The guide of Security Jerk

Click here to load reader

  • date post

    22-Jan-2018
  • Category

    Technology

  • view

    538
  • download

    0

Embed Size (px)

Transcript of The guide of Security Jerk

  1. 1. @CreativeConnard The Guide of Security Jerk Code of conduct is for bastards RMLL Sec 2016 Rump session
  2. 2. @CreativeConnard Previousedition Le Guide du Connard du Logiciel Libre https://2015.rmll.info/le-guide-du-connard-du-logiciel-libre
  3. 3. ~ 3 [email protected] HOW TO be a security jerk ~Developer~ ~Sysadmin~ ~Enduser~
  4. 4. ~ 4 [email protected] Developer Store passwords in base64 (or in base32 for 32bits systems) Require specific lib versions and discourage any upgrade Invent your own cryptographic algorithm
  5. 5. ~ 5 [email protected] Sysadmin export TLS_REQCERT=never (aka Malware In The Middle) Write your own Config Management (SSH for kids) Always run processes as root and disable SELINUX
  6. 6. ~ 6 [email protected] Enduser Dont trust One Time Password as is it always changing Click everywhere, IT is a game Use pastebin as password manager
  7. 7. ~ 7 [email protected] @CreativeConnard Linksforbastards @DonJon_Legacy http://donjonlegacy.com/