Abstract image of a woman sitting on books and studying on a laptop

Internet Privacy

G
Girindro Pringgo Digdo

The document discusses internet privacy issues and the importance of safeguarding personal information in a digital world filled with security risks. It highlights the limitations of common security measures and emphasizes proactive strategies such as encryption and careful information sharing. The document underlines the need for awareness and understanding of threats, advocating for a cautious approach to internet use.

Internet
Related topics:
Information Security
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Internet Privacy Secure Your Information Girindro Pringgo Digdo Information Security Researcher Bandung, May 13, 2014 Indonesia Security Incident Responses Team on Internet Infrastructure (ID-SIRTII)
whoami ● InfoSec Guy ● Over 5 years as Penetration Tester ● Instructor ● Founder of omega.or.id
Where Are We?
Where Are We? Insecure Digital World
Headline Bad News ● Gmail users have no "reasonable expectation" that their communications are confidential. http://www.theguardian.com/technology/2013/aug/14/google-gmail-users-privacy-email-lawsuit ● Microsoft has admitted that it will hand over data to the U.S. government, if properly requested, even if that data is stored somewhere other than the U.S. http://www.readwrite.com/2011/06/30/microsoft-says-it-will-give-yo
Information Security Myths ● Secure Socket Layer (SSL) will protect entire websites. ● Firewall will secure you against attack. ● No issues printed from Automatic Web Vulnerability Scanner. ● Annual Vulnerability Assessment is enough. ● Our developer has a good skill in programming. ● ?
Problems ● Difficult law enforcement in border-less world ● People can't expect privacy ● Social engineering works well due to lack of awareness makes ● Physical security ● Malware becoming more and more powerful ● Organized crime ● ?
What Should We Do? Protect Your Information
Think before you share personal information ● Read the website's privacy policy ● Do not share more than you need to ● Choose how private you want your profile or blog to be ● ?
Know the risk ● you use public internet ● you enter confidential data (eg username, password) ● you use credit/debit card at store ● ? What if :
Minimize access to your information ● Lock your computer when you are away from it. ● Access with authentication. eg bios password, account password, Encryption This prevents another person from waiting for you to leave and then sitting down at your computer and accessing all of your information.
Encryption ● Protect your confidential information ● Only available for you ● End to end encryption ✔ PGP ● Good Integrity ● ?
Encryption
Encryption ● Full Disk Encryption ● Using things that: ✔ you know ✔ you have ✔ you are ● Always called as Multi Factor Authentication
Encryption
Technology “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.” ~ Bruce Schneier
Trust But Verify Feeling Secure is Dangerous
Question? girindigdo@gmail.com girin@omega.or.id

More Related Content

PDF
Protecting Digital Economy through Vulnerability Coordination Center
Girindro Pringgo Digdo
 
PDF
Threat Modeling Using STRIDE
Girindro Pringgo Digdo
 
PDF
20171106 - Privacy Design Lab - LINDDUN
Brussels Legal Hackers
 
PPTX
Threat Modeling Lessons from Star Wars
Adam Shostack
 
PPTX
Operationalizing Threat Intelligence to Battle Persistent Actors
ThreatConnect
 
PDF
When Insiders ATT&CK!
MITRE ATT&CK
 
PPTX
Threat modeling (Hacker Stories) workshop
Ty Sbano
 
PPTX
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
 
Protecting Digital Economy through Vulnerability Coordination Center
Girindro Pringgo Digdo
 
Threat Modeling Using STRIDE
Girindro Pringgo Digdo
 
20171106 - Privacy Design Lab - LINDDUN
Brussels Legal Hackers
 
Threat Modeling Lessons from Star Wars
Adam Shostack
 
Operationalizing Threat Intelligence to Battle Persistent Actors
ThreatConnect
 
When Insiders ATT&CK!
MITRE ATT&CK
 
Threat modeling (Hacker Stories) workshop
Ty Sbano
 
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
 

What's hot (20)

PDF
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
PPTX
Maltego Webinar Slides
ThreatConnect
 
PDF
MITRE ATTACKCon Power Hour - December
MITRE - ATT&CKcon
 
PPTX
Threat Modeling Lessons From Star Wars
Adam Shostack
 
PPTX
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...
Black Duck by Synopsys
 
PDF
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
PROIDEA
 
PPTX
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Quest
 
PDF
Threat Activity Groups - Dragos
Dragos, Inc.
 
PDF
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
NCCOMMS
 
PDF
Cyber Threat hunting workshop
Arpan Raval
 
PDF
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
PDF
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE - ATT&CKcon
 
PDF
Security by Design: An Introduction to Drupal Security
Tara Arnold
 
PPTX
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
 
PDF
Developing a Threat Modeling Mindset
Robert Hurlbut
 
PDF
Blockade.io : One Click Browser Defense
RiskIQ, Inc.
 
PDF
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
PROIDEA
 
PDF
In search of unique behaviour
DefCamp
 
PDF
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
PROIDEA
 
PDF
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
Maltego Webinar Slides
ThreatConnect
 
MITRE ATTACKCon Power Hour - December
MITRE - ATT&CKcon
 
Threat Modeling Lessons From Star Wars
Adam Shostack
 
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...
Black Duck by Synopsys
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
PROIDEA
 
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Quest
 
Threat Activity Groups - Dragos
Dragos, Inc.
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
NCCOMMS
 
Cyber Threat hunting workshop
Arpan Raval
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE - ATT&CKcon
 
Security by Design: An Introduction to Drupal Security
Tara Arnold
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
 
Developing a Threat Modeling Mindset
Robert Hurlbut
 
Blockade.io : One Click Browser Defense
RiskIQ, Inc.
 
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
PROIDEA
 
In search of unique behaviour
DefCamp
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
PROIDEA
 
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
Ad

Similar to Internet Privacy (20)

PDF
Don't Diligence Information Security for Lawyers
darrentthurston
 
PPTX
Securing your digital life - Jason Addie
DataFest Tbilisi
 
PPTX
Computer Security For Activists & Everyone (Oct 2018)
Kit O'Connell
 
PPT
Basic Digital Security
Ujjwal Acharya
 
ODP
Cyber Security & User's Privacy Invasion
Isaiah Edem
 
PDF
Information security & data security | Chandan Singh Ghodela
Chandan Singh Ghodela
 
PPTX
Online Privacy & Computer Security Basics (September 2017)
Kit O'Connell
 
PDF
Google FIDO Authentication Case Study
FIDO Alliance
 
PDF
Password Overload_ Smart Ways to Manage Your Digital Keys in 2025.pdf
your techdigest
 
ODP
Hit by a Cyberattack: lesson learned
B.A.
 
PDF
Mc physics colloquium2018-03-30.-handouts
Kevin Wall
 
PPTX
Data privacy and data classification
Qasim965490
 
ODP
Cell phone security lite
cooperq
 
PDF
Google Case Study - Towards simpler, stronger authentication
FIDO Alliance
 
PPTX
Cyber Awareness 101 - essentials package for kids
sumitsiddharth6
 
PDF
Security for Data Scientists
David Arcos
 
PDF
Data security in the age of GDPR – most common data security problems
Exove
 
PDF
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
PDF
Becoming Unphishable
FIDO Alliance
 
PPTX
Computer and Cyber Security for CSEC IT Grades 11
suwayne84
 
Don't Diligence Information Security for Lawyers
darrentthurston
 
Securing your digital life - Jason Addie
DataFest Tbilisi
 
Computer Security For Activists & Everyone (Oct 2018)
Kit O'Connell
 
Basic Digital Security
Ujjwal Acharya
 
Cyber Security & User's Privacy Invasion
Isaiah Edem
 
Information security & data security | Chandan Singh Ghodela
Chandan Singh Ghodela
 
Online Privacy & Computer Security Basics (September 2017)
Kit O'Connell
 
Google FIDO Authentication Case Study
FIDO Alliance
 
Password Overload_ Smart Ways to Manage Your Digital Keys in 2025.pdf
your techdigest
 
Hit by a Cyberattack: lesson learned
B.A.
 
Mc physics colloquium2018-03-30.-handouts
Kevin Wall
 
Data privacy and data classification
Qasim965490
 
Cell phone security lite
cooperq
 
Google Case Study - Towards simpler, stronger authentication
FIDO Alliance
 
Cyber Awareness 101 - essentials package for kids
sumitsiddharth6
 
Security for Data Scientists
David Arcos
 
Data security in the age of GDPR – most common data security problems
Exove
 
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
Becoming Unphishable
FIDO Alliance
 
Computer and Cyber Security for CSEC IT Grades 11
suwayne84
 
Ad

Recently uploaded (20)

PPTX
在线订购名古屋艺术大学毕业证, buy NUA diploma学历认证失败怎么办
学历认证定制霍尔姆斯学院毕业证学位证书编号怎么查【Q微:1954292140】
 
PPTX
KSS ON CYBERSECURITY INCIDENT RESPONSE AND PLANNING MANAGEMENT.pptx
Cashmir Pangandaman
 
PDF
Top 8 Trusted Sources to Buy Verified Cash App Accounts.pdf
How To Buy Verified Cash App Accounts
 
PPTX
COPD_Management_Exacerbation_Detailed_Placeholders.pptx
4mmkp9d8xv
 
PDF
JuanConnect E-Wallet Guide for new users.pdf
reggiepongasi2
 
PPTX
Digital Project Mastery using Autodesk Docs Workshops
waliyuddin3dtech
 
PPTX
AI_Cyberattack_Solutions AI AI AI AI .pptx
zayadeen2003
 
PPTX
最新版美国埃默里大学毕业证(Emory毕业证书)原版定制文凭学历认证
澳洲拉筹伯大学成绩单【q薇1954292140】拉筹伯大学毕业证购买
 
PDF
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
PPTX
ECO SAFE AI - SUSTAINABLE SAFE AND HOME HUB
km5624
 
PDF
Virtual Guard Technology Provider_ Remote Security Service Solutions.pdf
duggempudi414
 
PDF
The_Decisive_Battle_of_Yarmuk,battle of yarmuk
aykule97
 
PPTX
Cyber Hygine IN organizations in MSME or
paramkiet
 
PDF
Course Overview and Agenda cloud security
ElsayedKowaydeh
 
PPTX
Artificial_Intelligence_Basics use in our daily life
ANUBHABPANIGRAHI3
 
PPTX
Edit gdasgdkhagfhgfgfasdghhdgfhdgfj.pptx
HuyNguynm
 
PDF
Testing & QA Checklist for Magento to Shopify Migration Success.pdf
CartCoders
 
PPSX
AI AppSec Threats and Defenses 20250822.ppsx
Robert Grupe, CSSLP CISSP PE PMP
 
PDF
How Technology Shapes Our Information Age
samarthyaarathod
 
DOCX
Powerful Ways AIRCONNECT INFOSYSTEMS Pvt Ltd Enhances IT Infrastructure in In...
Airconnect pvtltd
 
在线订购名古屋艺术大学毕业证, buy NUA diploma学历认证失败怎么办
学历认证定制霍尔姆斯学院毕业证学位证书编号怎么查【Q微:1954292140】
 
KSS ON CYBERSECURITY INCIDENT RESPONSE AND PLANNING MANAGEMENT.pptx
Cashmir Pangandaman
 
Top 8 Trusted Sources to Buy Verified Cash App Accounts.pdf
How To Buy Verified Cash App Accounts
 
COPD_Management_Exacerbation_Detailed_Placeholders.pptx
4mmkp9d8xv
 
JuanConnect E-Wallet Guide for new users.pdf
reggiepongasi2
 
Digital Project Mastery using Autodesk Docs Workshops
waliyuddin3dtech
 
AI_Cyberattack_Solutions AI AI AI AI .pptx
zayadeen2003
 
最新版美国埃默里大学毕业证(Emory毕业证书)原版定制文凭学历认证
澳洲拉筹伯大学成绩单【q薇1954292140】拉筹伯大学毕业证购买
 
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
ECO SAFE AI - SUSTAINABLE SAFE AND HOME HUB
km5624
 
Virtual Guard Technology Provider_ Remote Security Service Solutions.pdf
duggempudi414
 
The_Decisive_Battle_of_Yarmuk,battle of yarmuk
aykule97
 
Cyber Hygine IN organizations in MSME or
paramkiet
 
Course Overview and Agenda cloud security
ElsayedKowaydeh
 
Artificial_Intelligence_Basics use in our daily life
ANUBHABPANIGRAHI3
 
Edit gdasgdkhagfhgfgfasdghhdgfhdgfj.pptx
HuyNguynm
 
Testing & QA Checklist for Magento to Shopify Migration Success.pdf
CartCoders
 
AI AppSec Threats and Defenses 20250822.ppsx
Robert Grupe, CSSLP CISSP PE PMP
 
How Technology Shapes Our Information Age
samarthyaarathod
 
Powerful Ways AIRCONNECT INFOSYSTEMS Pvt Ltd Enhances IT Infrastructure in In...
Airconnect pvtltd
 

Internet Privacy

  • 1. Internet Privacy Secure Your Information Girindro Pringgo Digdo Information Security Researcher Bandung, May 13, 2014 Indonesia Security Incident Responses Team on Internet Infrastructure (ID-SIRTII)
  • 2. whoami ● InfoSec Guy ● Over 5 years as Penetration Tester ● Instructor ● Founder of omega.or.id
  • 4. Where Are We? Insecure Digital World
  • 5. Headline Bad News ● Gmail users have no "reasonable expectation" that their communications are confidential. http://www.theguardian.com/technology/2013/aug/14/google-gmail-users-privacy-email-lawsuit ● Microsoft has admitted that it will hand over data to the U.S. government, if properly requested, even if that data is stored somewhere other than the U.S. http://www.readwrite.com/2011/06/30/microsoft-says-it-will-give-yo
  • 6. Information Security Myths ● Secure Socket Layer (SSL) will protect entire websites. ● Firewall will secure you against attack. ● No issues printed from Automatic Web Vulnerability Scanner. ● Annual Vulnerability Assessment is enough. ● Our developer has a good skill in programming. ● ?
  • 7. Problems ● Difficult law enforcement in border-less world ● People can't expect privacy ● Social engineering works well due to lack of awareness makes ● Physical security ● Malware becoming more and more powerful ● Organized crime ● ?
  • 8. What Should We Do? Protect Your Information
  • 9. Think before you share personal information ● Read the website's privacy policy ● Do not share more than you need to ● Choose how private you want your profile or blog to be ● ?
  • 10. Know the risk ● you use public internet ● you enter confidential data (eg username, password) ● you use credit/debit card at store ● ? What if :
  • 11. Minimize access to your information ● Lock your computer when you are away from it. ● Access with authentication. eg bios password, account password, Encryption This prevents another person from waiting for you to leave and then sitting down at your computer and accessing all of your information.
  • 12. Encryption ● Protect your confidential information ● Only available for you ● End to end encryption ✔ PGP ● Good Integrity ● ?
  • 14. Encryption ● Full Disk Encryption ● Using things that: ✔ you know ✔ you have ✔ you are ● Always called as Multi Factor Authentication
  • 16. Technology “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.” ~ Bruce Schneier
  • 17. Trust But Verify Feeling Secure is Dangerous