## Smash
for the source of this presentation.
--
## Goal
- When you leave the squat, you should have a better idea of what it means to defend yourself when you have a digital presence.
- The slides are meant to be used as a web resource, so there is a lot of text. I'll try not to read ¯\_(ツ)_/¯
- Cyberattacks will be mentioned during the presentation. Feel free to ask for details.
--
### Why
- There is no such thing as 100% protection
- There is no one size fits all solution
- Cybersecurity means mitigating the potential dangers your
online actions might create
- Techniques that are beneficial in one situation might pose risks in
another
--
### Threat model
You can't protect yourself from what you're not aware of.
- **Who is my enemy?** (my parents, my significant other, my employer, interpol, the freemasonry 𓁿)
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
- **What am I protecting?** (my identity, my sexual preferences, my ideas, my spicy text ㆆ _ ㆆ)
- **How can I be attacked?** i.e. my threat categories =͟͟͞͞(꒪ᗜ꒪‧̣̥̇)
--
### Practical example
Selling pot in high school
Who is my enemy? - Law Enforcement - The school - My parents What am I protecting? - My parents - My friends and buyers - My future notes: proporre una riflessione collettiva su uno scenario -- ### Threat categories A framework to answer the question "how can I be attacked?" ![](./img/bearattack.jpg) -- ### Spoofing The act to violate **authenticity**. Examples: - Forgery of documents - Web phishing - Email spoofing, the act to fake the sender -- ### Tampering The act to violate **integrity** of data. Examples: - Graffiti - Man in the middle attacks - Web defacing - Double spending w.r.t. blockchain networks -- ### Information Disclosure The act to violate **confidentiality**. Examples: - Whistleblowing - Revenge porn -- ### Denial of Service The act to violate **availability**. Examples: - Denial of service attacks - Ticket scalping -- ### Elevation of privileges The act to violate **authorization**. Examples: - Jailbreaking - Card cloning -- ### Repudiation The act of denying or disavowing responsibility for an incident or security breach.