Category Archives: Security

Hacking Humans : A Talk About Social Engineering

Back in January I did a talk at NDC London about Social Engineering. This was a new talk and I very much enjoyed doing it to an almost full room. The conference organisers have now published all the videos from the conference. You can see this talk in the video below.

Here is the official talk description:

Social engineering is one of the biggest threats to our organisations as attackers use manipulation techniques to coerce people into revealing secrets about our companies to allow attackers to gain access to critical systems.
In this talk we will look at some of the techniques used in social engineering and look at how to guard yourself against them. We will cover subjects like pre-texting, elicitation and body language as techniques for manipulating people.

Speaking at NDC London 2017

Stephen Haunts Speaking at NDC London 2017

Stephen Haunts Speaking at NDC London 2017

I am pleased to announce that I will be speaking again at NDC London in January 2017. For this conference my talk is called Hacking Humans : Social Engineering Techniques and How to Protect Against Them.

Social engineering is one of the biggest threats to our organisations as attackers use manipulation techniques to coerce people into revealing secrets about our companies to allow attackers to gain access to critical systems.

In this talk we will look at some of the techniques used in social engineering and look at how to guard yourself against them. We will cover subjects like pre-texting, elicitation and body language as techniques for manipulating people.

I am really looking forward to doing this talk and I think it will be a lot of fun for the audience as we explore techniques for manipulating people and then how to protect against them.

Slides for my NDC Oslo Talk : .NET Data Security – Hope is not a Strategy

Stephen Haunts Presenting at NDC Oslo

Stephen Haunts Presenting at NDC Oslo

I have just finished my talk at NDC Oslo on .Net Data Security. I have made the slides available on this blog. You can also grab some Sample Code in C# that goes along with the talk. Feel free to use any of the code in your own solutions.

The talk went very well to a packed room that had to have people standing as there were no seats left. I am very pleased with the result.

I covered a lot of ground in the talk, but if anyone is interested in following up on the techniques I discussed, then I have a course called Practical Cryptography in .NET which goes into a lot more detail than the talk.

If you don’t have access to Pluralsight but would like to watch the course, then please get in touch with me via the contact page on this blog and I can sort you out with a 30 day, unlimited access trial card for Pluralsight.

My Cryptography Talk at NDC London

The Video recording of my talk at NDC London is now available to watch on-line. This was my first major conference so it was a little scary, but I really enjoyed the experience. The room was about 2 thirds full and I got an excellent speaker rating at the end so I must have done something right.

Cryptography in .NET slides from NDC London Now Available

NDC London - Stephen Haunts - Cryptography in .NET

NDC London – Stephen Haunts – Cryptography in .NET

The slide deck from my Cryptography in .NET talk at NDC London are now available to download from this site. If you have any questions about this talk and it’s contents then please do either leave a comment here on this post, or get in touch with me from my contacts page.

Talking About Cryptography on Dot Net Rocks

Stephen Haunts on the Dot Net Rocks Show

Stephen Haunts on the Dot Net Rocks Show

Today I am on the Dot Net Rocks show talking about Cryptography with Carl and Richard. We talk mostly about secure ways to store passwords and also talk about Hybrid Cryptography where you use a combination of AES, RSA, and SHA256 to create a robust encryption scheme.

The show was a lot of fun to record. It is quite daunting when you are suddenly on a show that you have been listened too every week for 5 years, but Carl and Richard made the experience very easy going and fun.

Here is the show description.

Encrypt all the things! Carl and Richard talk to Stephen Haunts about how to use cryptography properly. And as it turns out, you don’t have to be a mathematician to put crypto to work for you! The conversation starts out focusing on password hashing – lots of ways to do it wrong, salting seems complicated, but in the end, there is a built-in, poorly named function in the .NET Framework that will give you proper leading edge password hashing, you just have to know what it is (check the links on the show page). From there Stephen talks about 2-way symmetric and asymmetric encryption. Best used together, and best used on any and all data that you have. Good stuff!

 

Limiting Windows 10 Privacy Concerns

The release of Windows 10 has been very successful for Microsoft, but there are growing concerns from people about the level of data and telemetry that Microsoft is capturing from key logging data, usage telemetry and data about application you are running (both legitimate and pirated).

There have been many articles and tips scattered around the internet about how to limit this, but I found a useful video on Youtube that talks you through tweaking Windows 10 to limit this data capture. This includes simple and obvious tweaks to the Windows 10 settings through to deleting specific windows services, modifying group policy, tweaking the registry and updating your host file to stop Microsoft calling out to their servers.

Whether you apply all of these, or just some of them it is up to you and how bothered you are by this. If you do all of these tips then you loose things like Cortana. It’s up to you and how paranoid you are about such privacy concerns.

EDIT: If you are running Windows 10 Home edition then you will not have access to the group policy editing tool.

EDIT: I have tried all these changes out on my Surface 3 (apart from the group policy bit as I am running home edition) and everything still seems to be working OK,