GET /api/v2/video/412
HTTP 200 OK Vary: Accept Content-Type: text/html; charset=utf-8 Allow: GET, PUT, PATCH, HEAD, OPTIONS
{ "category": "PyCon US 2011", "language": "English", "slug": "pycon-2011--tuf--secure-software-updates-in-pytho", "speakers": [ "Geremy Condra" ], "tags": [ "pycon", "pycon2011", "security", "tuf", "updates" ], "id": 412, "state": 1, "title": "TUF: Secure Software Updates in Python", "summary": "", "description": "TUF: Secure Software Updates in Python\n\nPresented by Geremy Condra\n\nFrom an attacker's point of view there are few entry points with as much to\noffer as a vulnerable software updater, yet history tells us that such\nvulnerabilities are common. In this talk we'll demonstrate a number of\nattacks, explain how common approaches fail to defend against them, and\ndemonstrate a pure Python library (TUF) that provides both robust protection\nand extreme ease of use.\n\nAbstract\n\nVulnerabilities in software update systems expose users to huge range of\npotential security risks, including:\n\n * Freeze attacks, \n * Mix-and-match attacks, \n * Rollback attacks, and \n * Endless data attacks \n\nIn the first part of this talk, we'll demonstrate each of these against real-\nworld software updaters and explain how commonly used countermeasures fail in\napplication. We'll then move on to the second part of the talk, demonstrating\nTUF, its internals, and the mechanisms it uses to additionally defend against\nkey compromise. Finally, we'll demonstrate how easy it is to integrate TUF\ninto your application and its lifecycle.\n\n", "quality_notes": "", "copyright_text": "Creative Commons Attribution-NonCommercial-ShareAlike 3.0", "embed": "", "thumbnail_url": "", "duration": null, "video_ogv_length": 147096471, "video_ogv_url": null, "video_ogv_download_only": false, "video_mp4_length": null, "video_mp4_url": "", "video_mp4_download_only": false, "video_webm_length": null, "video_webm_url": null, "video_webm_download_only": false, "video_flv_length": null, "video_flv_url": null, "video_flv_download_only": false, "source_url": "", "whiteboard": "", "recorded": "2011-03-11", "added": "2012-02-23T04:20:00", "updated": "2014-04-08T20:28:28.053" }