Household INFOSEC in a Post-Sony era

06/07/2016 - 15:20 to 16:00
long talk (40 min)

Session abstract: 

The attack on Sony led to lots of talk about how they could have defended themselves. Is your household any better? Have you defence in depth? Is all that protects you a ISP's base station hasn't had an upgrade for four years? How often do you upgrade Adobe Flash on your TV? And what is it you really need to worry about in a world of internet-enabled-everything? I examine the threat model and attack vectors, going beyond "keep your PC up to date" to the new problems: smart TVs, fitness trackers, smartphone apps —even the INFOSEC issues of modern cars. In the process: whether you are publishing so much private data that worrying about laptop security is moot. Finally, it considers whether your github credentials are strategic data to nation states. After this talk you'll not only want an OSS router, you'll be packet sniffing your TV, encrypting your sensitive data off-site, and, the next time you buy a car, asking to download its ABS and near-miss event history.