Summer in the City

This month, we're going to have a lightning talk session - so we're looking for your contribution! - 5 minute presentation - German or English - topic of your choice: ruby, rails, software development, hardware projects, your next conference trip or your latest fun project; show pictures, videos, or code, do a live demo, or simply talk about your favorite subject (no need for powerpoint)

If you would like to claim a 5 minute slot, get in touch: https://github.com/rughh/planning/issues/37

Spontaneous contributions are welcome as well (provided we have enough time)

Tematy

Lightning Talks

Lightning Talks

  1. @KlausTrainer - End-to-End Arguments in System Design
  2. @catrinmsj - Entwickler und die anderen - guckt doch mal ins Nachbarbüro
  3. @LAndreas - System call interception
  4. @toadle - The end of developer-days. - Ab wann braucht der Markt eigentlich keine Entwickler mehr?
  5. @halfbyte - How do you keep your dependencies up to date?
Beefing up your password security - why cracking the passwords of your colleagues is a good thing to do.

Security folks urge us to use strong passwords all the time. The common approach to ensure this in a corporate environment is to implement password policies. You know, these annoying rules that do not let you choose your favorite password anymore. Plus, the stuff that forces you to change your now not so favorite password every 90 days.

In the past years, there has been some controversy within the security community whether our beloved password policies actually make sense. That is, do they lead to better passwords, or do they just frustrate the users and maybe even lead to weaker passwords. Well, guess what: As it turns out, not all is good about password policies.

In this talk, I will share some experience from running a password cracking service in a corporate environment. The service was implemented in addition to a common password policy. The goal was to raise awareness and to strengthen the passwords of my colleagues. Results show that passwords which are compliant with complex policies nevertheless can be cracked within minutes. We will see how dramatic the effect of poor password hashing is to this type of attacks, and how you can run such a service without being hated by all of your colleagues :)

Uczestników: (19)

titanoboa
Wydarzenia: 40
Tematy: 2

Sarah Langheinrich
Wydarzenia: 23
Tematy: 0

Marjan Bachtiari
Wydarzenia: 16
Tematy: 0

Klaus Trainer
Wydarzenia: 26
Tematy: 3

Manuel Wiedenmann
Wydarzenia: 7
Tematy: 1

Tim Adler
Wydarzenia: 9
Tematy: 2

Thilo-Alexander Ginkel
Wydarzenia: 10
Tematy: 1

Nina Siessegger
Wydarzenia: 29
Tematy: 1

Daniel Gruenthal
Wydarzenia: 31
Tematy: 0

Andreas Litt
Wydarzenia: 26
Tematy: 0

Organizer

Joschka Schulz
Wydarzenia: 43
Tematy: 3

Ben Rexin
Wydarzenia: 64
Tematy: 6

Peter Golm
Wydarzenia: 23
Tematy: 0

Waldemar
Wydarzenia: 68
Tematy: 0

Simon Fröhler
Wydarzenia: 24
Tematy: 0

Jens Wille
Wydarzenia: 1
Tematy: 0

Jonas Möller
Wydarzenia: 4
Tematy: 0

Marc
Wydarzenia: 8
Tematy: 0

Peter Schröder
Wydarzenia: 82
Tematy: 12

Trasa