MCH2022 Curated content

One Way or Another, I’m gonna hack ya: How would you hack a secure domestic abuse research platform?

DNA 🧬
Lilly Neubauer
Help build a secure platform for domestic abuse research! We want to collect a dataset of anonymous screenshots of abusive messages, to help researchers understand the language of domestic abuse and controlling behaviour. To do so we are building a secure online dropbox where victim-survivors of abuse can safely and anonymously upload screenshots. This workshop will present this system – and ask you to hack into it! Help us make this system as secure as possible by suggesting potential exploits and vulnerabilities.
Recently there's been a lot of research concerning online abuse - for example hate speech and cyberbullying - which takes place in public online spaces, like Twitter or Reddit. But it's much more difficult to research interpersonal abuse that happens in private, such as domestic abuse. It’s difficult to collect data about this kind of abuse, because it tends to happen behind closed doors, and there are still a lot of barriers for victims speaking about their experiences. There isn’t an existing dataset of anonymised abusive text messages between intimate partners or family members. Creating such a dataset could help researchers learn a lot more about the language of abuse, and how abuse takes place. It could help create future educational tools to prevent abuse from taking place, and help to increase identification and prosecution of different types of abuse by the police. As researchers, we want to build an online portal where victim survivors of abuse can upload screenshots of messages that they believe to be abusive, in order to be anonymised and used in research about abuse. However, collecting this data raises a lot of ethical, data protection, and technical issues. Is it possible to secure a dropbox and a dataset like this? Is it ethical? What kinds of attacks would the platform be vulnerable to? So we need your help to make this platform as secure as possible! This workshop will take the form of a short presentation about the research and some ideas for how such a portal could be implemented. The rest of the session will be a brainstorming session to try and source expertise and ideas from workshop participants about how such a platform could be hacked, as well as the ethical issues of this research. The workshop will be split into small groups, each with a set of questions, and participants can choose to join the group with the questions that most interest them. Questions proposed to workshop participants would include: - HACK & ATTACK: How would you hack this platform? What attacks is it likely to attract? What are it’s vulnerability - TOOLS TO DEFEND: What are the options for a secure database backend? What tools and platforms are available to scan for unwanted content? (e.g. to protect researchers from seeing explicit images, for example). What methods are available to protect from spamming? - Are there other fields that use similar techniques? e.g. a secure dropbox for whistleblowers - DATA PROTECTION & ETHICS: What are the arguments for and against such a dropbox, from a data protection perspective? How could such data be securely anonymised? How can you completely anonymise uploads to such a dropbox? E.g. discard IP and device identifying information from incoming upload packets

Additional information

Type Workshop
Language English

More sessions

7/22/22
MCH2022 Curated content
Elger "Stitch" Jonker
Abacus 🧮
⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party?
7/22/22
MCH2022 Curated content
Jelle vd ster
Abacus 🧮
What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has ...
7/22/22
MCH2022 Curated content
Clairvoyance 🔮
Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.
7/22/22
MCH2022 Curated content
Mikko Hypponen
Abacus 🧮
This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of ...
7/22/22
MCH2022 Curated content
Battery 🔋
Thanks to DNSSEC and DANE, it is possible to automatically verify user@domain.name identities by checking with domain.name servers. The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only. The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs.
7/22/22
MCH2022 Curated content
Klaus Agnoletti
Clairvoyance 🔮
Utilizing collaborative security to collect data on attacks we were able to detect Log4J in a quite unusual but effective manner. We'll show you how CrowdSec enables the entire infosec community to stand together by detecting attempts to exploit a critical 0day, reporting them centrally thereby enabling anyone to protect themselves shortly after the vulnerability was made public. The unusual part is that this is done using FOSS software and by analyzing logs of real production systems but in a ...
7/22/22
MCH2022 Curated content
bert hubert
Abacus 🧮
Building on the very well attended DNA presentations ("DNA: The Code Of Life") at SHA2017, this talk will cover: * A brief recap what DNA is and how it works * It is surprisingly digital! * How reading DNA is within 'pro-sumer' reach now * (I might bring a live demo for after the talk) * An overview of DNA editing technologies (offline, and online: on living organisms) * Including the famous CRISPR-CAS, but also newer variants * How does such editing actually work in a lab? * The surprising lack ...