Presented by:

Kyle Rankin is the Chief Security Officer at Purism and a Tech Editor and columnist at Linux Journal.

He is the author of Linux Hardening in Hostile Networks, DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks and Ubuntu Hacks, and also a contributor to a number of other O’Reilly books.

Rankin speaks frequently on security and open-source software including at FOSDEM, BsidesLV, O’Reilly Security Conference, OSCON, SCALE, CactusCon, Linux World Expo and Penguicon. You can follow him at @kylerankin.

So much about security revolves around secrecy. After all, you don't publish your passwords or GPG keys for the world to see. Some people go as far as applying the same arguments behind why they think proprietary software is superior to FOSS, for why it's also more secure. Unfortunately, proprietary software puts control in the hands of companies who you must then rely on and trust that their software is secure, free of backdoors, and has your interests at heart. In a modern age full of companies abusing your data and government-sponsored attacks using zero-day vulnerabilities and in some cases intentionally-planted back doors, people are starting to realize not only that this trust might have been misplaced but that it's also put their freedom and privacy at risk.

The same FOSS principles that give people freedom also ensure their security and privacy. The three virtues are interdependent--as one increases, the others improve and when one is taken away, it's at the expense of the others. When software is under your control, your security and privacy are also under your control. These principles not only give people the choice of who to trust, it gives them the ability to verify that trust and revoke it if necessary. Freedom is essential to security and privacy.

This talk will use specific examples to demonstrate how the application of FOSS principles results in a more secure solution and a more empowered user. Examples will include backdoors left in proprietary software (intentionally or otherwise) that helped vendors spy on customers; the security, privacy and freedom risks with proprietary security solutions such as the Intel Management Engine, UEFI Secure Boot, and cloud password managers along with efforts to provide FOSS alternatives. I'll also use the cryptography community's history distrust of proprietary ciphers and the controversy with compromised ciphers NIST recommended at the behest of the NSA as an example of how crucial openness is for security. Finally, I'll discuss how the reproducible builds effort in projects like Debian promises even more transparency and security to the end user by taking advantage of the user's freedom to download and build software themselves to provide a method that proves binaries have not been tainted.

Date:
2019 April 27 - 13:00
Duration:
45 min
Room:
G-103
Conference:
LinuxFest Northwest 2019
Language:
Track:
Security
Difficulty:
Easy

Happening at the same time:

  1. Using GIS in Postgres – Real World Examples of PostGIS
  2. Start Time:
    2019 April 27 13:00

    Room:
    HC-103 Postgres

  3. Open Source is Not Just GitHub
  4. Start Time:
    2019 April 27 13:00

    Room:
    CC-236

  5. Common sense career transitions
  6. Start Time:
    2019 April 27 13:00

    Room:
    CC-235

  7. Where is netstat? It's gone!
  8. Start Time:
    2019 April 27 13:00

    Room:
    CC-114

  9. Linux Sucks. IN SPACE.
  10. Start Time:
    2019 April 27 13:00

    Room:
    HC-108

  11. The Current State of Free and Open Source Software in Public Education
  12. Start Time:
    2019 April 27 13:00

    Room:
    CC-200

  13. Freedom, Security and Privacy
  14. Start Time:
    2019 April 27 13:00

    Room:
    G-103

  15. From Sysadmin to DevOps Engineer -- The Easy Way!
  16. Start Time:
    2019 April 27 13:00

    Room:
    CC-115

  17. Defending Out-of-Band Management Attacks
  18. Start Time:
    2019 April 27 13:00

    Room:
    CC-208