[Reproducible-commits] [presentations] 02/10: FOSDEM15: kill some words and the hypothetical computer
Jérémy Bobbio
lunar at moszumanska.debian.org
Thu Jan 29 01:43:02 UTC 2015
This is an automated email from the git hooks/post-receive script.
lunar pushed a commit to branch master
in repository presentations.
commit c0f2539fe227f2b448a5fe2d61db9b783ea363b2
Author: Jérémy Bobbio <lunar at debian.org>
Date: Thu Jan 29 02:20:12 2015 +0100
FOSDEM15: kill some words and the hypothetical computer
---
2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn | 54 ++++++++++------------------
1 file changed, 19 insertions(+), 35 deletions(-)
diff --git a/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn b/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn
index 2b54d73..b079132 100644
--- a/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn
+++ b/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn
@@ -57,45 +57,29 @@ But I'm the developer!
But the build machines are secure
---------------------------------
- * How you can be sure this is the case?
+ * How can you be sure?
Unpleasant thoughts
-------------------
- * We think of software development as a fundamentally benign activity. “I'm not that interesting.”
- * But attackers target a project's users through its developers
- * See Dullien “Offensive work and addiction” (2014)
- * Known successful attacks against infrastructure used by Linux (2003), FreeBSD (2013)
-
-Single points of failure
-------------------------
-
- * Imagine the most secure computer in the world...
-
-Single points of failure
-------------------------
-
- * Can that computer still remain secure if:
- * It is networked?
- * It is mobile or is physically accessible by others?
- * It regularly has arbitrary USB devices connected?
- * It must run Windows (in a VM)?
- * It regularly runs unauthenticated HTML+JS?
- * Several nation-states want access to it?
-
-Single points of failure
-------------------------
-
- * What if:
- * Compromising that one computer gave access to:
- * Hundreds of millions of other computers?
- * Every bank account in the world?
- * Every Windows computer in the world?
- *Every Linux server in the world?
- * Compromising that computer was worth:
- * $100k USD? (Market price of remote 0day)
- * $100M USD? (Censorship budget of Iran/yr)
- * $4B USD? (Bitcoin market cap)
+ * We think of software development as a fundamentally benign activity.
+ - “*I'm not that interesting.*”
+ * Users can be targeted through developers
+ * Known successful attacks against infrastructure used by Linux (2003),
+ FreeBSD (2013)
+
+Strong motivations
+------------------
+
+ * Compromise one computer to get:
+ - Hundreds of millions of other computers?
+ - Every bank account in the world?
+ - Every Windows computer in the world?
+ - Every Linux server in the world?
+ * Compromise one computer is worth:
+ - $100k USD? (Market price of remote 0day)
+ - $100M USD? (Censorship budget of Iran per year)
+ - $4B USD? (Bitcoin market cap)
How small can a backdoor be?
----------------------------
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/presentations.git
More information about the Reproducible-commits
mailing list