Skip to main content

Educator, instructional technologist, tinkerer, musicmaker, hauler of bootstraps

networkeffects.ca

twitter.com/grantpotter

flickr.com/photos/grantpotter

onename.com/grantpotter

Grant Potter

http://www.csmonitor.com/World/Passcode/2017/0327/The-hackers-trying-to-build-a-hack-proof-operating-system team of Canadian security researchers set to unveil Subgraph - an OS designed to protect its users from the most common types of online attacks

Grant Potter

Grant Potter

Grant Potter

https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/ "Effective immediately, Chrome browser plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities"

Grant Potter

Tactics, Techniques, and Procedures

  • He identified peripheral web servers via Google and Linkedin searches
  • Used known WordPress flaws and custom bugs to compromise PHP sites
  • Linux authentication mechanisms were altered to capture credentials
  • Nmap was used to identify exposed network services internally
  • Corporate Wikis revealed administrative workflows and VPN details
  • Ticketing, bug tracking, and version control systems provided secrets (e.g. cryptographic keys, seeds, hashes, credentials, and source code)
  • Cookies from weak non-production instances (e.g. staging) were valid in production as cryptographic materials were the same — bypassing 2FA
  • Client certificates (exposed by email, ticketing, or lifted from filesystems) were combined with known credentials to access corporate VPNs
  • Engineering credentials were used to commit backdoors to version control which were self-approved and later deployed into production

Grant Potter

Grant Potter

Little Flocker - control access to your personal files and prevent unauthorized access by potentially malicious or snooping applications.

Little Flocker is like a firewall for your file system: It allows you to control access to your personal files and prevent unauthorized access by potentially malicious or snooping applications.

Grant Potter

Security and feudalism: Own or be pwned https://www.youtube.com/watch?v=duG55M8t0sc

Grant Potter

SPEAKE(a)R: Turn Speakers to Microphones for Fun
and Profit https://arxiv.org/pdf/1611.07350v1.pdf

Grant Potter

https://www.thestar.com/news/canada/2016/11/21/privacy-protecting-encryption-here-to-stay-documents.html .. what we are really dealing with is not so much a question of ‘privacy versus security,’ but a question of ‘security versus security.’