the guide of security jerk
TRANSCRIPT
@CreativeConnard
The Guideof Security
Jerk
Code of conduct is for bastards
RMLL Sec 2016 – Rump session
@CreativeConnard
Previous edition
Le Guide du Connard du Logiciel Libre
https://2015.rmll.info/le-guide-du-connard-du-logiciel-libre
~ 3 ~@CreativeConnard
HOW TObe a security jerk
~ Developer ~
~ Sysadmin ~
~ End user ~
~ 4 ~@CreativeConnard
Developer
Store passwords in base64 (or in base32 for 32bits systems)※Require specific lib versions and discourage any upgrade※
Invent your own cryptographic algorithm※
~ 5 ~@CreativeConnard
Sysadmin
export TLS_REQCERT=never (aka Malware In The Middle)※Write your own Config Management (SSH for kids)※
Always run processes as root and disable SELINUX※
~ 6 ~@CreativeConnard
End user
Don’t trust One Time Password as is it always changing※Click everywhere, IT is a game※
Use pastebin as password manager※
~ 7 ~@CreativeConnard
@CreativeConnard
Links for bastards
@DonJon_Legacyhttp://donjonlegacy.com/