Now back in HD: the CloudFlare Cryptography Meetup.
We're hosting another Cryptography meetup on April 21, 2016. Come and hear talks by industry experts on cryptography and hang out with the Bay Area crypto community at CloudFlare HQ.
Brian Warner: magic-wormhole
"magic-wormhole" is a simple tool to move files from one computer to another, like "scp" but without the setup. By telling the recipient justa few secret words, the file is safely encrypted and delivered directly to the correct machine. The talk will explain the security mechanics, the cryptography (NaCl and SPAKE2), and how to use the underlying open-source library in your own applications.
Brian Warner is a security engineer and software developer, having worked at Mozilla on Firefox Sync, the Add-On SDK, and Persona. He is co-founder of the Tahoe-LAFS distributed secure filesystem, and develops secure storage and communication tools.
Zakir Durumeric: Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security
Is your email being sent in the clear? While PGP and S/MIME provide end-to-end encrypted mail, most users have yet to adopt these practices, and for users who have, metadata, such as the subject, sender, and recipient, remain visible everywhere along a message’s path. SMTP—the ubiquitous mail transport protocol—has evolved over the years to add encryption and authentication, both of which take place behind the scenes and help guard against surveillance and spam. While these features are being increasingly deployed, our research shows that they are almost always configured in vulnerable ways—the details of which are hidden from the users sending and receiving mail. Even more disturbingly, these vulnerabilities are being widely exploited in the wild: in seven countries, more than 20% of inbound Gmail messages are downgraded to cleartext by network-based attacks. In the most severe case, 96% of messages sent from Tunisia to Gmail are downgraded to cleartext. In this talk, I’ll introduce protocols used to protect SMTP and and describe the current state of mail security on the Internet. I'll describe several commonly occurring attacks, weaknesses in the protocols we're using and recent proposals for helping secure email transport.
Zakir Durumeric is a Ph.D. Candidate in Computer Science and Engineering at the University of Michigan and Google Ph.D. Fellow in Computer Security. His research focuses on network security, particularly how global network measurement can improve the security of heterogeneous distributed systems. Zakir is widely known for creating ZMap—the Internet-wide network scanner capable of scanning the entire public IPv4 address space in minutes—and Censys—the search engine that allows researchers to analyze the devices that compose the public Internet. His work has been awarded numerous distinctions, including the IRTF Applied Networking Research Prize and best paper awards from USENIX Security, ACM Conference on Computer and Communications Security, and ACM Internet Measurement Conference. He was named one of this year's MIT Technology Review’s 35 Innovators under 35.
Whitney Merrill: Encrypt All the Things!
How does encryption, the user, and the law function? I'll break down the interesting issues surrounding the law and encryption. I'll briefly discuss the 1st, 4th, and 5th Amendments and break down why the All Writs Act is everything anyone wants to talk about.
Whitney Merrill is an attorney at the Federal Trade Commission in San Francisco, California where she works on consumer protection issues involving false advertising, deception, privacy, and data security. She received her Masters in Computer Science from the University of Illinois at Urbana-Champaign and her law degree from the University of Illinois College of Law. She specializes in information security, computer crime, privacy, surveillance, and Internet law. Her graduate research focused on Android privacy, digital forensics, and the legal issues surrounding encryption. While at UIUC, she was a member of the Illinois Security Lab, and in her spare time Whitney runs the Crypto & Privacy Village at DEF CON. She loves solving and creating puzzles.
Whitney Merrill is speaking in her personal capacity and not as a representative of the Federal Trade Commission. These are the views of the individual and do not represent the views of the Federal Trade Commission or any one Commissioner.