Alec Muffett - sex, lies and instant messenger

actually every given like notes aren't even complete yet including the slide thing my name's Howard must've I've worked in security and security related fields and hacking and stuff since 1986 so you guys didn't do the math probably Mike nearly as credible singer that budget was released a piece of software called crack password cracking engine with a programmable dictionary generator a really fancy one the reason that's relevant to this talk is it was probably the first inside a vault into people's secret lives because what crack did was similar I mean possibly getting into his password conservation areas hit certain generates the word Senate which is derived from user names and so forth no

you have this list of 2,000 people 3,000 people or in five thirty three thousand people who works the big company to work for you run crash and you find some local senior manager or director and the woman's name is a password you will come you say that's not my wife but that's the past Oh Rights woman's may not need a wife not name of daughter draw your own conclusions you find out a lot of interesting things about people from looking at the possibilities you know there's always been positive but one two three four five six and so forth but one of the stats that I did once I was working in the university Wales Aberystwyth was here is a list of users

male female male female here is the subset of pulse which which corresponds correspond to a human name and you get mail user female name female user male name versus female female ratio you necessarily publish the password lists and who they associate with but you learn the passwords that were bad don't tie the two together secrets secrets and lies so I'm working security Thurmont a long time I've recently come to play golf upon independence of building business doing security talking to people about security much more enthusiastically much more practically now this for some reason people talk to me about keeping secrets on their PCs the problems that they have and keeping these notably somebody who ought to afford you somebody who had

turned out was having an affair a married woman having an affair with somebody else loved her somewhere else and who was she was using Skype so the first piece of advice for anybody who is having an affair is done for you Scott the problem with Skype is although it's a really good piece of software for security from the security perspective he may or may not be proof against national governments and the NSA and crossing the Chinese far rule but it's generally proof against interception by corporate florals and dpi and that level and so forth business know this wonderful peer-to-peer architecture so when you log into skype on your phone on your laptop and maybe a desktop at home

that's three instances of you on skype all of them get the messages that get sent to you from your lover the problem is if you are trying to erase those messages if you want e-series having a fair couple of these messages to get anywhere to get out so what you do is you delete Skype from your desktop and then reinstall it that reinstallation of Skype these are fresh so I said virgin instance it doesn't have any of the messages which also exists on you and all at all so when you connect the Skype network cousin says now there's a new instance of course we need a complete back log of every message you've ever sent says the new device

which then comes up in the history all over again it's virtually impossible to spend exponent recent messages inside and the fun thing is that your lover or other partner hasn't got exactly the same data - so even if you want all of your machines and then reinstall them all the messages come back from the other half of the relationship it's really it's really quite embarrassing it's particularly embarrassing when you bite your phone and all your machines watch your iPhone you leave it on the desk during a conference and your boyfriend reach next to network and everything gets sent to your iPhone which then describes on the little pop-out screen that comes up in front of

the lock screen everything they want to do to you in the middle of a common business conference with your boss in the - readable legible text with the rest of the display so it could be seen from the other side of the table

with no - I see what's coming next the Facebook app security is improving but it is way way too easy to get wrong because the people who are so obvious

Facebook page so they said bit of a hint with some personally of the appropriate sexes motor stock keeps on coming up with your Facebook page irrespective of your attempts to reasonable when you are husband or what is looking at the readers folder that's up here anyone who's never had an extramarital affair okay also there's the automatic incisors possible in your password their new machine and there's no lower security gates physical access equals root access equals God access just trolling around into log files and all bits in the network in order to your artist don't use Twitter for God's sake I have to point out the somebody who was really great yeah you know that relationship

you're having with this person the difference between you tonight and D username is immense this is what I was really hoping for is that I can actually just drop punchlines and like this and get lost we're going through out there everything here that the message is way too easy to not really shoot yourself in the foot but boy you're in late also there is the issue with Twitter is if you authenticate tune to it all the other apps can get at your DMS you know my music I want Twitpic to be able to good stuff they get the whole shebang today I'm not aware of many ways in many ways of exploiting in that fact

ok I can't find up right now on put on Google and getting rows of soup and then get my spouse to buy into it and they knew I am I'm a fairly about speak and this tool is actually meant to be pitched for normally yeah as I was saying routinely and that is quite immense don't lose too much Google is really sticky we know this we are security started owning but the way that the sickies like horrifying your google chat ones up in your Google Mail account is accessible and bound on sync to your Google Chrome account the book smarts which on Google Docs if you use your Android in everything might use only secure if you take the little box

but all your heart has been using texted it divorce lawyers do hire forensics people make mine

I have to answer to anybody because it's

the British

sexting thing about the kids servings of Maya is tiny on the other side of the

nasty things happen wait for the SSD drive to the LA find out part of the reason we're recording this is to make further notes like enhanced the tool I was going to be giving this at Redmond deep festival a couple of weeks ago yeah don't use a word laptop working out sometimes have secret backed up software installed on them aside from the VPN is the size we would be putting these for proxy the blogs everything and all the headers and so forth and the fact that you don't have to be in the laptop and therefore the backups stuff is generally beyond admittedly in my view of black that's company that doesn't back its kid up but

if it is everybody's New York up in the place you'll never get it back because it's not yours so yeah I talk about Who I am and what I do I don't need to do that for us so yeah firstly I use my chrome user to use that as your legitimate browser for everyday stuff our folks is really good for porn and affairs and other illicit stuff Safari is almost as good especially if you have to click to Flash plugin to prevent automatic execution of flash widgets if you safari reset it every single time and make sure that you are coated to use private browser mode so it doesn't store cookies on exit also jump in and I do have further doubt

always expunge your flash piece you don't have to do quite a lot of work to keep secret here it might be worth a lot of legislators far rocks bunnies won't ghostly gostrey is great for expensive web web bugs and other things like that it's marvelously laughs and it's also powerful powers that which prevents you leaving traces on other websites which could be subpoenaed notice that is almost a given to stop you doing something in your holistic world and then being dragged off somewhere and invited to give your credit card after doing something stupid the whole point should be partitioning your brain partitioning your life here is Pronin illegitimate usage here is the browser which is in a little sandbox and doesn't

get me into trouble so long as everything in the sandbox remains in the sandbox when using Firefox and Safari this is where I'm going to have to put up some cancer images of the Preferences pane and so forth blah blah blah statement or there's a history to read it all the dope is which I'll also suggest especially if you're using Chrome Walter suggests is really funny for people having an affair because they're in the business meeting they start typing words into the browser bar in their work laptop which they syncs with their Google account and all the naughty words they've been typing into the home laptop woman browser mark come across because they've been seen using the back

end Google document all the forming one

because perfectly synchronized

girlfriend zero for html5 do this in the one browser use for all of the danger stuff a bit further down on the list use a fake foreign common name do not call yourself sexy for you in Winchester that's bad sexy for you in Winchester or similar like that at gmail.com it may add to the whole I mean while in trees like that is really bad thing to do you're gonna have a nickname this tip was provided to me by the Detective Sergeant chambers of not convinced and berry in 1988

because we use that to set up and cross-reference why mail account and then put the two men each other for password recovery purposes and give them different passwords give them different passwords and don't use a password which you use in your own normal day-to-day life like your office password your password or desktop password which screensaver password or any that would be bad apart from anything else it's incriminating use for a secure browser probably to go through Yahoo for webmail because of the whole does Google data everything zeitgeist if you use Google for everything use something different for your web mental you're talking to someone else for I am why hang XMPP has got this wonderful

facility where you log into three places at once and first message somebody sends you about it's like once to nibble you your boyfriend or girlfriend says that to paint wise up on all the scenes simultaneously and in the middle of the business or something like that at least with aim if you log into it it boots the alone off so long as you configure it so it's seamless effort there are also a number of phone based I am use once called wats app another school tiger text Tiger tanks color coverage and cosmopolitan late last year as being the instant messaging tool for of choice for people who are having illicit relationships because it allows you to put a time inspiring messages one

of the trust that I know there's always the peanuts inside but at least it's a seven-run direction in terms of destruction and removing the order trail behind me you shouldn't be trying to make history ever listening on the phone issue use a stupid phone and use SMS a disposable phone one that you can trash pay-as-you-go sim with your own phone number and time talk what would have I do lead find this in the past if you can't that a lot people don't use your rotary phone tractive basically have two separate lights if you're going to try and have to centralized or alternate you just work out whether or not it's worth it you're just kind of a disincentive I mean if

you're going through all these hoops you might want to say screw it don't get divorced it says voice as much as possible the droid voice is with the possible exception of oil and some other systems it's not recorded or at least not recorded by anybody who's going to admit to recording it British government they have backup tapes of every phone call you've ever made but they're not going to give it to anybody and they won't admit to that which is probably what you want

as well the data - so it's coming back to the original slightly to work they would send you the things whether you liked it or not the since government appear architecture but they can also drop you in it they are probably while there are the people who are not here listening to this talk therefore they're probably less invested in understanding how to maintain secrecy in fact they may be quite stop - about it so if you're the person with a lot to lose make sure the other person is on your side stays on their side and this is at least as beware as you are of what to do that's all I have so far to do with this is

also right up for a blog post for computer world but also of this is this is essentially the st. muster requirements for somebody who's a dissident in or somewhere else like that it's not why I was not perfect and the person in the Interceptor is the state and they've done a lot more resources but yeah in this situation what that law group see these are really cool so long as you can trust where they came - maybe we should have Saget's or something like that especially in a couple of but it takes quite a while to spot a commitment yeah most people are coming back to the real world we're practicality I don't know a few people

who've gone through this and they are sending 40 pictures to each other there is no stopping it you can just advise against it if you don't want to get pools either you live like this or you accept the risks were you going to divorce me do it exactly you still have a huge forensics backlog and believe me what forensics guys can pull off your hard drive it's entirely amazing there is more than two I'm not a big fan of VirtualBox I'm not VirtualBox deeply I tend to run it on OS X which front HF person doesn't mean that time you rewriting over the same boss we were previously as opposed to necessity absolute an old Sol apart our spindle

this means one of the things that I have to go on my person once installation is d-pad as a beautiful image so if ever I need to move something and I need to be pretty sure it's dead boot deep and over the virtual volumen and you know that it's likely to be pretty much gone but the thing is I know what I'm doing and the best you would say earlier as soon as we hit SSD games over because which is another what you write is not what was there previously it's copy on the write down I said the deserve FS the only way to expunge stuff is with a reasonable security and until they were some expungement into the

actual file system in Charles it's delete all copies of all the little snapshots of the father and flood the volley but if the volume is several terabytes no more questions