household infosec in a post-sony era

Household INFOSECin a Post-Sony Era

Steve Loughranstevel@hortonworks.com@steveloughran

Data IntegrityData Privacy

Data AvailabilityResource Control

Don’t upset a nation state

Worry about drive-by

How to Quantify Risk?

Vulnerability

Priv

acy

(lack

of)

(1, 0)

(11, 1)

(*, 11)

Firefox (8, 2)

Chrome: (8, 10)

IE 11 Use to D/L Firefox or Chrome

Flash (9->10, 4)

Vulnerability

Priv

acy

(lack

of)

—LG TV

iPad— —iPhone—PS4-Airplay Amplifier

trouble—

LG TV

(?, 8)

doctorbeet.blogspot.co.uk (?, 10)

(?, 0)

Vulnerability

Priv

acy

(lack

of)

DD-WRT

New Netgear Firewall

CRITICAL

DMZ

USB

...

(?, 11)SQL vulnerability?

Other?

(5,11)iPhone + Google photos

(3,11)

(9, >7)( ?, >7)

Game over

Vulnerability

Priv

acy

(lack

of)

We must fix this in our code

All external data is malicious

All remote interactions leak privacy

C++

C

new URL(“http://www.starcon.net.kp”) .toString()

java.net.URL (>2, >2)

def objectFile[T: ClassTag]( path: String, minPartitions: Int): RDD[T] = withScope { sequenceFile(path, classOf[NullWritable], classOf[BytesWritable], minPartitions) .flatMap(x => Utils.deserialize[Array[T]]( x._2.getBytes, Utils.getContextOrSparkClassLoader))}

SparkContext (0, 9)

OSS everywhere ==> target

Apache & github keys

apt-get upgradebrew upgrademvn installnpm updateyum updatepip installdocker pull…

(?, ?)

build dependencies

We need to address this!

Isolation: containers?

Authentication: PGP validate mvn…

Audit logs

Questions?