Software is becoming more and more important in organizing response to all kinds of crises, whether that means activists responding to an unjust government or aid workers helping with the aftermath of a disaster. Security often isn't the first thing people think about in these situations -- they have work to get done, just like the rest of us, and many of these tools are built in the heat of the moment. In a crisis, a lack of security can make a small disaster into a big one. In this talk, we'll look at real world experiences of the security and privacy problems in the field, and how to fix them, at both large and small levels. People are using technology to try to save the world, whether in the disaster response world, or in activist or revolutionary work. Many of the people involved are not technologists. Many of the people building tools for these situations do not understand security. This is a problem because: Privacy issues for disaster response Creepy uncle Creepy government agency Gaming the aid process with crowdsourced reports Activists and revolutionaries are subject to direct attack, coercion, harrassment, etc. A few problems: People are using generic tools that don't provide the guarantees they need People are writing special-purpose tools without understanding the problem People are writing tools which intentionally subvert their users People don't understand the problems they're causing with how they use tools To fix this: Build specialist tools with a deep understanding of the real problems Get the help you need to make tools secure Ask for help Help disaster/activist ICT projects if you know your security Build security into generic tools, even if you're not planning on revolutionaries using them, because you never know when you're going to need to overthrow a government on twittter. Learn/teach about security and what it takes to use existing tools well Build a security culture in your organization
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.