►
Description
Status July 2018 Security Meetup (Day 2 Morning session)
01:11:53 Perfect Forward Secrecy
01:14:34 UX compromises
01:15:38 GPG
01:16:41 SSL
01:17:31 IPSEC
01:17:56 OTR
01:19:32 Double ratchet
01:21:33 FS on Status
01:45:50 Threat modeling with STRIDE
01:49:55 What, Why and How
01:50:31 The Methodology
01:58:41 Spoofing
01:58:14 Tampering
02:00:38 Repudiation
02:01:05 Information Disclosure
02:01:31 DoS
02:02:23 Elevation of Privilege
02:06:01 Technique: Threat trees
02:09:04 Analyzing Risks
02:09:16 Likelihood
02:12:36 Impact
02:16:05 Links
A
A
A
C
B
B
C
B
B
D
D
A
B
B
B
B
B
A
B
B
D
B
B
B
B
B
Now
I
am
severe
amount
of
bolts.
Now,
there's
one
that's
a
black
version,
which
is
the
one
that
we
were
originally
anticipated,
like
really
a
physical,
physical
separation
of
security
and
the
like.
It's
a
trust
set
up
like
a
one
time
for
us
to
set
up
so
like
you
pair
it
with
your
phone,
and
you
can
pair
lilo
to
find
other
devices
within
across
that
trust
that
application
so
like
when
you're
signing
almost
at
us
to
tackle
in
it.
It
would
then
through
a
pairing
and
then
we
don't
need.
A
B
B
So
I
thought
we
agreed
on
this
Ria's
like
we
have
one
group,
that's
gonna,
split
apart
right
now
and
talk
about
like
talk
through
some
of
these
particular
issues.
Using
the
achieve
we
have
another
group,
that's
going
to
do
principles
as
well,
and
so
that
that's
gonna
happen
in
parallel
and
then
we're
gonna
share
wooded.
Who
is
five
like
with
that
group?
If
we
like,
we
nominate
five
topics
that
it's
bad,
our.
B
B
B
Is
somewhat
by
the
line
we
used
to
find
them
instead
of
the
reality?
Is
you
should
using
something
like
Elias
like
to
synchronize
would
be
with
be
networked
and
all
you
LLC,
which
is
ultralight,
clients
and
there's
a
bit
more
us
to
set
up
stood,
and
we
can
change
the
meeting
met,
Admiral
of
decentralized
logic
to
how
we
choose
which
table
the
trust.
Sir.
D
B
A
A
B
Because
he's
one
nice
property
in
the
book,
which
one
the
novel
is
that
the
more
stuff
you
have,
the
more
people
painted
better
or
net
would
get.
But
it's
more
about
West
case
right
now.
Is
we
have
a
cluster
and
has
lived
among
connections
and
doesn't
deal
with
expound
they're,
also
very
easy
by
thoughtful
basic
attack?
Complete,
don't
posture
and
doesn't
constable
in
1-litre
protocol
to
wheeler
is
not
enabled
by
default
by
the
traitors
there
in
network.
C
B
To
like,
like
you,
want
it
to
be
like
propylene
into
the
goose
and
the
other
thing
was
it's
very
easy.
It's
been
expensive
and
mathematics
because
metrical
like,
but
for
wizard,
that's
not
the
case,
because
it's
just
you
doesn't
need
generous
on
the
work
but
network.
So
just
it's
like
a
one
on
one
active,
there's,
no
asymmetry
in
a
solution.
So
ideally.
B
B
B
You
know
that
will
ensure
there's
also
really
interesting,
because
then,
like
a
pretty
using
metadata
the
each,
then
we
were
also
becoming
very
aware
how
early
data
to
track
them,
and
so
we
should
be
able
to
try
to
mitigate
that
and
I
would
caution
against
that
becoming
like.
Oh,
we
can
find
these
things
in
the
depending
on
us.
B
To
just
right
now
you
come
away
to
use
atomic
whatever
good
thing.
It
is
in
some
place,
but
you
cannot
think
that
way.
It
was
just
it's
telling
the
building
of
so
unlike
if
we
can,
you
can
show
how
we're
not
playing
on
TV
show
how
I
don't
like
how
toward
us
and
the
pink
inspired,
rogue
and
Sierra
passion
swamp.
It
would
make
like
privacy
matrix
kind
of
thing,
which
is
like
this.
How
little
we
know
about
you
and
on
fire
some
ways.
B
A
B
But
it
is
yeah,
it's
actually
much
more
along
with
that
marketing.
This
regulation
should
be,
and
also
like
this,
it
forces
us
to
think
laterally.
How
do
we
like
the
least
on
developing
North,
even
meaningful
relationships
without
without
use
of
synapse
community,
in
order
to
have
a
normal
feedback
on
how
these
things?
Maybe
we
can
figure
out
way
to
scale
early
sort
of
user
testing,
where
it's
it's
very
little
own
as
a
place
to
like
being
in
the
background
way
of
looking
at
demos?
There's
no
point
in.
D
B
B
B
B
B
B
They
say
same
for
who
uses
with
trusting
us
riley
creek
wineries.
We
should
be
building,
and
even
all
of
us
that,
like
some
sort
of
us
doing
this
end
to
end
with
the
same
source
code
and
then
signing
they
all
have
the
same
father
yeah
I
mean
nobody's
much
to
like
leak
in
minista
nefarious
code.
At
least.
We
know
where.
B
D
B
B
B
B
B
B
B
B
B
B
D
B
B
Going
to
get
a
new
username,
you
better
prepare
your
session
is
my
things
and
then
this
is
the
ones
that
are
more
interesting
guys.
So
OTR
is
sort
of
dying
of
the
network
and
it
is
very
interesting
other,
so
the
initially
key
exchange
is
gonna
be
using
and
then
it's
talks
about
it,
and
so
basically,
you're
gonna
have
three
exchange.
What
it's
gonna
send,
but
we
change
each
messages.
B
It's
cool,
you
think
about
it
as
a
same
dress
budget,
because,
basically,
what
it
is
for
nothing.
It
said
you
can
ascend
he
that
appeal
is
when
I
have
to
acknowledge,
make
sure
that
is
received
it,
and
then
you
know
you
can
use
it
once
it's
been
acknowledged,
so
it
doesn't
support
out
of
all
the
messages.
B
B
B
C
B
B
B
The
message
the
next
message
in
takes
a
half
so
which
don't
require
for
security
for
secrecy,
accept
it,
but
it
doesn't
break
in
the
common.
So
you
have
can
finish.
If
you
don't
use
it
abstraction
one
of
the
keys,
it
will
not
be
able
to
decrypt.
Previous
messages
works
easy,
but
it
would
be
any
domestic
use,
the
baking
the
company
so
because
of
that
with
the
extraction
so
that
you
have
quite
good
picking
the
pockets
that
you
managed
to
get
the
abstract
example.
He
still
next
future
session.
B
B
You
know
it
would
be
good
to
be
at
that
stage.
It
is
the
Dhamma
watch.
It
is
fairly
easy
to
land
for
us
big
things.
It
is
no
boiling
service.
Excellent.
The
problem
is
minute
engagement,
because
it
is
a
big
change
from
this
xv8
and
basically
the
fire.
Some
subset
storage.
You
enjoy
wasting
a
boat
anymore,
but
in
order
to
wake
you
up
is
a
one
direction,
which
means
it
essentially
like
you
will
be
able
to
send
messages
in
Philippi.
D
B
Another
way
is
to
actually
get.
You
know,
then
find
a
way
find.
A
storage
person
is
that
we
have
is
more
and
those
kind
of
work,
but
we
will
be
able
to
fully
in
the
next
video,
because
this
teenage
use
a
bunch
of
why
Remy's
and
the
users
of
them
is.
This
is
atomic.
So
if
I
wasn't
in
contact
so
much
that
they
feel
unhappy
and
then
119
is
not
to
be
beautiful
and
IVFs
doesn't
know,
we
can
sort
of
say
decline
when
you
reject
that,
but
then
engage
the
same
robot.
B
B
B
B
B
B
B
C
B
C
B
B
B
B
B
C
C
B
B
B
C
B
C
B
B
B
C
B
C
B
B
B
B
B
B
B
C
B
D
D
D
B
D
B
B
Is
that
is
there
any
structural
frame
with
in
terms
of
like
coming
up
with
the
cure
about
right
now,
like
I,
realize
this
problem,
but
it
does
include
any
one
of
ranges
from
all.
Do
we
want
to
think
more
generally
won't
hop
down
in
terms
of
what
our
principles
of
values
are,
what
we
stand
for
and
then
in
try
and
see
what
the
violence
I
just
I
guess.
What
we
should
have
is
some
kind
of
something
on
the
screen
there,
that
we
can
all
kind
of
go
down
screaming.
B
D
A
B
A
A
D
B
B
Dark
artists
might
be
emic
more
rattle,
I
think
that
would
be
the
most
useful
for
distant
city
I'll
take.
So
maybe
that
would
be
principle
centered
around
that
so
I'm
just
looking
for
something
they
have.
This
is
principle
some
Fred
Astaire.
Maybe
what
looks
like
mystery
me
may
got
something
that
could
be
more
general
might
be
more
beautiful.
Let's
go
to
be
sure.
Let's
write
down.
B
A
B
B
D
A
B
A
A
D
B
B
B
A
A
A
B
Well,
I
mean
we're
trying
to
get
out
slightly
structure.
Anyone
wants
to
add
anything.
It
isn't
that
they
should
do
so.
You
know
education,
direct
security.
Things
is
great,
you
know
it's
okay,
these
duplicates
we
can.
We
can
cluster
and
eat
you
to
pay
off
them.
So
there's
not
worry
about
that
too
much.
B
B
B
B
B
B
B
B
B
Understanding
of
open
source
to
me,
this
is
like
at
least
to
me.
This
is
a
type
of
sort
of
free
culture.
Movement
information
should
be
shared.
It's
really
interesting
from
a
software
perspective
position,
adaptive
local
markets,
for
example.
This
jr.
we
check
here,
might
be
joining
us.
He
was
trying
to
get
me
check,
deployed
in
South,
Africa
and
they've
done
where
they
can
get
people
using
WeChat
that
you
use
in
a
wallet,
so
they
want
to
create
just
extendable
and
WeChat
fault.
B
He
was
actually
use,
but
they
don't
do
that
they're
just
like
we're
about
it
would
be
great
enough
for
us,
so
they're
gonna
have
to
do
it
Linden
or
they
could
try
that
as
an
adoption
strategy.
They
just
designed
the
earth
like
it
once
you
know
we
made
this.
So
if
you
want
to
share
a
living
humans
and
then
humans
can
that
music.
A
Whatever
they
want,
but
when
you
say
information,
open
circles
and
so
should
be,
existing
open
source
is
really
they.
Software
information,
yeah
yeah
open
that
up.
Absolutely
you
know,
and
because
we
have
so
many
freedom
really
things
with.
Maybe
our
definition
of
here
we
are
more
between
free
software
than
surface
one
yeah.
B
B
A
A
Yeah,
because
one
thing
that
maybe
took
that
is
and
finally
got
this
email
from
her
that
she
she
promised
to
month
ago
that
candidate,
we
plan
to
put
you
the
recruitment
process,
because
it
found
that
code
was
way
too
I
mean
I,
can't
really
doing
any
other.
There
is
lots
of
complaints
and,
yes,
we
getting
different
the
fact
that
or
the
code
is
supposed
to
be
read
by
humans
and
absolutely.
B
A
A
A
C
B
A
C
D
B
B
A
A
A
B
B
A
B
B
A
A
I
mean
thinking
more
and
more
like
this
Constitution
we're
talking
about,
maybe
like
I,
think
whenever
we
colleagues
it
seems
like
it's
the
kind
of,
if
the
kind
of
like,
if
there
was
only
one
move
as
any
static
leader
to
read
this
one
and
I
would
instead
of
paid
principal,
often
like
this
I,
haven't,
really
put
the
things
that
we
consider
very
important
and
prices.
What
am
I
mean?
B
It's
very
easy
to
introduce
distortions,
so
how
this
applies
to
statuses
like
stainless,
is
like
things
like.
The
climate
is
a
window
onto
a
fairy
or
web,
and
we
should
have
a
responsibility
not
to
make
sure
that
glass
is
as
clean
as
possible
and
not
impose
something
on
there
that
making
all
three
I
mean
we
are
going
to
do
to
some
extent,
but
I
mean.