SlideShare una empresa de Scribd logo

WordPress NYC: Information Security

Paul Schreiber
Paul Schreiber

Information security best practices, including: - software updates - Experimental Chrome flags - HTTPS + HSTS - ad blocking - password managers and 2FA - device and disk encryption xkcd: https://xkcd.com/538/ Password manager roundup: https://www.pcmag.com/article2/0,2817,2407168,00.asp

Tecnología
1 de 105
Descargar para leer sin conexión
Information security
Paul Schreiberpaulschreiber@gmail.com @paulschreiber
tradeoffs
continuum
average people✔
under government surveillance
under government surveillance whistleblowers
under government surveillance whistleblowers political campaigners
under government surveillance whistleblowers political campaigners activists
under government surveillance whistleblowers political campaigners activists celebrities
under government surveillance whistleblowers political campaigners activists celebrities victims of stalking and violence
password reuse✔
password reuse✔ password guessing✔
password reuse✔ password guessing✔ lost and stolen devices✔
password reuse✔ password guessing✔ lost and stolen devices✔ phishing✔
corporate espionage
corporate espionage criminal gangs
corporate espionage criminal gangs zero-day exploits
corporate espionage criminal gangs zero-day exploits Mossad, CIA, MI6, NSA
memorizing passwords
memorizing passwords
password managers
Create View Edit Delete Web Sync 2FA Mac Windows Linux iOS Android Chrome ✔ ✔ ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Firefox ✘ ✔ ✔ ✔ ✘ ✔ ✘ ✔ ✔ ✔ ✔ ✔ Safari ✔ ✔ ✔ ✔ ✘ ✔ ✔ ✔ ✘ ✘ ✔ ✘ browser password management
Preferences > Passwords
chrome://flags
chrome://settings/passwords
about:preferences#privacy
security questions
“security” questions
know
are
have
yubico.com/gafw/ 50% off
turnon2fa.com
twofactorauth.org
dongleauth.info
chrome://flags
HTTP1991–2016
HTTP1991–2016
HTTPS
HSTS
hstspreload. appspot.com
wordpress.org/ plugins/ two-factor/
wordpress.org/ plugins/ google-apps-login/
securityheaders.io
report-uri.io
cspisawesome.com
ssllabs.com/ ssltest/
observatory. mozilla.org
Many graphics from The Noun Project Computer by Azis; Credit card Gonzalo Bravo; Email by Bryn Taylor; Fingerprint by Ben Davis; Lock with keyhole by Brennan Novak; Nokia 3310 by Stan Fisher; Notification by vijay sekhar; Server by Yazmin Alanis; Shield by Wayne Thayer; Spy by Alen Krummenacher; Tombstone by Jakob Wells; iPhone by Ross Sokolovski.

Recomendados

Brooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital securityBrooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital security
Paul Schreiber
 
WordCamp for Publishers: Security for Newsrooms
WordCamp for Publishers: Security for NewsroomsWordCamp for Publishers: Security for Newsrooms
WordCamp for Publishers: Security for Newsrooms
Paul Schreiber
 
CreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folksCreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folks
Paul Schreiber
 
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacyTehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Mohammad Reza Kamalifard
 
How to keep Your Gadgets Safe When Travelling
How to keep Your Gadgets Safe When TravellingHow to keep Your Gadgets Safe When Travelling
How to keep Your Gadgets Safe When Travelling
Danae Rosville
 
Usable security
Usable securityUsable security
Usable security
Rachel Ilan Simpson
 
screen banners
screen bannersscreen banners
screen banners
Gina Davidson
 
Security & privacy on the internet: things you should now
Security & privacy on the internet: things you should nowSecurity & privacy on the internet: things you should now
Security & privacy on the internet: things you should now
Mediaraven vzw
 

Recomendados

Brooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital securityBrooklyn Soloists: personal digital security
Brooklyn Soloists: personal digital security
Paul Schreiber
 
WordCamp for Publishers: Security for Newsrooms
WordCamp for Publishers: Security for NewsroomsWordCamp for Publishers: Security for Newsrooms
WordCamp for Publishers: Security for Newsrooms
Paul Schreiber
 
CreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folksCreativeMornings FieldTrip: information security for creative folks
CreativeMornings FieldTrip: information security for creative folks
Paul Schreiber
 
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacyTehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Tehlug 26 Nov 2013 Hackers,Cyberwarfare and Online privacy
Mohammad Reza Kamalifard
 
How to keep Your Gadgets Safe When Travelling
How to keep Your Gadgets Safe When TravellingHow to keep Your Gadgets Safe When Travelling
How to keep Your Gadgets Safe When Travelling
Danae Rosville
 
Usable security
Usable securityUsable security
Usable security
Rachel Ilan Simpson
 
screen banners
screen bannersscreen banners
screen banners
Gina Davidson
 
Security & privacy on the internet: things you should now
Security & privacy on the internet: things you should nowSecurity & privacy on the internet: things you should now
Security & privacy on the internet: things you should now
Mediaraven vzw
 
How passwords are costly
How passwords are costlyHow passwords are costly
How passwords are costly
Andy32903
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
Jarrod Overson
 
The Life of Breached Data & The Dark Side of Security
The Life of Breached Data & The Dark Side of SecurityThe Life of Breached Data & The Dark Side of Security
The Life of Breached Data & The Dark Side of Security
Jarrod Overson
 
Unmasking You
Unmasking YouUnmasking You
Unmasking You
Joshua Abraham
 
Ghostery Data Privacy Day 2014
Ghostery Data Privacy Day 2014Ghostery Data Privacy Day 2014
Ghostery Data Privacy Day 2014
Ghostery
 
Cyber crime introduction awareness program at st. xavier
Cyber crime introduction awareness program at st. xavierCyber crime introduction awareness program at st. xavier
Cyber crime introduction awareness program at st. xavier
Mo Han
 
The Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyThe Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet Privacy
eBoost Consulting
 
12990739.ppt
12990739.ppt12990739.ppt
12990739.ppt
MuhammadShahidulIsla8
 
Computer security and malware by shahzad younas
Computer security and malware by shahzad younasComputer security and malware by shahzad younas
Computer security and malware by shahzad younas
Shahzad Younas
 
Beyond The Padlock: New Ideas in Browser Security UI
Beyond The Padlock: New Ideas in Browser Security UIBeyond The Padlock: New Ideas in Browser Security UI
Beyond The Padlock: New Ideas in Browser Security UI
mozilla.presentations
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Neelu Tripathy
 
BigWP live blogs
BigWP live blogsBigWP live blogs
BigWP live blogs
Paul Schreiber
 
VIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development TeamsVIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development Teams
Paul Schreiber
 
BigWP Security Keys
BigWP Security KeysBigWP Security Keys
BigWP Security Keys
Paul Schreiber
 
WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPS
Paul Schreiber
 
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPSNICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
Paul Schreiber
 
WordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPSWordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPS
Paul Schreiber
 
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPSBigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
Paul Schreiber
 
Delivering the news over HTTPS
Delivering the news over HTTPSDelivering the news over HTTPS
Delivering the news over HTTPS
Paul Schreiber
 
Web Scraping with Python
Web Scraping with PythonWeb Scraping with Python
Web Scraping with Python
Paul Schreiber
 
D'oh! Avoid annoyances with Grunt.
D'oh! Avoid annoyances with Grunt.D'oh! Avoid annoyances with Grunt.
D'oh! Avoid annoyances with Grunt.
Paul Schreiber
 
Getting to Consistency
Getting to ConsistencyGetting to Consistency
Getting to Consistency
Paul Schreiber
 

Más contenido relacionado

Similar a WordPress NYC: Information Security

Ghostery Data Privacy Day 2014
Ghostery Data Privacy Day 2014Ghostery Data Privacy Day 2014
Ghostery Data Privacy Day 2014
Ghostery
 
The Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyThe Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet Privacy
eBoost Consulting
 

Similar a WordPress NYC: Information Security (11)

How passwords are costly
How passwords are costlyHow passwords are costly
How passwords are costly
 
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycleThe life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
 
The Life of Breached Data & The Dark Side of Security
The Life of Breached Data & The Dark Side of SecurityThe Life of Breached Data & The Dark Side of Security
The Life of Breached Data & The Dark Side of Security
 
Unmasking You
Unmasking YouUnmasking You
Unmasking You
 
Ghostery Data Privacy Day 2014
Ghostery Data Privacy Day 2014Ghostery Data Privacy Day 2014
Ghostery Data Privacy Day 2014
 
Cyber crime introduction awareness program at st. xavier
Cyber crime introduction awareness program at st. xavierCyber crime introduction awareness program at st. xavier
Cyber crime introduction awareness program at st. xavier
 
The Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyThe Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet Privacy
 
12990739.ppt
12990739.ppt12990739.ppt
12990739.ppt
 
Computer security and malware by shahzad younas
Computer security and malware by shahzad younasComputer security and malware by shahzad younas
Computer security and malware by shahzad younas
 
Beyond The Padlock: New Ideas in Browser Security UI
Beyond The Padlock: New Ideas in Browser Security UIBeyond The Padlock: New Ideas in Browser Security UI
Beyond The Padlock: New Ideas in Browser Security UI
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

Más de Paul Schreiber

Más de Paul Schreiber (15)

BigWP live blogs
BigWP live blogsBigWP live blogs
BigWP live blogs
 
VIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development TeamsVIP Workshop: Effective Habits of Development Teams
VIP Workshop: Effective Habits of Development Teams
 
BigWP Security Keys
BigWP Security KeysBigWP Security Keys
BigWP Security Keys
 
WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPS
 
NICAR delivering the news over HTTPS
NICAR delivering the news over HTTPSNICAR delivering the news over HTTPS
NICAR delivering the news over HTTPS
 
WordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPSWordCamp US: Delivering the news over HTTPS
WordCamp US: Delivering the news over HTTPS
 
BigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPSBigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPS
 
Delivering the news over HTTPS
Delivering the news over HTTPSDelivering the news over HTTPS
Delivering the news over HTTPS
 
Web Scraping with Python
Web Scraping with PythonWeb Scraping with Python
Web Scraping with Python
 
D'oh! Avoid annoyances with Grunt.
D'oh! Avoid annoyances with Grunt.D'oh! Avoid annoyances with Grunt.
D'oh! Avoid annoyances with Grunt.
 
Getting to Consistency
Getting to ConsistencyGetting to Consistency
Getting to Consistency
 
Junk Mail
Junk MailJunk Mail
Junk Mail
 
EqualityCamp: Lessons learned from the Obama Campaign
EqualityCamp: Lessons learned from the Obama CampaignEqualityCamp: Lessons learned from the Obama Campaign
EqualityCamp: Lessons learned from the Obama Campaign
 
Mac Productivity 101
Mac Productivity 101Mac Productivity 101
Mac Productivity 101
 
How NOT to rent a car
How NOT to rent a carHow NOT to rent a car
How NOT to rent a car
 

Último

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

WordPress NYC: Information Security