrame(loop);!
lastTime = time;!
}!
requestAnimationFrame(loop);
#btsec
TIMING ATTACK
- 36. #btsec
TIMING ATTACK
<filter id="threshold" color-interpolation-filters="sRGB">!
<feColorMatrix type="matrix" !
values="0.333 0.333 0.333 0 -.16!
0.333 0.333 0.333 0 -.16!
0.333 0.333 0.333 0 -.16!
0 0 0 0 1" />!
<feComponentTransfer>!
<feFuncR type="discrete" tableValues="1 0" />!
<feFuncG type="discrete" tableValues="1 0" />!
<feFuncB type="discrete" tableValues="1 0" />!
</feCompnentTransfer>!
</filter>!
- 47. HTTP Strict Transport Security (HSTS)
Strict-Transport-Security: max-age=63072000
response.headers[‘Strict-Transport-Security’] =
‘max-age=63072000'
header(“Strict-Transport-Security: max-age=
63072000”);
#btsec
- 48. RECAP
PROBLEM: HTTP Sucks
SOLUTION: Use SSL or a VPN! (TLS)
SOLUTION: Use X-FRAME-OPTIONS: SAMEORIGIN
#btsec
PROBLEM: IFRAMES suck
PROBLEM: SSL Sucks!
SOLUTION: Use HSTS headers