2024-04-20 13:50:27 +02:00
|
|
|
|
<!-- .slide: data-background="./img/copertina.png" -->
|
|
|
|
|
|
|
|
|
|
## Autodifesa<br/>digitale
|
|
|
|
|
|
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
A big thanks to the <br/>[_TO hacklab](https://autistici.org/underscore) <br/>for the source of this presentation.
|
2024-04-20 13:50:27 +02:00
|
|
|
|
<footer>
|
|
|
|
|
<small>
|
2024-04-20 15:59:41 +02:00
|
|
|
|
You can find the slides at
|
|
|
|
|
[LEZZO.org/smash-the-firewall](https://lezzo.org/smash-the-firewall/)
|
|
|
|
|
<p xmlns:cc="http://creativecommons.org/ns#" ><a href="https://creativecommons.org/licenses/by-nc-sa/4.0/?ref=chooser-v1" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY-NC-SA 4.0</a></p>
|
2024-04-20 13:50:27 +02:00
|
|
|
|
</small>
|
|
|
|
|
</footer>
|
|
|
|
|
|
|
|
|
|
--
|
|
|
|
|
|
2024-04-24 13:58:22 +02:00
|
|
|
|
## Goal
|
2024-04-20 15:59:41 +02:00
|
|
|
|
- When you leave the squat, you should have a better idea of what it means to defend yourself when you have a digital presence.
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
2024-04-24 13:58:22 +02:00
|
|
|
|
<br>
|
2024-04-20 15:59:41 +02:00
|
|
|
|
- The slides are meant to be used as a web resource, so there is a lot of text. I'll try not to read ¯\_(ツ)_/¯
|
2024-04-24 15:04:34 +02:00
|
|
|
|
- Cyberattacks will be mentioned during the presentation. Feel free to ask for details.
|
|
|
|
|
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
|
|
|
|
--
|
|
|
|
|
|
2024-04-24 13:58:22 +02:00
|
|
|
|
### Why
|
|
|
|
|
- There is no such thing as 100% protection
|
|
|
|
|
<br>
|
|
|
|
|
- There is no one size fits all solution
|
|
|
|
|
<br>
|
|
|
|
|
- Cybersecurity means mitigating the potential dangers your
|
|
|
|
|
online actions might create
|
|
|
|
|
<br>
|
|
|
|
|
- Techniques that are beneficial in one situation might pose risks in
|
|
|
|
|
another
|
|
|
|
|
<br>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
### Threat model
|
|
|
|
|
You can't protect yourself from what you're not aware of.
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
- **Who is my enemy?<!-- .element: class="red"-->** (my parents, my significant other, my employer, interpol, the freemasonry 𓁿)
|
|
|
|
|
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
|
|
|
|
|
<!-- .element: class="fragment" -->
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
- **What am I protecting?**<!-- .element: class="red"--> (my identity, my sexual preferences, my ideas, my spicy text ㆆ _ ㆆ)
|
|
|
|
|
<!-- .element: class="fragment" -->
|
|
|
|
|
|
|
|
|
|
- **How can I be attacked?**<!-- .element: class="red"--> i.e. my threat categories =͟͟͞͞(꒪ᗜ꒪‧̣̥̇)
|
|
|
|
|
<!-- .element: class="fragment" -->
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
|
|
|
|
--
|
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
### Practical example 1
|
|
|
|
|
<p style="color:green;">Selling pot in high school</p>
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
Who is my enemy?
|
|
|
|
|
- Law Enforcement
|
2024-04-20 13:50:27 +02:00
|
|
|
|
<!-- .element: class="fragment" -->
|
2024-04-20 15:59:41 +02:00
|
|
|
|
- The school
|
|
|
|
|
<!-- .element: class="fragment" -->
|
|
|
|
|
- My parents
|
2024-04-20 13:50:27 +02:00
|
|
|
|
<!-- .element: class="fragment" -->
|
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
What am I protecting?
|
|
|
|
|
- My parents
|
|
|
|
|
<!-- .element: class="fragment" -->
|
|
|
|
|
- My friends and buyers
|
|
|
|
|
<!-- .element: class="fragment" -->
|
|
|
|
|
- My future
|
|
|
|
|
<!-- .element: class="fragment" -->
|
|
|
|
|
|
|
|
|
|
notes: proporre una riflessione collettiva su uno scenario
|
|
|
|
|
|
2024-04-20 13:50:27 +02:00
|
|
|
|
--
|
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
### Threat categories
|
|
|
|
|
A framework to answer the question "how can I be attacked?"
|
|
|
|
|
![](./img/bearattack.jpg)
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
--
|
|
|
|
|
|
|
|
|
|
### Spoofing
|
|
|
|
|
The act to violate **authenticity**. Examples:
|
|
|
|
|
|
2024-04-24 13:58:22 +02:00
|
|
|
|
- Forgery of documents
|
|
|
|
|
- Web phishing
|
|
|
|
|
- Email spoofing, the act to fake the sender
|
2024-04-20 15:59:41 +02:00
|
|
|
|
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
|
|
|
|
--
|
|
|
|
|
|
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
### Tampering
|
2024-04-24 13:58:22 +02:00
|
|
|
|
The act to violate **integrity** of data. Examples:
|
|
|
|
|
|
|
|
|
|
- Graffiti
|
|
|
|
|
- Man in the middle attacks
|
|
|
|
|
- Web defacing
|
|
|
|
|
- Double spending w.r.t. blockchain networks
|
2024-04-20 15:59:41 +02:00
|
|
|
|
|
|
|
|
|
--
|
|
|
|
|
|
|
|
|
|
### Information Disclosure
|
|
|
|
|
|
|
|
|
|
The act to violate **confidentiality**. Examples:
|
|
|
|
|
|
2024-04-24 13:58:22 +02:00
|
|
|
|
- Whistleblowing
|
|
|
|
|
- Revenge porn
|
|
|
|
|
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
--
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Denial of Service
|
|
|
|
|
|
|
|
|
|
The act to violate **availability**. Examples:
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
2024-04-24 13:58:22 +02:00
|
|
|
|
- Denial of service attacks
|
|
|
|
|
- Ticket scalping
|
|
|
|
|
|
2024-04-20 13:50:27 +02:00
|
|
|
|
|
|
|
|
|
--
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2024-04-20 15:59:41 +02:00
|
|
|
|
### Elevation of privileges
|
|
|
|
|
|
|
|
|
|
The act to violate **authorization**. Examples:
|
|
|
|
|
|
2024-04-24 13:58:22 +02:00
|
|
|
|
- Jailbreaking
|
|
|
|
|
- Card cloning
|
2024-04-20 15:59:41 +02:00
|
|
|
|
|
|
|
|
|
--
|
2024-04-24 13:58:22 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Repudiation
|
|
|
|
|
The act of denying or disavowing responsibility for an incident or
|
|
|
|
|
security breach. <br> In other words: claiming that you didn't do something
|
|
|
|
|
or were not responsible. Examples:
|
|
|
|
|
|
|
|
|
|
- Cooking the books
|
|
|
|
|
- Deleting log entries
|