A lot has changed since discussions around digital privacy began. The security community won the war for strong cryptography, anonymous darknets have been successfully deployed, and much of the communications infrastructure has been decentralized. These strategies were carefully conceived while planning for the most dystopian visions of the future imaginable, and yet somehow they've fallen short of delivering us from the most pernicious privacy threats today. Rather than a centralized state-backed database of all our movements, modern threats to privacy have become something much more subtle, and perhaps all the more sinister. This talk will explore these evolving trends and discuss some interesting solutions in the works.
Moxie Marlinspike is a fellow at the Institute For Disruptive Studies with over thirteen years of experience in attacking networks. He recently published the null-prefix attacks on X.509, the session-denial attacks against OCSP, and is the author of both sslsniff and sslstrip -- the former of which was used by the MD5 Hash Collision team to deploy their rogue CA cert, and the latter of which continues to implement Moxie's deadly "stripping" technique for rendering communication insecure. His tools have been featured in many publications including Hacking Exposed, Forbes Magazine, The Wall Street Journal, the New York Times, and Security Focus as well as on international TV.