PasswordsCon 2015 de Cambridge : vidéos & talks !

Le 7, 8 et 9 décembre 2015, la conférence internationale “PasswordsCon” qui traite des problématiques d’authentification, d’identification, de stockage des secrets et des aspects cryptographiques s’est déroulée à l’Université de Cambridge.

Passwords are the most prevalent form of authentication in the digital age, and are the first line of defense against unauthorized access in most systems. Even if you are using some other form of authentication for a particular service, there’s still a password in the chain somewhere — it all comes back to relying on something somewhere being password-protected. But after 50 years of computing evolution, 123456 and password still top the list of most frequently used passwords. And nearly a half billion passwords have been compromised over the last five years alone, including breaches from companies such as Adobe, Twitter, Forbes, LinkedIn, Yahoo, and LivingSocial. Clearly, we have a systemic problem with password authentication – and it’s not going away any time soon.

Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them. While large mainstream conferences tend to focus on current hot topics in the information security industry, Passwords events explore fringe conversations on everything from analysis and education to creating, securing, cracking, and exploiting authentication solutions. And unlike other events where the speaker is rushed in and out, Passwords provides an intimate environment for participants to directly engage speakers before, during, and after their presentations.

Passwords was launched in Bergen, Norway in 2010, motivated by dissatisfaction with the robustness and usability of current authentication solutions. Now in its sixth year, Passwords is held twice a year on two continents, and Passwords15 Cambridge was our 9th global event.

Un grand nombre de spécialistes et d’experts reconnus dans le milieu sont venus faire des présentations au cours de cette conférence. L’ensemble des présentations ont été mises en ligne sur la chaîne YouTube de l’événement ainsi que sur SecurityTube.

Parmi les conférences disponibles :

• 00 – Passwords 2015 Keynote 1: Chris Wysopal9
• 00 Passwords 2015 Keynote 2: Angela Sasse
• 01 – Elizabeth Stobert – Expert Password Management
• 02 Scott Helme – HPKP, HSTS & CSP for securing your password
• 03 Jakob Wenzel – Catena Variants
• 04 – Frank Stajano – PICO project update
• 05 – Jeunese Payne – Debunking Graphical Password Myths
• 06 – Simon Parkin – Assessing the User Experience of Password Reset Policies in a University
• 07 Peder Sparell – Linguistic Cracking of Passphrases using Markov Chains
• 08 – Jon Millican – Facebook OpenPGP Support
• 09 – Nasir Memon – Verification Code Forwarding Attack
• 10 – Elaine Wooton – Passwords & the Cyber Caliphate
• 11 – Maximilian Golla – Analyzing 4 Million Real-World Personal Knowledge Questions
• 12 – Igor Semaev – Experimental Study of DIGIPASS GO3 and the Security of Authentication
• 13 – David Barrera – What Lies Beneath? Analyzing Automated SSH Bruteforce
• 14 Markus Dürmuth and Maximillian Golla – Framework for Comparing Password Guessing Strategies
• 15 – Bruno Crispo – ITSME
• 16 – Michael Sprecher – (H)Ashley Madison Curiosity of the loginkey
• 16 – Sébastien Raveau – Beyond Words
• 17 – Jean Lancrenon – On Password-Authenticated Key Exchange Security Modeling
• 18 – Alexandra Strigunkova – “To whom it’s not concern”
• 19 – Martin Kleppmann – Strengthening Public Key Authentication against Key Theft
• 20 – Dimitri Fousekis – Efficient Wordlists – Why you don’t need 25GB To Be a Pro
• 21 – Per Thorsheim – Passwords, Privacy & Keystroke Dynamics
• 22 – Scott Helme – Official launch of securityheaders.io!
• 23 – Elena Agostini – BitLocker Dictionary Attack using GPUs
• 24 – Jeffrey Goldberg – Rethinking factors, and (not) to store oracles
• 99 – Passwords 2015 – Interview with Zoë Rose

Les supports de présentations PDF associés :

• Alexandra_Strigunkova – To whom it’s not concern – ethical problems of information of information leaks research
• David_Barrera – What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks
• Elizabeth_Stobert – Expert Password Management
• Igor_Semaev – Experimental Study of DIGIPASS GO3 and the Security of Authentication
• Jakob_Wenze – Catena Variants – Different Instantianations for an Extremely Flexible Password-Hashing Framework
• Maximillian_Golla – A Framework for Comparing Password Guessing Strategies
• Maximillian_Golla and Markus Dürmuth_- Analyzing 4 Million Real-World Personal Knowledge Questions
• Michael_Sprecher
• Peder_Sparell – Linguistic Cracking of Passphrases using Markov Chains
• Per_Thorsheim – Keystroke Dynamics & #KeyboardPrivacy
• Simon_Parkin – Assessing the User Experience of Password Reset Policies in a University
• Jean_Lancrecon – On Password-Authenticated Key Exchange Security Modeling
• Nasir_Memon – Verification Code Forwarding Attack
• Sebastien_Raveau – Beyond Words

La prochaine PasswordCon 2016 est prévue pour août prochain.

Sources & ressources :

• Détails de la conférence à l’Université de Cambridge
• PasswordsCon
• Chaîne Youtube de la PasswordsCon15

Yann

Consultant Sécurité