0:00:00.000,0:00:30.000
Dear viewer, these subtitles were generated[br]by a machine via the service YouTube[br]and therefore are (very) buggy.[br]If you are capable, please help us to[br]create good quality subtitles:[br]https://c3subtitles.de/talk/3028 Thanks!

0:00:00.090,0:00:16.240
[Music]

0:00:14.080,0:00:20.439
um basically textbooks have been written

0:00:16.240,0:00:22.359
about it um countless talks have been uh

0:00:20.439,0:00:23.640
have been Illuminating all of the errors

0:00:22.359,0:00:26.760
of our

0:00:23.640,0:00:28.160
ways um and still all those sucky

0:00:26.760,0:00:30.519
software is out

0:00:28.160,0:00:34.440
there um but

0:00:30.519,0:00:37.040
FIFA over here the hero of our show uh

0:00:34.440,0:00:40.520
has put out has put all of these best

0:00:37.040,0:00:43.640
practices into you know into his work to

0:00:40.520,0:00:46.719
try to create a um secure website he's

0:00:43.640,0:00:50.399
going to show us how it's done so that

0:00:46.719,0:00:55.359
we can all sleep way better at night and

0:00:50.399,0:00:57.559
um um and with that template go back and

0:00:55.359,0:00:59.559
and secure our own software and so with

0:00:57.559,0:01:02.879
that I'm going to hand it right over to

0:00:59.559,0:01:02.879
Fifi give him a round of

0:01:04.910,0:01:10.170
[Applause]

0:01:12.560,0:01:17.600
applause thank you um I have to start

0:01:15.159,0:01:19.840
with an apology because I did submit

0:01:17.600,0:01:22.200
this talk but it was rejected so the

0:01:19.840,0:01:24.320
slides are not at the stage where they

0:01:22.200,0:01:26.200
should be these are our slides for a

0:01:24.320,0:01:28.439
previous version of the talk it contains

0:01:26.200,0:01:30.240
all the material and I tried to update

0:01:28.439,0:01:33.240
it more but that destroyed the flow so

0:01:30.240,0:01:35.399
we we're stuck with it basically um the

0:01:33.240,0:01:37.280
difference was the the audience so while

0:01:35.399,0:01:39.079
I expect more developers here the other

0:01:37.280,0:01:42.640
audience was more and hackers and

0:01:39.079,0:01:45.479
business people so I try to get them

0:01:42.640,0:01:48.040
from where they are and uh the main

0:01:45.479,0:01:50.560
question usually is Are We There Yet

0:01:48.040,0:01:53.200
right so about me you probably probably

0:01:50.560,0:01:55.479
seen this before I'm a code auditor by

0:01:53.200,0:01:57.439
trade I have a small company and

0:01:55.479,0:02:01.840
companies show us their code and I show

0:01:57.439,0:02:01.840
them bugs I find in Indians quite easy

0:02:02.000,0:02:06.320
but before we start I have a small

0:02:04.000,0:02:09.599
celebration to do this actually happened

0:02:06.320,0:02:11.760
just a day before the first time I

0:02:09.599,0:02:14.239
talked about this uh so kasperski

0:02:11.760,0:02:15.440
message they found some mware anded Ed

0:02:14.239,0:02:18.120
diet

0:02:15.440,0:02:19.270
Lipsy which I have written so this is

0:02:18.120,0:02:25.080
like a

0:02:19.270,0:02:25.080
[Applause]

0:02:26.680,0:02:31.080
Knighthood some of the malware people

0:02:28.879,0:02:33.480
know what's good

0:02:31.080,0:02:35.879
so um basically the main question when I

0:02:33.480,0:02:37.879
talk to customers is uh we spend so much

0:02:35.879,0:02:40.480
money on this why isn't it

0:02:37.879,0:02:44.159
working and the the answer is you're

0:02:40.480,0:02:47.200
you're doing it wrong so um I will try

0:02:44.159,0:02:50.040
to show no what exactly is wrong and

0:02:47.200,0:02:52.000
there's a small preface here uh people

0:02:50.040,0:02:54.120
usually say there's no time to do this

0:02:52.000,0:02:56.560
briide and that's just wrong you have

0:02:54.120,0:02:58.640
exactly as much time per day as other

0:02:56.560,0:03:00.000
people who did great things so you can

0:02:58.640,0:03:01.760
do great things too you just just need

0:03:00.000,0:03:05.480
to do

0:03:01.760,0:03:07.080
it so let's play a little warm-up game

0:03:05.480,0:03:10.000
uh it's called how it started how it's

0:03:07.080,0:03:12.440
going so let's have a demo round IBM

0:03:10.000,0:03:14.959
Watson is revolutionizing 10

0:03:12.440,0:03:17.319
Industries and it's going like this

0:03:14.959,0:03:20.319
whatever happened to IBM Watson that's a

0:03:17.319,0:03:21.959
typical pattern in the security industry

0:03:20.319,0:03:25.480
right so here's another one how it

0:03:21.959,0:03:27.760
started revolutionize security with AI

0:03:25.480,0:03:30.239
right we all know where this is

0:03:27.760,0:03:33.640
going right so that's the p

0:03:30.239,0:03:35.319
um let's play it security mind sweeper

0:03:33.640,0:03:37.400
right so uh everybody here probably

0:03:35.319,0:03:39.519
knows who Gartner is they publish

0:03:37.400,0:03:41.239
recommendations and they even have a

0:03:39.519,0:03:43.239
voting section where people can say this

0:03:41.239,0:03:45.319
is the best product in this section

0:03:43.239,0:03:47.120
right so let's look at a few of them and

0:03:45.319,0:03:50.840
see what happened to people who trusted

0:03:47.120,0:03:53.879
Gartner first is a firewall right so how

0:03:50.840,0:03:55.360
it started the number one recommendation

0:03:53.879,0:04:01.560
is for

0:03:55.360,0:04:03.159
net and they have a lot of marketing G

0:04:01.560,0:04:04.720
and if you look how it's going it's not

0:04:03.159,0:04:08.120
going so

0:04:04.720,0:04:09.760
good so let's extend the pattern a bit

0:04:08.120,0:04:11.680
why what happened to me in in this

0:04:09.760,0:04:13.120
regard so I I don't need a firewall I

0:04:11.680,0:04:16.120
don't have any ports open that I need

0:04:13.120,0:04:18.799
blocking right so you don't need this

0:04:16.120,0:04:21.199
strictly speaking you don't need it next

0:04:18.799,0:04:24.479
discipline endpoint protection

0:04:21.199,0:04:27.120
so it started with TRX this is the

0:04:24.479,0:04:28.479
number one recommendation on Gartner I I

0:04:27.120,0:04:30.199
hadn't heard of them there like can make

0:04:28.479,0:04:33.479
a feed joint venture or something thing

0:04:30.199,0:04:35.919
who cares they also have great marketing

0:04:33.479,0:04:37.000
go and then if you look at what happened

0:04:35.919,0:04:39.280
it's

0:04:37.000,0:04:42.919
like they made it

0:04:39.280,0:04:45.320
worse um okay so this didn't apply to me

0:04:42.919,0:04:47.160
either because I don't use snake oil

0:04:45.320,0:04:48.800
let's see the third one password manager

0:04:47.160,0:04:52.080
also very

0:04:48.800,0:04:55.240
popular how it started recommended last

0:04:52.080,0:04:55.240
pass you probably know where this is

0:04:56.479,0:05:01.560
going yeah they got owned and then

0:04:59.759,0:05:04.759
people got

0:05:01.560,0:05:07.080
owned so um you may notice a pattern

0:05:04.759,0:05:08.800
here uh this didn't apply to me because

0:05:07.080,0:05:10.880
I deser a password authentication use

0:05:08.800,0:05:14.520
public key which has been available for

0:05:10.880,0:05:16.440
decades right so small bonus the last

0:05:14.520,0:05:19.639
one to

0:05:16.440,0:05:22.639
FAA uh Gartner recommends Duo which has

0:05:19.639,0:05:25.639
been bought by Cisco but doesn't

0:05:22.639,0:05:27.400
matter so if you look at what Duo does

0:05:25.639,0:05:29.160
your server asks the cloud for

0:05:27.400,0:05:30.199
permission the cloud goes to the

0:05:29.160,0:05:33.479
telephone

0:05:30.199,0:05:35.240
telephone shows a popup you click yes

0:05:33.479,0:05:37.240
and then the cloud tells the server it's

0:05:35.240,0:05:39.160
okay you can let them in if you look

0:05:37.240,0:05:40.680
really closely you can notice the cloud

0:05:39.160,0:05:44.080
doesn't have to do the popup can just

0:05:40.680,0:05:47.039
say sure so this comes pre-owned there

0:05:44.080,0:05:49.120
is no need to hack anything

0:05:47.039,0:05:50.600
here and something many people don't

0:05:49.120,0:05:51.960
realize you don't need two Factor if you

0:05:50.600,0:05:53.400
have public key that's already the

0:05:51.960,0:05:55.479
second

0:05:53.400,0:05:57.720
Factor okay

0:05:55.479,0:06:00.759
so yeah let's skip over this briefly

0:05:57.720,0:06:02.199
Splunk is the the recommend option here

0:06:00.759,0:06:06.039
and they make the organization more

0:06:02.199,0:06:06.039
resilient um unless you install

0:06:08.360,0:06:11.519
[Applause]

0:06:14.840,0:06:20.639
it okay um so this one is dear to my

0:06:17.639,0:06:22.240
heart because um people start arguing

0:06:20.639,0:06:24.960
about whether to install patches and

0:06:22.240,0:06:27.840
which patch to install first and it used

0:06:24.960,0:06:29.520
to be simple you you look for problems

0:06:27.840,0:06:30.560
then you install the patches and then it

0:06:29.520,0:06:33.240
a bit more

0:06:30.560,0:06:36.440
complicated and the result is this right

0:06:33.240,0:06:40.000
that's a famous podcast in in German uh

0:06:36.440,0:06:41.800
it's about municipality who got owned by

0:06:40.000,0:06:43.800
by ransomware and then had to call the

0:06:41.800,0:06:46.360
Army for

0:06:43.800,0:06:47.840
help and what you should do I'm having

0:06:46.360,0:06:49.160
this for completeness install all

0:06:47.840,0:06:51.840
patches immediately but that's a

0:06:49.160,0:06:54.520
separate talk right so um you may notice

0:06:51.840,0:06:56.039
a pattern here the it security industry

0:06:54.520,0:06:59.000
recommends something and if you do it

0:06:56.039,0:07:01.000
you're [ __ ] so don't do it um in case

0:06:59.000,0:07:03.560
you can't read this this says snake

0:07:01.000,0:07:06.720
repellent granules and then there's a

0:07:03.560,0:07:06.720
snake sleeping next to

0:07:07.520,0:07:12.319
it right so um if we can trust the

0:07:10.960,0:07:15.400
recommendations of the industry what

0:07:12.319,0:07:16.919
shall we do and um so I had a lot of

0:07:15.400,0:07:19.520
time on my hands because I didn't have

0:07:16.919,0:07:21.319
to clean up after crappy it security

0:07:19.520,0:07:23.720
industry recommendations so what that

0:07:21.319,0:07:26.960
what did I do with my

0:07:23.720,0:07:30.840
time and uh I decided I need a Blog uh

0:07:26.960,0:07:32.560
some time ago now um and I started

0:07:30.840,0:07:34.280
thinking what do I need and it's

0:07:32.560,0:07:37.520
actually not that much I could have just

0:07:34.280,0:07:39.400
shown basically static content a little

0:07:37.520,0:07:42.240
search function would be good but it's

0:07:39.400,0:07:44.720
optional um I didn't need comments for

0:07:42.240,0:07:48.360
legal reasons because people start

0:07:44.720,0:07:50.120
posting like uh links to maware or

0:07:48.360,0:07:51.960
whatever I don't want that um I don't

0:07:50.120,0:07:53.840
need that right so the first version was

0:07:51.960,0:07:55.800
actually really easy it was a small

0:07:53.840,0:07:58.599
standard web server and I had the the

0:07:55.800,0:08:00.199
blog entries a static HTML files one

0:07:58.599,0:08:01.759
file per month it was actually really

0:08:00.199,0:08:05.440
easy if you want to search you just can

0:08:01.759,0:08:07.120
ask Google and limit it to my site so

0:08:05.440,0:08:09.479
posting was also easy had a little

0:08:07.120,0:08:12.879
script that uh I could run on the server

0:08:09.479,0:08:14.879
and I just ssh in and SSH I trust for

0:08:12.879,0:08:17.479
authentication so there's no new attack

0:08:14.879,0:08:20.400
surface I have that anyway and this is a

0:08:17.479,0:08:23.039
great design it's secure it's simple

0:08:20.400,0:08:25.000
there's low risk it's also high

0:08:23.039,0:08:27.879
performance but you couldn't do a talk

0:08:25.000,0:08:30.080
about it at the CCC right so it's too

0:08:27.879,0:08:32.280
boring so I started to produce risk in

0:08:30.080,0:08:32.280
my

0:08:33.640,0:08:38.240
setup so the first idea was I had

0:08:36.360,0:08:40.640
written a small web server I could just

0:08:38.240,0:08:44.039
implement the blog in the web server

0:08:40.640,0:08:46.839
because you know it's my code anyway um

0:08:44.039,0:08:49.080
but that has downsides if the the blog

0:08:46.839,0:08:50.839
is running in the web server then it can

0:08:49.080,0:08:52.920
access all the memory of the web server

0:08:50.839,0:08:55.240
in particular it can see the TLs private

0:08:52.920,0:08:58.240
key and that I don't want people to

0:08:55.240,0:09:00.560
extract right so it can't be a module in

0:08:58.240,0:09:02.760
the web server

0:09:00.560,0:09:05.360
and the the obvious solution is it the

0:09:02.760,0:09:08.000
it has to run in a different user ID on

0:09:05.360,0:09:09.760
on Linux I'm using Linux or but any any

0:09:08.000,0:09:12.079
Unix or Windows would be the same

0:09:09.760,0:09:14.000
basically it runs in a different user ID

0:09:12.079,0:09:15.800
and then if you if you take over the

0:09:14.000,0:09:18.279
process of the blog because there's some

0:09:15.800,0:09:19.360
bug in it you couldn't access the the

0:09:18.279,0:09:21.760
TLs

0:09:19.360,0:09:23.040
key and while I did that the industry

0:09:21.760,0:09:25.279
was doing

0:09:23.040,0:09:27.360
this that's like the running gag of this

0:09:25.279,0:09:28.760
talk I show all kinds of interesting

0:09:27.360,0:09:29.640
things the industry did and then show

0:09:28.760,0:09:32.760
what I did

0:09:29.640,0:09:34.519
in that time right so um next question

0:09:32.760,0:09:37.600
where's the content I could just have

0:09:34.519,0:09:39.079
files on disk like static HTML as before

0:09:37.600,0:09:41.760
but I think that's not professional

0:09:39.079,0:09:43.399
enough right so for a good CCC talk you

0:09:41.760,0:09:45.360
need to be more

0:09:43.399,0:09:46.920
professional also for a different

0:09:45.360,0:09:51.000
project I had just written an elabs

0:09:46.920,0:09:52.600
server so I decided to reuse it and uh

0:09:51.000,0:09:54.040
while I did that the industry did this I

0:09:52.600,0:09:55.839
I took this photo at the airport of

0:09:54.040,0:09:57.560
Jerusalem so this is an actual ad it's

0:09:55.839,0:09:59.800
not photoshopped right it's for north of

0:09:57.560,0:10:02.760
gramman which is a um

0:09:59.800,0:10:06.720
military contractor and it's about full

0:10:02.760,0:10:06.720
spectrum cyber across all

0:10:06.800,0:10:12.040
domains so why would I write my own elab

0:10:09.360,0:10:14.880
server mostly because it's small and um

0:10:12.040,0:10:17.640
because I'm an auditor by trade I know

0:10:14.880,0:10:20.560
that if you want a chance to actually

0:10:17.640,0:10:22.320
audit the code it needs to be small

0:10:20.560,0:10:24.279
because that's a limited resource the

0:10:22.320,0:10:27.360
time you can spend on auditing code

0:10:24.279,0:10:30.399
right so postgress is a common SQL

0:10:27.360,0:10:32.440
database uh slapd is the the open Lup

0:10:30.399,0:10:34.839
implementation of the server and Tiny

0:10:32.440,0:10:37.160
Lup is mine and you see it's much slower

0:10:34.839,0:10:37.160
uh much

0:10:38.440,0:10:44.240
smaller yeah so there was more to this

0:10:40.519,0:10:44.240
ad campaign I collected a few funny

0:10:44.320,0:10:52.360
images right so um if someone manages to

0:10:48.959,0:10:54.959
hack the blog CGI or whatever module I

0:10:52.360,0:10:57.399
use to to have connect the blog to the

0:10:54.959,0:11:00.399
web server they can open any file that

0:10:57.399,0:11:02.720
the blog can read right the uid can read

0:11:00.399,0:11:05.880
so um I should probably do something

0:11:02.720,0:11:07.560
about that that was the next step and

0:11:05.880,0:11:08.750
the industry was starting to think about

0:11:07.560,0:11:10.240
vulnerability

0:11:08.750,0:11:12.519
[Music]

0:11:10.240,0:11:14.440
management so there is a mechanism on

0:11:12.519,0:11:16.600
Unix on Linux I did a separate talk

0:11:14.440,0:11:19.120
about that uh on the last Congress it's

0:11:16.600,0:11:21.000
called Secom and Secom can it's like a

0:11:19.120,0:11:24.279
firewall for CS calls so I can use

0:11:21.000,0:11:27.160
seccom to block open the open CIS which

0:11:24.279,0:11:29.600
is used to open files um but if I have

0:11:27.160,0:11:31.880
to use open myself

0:11:29.600,0:11:33.480
then um I can't block it right so what

0:11:31.880,0:11:35.760
you do about that for example my blog

0:11:33.480,0:11:38.360
calls local time which converts unix's

0:11:35.760,0:11:40.480
time into the local time zone and for

0:11:38.360,0:11:44.920
that it opens a file containing the

0:11:40.480,0:11:47.040
description of the uh system time zone

0:11:44.920,0:11:49.360
and that's that calls open right so if I

0:11:47.040,0:11:52.000
just disabled the open system call from

0:11:49.360,0:11:54.720
my blog then it couldn't do the time

0:11:52.000,0:11:57.639
translation and uh this is actually an

0:11:54.720,0:12:00.079
old problem that also uh applies to set

0:11:57.639,0:12:03.040
ID programs and has has applied to them

0:12:00.079,0:12:05.959
for decades so what you can do is you

0:12:03.040,0:12:08.720
can reorganize your code so before you

0:12:05.959,0:12:11.680
block or before you drop privileges

0:12:08.720,0:12:14.480
generally speaking you do uh the open

0:12:11.680,0:12:16.760
calls in this in this example um and

0:12:14.480,0:12:19.199
then you disable open and then you look

0:12:16.760,0:12:21.120
at the the data provided by the attacker

0:12:19.199,0:12:23.639
because if the attacker or any untrusted

0:12:21.120,0:12:26.160
source is trying to hack you it is via

0:12:23.639,0:12:27.680
data it gives you right it's the the

0:12:26.160,0:12:29.480
environment is compromised so you look

0:12:27.680,0:12:31.760
at what kind of uh elements in the

0:12:29.480,0:12:33.680
environment are attacker supplied and

0:12:31.760,0:12:35.720
before you look at a single bite in them

0:12:33.680,0:12:38.440
you do all the dangerous stuff if you

0:12:35.720,0:12:42.199
can right so in this case I call local

0:12:38.440,0:12:44.959
time once before I drop the open CIS

0:12:42.199,0:12:47.760
call and then my lipy will cach the the

0:12:44.959,0:12:50.000
time zone data and the next time I call

0:12:47.760,0:12:51.800
it after I have looked at the attacker

0:12:50.000,0:12:54.279
supplied code there is no need to call

0:12:51.800,0:12:57.600
open right so that's a major advantage

0:12:54.279,0:13:01.560
of Secom over similar Technologies like

0:12:57.600,0:13:04.360
SE Linux where where the all the the the

0:13:01.560,0:13:07.440
the um prohibitions on CIS calls are

0:13:04.360,0:13:08.720
applied to the whole process so there is

0:13:07.440,0:13:09.839
this is an example and you should make

0:13:08.720,0:13:11.839
use of it you should look at your

0:13:09.839,0:13:13.680
process and you can see if you have the

0:13:11.839,0:13:16.360
source code at least you can see which

0:13:13.680,0:13:18.560
parts do I need to do before I can drop

0:13:16.360,0:13:21.000
Privileges and you move them up right so

0:13:18.560,0:13:25.040
that's what I

0:13:21.000,0:13:27.519
did um this is actually uh a mockup from

0:13:25.040,0:13:30.240
the Estonian cyber security

0:13:27.519,0:13:34.959
Center so this is

0:13:30.240,0:13:38.399
real okay so um next thought so let's

0:13:34.959,0:13:40.639
say someone hacks the blog uh module and

0:13:38.399,0:13:41.880
someone else uses the same module but

0:13:40.639,0:13:44.040
supplies a

0:13:41.880,0:13:46.160
password right this is a common problem

0:13:44.040,0:13:47.800
in website in websites there's some kind

0:13:46.160,0:13:50.560
of login something you get maybe a

0:13:47.800,0:13:53.480
session token or whatever um and if

0:13:50.560,0:13:56.040
someone manages to take over the the

0:13:53.480,0:13:58.920
middleware or like the server component

0:13:56.040,0:14:01.079
they can see uh all other connections

0:13:58.920,0:14:03.360
too if they are handled by the same

0:14:01.079,0:14:05.880
process right that's a that's a major

0:14:03.360,0:14:08.880
problem um and you can do something

0:14:05.880,0:14:12.199
about it so that's the good news

0:14:08.880,0:14:14.560
here uh and in in my example it led to

0:14:12.199,0:14:18.440
me using CGI instead of fast CGI which

0:14:14.560,0:14:21.040
is fast CGI is a newer version of CGI

0:14:18.440,0:14:24.440
and the idea with fast CGI is that you

0:14:21.040,0:14:27.079
don't spawn a new process for every

0:14:24.440,0:14:30.320
request but you have like a Unix domain

0:14:27.079,0:14:32.199
socket or another socket to a fast CGI

0:14:30.320,0:14:35.680
process and that opens maybe a threat

0:14:32.199,0:14:37.600
per request or something but um usually

0:14:35.680,0:14:39.360
in fast CGI you try to handle the

0:14:37.600,0:14:42.440
requests in the same process and then

0:14:39.360,0:14:44.720
you can use that process to cach data so

0:14:42.440,0:14:47.720
there's a perf advantage to using fast

0:14:44.720,0:14:50.680
CGI but for security reasons um I don't

0:14:47.720,0:14:53.040
I don't use fast CGI so I can't do

0:14:50.680,0:14:54.360
caching right so that's a major downside

0:14:53.040,0:14:57.000
and you would expect the block to be

0:14:54.360,0:14:59.040
really really slow in the end um so

0:14:57.000,0:15:02.079
first thing I need to use CGI instead of

0:14:59.040,0:15:05.519
fast CGI and secondly you could still

0:15:02.079,0:15:07.759
use debug apis so if you use GDB or

0:15:05.519,0:15:10.680
another debugger to to look at another

0:15:07.759,0:15:12.519
process they use an API called p trce u

0:15:10.680,0:15:17.000
but that's a CIS call so I can use set

0:15:12.519,0:15:19.920
comp to disallow pce if I do those two

0:15:17.000,0:15:21.839
and the attacker takes over a Blog

0:15:19.920,0:15:24.320
process all they can see is the data

0:15:21.839,0:15:26.920
they Supply themselves right that's a

0:15:24.320,0:15:26.920
major

0:15:27.279,0:15:31.519
advantage Okay so Ina is actually in U

0:15:29.800,0:15:33.600
agency which I find really disturbing

0:15:31.519,0:15:38.040
because they're burning lots of taxpayer

0:15:33.600,0:15:40.399
money anyway so let's assume um the

0:15:38.040,0:15:42.720
attacker can hack my blog they can still

0:15:40.399,0:15:45.040
circumvent any access control I do in

0:15:42.720,0:15:49.079
the blog so for example if I have an

0:15:45.040,0:15:51.360
admin site or some login site part of

0:15:49.079,0:15:54.000
the website um and it's handled through

0:15:51.360,0:15:56.399
the same program and the access control

0:15:54.000,0:15:59.000
is done in the blog CGI and someone

0:15:56.399,0:16:03.600
manages to hack my blog CGI they could

0:15:59.000,0:16:06.000
just skip that so um it's really hard to

0:16:03.600,0:16:07.880
do access restrictions that can be

0:16:06.000,0:16:09.759
circumvented if you do them in your own

0:16:07.880,0:16:13.440
code so the solution is not do it in

0:16:09.759,0:16:15.639
your own code um I don't do any access

0:16:13.440,0:16:18.880
restriction in the blog I do it in the

0:16:15.639,0:16:20.639
elab server so if you connect to my blog

0:16:18.880,0:16:22.160
and Supply a password then the blog

0:16:20.639,0:16:24.440
doesn't know if the password is right or

0:16:22.160,0:16:25.680
not right there's an an an for example

0:16:24.440,0:16:27.560
there's an interface where you can add

0:16:25.680,0:16:29.279
new block entries or you can edit an old

0:16:27.560,0:16:31.040
one and for you need to supply

0:16:29.279,0:16:33.000
credentials but the block CGI doesn't

0:16:31.040,0:16:34.680
know if they are right or not it opens

0:16:33.000,0:16:36.920
the connections to the elab server with

0:16:34.680,0:16:40.880
that credential and then the elab server

0:16:36.920,0:16:44.759
says yes or no so since we uh removed

0:16:40.880,0:16:46.800
access to the P SS uh and the the

0:16:44.759,0:16:48.079
processes are isolated from each other

0:16:46.800,0:16:50.040
that means there is nothing to

0:16:48.079,0:16:52.680
circumvent here so if someone hacks my

0:16:50.040,0:16:54.639
blog the only Advantage uh they get is

0:16:52.680,0:16:56.240
they can do the exact same stuff they

0:16:54.639,0:16:59.639
could do before basically they can just

0:16:56.240,0:17:02.399
talk to the L server

0:16:59.639,0:17:04.360
okay so I'm starting to get into uh

0:17:02.399,0:17:06.839
James Bond territory here right with the

0:17:04.360,0:17:09.000
attacks they getting more

0:17:06.839,0:17:10.520
convoluted right so the industry started

0:17:09.000,0:17:13.199
doing threat intelligence feeds which

0:17:10.520,0:17:15.760
are useless don't spend money on those

0:17:13.199,0:17:19.280
okay so let's say the attacker hacked my

0:17:15.760,0:17:22.000
blog and then went to my tiny UB and now

0:17:19.280,0:17:24.120
is attacking tiny elab then they can

0:17:22.000,0:17:26.360
watch other logins because tiny Elder

0:17:24.120,0:17:29.080
handles connections from other instances

0:17:26.360,0:17:30.679
of the blog too right so the same

0:17:29.080,0:17:33.200
problem we had before we just moved the

0:17:30.679,0:17:35.679
gold post a little and we need to

0:17:33.200,0:17:37.840
prevent this and the the obvious

0:17:35.679,0:17:41.799
solution is to do the same thing we did

0:17:37.840,0:17:44.840
with the blog um we have one process of

0:17:41.799,0:17:48.799
the elab server per request and then we

0:17:44.840,0:17:50.840
just allow P Trace right so now you

0:17:48.799,0:17:52.559
can't watch even if you get code

0:17:50.840,0:17:54.880
execution inside the elab server you

0:17:52.559,0:17:58.960
can't watch what passwords other people

0:17:54.880,0:18:01.240
use you can still see okay does some

0:17:58.960,0:18:04.360
[ __ ] again you can still see the

0:18:01.240,0:18:06.480
password in the UB store right so the

0:18:04.360,0:18:08.360
elab server has to has a version of the

0:18:06.480,0:18:10.760
password to authenticate against and the

0:18:08.360,0:18:12.840
industry practice best practice is to

0:18:10.760,0:18:14.360
use salted hashers so the password is

0:18:12.840,0:18:17.080
not actually in the

0:18:14.360,0:18:19.600
store still if someone manages to attack

0:18:17.080,0:18:22.080
tiny elab through the blog they can

0:18:19.600,0:18:24.880
extract the hashes and try to crack them

0:18:22.080,0:18:27.919
but since I'm the only one adding users

0:18:24.880,0:18:31.640
I can control the password complexity so

0:18:27.919,0:18:34.640
good luck frood forcing that

0:18:31.640,0:18:34.640
right

0:18:34.760,0:18:39.400
okay so uh this is actually a real

0:18:37.559,0:18:41.679
problem not not for my blog specifically

0:18:39.400,0:18:43.320
but for other web services or services

0:18:41.679,0:18:44.760
that are reachable from the internet

0:18:43.320,0:18:46.799
what if an attacker doesn't want to

0:18:44.760,0:18:50.240
steal my data but it wants to encrypt

0:18:46.799,0:18:54.080
them so the ransomware what can you do

0:18:50.240,0:18:56.400
about that and um my idea was to make

0:18:54.080,0:18:58.000
the data store read only so the UB

0:18:56.400,0:19:00.679
server has a data store that contains

0:18:58.000,0:19:03.159
all the blog entries and let's read only

0:19:00.679,0:19:05.440
to the add up process you can only read

0:19:03.159,0:19:08.200
from it and if you want to write to it

0:19:05.440,0:19:10.039
for example to add a new entry it gets

0:19:08.200,0:19:10.919
appended to a second file which I call

0:19:10.039,0:19:13.559
the

0:19:10.919,0:19:15.880
journal so SQL databases have a similar

0:19:13.559,0:19:17.760
concept and they use it to to roll back

0:19:15.880,0:19:19.320
transactions I can do the same thing

0:19:17.760,0:19:22.200
it's basically a log

0:19:19.320,0:19:25.159
file and that means um all the

0:19:22.200,0:19:27.360
differences from the last time the store

0:19:25.159,0:19:29.400
was created the Ron store all the

0:19:27.360,0:19:32.240
differences are sequentially in the log

0:19:29.400,0:19:34.320
file in the journal so that that the

0:19:32.240,0:19:36.480
performance gets worse the bigger the

0:19:34.320,0:19:39.480
journal gets so every now and then I

0:19:36.480,0:19:41.600
need to combine the readon part and the

0:19:39.480,0:19:44.120
journal to a new bigger readon part and

0:19:41.600,0:19:44.120
I do that

0:19:44.679,0:19:49.640
manually um because tiny elab couldn't

0:19:47.880,0:19:51.039
do it because I didn't allow tiny elab

0:19:49.640,0:19:54.960
to write the store right that was part

0:19:51.039,0:19:57.120
of the security here and uh so um with

0:19:54.960,0:19:59.000
set comp I can just disable whole CIS

0:19:57.120,0:20:00.880
calls I can also install filters so I

0:19:59.000,0:20:03.679
can say open is allowed but only if you

0:20:00.880,0:20:06.440
use o append o append in the open sis

0:20:03.679,0:20:09.280
call on Unix means every right you do to

0:20:06.440,0:20:12.600
this uh descriptor is automatically

0:20:09.280,0:20:16.159
added to the end so I know if someone

0:20:12.600,0:20:18.840
manages to to access the tiny Elda

0:20:16.159,0:20:20.799
binary and can write to my journal then

0:20:18.840,0:20:22.320
the only place the changes can show up

0:20:20.799,0:20:24.600
is at the end and that's actually a

0:20:22.320,0:20:27.200
really good good thing to have because

0:20:24.600,0:20:29.840
it means if someone hacks me and adds

0:20:27.200,0:20:32.720
junk to my blog I can only remove at the

0:20:29.840,0:20:35.360
end and I'm good again compare that to a

0:20:32.720,0:20:38.320
usual SQL database um if someone wrote

0:20:35.360,0:20:40.919
to the database you need to in to to

0:20:38.320,0:20:42.760
play a backup uh in to restore backup

0:20:40.919,0:20:45.600
because they could have changed anything

0:20:42.760,0:20:47.000
anywhere right so but tiny adup doesn't

0:20:45.600,0:20:48.840
even have file system level permissions

0:20:47.000,0:20:50.880
to change anything in the store so I can

0:20:48.840,0:20:53.320
re re uh sleep

0:20:50.880,0:20:56.440
soundly yeah the industry spent money on

0:20:53.320,0:20:56.440
cyber security mesh

0:20:56.480,0:21:00.480
architecture right so the journal

0:20:58.880,0:21:02.280
integration has to be done by me

0:21:00.480,0:21:05.440
manually out of band so it's not

0:21:02.280,0:21:08.880
something an automated process does um I

0:21:05.440,0:21:10.360
do it manually and when I'm doing it um

0:21:08.880,0:21:12.520
because it's not that much data it's

0:21:10.360,0:21:14.600
like for a week or two I can just read

0:21:12.520,0:21:16.480
it again and see if something doesn't

0:21:14.600,0:21:19.120
look

0:21:16.480,0:21:21.080
right this may not be available to all

0:21:19.120,0:21:22.760
other scenarios but uh you have to

0:21:21.080,0:21:25.200
realize if you have bigger data it's

0:21:22.760,0:21:27.039
usually not all the data that's big most

0:21:25.200,0:21:29.960
of it is usually static and readon and

0:21:27.039,0:21:32.840
then you have some logs that are or you

0:21:29.960,0:21:35.400
know billing data that grows and grows

0:21:32.840,0:21:37.799
but usually there's part of the data and

0:21:35.400,0:21:40.600
this is the the part with the you know

0:21:37.799,0:21:43.679
um uh identifying information personally

0:21:40.600,0:21:46.120
identifying information or you know Bill

0:21:43.679,0:21:48.120
billing details that stuff is usually

0:21:46.120,0:21:51.440
small and mostly static and you could

0:21:48.120,0:21:51.440
use this strategy for that

0:21:52.760,0:21:58.799
too well yeah

0:21:56.159,0:22:01.600
okay so the attack can still write

0:21:58.799,0:22:03.919
garbage to my blog that's still not good

0:22:01.600,0:22:06.760
right but since all they can do is a pen

0:22:03.919,0:22:09.240
to the journal I can use my text editor

0:22:06.760,0:22:11.760
open the journal and truncate at some

0:22:09.240,0:22:13.840
point and then I get all my data back

0:22:11.760,0:22:16.360
till the point where they started puting

0:22:13.840,0:22:18.720
the blog right this is still bad but

0:22:16.360,0:22:21.400
it's it's a very good position to be in

0:22:18.720,0:22:23.919
if there's an uh emergency because you

0:22:21.400,0:22:26.080
can basically investigate calmly first

0:22:23.919,0:22:30.000
you turn off right AIS then you you

0:22:26.080,0:22:32.919
delete the vandalism and the journal and

0:22:30.000,0:22:34.679
um you know you haven't lost anything

0:22:32.919,0:22:37.120
because if you want to delete an entry

0:22:34.679,0:22:39.360
in the blog you could do that too but

0:22:37.120,0:22:41.200
that means at the end of the journal you

0:22:39.360,0:22:43.240
append a statement saying delete this

0:22:41.200,0:22:45.799
record and I can just remove that and I

0:22:43.240,0:22:48.960
get the record back right so there's no

0:22:45.799,0:22:51.120
way for someone vandalizing my blog to U

0:22:48.960,0:22:53.320
damage any data that was in it before

0:22:51.120,0:22:56.000
all they can do is a pen junk at the end

0:22:53.320,0:22:58.400
and I can live with that right this is

0:22:56.000,0:23:01.200
this is should be the guiding thought

0:22:58.400,0:23:03.480
between any security you do um if

0:23:01.200,0:23:05.559
someone hacks you you will be in a very

0:23:03.480,0:23:07.720
stressful position the boss will be

0:23:05.559,0:23:10.279
behind you breathing down your neck are

0:23:07.720,0:23:12.559
We Done Yet is it fixed and you want to

0:23:10.279,0:23:14.600
have as little to do as possible at that

0:23:12.559,0:23:17.279
time you want to to move all the stress

0:23:14.600,0:23:19.120
to before you get hacked because then

0:23:17.279,0:23:22.520
you have more

0:23:19.120,0:23:24.760
time okay the industry did other things

0:23:22.520,0:23:28.039
again

0:23:24.760,0:23:30.880
um so what if the attacker doesn't write

0:23:28.039,0:23:33.360
garbage to the journal but writes some

0:23:30.880,0:23:35.279
exploit to the journal that the next

0:23:33.360,0:23:38.520
tiny El up instance that reads the

0:23:35.279,0:23:41.120
journal gets compromised

0:23:38.520,0:23:43.480
by that is a

0:23:41.120,0:23:46.799
possibility and that would be

0:23:43.480,0:23:49.279
bad so agreed that there still a problem

0:23:46.799,0:23:51.200
but uh realize how Preposterous the

0:23:49.279,0:23:54.039
scenario is so we are talking about an

0:23:51.200,0:23:57.000
attacker who found stable zero day in

0:23:54.039,0:23:59.600
the blog and then used that and another

0:23:57.000,0:24:01.679
stable zero day in tiny ad up to write

0:23:59.600,0:24:05.600
to the journal and then have the

0:24:01.679,0:24:09.360
third uh third zero day to compromise

0:24:05.600,0:24:11.440
the the journal passing code so I mean

0:24:09.360,0:24:13.440
yes it is still a problem but we reduced

0:24:11.440,0:24:15.320
the risk

0:24:13.440,0:24:18.320
significantly uh and that is what I'm

0:24:15.320,0:24:20.640
trying to to tell you here uh it's not

0:24:18.320,0:24:22.600
it's not all or nothing it's good enough

0:24:20.640,0:24:25.440
if you can half the

0:24:22.600,0:24:28.760
risk that's already very important and

0:24:25.440,0:24:32.200
you should do it so as much as you can

0:24:28.760,0:24:34.039
uh slice off the risk the better the

0:24:32.200,0:24:37.320
better off you will be if something

0:24:34.039,0:24:40.320
happens right because the smaller the

0:24:37.320,0:24:42.200
code is that is still attackable the

0:24:40.320,0:24:44.000
more you can audit it and be sure it's

0:24:42.200,0:24:46.799
good you show it to your friends and

0:24:44.000,0:24:48.919
they can audit it too uh and and you

0:24:46.799,0:24:50.480
need to save yourself that time because

0:24:48.919,0:24:52.880
it happens every now and then that I get

0:24:50.480,0:24:54.640
to get to see the whole code base and

0:24:52.880,0:24:56.480
the usual code base for commercial

0:24:54.640,0:24:59.799
products is like gigabytes of source

0:24:56.480,0:25:02.039
code nobody can read that like I'm I'm

0:24:59.799,0:25:05.440
good I'm not that

0:25:02.039,0:25:07.000
good so um this is a good place to be in

0:25:05.440,0:25:10.760
I think right so the industry was

0:25:07.000,0:25:13.240
selling dos mitigation sure whatever so

0:25:10.760,0:25:15.760
what happens if someone attacks the web

0:25:13.240,0:25:18.760
server that is still a big

0:25:15.760,0:25:22.799
problem um and it's

0:25:18.760,0:25:24.200
actually uh it it's a full damage right

0:25:22.799,0:25:25.919
that's the worst that can happen if

0:25:24.200,0:25:28.399
someone manages to attack the web server

0:25:25.919,0:25:30.679
they can see all traffic coming through

0:25:28.399,0:25:32.399
they can look inside TLS secured

0:25:30.679,0:25:34.399
connections and they can sniff all the

0:25:32.399,0:25:37.039
passwords so that's really

0:25:34.399,0:25:40.200
bad unfortunately there is not too much

0:25:37.039,0:25:44.679
you can do about that

0:25:40.200,0:25:45.840
um you could do uh um a separation so

0:25:44.679,0:25:47.919
this is something people have been

0:25:45.840,0:25:49.480
talking about for a while open S AG is

0:25:47.919,0:25:51.919
doing this they moved the dangerous

0:25:49.480,0:25:54.840
crypto stuff in a second process and use

0:25:51.919,0:25:56.399
sandboxing to lock down that process uh

0:25:54.840,0:25:58.440
that could be done but nobody has done

0:25:56.399,0:26:00.960
it for open SSL yet so so open SSL

0:25:58.440,0:26:02.960
doesn't support that um my web server

0:26:00.960,0:26:05.200
also supports embed TLS they don't

0:26:02.960,0:26:07.399
support that too so I I could spend time

0:26:05.200,0:26:09.200
on that and I've been actually um

0:26:07.399,0:26:11.000
spending some time already but it's not

0:26:09.200,0:26:13.320
it's not ready yet but this would be a

0:26:11.000,0:26:15.600
good way to reduce the risk and you may

0:26:13.320,0:26:18.600
notice that the the tools I'm using to

0:26:15.600,0:26:20.840
reduce risks are actually just a handful

0:26:18.600,0:26:23.440
there's not it's not you know it's not

0:26:20.840,0:26:25.760
witchcraft I'm I'm not inventing new

0:26:23.440,0:26:28.039
ways to look at things I'm doing the

0:26:25.760,0:26:30.000
same thing again I'm identifying the

0:26:28.039,0:26:32.679
part of the code that's dangerous and

0:26:30.000,0:26:34.640
then I think about how I can make that

0:26:32.679,0:26:37.440
part smaller maybe put it in a different

0:26:34.640,0:26:38.679
process lock it down so we need to do

0:26:37.440,0:26:42.000
the same thing with the web server

0:26:38.679,0:26:46.640
obviously um but it's an ongoing

0:26:42.000,0:26:49.600
process yeah so again whatever um why

0:26:46.640,0:26:51.399
haven't I done that yet uh so in my web

0:26:49.600,0:26:53.360
server you can it's a build time

0:26:51.399,0:26:55.159
decision if you want SSL support or not

0:26:53.360,0:26:57.600
and you can see the binary is

0:26:55.159,0:26:59.360
significantly bigger if you have SSL and

0:26:57.600,0:27:01.320
I'm showing you this because it means

0:26:59.360,0:27:04.520
the the bulk of the attack surface is

0:27:01.320,0:27:06.840
the SSL code it's not my code so if I if

0:27:04.520,0:27:10.320
I can put the SSL code in a different

0:27:06.840,0:27:11.880
process they still need to see the the

0:27:10.320,0:27:13.679
private key because that's what TLS

0:27:11.880,0:27:16.000
needs the private key otherwise it can't

0:27:13.679,0:27:17.679
do the crypto so the bug of the attack

0:27:16.000,0:27:19.919
surface would still have access to the

0:27:17.679,0:27:21.480
key I can still do it because there

0:27:19.919,0:27:24.840
might be bucks in my code and not the

0:27:21.480,0:27:28.039
SSL code but that's just 5% of the of

0:27:24.840,0:27:30.000
the overall attack surface so um

0:27:28.039,0:27:32.480
it I will probably do it at some point

0:27:30.000,0:27:35.799
but it's I don't expect miracles from it

0:27:32.480,0:27:38.919
bugs and open SSL will kill kill me

0:27:35.799,0:27:38.919
there's not much I can do about

0:27:41.480,0:27:45.640
that okay so I know what you're

0:27:46.960,0:27:52.399
thinking what about colel

0:27:50.039,0:27:54.679
bugs so I looked at a few of the recent

0:27:52.399,0:27:57.039
kernel bugs and it turns out that they

0:27:54.679,0:28:00.159
usually apply to SSS that are rarely

0:27:57.039,0:28:01.919
used in regular programs and uh because

0:28:00.159,0:28:05.200
I'm blocking all the CIS calls I don't

0:28:01.919,0:28:07.279
really need none of them apply to me

0:28:05.200,0:28:10.720
right and this is a this is a pattern

0:28:07.279,0:28:11.960
with Colonel bugs um uh there is a a

0:28:10.720,0:28:15.600
project called

0:28:11.960,0:28:19.519
Sandstorm um that also uses p trce and

0:28:15.600,0:28:22.679
and Secom tracing to reduce the csol U

0:28:19.519,0:28:25.240
surface and then puts regular Services

0:28:22.679,0:28:28.200
into a Sandbox for for web services and

0:28:25.240,0:28:30.360
they uh evaded all kinds of of Kernel

0:28:28.200,0:28:32.519
bucks just because of that so this is

0:28:30.360,0:28:34.320
like a zero effort thing because

0:28:32.519,0:28:36.760
obviously if you have a list of CIS

0:28:34.320,0:28:37.840
calls you'd use a white list and you you

0:28:36.760,0:28:39.600
have a list of things you are

0:28:37.840,0:28:42.519
explicitely low and the rest is is

0:28:39.600,0:28:44.600
disabled not the other way around right

0:28:42.519,0:28:47.480
so none of the usual kernel bugs apply

0:28:44.600,0:28:49.519
to me um because of the the seom stuff I

0:28:47.480,0:28:51.960
already do so kernel bugs aren't as big

0:28:49.519,0:28:54.200
of a problem as you might think at least

0:28:51.960,0:28:56.399
I still have them if I haven't patched

0:28:54.200,0:28:58.960
but you can't get to them via the

0:28:56.399,0:29:01.039
blog so I have a small confession to

0:28:58.960,0:29:04.679
make uh I'm a bit of a troll and that

0:29:01.039,0:29:06.960
applies to this project as well so um I

0:29:04.679,0:29:10.799
use the worst programming

0:29:06.960,0:29:12.679
language I used C right so I'm trolling

0:29:10.799,0:29:14.399
the security people and then I'm

0:29:12.679,0:29:15.760
trolling the Java people who have been

0:29:14.399,0:29:17.440
saying you should use multi-threading

0:29:15.760,0:29:20.399
for performance and not have one process

0:29:17.440,0:29:24.360
per request so I'm doing actually two

0:29:20.399,0:29:25.960
fork and xx per request um I'm trolling

0:29:24.360,0:29:28.679
the database people I don't have any

0:29:25.960,0:29:30.279
caching I don't have connection pool TOs

0:29:28.679,0:29:32.320
and the perf people too because I'm

0:29:30.279,0:29:34.640
still faster than most of the regular

0:29:32.320,0:29:36.679
Solutions so there is no there's really

0:29:34.640,0:29:39.799
no downside if you if you architect your

0:29:36.679,0:29:42.120
software to use this kind of thing um it

0:29:39.799,0:29:44.399
will be slower than other ways to do it

0:29:42.120,0:29:47.559
but most other software isn't as fast

0:29:44.399,0:29:49.600
anyway so there's enough Headway that

0:29:47.559,0:29:52.320
you can use to do security instead of

0:29:49.600,0:29:54.679
performance you will still be

0:29:52.320,0:29:58.240
faster so let's recap the the

0:29:54.679,0:30:00.679
methodology I used um first I make a

0:29:58.240,0:30:02.679
list of all the attacks I can think of

0:30:00.679,0:30:04.360
and this means concrete attacks so what

0:30:02.679,0:30:07.000
could happen and what would what would

0:30:04.360,0:30:09.480
be the problem then right and then I

0:30:07.000,0:30:11.880
think for every item on the list I

0:30:09.480,0:30:14.000
consider how to prevent this can I

0:30:11.880,0:30:16.039
prevent this uh what what I need to do

0:30:14.000,0:30:17.640
and then I do it right so that's easy

0:30:16.039,0:30:20.360
it's like this the fine man problem

0:30:17.640,0:30:23.200
solving algorithm in spirit and this

0:30:20.360,0:30:25.519
process is called threat modeling it's

0:30:23.200,0:30:27.320
it's like a it's dirty word because it

0:30:25.519,0:30:28.760
sounds like there's effort involved and

0:30:27.320,0:30:31.480
nobody wants to do it but it's really

0:30:28.760,0:30:32.880
it's easy it's just these these steps

0:30:31.480,0:30:34.360
you you look at your software you

0:30:32.880,0:30:36.279
consider all the ways it could be

0:30:34.360,0:30:38.240
attacked and then you consider what you

0:30:36.279,0:30:39.960
could do to prevent the attack or in

0:30:38.240,0:30:41.320
some cases you can't prevent the attack

0:30:39.960,0:30:43.720
and then you say well that's the risk I

0:30:41.320,0:30:47.240
have to live with right so that's called

0:30:43.720,0:30:50.360
threat moding you should try it it's

0:30:47.240,0:30:52.519
awesome and um you saw that I'm trying

0:30:50.360,0:30:55.320
to optimize something here I go for a

0:30:52.519,0:30:57.919
specific Target in this case I want as

0:30:55.320,0:30:59.840
little code as possible

0:30:57.919,0:31:02.840
um the more code there is the more bugs

0:30:59.840,0:31:04.639
there will be that's an a very old uh

0:31:02.840,0:31:07.000
Insight from I think it was originally

0:31:04.639,0:31:08.880
in IBM study and they basically found

0:31:07.000,0:31:10.480
that the number of bugs in code is a

0:31:08.880,0:31:12.639
function of the lines of code in the

0:31:10.480,0:31:15.399
code so there's a little more to it but

0:31:12.639,0:31:17.679
basically it's true so and it's not just

0:31:15.399,0:31:19.519
any code I want to have less of um if

0:31:17.679,0:31:22.159
the code is dangerous I particularly

0:31:19.519,0:31:25.159
want to have less of it and the the most

0:31:22.159,0:31:27.360
important category to to make smaller is

0:31:25.159,0:31:29.880
the the code that enforces security

0:31:27.360,0:31:31.720
guarantees so like one security

0:31:29.880,0:31:33.320
guarantee would be you can't log in if

0:31:31.720,0:31:35.320
you don't have the right password right

0:31:33.320,0:31:38.559
so the code that checks that I wanted to

0:31:35.320,0:31:40.720
be as small as possible um one or two

0:31:38.559,0:31:42.799
lines of code if if I can manage it and

0:31:40.720,0:31:45.360
then it's obvious if it if it's wrong or

0:31:42.799,0:31:47.720
not the more complex the code is the

0:31:45.360,0:31:49.080
less less easy would it be to see if

0:31:47.720,0:31:51.039
it's correct or not and that's what you

0:31:49.080,0:31:53.519
want in the end you want to be sure the

0:31:51.039,0:31:55.440
code is correct so how far did I get

0:31:53.519,0:31:57.279
it's actually pretty amazing I think um

0:31:55.440,0:32:01.000
you can write an elabs server in five

0:31:57.279,0:32:04.279
,000 lines of code the blog is 3.5 lines

0:32:01.000,0:32:07.320
of kilo lines of code um plus the Ed

0:32:04.279,0:32:09.159
client Library plus zet lip um but I'm

0:32:07.320,0:32:11.320
only using zet lip to compress not to

0:32:09.159,0:32:13.880
decompress so most attack scenarios

0:32:11.320,0:32:16.279
doesn't don't apply to to my usage of Z

0:32:13.880,0:32:19.000
Li um and the web server is also pretty

0:32:16.279,0:32:21.320
slow if you only look at the HTTP code

0:32:19.000,0:32:23.639
unfortunately uh it also contains the

0:32:21.320,0:32:25.600
SSL Library which is orders of magnitude

0:32:23.639,0:32:28.039
more than my code and that's how you

0:32:25.600,0:32:31.840
want it you want the biggest risk not to

0:32:28.039,0:32:34.519
be in the new code but in an old code

0:32:31.840,0:32:36.440
that someone else already audited if you

0:32:34.519,0:32:38.760
can manage it right so this is the

0:32:36.440,0:32:40.840
optimization strategy try to have as

0:32:38.760,0:32:42.960
little dangerous code as possible sounds

0:32:40.840,0:32:44.679
like a no-brainer but if you look at

0:32:42.960,0:32:47.279
modern software development you will

0:32:44.679,0:32:50.120
find out they do the exact opposite pull

0:32:47.279,0:32:53.159
in as many Frameworks as as they

0:32:50.120,0:32:55.639
can so this strategy is called TCB

0:32:53.159,0:32:57.159
minimization you should try it and I

0:32:55.639,0:33:01.240
gave a talk about it already it's

0:32:57.159,0:33:05.080
actually pretty easy so um I told you

0:33:01.240,0:33:08.080
what I did to the to the blog to uh uh

0:33:05.080,0:33:10.120
diminish the danger that can be done uh

0:33:08.080,0:33:11.919
if someone manages to take it over and

0:33:10.120,0:33:15.000
this is actually part of the TCB

0:33:11.919,0:33:18.279
minimization process so the blog was a

0:33:15.000,0:33:21.440
high risk area and then I took away

0:33:18.279,0:33:24.000
Privileges and removed exess checks and

0:33:21.440,0:33:26.240
in the end even if I give you remote

0:33:24.000,0:33:28.200
code execution in the blog process you

0:33:26.240,0:33:30.679
can't do anything you couldn't do before

0:33:28.200,0:33:33.519
right so it's no longer part of the TCB

0:33:30.679,0:33:35.559
the TCB is the part that uh enforces

0:33:33.519,0:33:36.880
security guarantees which the block CGI

0:33:35.559,0:33:39.440
doesn't

0:33:36.880,0:33:41.360
anymore so that's what you want to do

0:33:39.440,0:33:44.200
you want to end up in the smallest TCB

0:33:41.360,0:33:47.200
you can possibly manage and uh every

0:33:44.200,0:33:49.360
step on the way is good so no step is

0:33:47.200,0:33:51.880
too small right if you can shave off

0:33:49.360,0:33:54.639
even a little routine do

0:33:51.880,0:33:56.960
it this is the minimization part of TCB

0:33:54.639,0:33:59.799
minimization right I could I was able to

0:33:56.960,0:34:03.639
remove the block from the TCB tiny El up

0:33:59.799,0:34:05.360
still still has a risk so I I you saw

0:34:03.639,0:34:07.279
the threat model if someone manages to

0:34:05.360,0:34:08.639
take over tiny El up they can read the

0:34:07.279,0:34:11.440
hashes and try to crack them that's

0:34:08.639,0:34:14.639
still bad um but I can live with it

0:34:11.440,0:34:17.399
right uh if they vandalize the block I

0:34:14.639,0:34:19.960
can undo the damage without going to the

0:34:17.399,0:34:22.280
tape Library so that's

0:34:19.960,0:34:23.960
good if you compare that to the industry

0:34:22.280,0:34:26.720
standard you you will find that my

0:34:23.960,0:34:28.560
Approach is much better um usually in

0:34:26.720,0:34:31.200
the industry you see platform decisions

0:34:28.560,0:34:33.480
done by management not by the techies

0:34:31.200,0:34:35.399
and um it's untroubled by expertise or

0:34:33.480,0:34:37.800
risk analysis and you you get a

0:34:35.399,0:34:39.720
diffusion of responsibility because if

0:34:37.800,0:34:41.599
you even if you try to find out who's

0:34:39.720,0:34:43.240
responsible for anything you find uh

0:34:41.599,0:34:44.960
well it's that team over there but we

0:34:43.240,0:34:47.040
don't really know and then you find out

0:34:44.960,0:34:48.159
the team dissolved last week and it's

0:34:47.040,0:34:50.919
really

0:34:48.159,0:34:54.560
horrible and brand new we have ai tools

0:34:50.919,0:34:54.560
which is also a diffusion of

0:34:55.200,0:34:59.000
responsibility and then you get people

0:34:57.160,0:35:00.880
arguing well it's so bad it can't get

0:34:59.000,0:35:02.760
any worse let's go to the cloud where

0:35:00.880,0:35:07.079
obviously it gets worse

0:35:02.760,0:35:08.520
immediately so I prefer my way um I

0:35:07.079,0:35:10.640
think in the end it's important to

0:35:08.520,0:35:12.920
realize that the the lack of security

0:35:10.640,0:35:16.440
you may have in your projects right now

0:35:12.920,0:35:18.400
is self-imposed there is no guy with a

0:35:16.440,0:35:20.480
shotgun behind you

0:35:18.400,0:35:23.800
threatening you can do it you just have

0:35:20.480,0:35:25.640
to start right so this is self-imposed

0:35:23.800,0:35:28.800
helplessness you can actually help

0:35:25.640,0:35:28.800
yourself you just have to start

0:35:29.440,0:35:34.160
right how did we get here this is

0:35:32.079,0:35:36.119
obviously not a good good place to be

0:35:34.160,0:35:37.800
like all the software is crappy and

0:35:36.119,0:35:40.200
there's a few it's not just that people

0:35:37.800,0:35:43.440
are dumb there's a few reasons for that

0:35:40.200,0:35:45.359
so um back in the day you used to have

0:35:43.440,0:35:48.200
bespoke applications that were written

0:35:45.359,0:35:50.079
for a specific purpose and they used the

0:35:48.200,0:35:52.359
waterfall model and you had the

0:35:50.079,0:35:55.560
requirements specification and it was

0:35:52.359,0:35:58.079
lots of bureaucracy and really horrible

0:35:55.560,0:36:00.200
but it also Al meant that you knew what

0:35:58.079,0:36:02.880
the application had be had to be able to

0:36:00.200,0:36:06.240
do so that means you can make sure

0:36:02.880,0:36:08.079
anything else is forbidden if you know

0:36:06.240,0:36:10.040
what the application needs to be able to

0:36:08.079,0:36:12.400
do you can make sure it doesn't do any

0:36:10.040,0:36:15.520
other stuff and that is security if you

0:36:12.400,0:36:17.280
think about it deny everything that the

0:36:15.520,0:36:19.280
application wasn't supposed to be doing

0:36:17.280,0:36:22.200
and then that's what an attacker would

0:36:19.280,0:36:24.680
do if they take over the machine right

0:36:22.200,0:36:26.240
so if you know beforehand what you're

0:36:24.680,0:36:28.680
trying to get to you can actually

0:36:26.240,0:36:30.319
implement privilege even architecturally

0:36:28.680,0:36:32.920
as I've shown

0:36:30.319,0:36:35.720
you now we have more of an Ikea model

0:36:32.920,0:36:37.560
you buy parts that are uh designed by

0:36:35.720,0:36:39.359
their own teams and the teams designing

0:36:37.560,0:36:42.440
the parts don't know what the final

0:36:39.359,0:36:44.240
product will look like right in in some

0:36:42.440,0:36:45.640
cases even you don't know what the final

0:36:44.240,0:36:47.920
product will look like but it's even

0:36:45.640,0:36:49.880
worse if you consider that the the the

0:36:47.920,0:36:51.480
team building the part you make your

0:36:49.880,0:36:53.760
software from doesn't know what it will

0:36:51.480,0:36:56.359
be used for so it has to be as generic

0:36:53.760,0:36:57.839
as possible Right the more it can be

0:36:56.359,0:37:00.680
done with with it the better and that's

0:36:57.839,0:37:03.119
the opposite of security right security

0:37:00.680,0:37:05.359
means understanding what you need to do

0:37:03.119,0:37:08.599
and then disallowing the rest and this

0:37:05.359,0:37:11.440
means be as generic as you can the parts

0:37:08.599,0:37:12.400
are optimized for genericity Gen what's

0:37:11.440,0:37:15.599
the

0:37:12.400,0:37:17.680
name genericism I don't know so they are

0:37:15.599,0:37:21.319
optimized to be as flexible as possible

0:37:17.680,0:37:21.319
and they are chosen by

0:37:21.599,0:37:25.079
flexibility the developer of the part

0:37:23.640,0:37:27.599
usually has no idea what it would used

0:37:25.079,0:37:31.040
for uh and that means you can't do least

0:37:27.599,0:37:33.760
privilege because um you don't know what

0:37:31.040,0:37:36.319
the privilege will be that's least so

0:37:33.760,0:37:38.520
this this is actually a big mess so if

0:37:36.319,0:37:40.480
you use Parts programmed by other people

0:37:38.520,0:37:42.680
you will have to invest extra effort to

0:37:40.480,0:37:45.480
find out what kind of stuff you can make

0:37:42.680,0:37:47.599
it not do because it will definitely be

0:37:45.480,0:37:49.440
able to do more than you need and the

0:37:47.599,0:37:52.040
more you can clamp down the more

0:37:49.440,0:37:53.720
security you will have uh it's even

0:37:52.040,0:37:55.079
worse if you do Agile development

0:37:53.720,0:37:58.079
because then by definition you don't

0:37:55.079,0:37:59.520
know what the end result will be so if

0:37:58.079,0:38:00.880
you don't know that you can't do

0:37:59.520,0:38:03.319
security

0:38:00.880,0:38:05.640
lockdown so another argument why we got

0:38:03.319,0:38:07.520
here is economics of scale so it used to

0:38:05.640,0:38:10.880
be that if you build some kind of device

0:38:07.520,0:38:13.280
that needs to do something like I don't

0:38:10.880,0:38:17.400
know uh a

0:38:13.280,0:38:19.680
microwave then you you find parts and

0:38:17.400,0:38:21.359
you combine the parts and you solder

0:38:19.680,0:38:24.119
them together and then they solve the

0:38:21.359,0:38:27.160
problem but these days uh you don't

0:38:24.119,0:38:29.680
solder parts anymore you assemble from

0:38:27.160,0:38:32.280
pre-made parts and these are usually

0:38:29.680,0:38:35.280
programmable right so a little arm chip

0:38:32.280,0:38:37.040
cost like a tenth of a scent so why use

0:38:35.280,0:38:38.800
a special part if you can use an arm

0:38:37.040,0:38:40.880
chip and then program it but that means

0:38:38.800,0:38:43.000
you still need to use software that

0:38:40.880,0:38:44.640
actually solves the problem the hardware

0:38:43.000,0:38:47.000
is generic and that means the hardware

0:38:44.640,0:38:49.800
can be hacked and this is turning out to

0:38:47.000,0:38:53.359
be a problem right if you had a break in

0:38:49.800,0:38:54.640
in 20 years youo um it it breaked right

0:38:53.359,0:38:57.040
but now it's

0:38:54.640,0:38:59.040
programmable and people have realized

0:38:57.040,0:39:01.200
how bad that is but it is bad right so

0:38:59.040,0:39:05.480
that's that will bite Us in the

0:39:01.200,0:39:07.680
ass oops so um the response from the

0:39:05.480,0:39:10.440
industry has so far been the ostrich

0:39:07.680,0:39:13.000
method basically we we install stuff

0:39:10.440,0:39:14.880
that we know is untrustworthy and so we

0:39:13.000,0:39:17.680
install other stuff on top of it that's

0:39:14.880,0:39:20.720
also untrustworthy and then we call it

0:39:17.680,0:39:24.119
Telemetry or big data and to some risk

0:39:20.720,0:39:26.599
uh logging analysis in in aze or

0:39:24.119,0:39:29.640
whatever uh and in the end the attack

0:39:26.599,0:39:31.839
surface has mushroomed like a nuclear

0:39:29.640,0:39:34.240
explosion right so that's our fault

0:39:31.839,0:39:36.000
nobody has forced us to do this you

0:39:34.240,0:39:39.079
don't need to do this in your own

0:39:36.000,0:39:41.119
projects that's the hopeful message of

0:39:39.079,0:39:42.640
this talk in conclusion if you remember

0:39:41.119,0:39:44.079
nothing else from this talk remember

0:39:42.640,0:39:46.520
that threat modeling is a thing and you

0:39:44.079,0:39:48.480
should try it TCB minimization actually

0:39:46.520,0:39:51.680
helps least privilege is another facet

0:39:48.480,0:39:53.800
of the same thing and if you can uh use

0:39:51.680,0:39:56.440
a pendon data storage you should

0:39:53.800,0:39:58.359
consider it hm blockchain yeah not

0:39:56.440,0:40:00.560
blockchain a pend only data storage it's

0:39:58.359,0:40:00.560
not

0:40:00.630,0:40:08.820
[Applause]

0:40:09.000,0:40:13.240
[Music]

0:40:10.720,0:40:15.200
blockchain so two more you two more

0:40:13.240,0:40:18.160
slides yeah two more slides sorry I'm an

0:40:15.200,0:40:20.480
imposter no problem so the rule of thumb

0:40:18.160,0:40:23.480
should be if if the blog of some

0:40:20.480,0:40:26.160
unwashed hobbyist from the Internet is

0:40:23.480,0:40:28.040
more secure than your it security then

0:40:26.160,0:40:30.359
you should improve your it

0:40:28.040,0:40:33.760
security right that shouldn't

0:40:30.359,0:40:35.400
happen all right so that's all from my

0:40:33.760,0:40:38.319
talk I think we still have time for

0:40:35.400,0:40:41.560
questions do we yes okay awesome okay

0:40:38.319,0:40:41.560
now you can put your hand

0:40:45.040,0:40:49.599
[Applause]

0:40:47.280,0:40:51.280
together so if you want to ask a

0:40:49.599,0:40:55.720
question we have four microphones in the

0:40:51.280,0:40:56.880
room 1 2 3 4 and I'm going to take a a

0:40:55.720,0:40:59.760
question the first first question from

0:40:56.880,0:41:02.359
the internet the internet is saying you

0:40:59.760,0:41:03.400
actually got hacked or can you elaborate

0:41:02.359,0:41:05.599
on what

0:41:03.400,0:41:07.119
happened Yes actually there was an

0:41:05.599,0:41:08.680
incident where someone was able to post

0:41:07.119,0:41:11.119
stuff to my blog and because I had a

0:41:08.680,0:41:14.640
pend only data storage I Shrugged it off

0:41:11.119,0:41:16.520
basically so use use a pendon data

0:41:14.640,0:41:19.480
storage it's it will save your ass at

0:41:16.520,0:41:22.079
some point the problem was a bug in my

0:41:19.480,0:41:23.960
uh Access Control lists I had used some

0:41:22.079,0:41:26.440
some Access Control list in my alab

0:41:23.960,0:41:27.880
server and I had a line in it that I

0:41:26.440,0:41:29.760
should have removed but I forgot to

0:41:27.880,0:41:33.200
remove it and that meant you could post

0:41:29.760,0:41:35.200
without having credentials but um it

0:41:33.200,0:41:38.040
happened and it wasn't bad because my

0:41:35.200,0:41:39.599
architecture prevented damage um as

0:41:38.040,0:41:42.440
people are leaving the room could you

0:41:39.599,0:41:44.760
leave very quietly thank you um

0:41:42.440,0:41:47.119
microphone number one yeah is there a

0:41:44.760,0:41:50.520
second alternative for Windows and Mac

0:41:47.119,0:41:52.720
OS a secure alternative well so

0:41:50.520,0:41:56.359
basically you can do the the principles

0:41:52.720,0:42:00.000
I um I showed in this talk you can do on

0:41:56.359,0:42:02.560
those two so usually you will not be

0:42:00.000,0:42:05.359
hacked because your your Mac OS or

0:42:02.560,0:42:07.079
Windows had a bug I that happens too but

0:42:05.359,0:42:09.319
the bigger problem is that the software

0:42:07.079,0:42:11.800
you wrote had a bug or that you the

0:42:09.319,0:42:14.480
software that you use had a bug so I'm

0:42:11.800,0:42:16.560
I'm trying to tell you Linux isn't uh

0:42:14.480,0:42:18.520
particularly more secure than Windows

0:42:16.560,0:42:20.599
it's just it's basically you can write

0:42:18.520,0:42:22.839
secure software and insecure software on

0:42:20.599,0:42:25.160
any operating system you should still

0:42:22.839,0:42:26.720
use Linux because it has advantages but

0:42:25.160,0:42:28.880
if you apply these Tech techniques to

0:42:26.720,0:42:31.720
your software it will be secure on on

0:42:28.880,0:42:34.480
Mac OS and windows as well right so this

0:42:31.720,0:42:36.040
is not for for end users selecting the

0:42:34.480,0:42:37.319
software if you select software you have

0:42:36.040,0:42:39.520
to trust the

0:42:37.319,0:42:42.200
vendor there's no way around that but if

0:42:39.520,0:42:44.280
you write your own software then you can

0:42:42.200,0:42:46.960
reduce the risk to a point where you can

0:42:44.280,0:42:49.119
live with it and sleep soundly sure is

0:42:46.960,0:42:51.359
there a a technical alternative or

0:42:49.119,0:42:53.119
similar similarity like sa comp for

0:42:51.359,0:42:54.760
Windows and Mac OS so can you drop your

0:42:53.119,0:42:57.960
privileges after you have opened a file

0:42:54.760,0:42:59.960
for example uh uh so for meos I'm not

0:42:57.960,0:43:02.680
sure but I know that that free BSD net

0:42:59.960,0:43:05.440
BSD and open BSD have an an equivalent

0:43:02.680,0:43:08.119
thing I think uh Macos has it too but

0:43:05.440,0:43:09.920
I'm I'm not sure about that for Windows

0:43:08.119,0:43:11.559
there's are sandboxing methods you can

0:43:09.920,0:43:13.359
look at the Chrome source code for

0:43:11.559,0:43:16.440
example they have a Sandbox it's open

0:43:13.359,0:43:18.960
source you can use that to do this kind

0:43:16.440,0:43:21.720
of thing okay thanks so microphone

0:43:18.960,0:43:23.800
number two except down that's gone so

0:43:21.720,0:43:27.160
microphone number three in that

0:43:23.800,0:43:29.480
case this is four I sorry four four yes

0:43:27.160,0:43:31.720
um will your next talk be about writing

0:43:29.480,0:43:33.559
software secure software in Windows and

0:43:31.720,0:43:35.559
if no uh how much assets would you

0:43:33.559,0:43:38.119
request to compensate for all the

0:43:35.559,0:43:41.839
pain

0:43:38.119,0:43:45.960
no it's not a question of

0:43:41.839,0:43:48.359
money okay uh microphone one um have you

0:43:45.960,0:43:49.440
tried removing unnecessary features from

0:43:48.359,0:43:52.240
open

0:43:49.440,0:43:54.680
SSL uh Yes actually I've I've done this

0:43:52.240,0:43:56.680
pretty pretty early but it's still it's

0:43:54.680,0:44:00.000
still much bigger than my code

0:43:56.680,0:44:03.440
so um for example op SSL has support for

0:44:00.000,0:44:05.119
UDP based TLs but there's a lot of

0:44:03.440,0:44:06.960
shared cyers in there you can remove

0:44:05.119,0:44:08.720
ciphers you don't need and and that

0:44:06.960,0:44:11.880
helps a bit but it's still it's the

0:44:08.720,0:44:14.720
biggest part of the web server by far I

0:44:11.880,0:44:18.200
think there was an internet question was

0:44:14.720,0:44:21.640
there no doesn't look like

0:44:18.200,0:44:22.839
yes no yes no no yes okay uh then

0:44:21.640,0:44:27.200
microphone

0:44:22.839,0:44:29.640
four as someone who is uh connected or

0:44:27.200,0:44:31.880
was connected to an industry which has

0:44:29.640,0:44:34.200
programming programmable

0:44:31.880,0:44:37.960
brakes

0:44:34.200,0:44:39.480
um what is your opinion about things

0:44:37.960,0:44:42.440
like

0:44:39.480,0:44:44.079
mizra well well so there are standards

0:44:42.440,0:44:45.240
in the automotive industry for example

0:44:44.079,0:44:48.040
like misra

0:44:45.240,0:44:50.359
to make sure you write better code and

0:44:48.040,0:44:52.520
it's mostly compliance so they give you

0:44:50.359,0:44:55.280
rules like um you shouldn't use

0:44:52.520,0:44:56.960
recursion in your code for example and

0:44:55.280,0:44:59.000
the functions should would be this big

0:44:56.960,0:45:01.640
at at most and this is more I mean it

0:44:59.000,0:45:03.440
will probably help a bit but it's much

0:45:01.640,0:45:05.800
better to to invest in in good

0:45:03.440,0:45:09.440
architecture but you may have noticed I

0:45:05.800,0:45:11.200
I've said I wrote the code in C and I

0:45:09.440,0:45:13.800
said nothing about what I did to make

0:45:11.200,0:45:15.880
sure it's it's good code so that's

0:45:13.800,0:45:17.559
that's a different dimension that's

0:45:15.880,0:45:20.800
orthogonal right

0:45:17.559,0:45:22.280
so follow those standards it will it

0:45:20.800,0:45:25.040
will make your code a bit better

0:45:22.280,0:45:26.640
probably um but it won't solve all the

0:45:25.040,0:45:29.040
problems and I think personally you

0:45:26.640,0:45:30.760
should do both you should make sure or

0:45:29.040,0:45:32.520
try to make sure that there's as little

0:45:30.760,0:45:34.160
bugs as possible in your code there's

0:45:32.520,0:45:36.079
ways to do that I had to talk about that

0:45:34.160,0:45:37.760
too but after you do that you should

0:45:36.079,0:45:40.200
still have these kind of

0:45:37.760,0:45:41.720
architectural guide guard rails that

0:45:40.200,0:45:44.079
keep you on track even if someone

0:45:41.720,0:45:46.240
manages to take over the

0:45:44.079,0:45:47.280
process so now I think there was an

0:45:46.240,0:45:50.599
internet

0:45:47.280,0:45:53.520
question yes uh the internet is asking

0:45:50.599,0:45:55.559
how would it work to like scale This

0:45:53.520,0:45:58.839
truly impressive security architecture

0:45:55.559,0:46:01.400
up for more use cases and more like

0:45:58.839,0:46:04.880
larger theme or would the theme size and

0:46:01.400,0:46:09.040
the feature keep ruin it yes

0:46:04.880,0:46:09.040
so oh no oh

0:46:09.070,0:46:15.839
[Laughter]

0:46:12.319,0:46:15.839
no well I'm

0:46:24.800,0:46:27.800
sorry

0:46:28.470,0:46:36.780
[Music]

0:46:37.760,0:46:40.760
la