Discover and read the best of Twitter Threads about #usesec19

Most recents (4)

Last in this session at #usesec19: "The Web's Identity Crisis: Understanding the Effectiveness of Website Identity Indicators" by Christopher Thompson, Martin Shelton, Emily Stark, Maximilian Walker, Emily Schechter, and Adrienne Porter Felt, Google
[ delay while they try to make the slides not trigger a seizure for anybody. ow. ]
This talk is about the problems we face in explaining website identity to users.

The principal form of website identity is like google.com

Also show extra information through Extended Validation certs, like show cert is associated with a legal entity
Read 19 tweets
Next up at #usesec19: "Protecting accounts from credential stuffing with password breach alerting", Kurt Thomas speaking

Want to test this technology live? Download the Google password check extension from the Chrome store
Billions of credentials have become widely available. This makes trivial for attackers to access user accounts.

How do you protect the long-tail of sites across the web? Attackers have access to billions of usernames of passwords. User don't have resources to address this.
Bridging the knowledge gap, like "have I been pwned" site.
* But may not be accurate because only uses username.
* Privacy risk, even if sharing only SHA-1 hash of password -- what if the site is an attacker?
Read 21 tweets
Next up at #usesec19 is Passwords: "Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users" by Ding Wang and Ping Wang, Peking University; Debiao He, Wuhan University; Yuan Tian, University of Virginia
Turns out that the passwords of Chinese users are really different than English-speaking user passwords, which means that we may need different protection mechanisms.

Passwords are influenced by one's native language. Unfortunately most studies are performed in English.
Used 9 password datasets from high-profile sites which were breached (6 Chinese, 3 English) across different types of sites (gaming, dev forum)
Read 20 tweets
Next up at #usesec19: Yueqi Chen will speak about "Toward the Detection of Inconsistencies in Public Security Vulnerability Reports"
Challenges Faced by Security Operations Engineer:
1. Keep an eye on new vulns that affect their systems
2. Patch vulnerable software as soon as possible
So you check NVD, CVE, other databases like Exploit Database, Security Focus, Red Hat bugnzilla...
Read 15 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!