[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:30.00,Default,,0000,0000,0000,,Dear viewer, these subtitles were generated\Nby a machine via the service YouTube\Nand therefore are (very) buggy.\NIf you are capable, please help us to\Ncreate good quality subtitles:\Nhttps://c3subtitles.de/talk/3028 Thanks!
Dialogue: 0,0:00:00.09,0:00:16.24,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:00:14.08,0:00:20.44,Default,,0000,0000,0000,,um basically textbooks have been written
Dialogue: 0,0:00:16.24,0:00:22.36,Default,,0000,0000,0000,,about it um countless talks have been uh
Dialogue: 0,0:00:20.44,0:00:23.64,Default,,0000,0000,0000,,have been Illuminating all of the errors
Dialogue: 0,0:00:22.36,0:00:26.76,Default,,0000,0000,0000,,of our
Dialogue: 0,0:00:23.64,0:00:28.16,Default,,0000,0000,0000,,ways um and still all those sucky
Dialogue: 0,0:00:26.76,0:00:30.52,Default,,0000,0000,0000,,software is out
Dialogue: 0,0:00:28.16,0:00:34.44,Default,,0000,0000,0000,,there um but
Dialogue: 0,0:00:30.52,0:00:37.04,Default,,0000,0000,0000,,FIFA over here the hero of our show uh
Dialogue: 0,0:00:34.44,0:00:40.52,Default,,0000,0000,0000,,has put out has put all of these best
Dialogue: 0,0:00:37.04,0:00:43.64,Default,,0000,0000,0000,,practices into you know into his work to
Dialogue: 0,0:00:40.52,0:00:46.72,Default,,0000,0000,0000,,try to create a um secure website he's
Dialogue: 0,0:00:43.64,0:00:50.40,Default,,0000,0000,0000,,going to show us how it's done so that
Dialogue: 0,0:00:46.72,0:00:55.36,Default,,0000,0000,0000,,we can all sleep way better at night and
Dialogue: 0,0:00:50.40,0:00:57.56,Default,,0000,0000,0000,,um um and with that template go back and
Dialogue: 0,0:00:55.36,0:00:59.56,Default,,0000,0000,0000,,and secure our own software and so with
Dialogue: 0,0:00:57.56,0:01:02.88,Default,,0000,0000,0000,,that I'm going to hand it right over to
Dialogue: 0,0:00:59.56,0:01:02.88,Default,,0000,0000,0000,,Fifi give him a round of
Dialogue: 0,0:01:04.91,0:01:10.17,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:01:12.56,0:01:17.60,Default,,0000,0000,0000,,applause thank you um I have to start
Dialogue: 0,0:01:15.16,0:01:19.84,Default,,0000,0000,0000,,with an apology because I did submit
Dialogue: 0,0:01:17.60,0:01:22.20,Default,,0000,0000,0000,,this talk but it was rejected so the
Dialogue: 0,0:01:19.84,0:01:24.32,Default,,0000,0000,0000,,slides are not at the stage where they
Dialogue: 0,0:01:22.20,0:01:26.20,Default,,0000,0000,0000,,should be these are our slides for a
Dialogue: 0,0:01:24.32,0:01:28.44,Default,,0000,0000,0000,,previous version of the talk it contains
Dialogue: 0,0:01:26.20,0:01:30.24,Default,,0000,0000,0000,,all the material and I tried to update
Dialogue: 0,0:01:28.44,0:01:33.24,Default,,0000,0000,0000,,it more but that destroyed the flow so
Dialogue: 0,0:01:30.24,0:01:35.40,Default,,0000,0000,0000,,we we're stuck with it basically um the
Dialogue: 0,0:01:33.24,0:01:37.28,Default,,0000,0000,0000,,difference was the the audience so while
Dialogue: 0,0:01:35.40,0:01:39.08,Default,,0000,0000,0000,,I expect more developers here the other
Dialogue: 0,0:01:37.28,0:01:42.64,Default,,0000,0000,0000,,audience was more and hackers and
Dialogue: 0,0:01:39.08,0:01:45.48,Default,,0000,0000,0000,,business people so I try to get them
Dialogue: 0,0:01:42.64,0:01:48.04,Default,,0000,0000,0000,,from where they are and uh the main
Dialogue: 0,0:01:45.48,0:01:50.56,Default,,0000,0000,0000,,question usually is Are We There Yet
Dialogue: 0,0:01:48.04,0:01:53.20,Default,,0000,0000,0000,,right so about me you probably probably
Dialogue: 0,0:01:50.56,0:01:55.48,Default,,0000,0000,0000,,seen this before I'm a code auditor by
Dialogue: 0,0:01:53.20,0:01:57.44,Default,,0000,0000,0000,,trade I have a small company and
Dialogue: 0,0:01:55.48,0:02:01.84,Default,,0000,0000,0000,,companies show us their code and I show
Dialogue: 0,0:01:57.44,0:02:01.84,Default,,0000,0000,0000,,them bugs I find in Indians quite easy
Dialogue: 0,0:02:02.00,0:02:06.32,Default,,0000,0000,0000,,but before we start I have a small
Dialogue: 0,0:02:04.00,0:02:09.60,Default,,0000,0000,0000,,celebration to do this actually happened
Dialogue: 0,0:02:06.32,0:02:11.76,Default,,0000,0000,0000,,just a day before the first time I
Dialogue: 0,0:02:09.60,0:02:14.24,Default,,0000,0000,0000,,talked about this uh so kasperski
Dialogue: 0,0:02:11.76,0:02:15.44,Default,,0000,0000,0000,,message they found some mware anded Ed
Dialogue: 0,0:02:14.24,0:02:18.12,Default,,0000,0000,0000,,diet
Dialogue: 0,0:02:15.44,0:02:19.27,Default,,0000,0000,0000,,Lipsy which I have written so this is
Dialogue: 0,0:02:18.12,0:02:25.08,Default,,0000,0000,0000,,like a
Dialogue: 0,0:02:19.27,0:02:25.08,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:02:26.68,0:02:31.08,Default,,0000,0000,0000,,Knighthood some of the malware people
Dialogue: 0,0:02:28.88,0:02:33.48,Default,,0000,0000,0000,,know what's good
Dialogue: 0,0:02:31.08,0:02:35.88,Default,,0000,0000,0000,,so um basically the main question when I
Dialogue: 0,0:02:33.48,0:02:37.88,Default,,0000,0000,0000,,talk to customers is uh we spend so much
Dialogue: 0,0:02:35.88,0:02:40.48,Default,,0000,0000,0000,,money on this why isn't it
Dialogue: 0,0:02:37.88,0:02:44.16,Default,,0000,0000,0000,,working and the the answer is you're
Dialogue: 0,0:02:40.48,0:02:47.20,Default,,0000,0000,0000,,you're doing it wrong so um I will try
Dialogue: 0,0:02:44.16,0:02:50.04,Default,,0000,0000,0000,,to show no what exactly is wrong and
Dialogue: 0,0:02:47.20,0:02:52.00,Default,,0000,0000,0000,,there's a small preface here uh people
Dialogue: 0,0:02:50.04,0:02:54.12,Default,,0000,0000,0000,,usually say there's no time to do this
Dialogue: 0,0:02:52.00,0:02:56.56,Default,,0000,0000,0000,,briide and that's just wrong you have
Dialogue: 0,0:02:54.12,0:02:58.64,Default,,0000,0000,0000,,exactly as much time per day as other
Dialogue: 0,0:02:56.56,0:03:00.00,Default,,0000,0000,0000,,people who did great things so you can
Dialogue: 0,0:02:58.64,0:03:01.76,Default,,0000,0000,0000,,do great things too you just just need
Dialogue: 0,0:03:00.00,0:03:05.48,Default,,0000,0000,0000,,to do
Dialogue: 0,0:03:01.76,0:03:07.08,Default,,0000,0000,0000,,it so let's play a little warm-up game
Dialogue: 0,0:03:05.48,0:03:10.00,Default,,0000,0000,0000,,uh it's called how it started how it's
Dialogue: 0,0:03:07.08,0:03:12.44,Default,,0000,0000,0000,,going so let's have a demo round IBM
Dialogue: 0,0:03:10.00,0:03:14.96,Default,,0000,0000,0000,,Watson is revolutionizing 10
Dialogue: 0,0:03:12.44,0:03:17.32,Default,,0000,0000,0000,,Industries and it's going like this
Dialogue: 0,0:03:14.96,0:03:20.32,Default,,0000,0000,0000,,whatever happened to IBM Watson that's a
Dialogue: 0,0:03:17.32,0:03:21.96,Default,,0000,0000,0000,,typical pattern in the security industry
Dialogue: 0,0:03:20.32,0:03:25.48,Default,,0000,0000,0000,,right so here's another one how it
Dialogue: 0,0:03:21.96,0:03:27.76,Default,,0000,0000,0000,,started revolutionize security with AI
Dialogue: 0,0:03:25.48,0:03:30.24,Default,,0000,0000,0000,,right we all know where this is
Dialogue: 0,0:03:27.76,0:03:33.64,Default,,0000,0000,0000,,going right so that's the p
Dialogue: 0,0:03:30.24,0:03:35.32,Default,,0000,0000,0000,,um let's play it security mind sweeper
Dialogue: 0,0:03:33.64,0:03:37.40,Default,,0000,0000,0000,,right so uh everybody here probably
Dialogue: 0,0:03:35.32,0:03:39.52,Default,,0000,0000,0000,,knows who Gartner is they publish
Dialogue: 0,0:03:37.40,0:03:41.24,Default,,0000,0000,0000,,recommendations and they even have a
Dialogue: 0,0:03:39.52,0:03:43.24,Default,,0000,0000,0000,,voting section where people can say this
Dialogue: 0,0:03:41.24,0:03:45.32,Default,,0000,0000,0000,,is the best product in this section
Dialogue: 0,0:03:43.24,0:03:47.12,Default,,0000,0000,0000,,right so let's look at a few of them and
Dialogue: 0,0:03:45.32,0:03:50.84,Default,,0000,0000,0000,,see what happened to people who trusted
Dialogue: 0,0:03:47.12,0:03:53.88,Default,,0000,0000,0000,,Gartner first is a firewall right so how
Dialogue: 0,0:03:50.84,0:03:55.36,Default,,0000,0000,0000,,it started the number one recommendation
Dialogue: 0,0:03:53.88,0:04:01.56,Default,,0000,0000,0000,,is for
Dialogue: 0,0:03:55.36,0:04:03.16,Default,,0000,0000,0000,,net and they have a lot of marketing G
Dialogue: 0,0:04:01.56,0:04:04.72,Default,,0000,0000,0000,,and if you look how it's going it's not
Dialogue: 0,0:04:03.16,0:04:08.12,Default,,0000,0000,0000,,going so
Dialogue: 0,0:04:04.72,0:04:09.76,Default,,0000,0000,0000,,good so let's extend the pattern a bit
Dialogue: 0,0:04:08.12,0:04:11.68,Default,,0000,0000,0000,,why what happened to me in in this
Dialogue: 0,0:04:09.76,0:04:13.12,Default,,0000,0000,0000,,regard so I I don't need a firewall I
Dialogue: 0,0:04:11.68,0:04:16.12,Default,,0000,0000,0000,,don't have any ports open that I need
Dialogue: 0,0:04:13.12,0:04:18.80,Default,,0000,0000,0000,,blocking right so you don't need this
Dialogue: 0,0:04:16.12,0:04:21.20,Default,,0000,0000,0000,,strictly speaking you don't need it next
Dialogue: 0,0:04:18.80,0:04:24.48,Default,,0000,0000,0000,,discipline endpoint protection
Dialogue: 0,0:04:21.20,0:04:27.12,Default,,0000,0000,0000,,so it started with TRX this is the
Dialogue: 0,0:04:24.48,0:04:28.48,Default,,0000,0000,0000,,number one recommendation on Gartner I I
Dialogue: 0,0:04:27.12,0:04:30.20,Default,,0000,0000,0000,,hadn't heard of them there like can make
Dialogue: 0,0:04:28.48,0:04:33.48,Default,,0000,0000,0000,,a feed joint venture or something thing
Dialogue: 0,0:04:30.20,0:04:35.92,Default,,0000,0000,0000,,who cares they also have great marketing
Dialogue: 0,0:04:33.48,0:04:37.00,Default,,0000,0000,0000,,go and then if you look at what happened
Dialogue: 0,0:04:35.92,0:04:39.28,Default,,0000,0000,0000,,it's
Dialogue: 0,0:04:37.00,0:04:42.92,Default,,0000,0000,0000,,like they made it
Dialogue: 0,0:04:39.28,0:04:45.32,Default,,0000,0000,0000,,worse um okay so this didn't apply to me
Dialogue: 0,0:04:42.92,0:04:47.16,Default,,0000,0000,0000,,either because I don't use snake oil
Dialogue: 0,0:04:45.32,0:04:48.80,Default,,0000,0000,0000,,let's see the third one password manager
Dialogue: 0,0:04:47.16,0:04:52.08,Default,,0000,0000,0000,,also very
Dialogue: 0,0:04:48.80,0:04:55.24,Default,,0000,0000,0000,,popular how it started recommended last
Dialogue: 0,0:04:52.08,0:04:55.24,Default,,0000,0000,0000,,pass you probably know where this is
Dialogue: 0,0:04:56.48,0:05:01.56,Default,,0000,0000,0000,,going yeah they got owned and then
Dialogue: 0,0:04:59.76,0:05:04.76,Default,,0000,0000,0000,,people got
Dialogue: 0,0:05:01.56,0:05:07.08,Default,,0000,0000,0000,,owned so um you may notice a pattern
Dialogue: 0,0:05:04.76,0:05:08.80,Default,,0000,0000,0000,,here uh this didn't apply to me because
Dialogue: 0,0:05:07.08,0:05:10.88,Default,,0000,0000,0000,,I deser a password authentication use
Dialogue: 0,0:05:08.80,0:05:14.52,Default,,0000,0000,0000,,public key which has been available for
Dialogue: 0,0:05:10.88,0:05:16.44,Default,,0000,0000,0000,,decades right so small bonus the last
Dialogue: 0,0:05:14.52,0:05:19.64,Default,,0000,0000,0000,,one to
Dialogue: 0,0:05:16.44,0:05:22.64,Default,,0000,0000,0000,,FAA uh Gartner recommends Duo which has
Dialogue: 0,0:05:19.64,0:05:25.64,Default,,0000,0000,0000,,been bought by Cisco but doesn't
Dialogue: 0,0:05:22.64,0:05:27.40,Default,,0000,0000,0000,,matter so if you look at what Duo does
Dialogue: 0,0:05:25.64,0:05:29.16,Default,,0000,0000,0000,,your server asks the cloud for
Dialogue: 0,0:05:27.40,0:05:30.20,Default,,0000,0000,0000,,permission the cloud goes to the
Dialogue: 0,0:05:29.16,0:05:33.48,Default,,0000,0000,0000,,telephone
Dialogue: 0,0:05:30.20,0:05:35.24,Default,,0000,0000,0000,,telephone shows a popup you click yes
Dialogue: 0,0:05:33.48,0:05:37.24,Default,,0000,0000,0000,,and then the cloud tells the server it's
Dialogue: 0,0:05:35.24,0:05:39.16,Default,,0000,0000,0000,,okay you can let them in if you look
Dialogue: 0,0:05:37.24,0:05:40.68,Default,,0000,0000,0000,,really closely you can notice the cloud
Dialogue: 0,0:05:39.16,0:05:44.08,Default,,0000,0000,0000,,doesn't have to do the popup can just
Dialogue: 0,0:05:40.68,0:05:47.04,Default,,0000,0000,0000,,say sure so this comes pre-owned there
Dialogue: 0,0:05:44.08,0:05:49.12,Default,,0000,0000,0000,,is no need to hack anything
Dialogue: 0,0:05:47.04,0:05:50.60,Default,,0000,0000,0000,,here and something many people don't
Dialogue: 0,0:05:49.12,0:05:51.96,Default,,0000,0000,0000,,realize you don't need two Factor if you
Dialogue: 0,0:05:50.60,0:05:53.40,Default,,0000,0000,0000,,have public key that's already the
Dialogue: 0,0:05:51.96,0:05:55.48,Default,,0000,0000,0000,,second
Dialogue: 0,0:05:53.40,0:05:57.72,Default,,0000,0000,0000,,Factor okay
Dialogue: 0,0:05:55.48,0:06:00.76,Default,,0000,0000,0000,,so yeah let's skip over this briefly
Dialogue: 0,0:05:57.72,0:06:02.20,Default,,0000,0000,0000,,Splunk is the the recommend option here
Dialogue: 0,0:06:00.76,0:06:06.04,Default,,0000,0000,0000,,and they make the organization more
Dialogue: 0,0:06:02.20,0:06:06.04,Default,,0000,0000,0000,,resilient um unless you install
Dialogue: 0,0:06:08.36,0:06:11.52,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:06:14.84,0:06:20.64,Default,,0000,0000,0000,,it okay um so this one is dear to my
Dialogue: 0,0:06:17.64,0:06:22.24,Default,,0000,0000,0000,,heart because um people start arguing
Dialogue: 0,0:06:20.64,0:06:24.96,Default,,0000,0000,0000,,about whether to install patches and
Dialogue: 0,0:06:22.24,0:06:27.84,Default,,0000,0000,0000,,which patch to install first and it used
Dialogue: 0,0:06:24.96,0:06:29.52,Default,,0000,0000,0000,,to be simple you you look for problems
Dialogue: 0,0:06:27.84,0:06:30.56,Default,,0000,0000,0000,,then you install the patches and then it
Dialogue: 0,0:06:29.52,0:06:33.24,Default,,0000,0000,0000,,a bit more
Dialogue: 0,0:06:30.56,0:06:36.44,Default,,0000,0000,0000,,complicated and the result is this right
Dialogue: 0,0:06:33.24,0:06:40.00,Default,,0000,0000,0000,,that's a famous podcast in in German uh
Dialogue: 0,0:06:36.44,0:06:41.80,Default,,0000,0000,0000,,it's about municipality who got owned by
Dialogue: 0,0:06:40.00,0:06:43.80,Default,,0000,0000,0000,,by ransomware and then had to call the
Dialogue: 0,0:06:41.80,0:06:46.36,Default,,0000,0000,0000,,Army for
Dialogue: 0,0:06:43.80,0:06:47.84,Default,,0000,0000,0000,,help and what you should do I'm having
Dialogue: 0,0:06:46.36,0:06:49.16,Default,,0000,0000,0000,,this for completeness install all
Dialogue: 0,0:06:47.84,0:06:51.84,Default,,0000,0000,0000,,patches immediately but that's a
Dialogue: 0,0:06:49.16,0:06:54.52,Default,,0000,0000,0000,,separate talk right so um you may notice
Dialogue: 0,0:06:51.84,0:06:56.04,Default,,0000,0000,0000,,a pattern here the it security industry
Dialogue: 0,0:06:54.52,0:06:59.00,Default,,0000,0000,0000,,recommends something and if you do it
Dialogue: 0,0:06:56.04,0:07:01.00,Default,,0000,0000,0000,,you're [ __ ] so don't do it um in case
Dialogue: 0,0:06:59.00,0:07:03.56,Default,,0000,0000,0000,,you can't read this this says snake
Dialogue: 0,0:07:01.00,0:07:06.72,Default,,0000,0000,0000,,repellent granules and then there's a
Dialogue: 0,0:07:03.56,0:07:06.72,Default,,0000,0000,0000,,snake sleeping next to
Dialogue: 0,0:07:07.52,0:07:12.32,Default,,0000,0000,0000,,it right so um if we can trust the
Dialogue: 0,0:07:10.96,0:07:15.40,Default,,0000,0000,0000,,recommendations of the industry what
Dialogue: 0,0:07:12.32,0:07:16.92,Default,,0000,0000,0000,,shall we do and um so I had a lot of
Dialogue: 0,0:07:15.40,0:07:19.52,Default,,0000,0000,0000,,time on my hands because I didn't have
Dialogue: 0,0:07:16.92,0:07:21.32,Default,,0000,0000,0000,,to clean up after crappy it security
Dialogue: 0,0:07:19.52,0:07:23.72,Default,,0000,0000,0000,,industry recommendations so what that
Dialogue: 0,0:07:21.32,0:07:26.96,Default,,0000,0000,0000,,what did I do with my
Dialogue: 0,0:07:23.72,0:07:30.84,Default,,0000,0000,0000,,time and uh I decided I need a Blog uh
Dialogue: 0,0:07:26.96,0:07:32.56,Default,,0000,0000,0000,,some time ago now um and I started
Dialogue: 0,0:07:30.84,0:07:34.28,Default,,0000,0000,0000,,thinking what do I need and it's
Dialogue: 0,0:07:32.56,0:07:37.52,Default,,0000,0000,0000,,actually not that much I could have just
Dialogue: 0,0:07:34.28,0:07:39.40,Default,,0000,0000,0000,,shown basically static content a little
Dialogue: 0,0:07:37.52,0:07:42.24,Default,,0000,0000,0000,,search function would be good but it's
Dialogue: 0,0:07:39.40,0:07:44.72,Default,,0000,0000,0000,,optional um I didn't need comments for
Dialogue: 0,0:07:42.24,0:07:48.36,Default,,0000,0000,0000,,legal reasons because people start
Dialogue: 0,0:07:44.72,0:07:50.12,Default,,0000,0000,0000,,posting like uh links to maware or
Dialogue: 0,0:07:48.36,0:07:51.96,Default,,0000,0000,0000,,whatever I don't want that um I don't
Dialogue: 0,0:07:50.12,0:07:53.84,Default,,0000,0000,0000,,need that right so the first version was
Dialogue: 0,0:07:51.96,0:07:55.80,Default,,0000,0000,0000,,actually really easy it was a small
Dialogue: 0,0:07:53.84,0:07:58.60,Default,,0000,0000,0000,,standard web server and I had the the
Dialogue: 0,0:07:55.80,0:08:00.20,Default,,0000,0000,0000,,blog entries a static HTML files one
Dialogue: 0,0:07:58.60,0:08:01.76,Default,,0000,0000,0000,,file per month it was actually really
Dialogue: 0,0:08:00.20,0:08:05.44,Default,,0000,0000,0000,,easy if you want to search you just can
Dialogue: 0,0:08:01.76,0:08:07.12,Default,,0000,0000,0000,,ask Google and limit it to my site so
Dialogue: 0,0:08:05.44,0:08:09.48,Default,,0000,0000,0000,,posting was also easy had a little
Dialogue: 0,0:08:07.12,0:08:12.88,Default,,0000,0000,0000,,script that uh I could run on the server
Dialogue: 0,0:08:09.48,0:08:14.88,Default,,0000,0000,0000,,and I just ssh in and SSH I trust for
Dialogue: 0,0:08:12.88,0:08:17.48,Default,,0000,0000,0000,,authentication so there's no new attack
Dialogue: 0,0:08:14.88,0:08:20.40,Default,,0000,0000,0000,,surface I have that anyway and this is a
Dialogue: 0,0:08:17.48,0:08:23.04,Default,,0000,0000,0000,,great design it's secure it's simple
Dialogue: 0,0:08:20.40,0:08:25.00,Default,,0000,0000,0000,,there's low risk it's also high
Dialogue: 0,0:08:23.04,0:08:27.88,Default,,0000,0000,0000,,performance but you couldn't do a talk
Dialogue: 0,0:08:25.00,0:08:30.08,Default,,0000,0000,0000,,about it at the CCC right so it's too
Dialogue: 0,0:08:27.88,0:08:32.28,Default,,0000,0000,0000,,boring so I started to produce risk in
Dialogue: 0,0:08:30.08,0:08:32.28,Default,,0000,0000,0000,,my
Dialogue: 0,0:08:33.64,0:08:38.24,Default,,0000,0000,0000,,setup so the first idea was I had
Dialogue: 0,0:08:36.36,0:08:40.64,Default,,0000,0000,0000,,written a small web server I could just
Dialogue: 0,0:08:38.24,0:08:44.04,Default,,0000,0000,0000,,implement the blog in the web server
Dialogue: 0,0:08:40.64,0:08:46.84,Default,,0000,0000,0000,,because you know it's my code anyway um
Dialogue: 0,0:08:44.04,0:08:49.08,Default,,0000,0000,0000,,but that has downsides if the the blog
Dialogue: 0,0:08:46.84,0:08:50.84,Default,,0000,0000,0000,,is running in the web server then it can
Dialogue: 0,0:08:49.08,0:08:52.92,Default,,0000,0000,0000,,access all the memory of the web server
Dialogue: 0,0:08:50.84,0:08:55.24,Default,,0000,0000,0000,,in particular it can see the TLs private
Dialogue: 0,0:08:52.92,0:08:58.24,Default,,0000,0000,0000,,key and that I don't want people to
Dialogue: 0,0:08:55.24,0:09:00.56,Default,,0000,0000,0000,,extract right so it can't be a module in
Dialogue: 0,0:08:58.24,0:09:02.76,Default,,0000,0000,0000,,the web server
Dialogue: 0,0:09:00.56,0:09:05.36,Default,,0000,0000,0000,,and the the obvious solution is it the
Dialogue: 0,0:09:02.76,0:09:08.00,Default,,0000,0000,0000,,it has to run in a different user ID on
Dialogue: 0,0:09:05.36,0:09:09.76,Default,,0000,0000,0000,,on Linux I'm using Linux or but any any
Dialogue: 0,0:09:08.00,0:09:12.08,Default,,0000,0000,0000,,Unix or Windows would be the same
Dialogue: 0,0:09:09.76,0:09:14.00,Default,,0000,0000,0000,,basically it runs in a different user ID
Dialogue: 0,0:09:12.08,0:09:15.80,Default,,0000,0000,0000,,and then if you if you take over the
Dialogue: 0,0:09:14.00,0:09:18.28,Default,,0000,0000,0000,,process of the blog because there's some
Dialogue: 0,0:09:15.80,0:09:19.36,Default,,0000,0000,0000,,bug in it you couldn't access the the
Dialogue: 0,0:09:18.28,0:09:21.76,Default,,0000,0000,0000,,TLs
Dialogue: 0,0:09:19.36,0:09:23.04,Default,,0000,0000,0000,,key and while I did that the industry
Dialogue: 0,0:09:21.76,0:09:25.28,Default,,0000,0000,0000,,was doing
Dialogue: 0,0:09:23.04,0:09:27.36,Default,,0000,0000,0000,,this that's like the running gag of this
Dialogue: 0,0:09:25.28,0:09:28.76,Default,,0000,0000,0000,,talk I show all kinds of interesting
Dialogue: 0,0:09:27.36,0:09:29.64,Default,,0000,0000,0000,,things the industry did and then show
Dialogue: 0,0:09:28.76,0:09:32.76,Default,,0000,0000,0000,,what I did
Dialogue: 0,0:09:29.64,0:09:34.52,Default,,0000,0000,0000,,in that time right so um next question
Dialogue: 0,0:09:32.76,0:09:37.60,Default,,0000,0000,0000,,where's the content I could just have
Dialogue: 0,0:09:34.52,0:09:39.08,Default,,0000,0000,0000,,files on disk like static HTML as before
Dialogue: 0,0:09:37.60,0:09:41.76,Default,,0000,0000,0000,,but I think that's not professional
Dialogue: 0,0:09:39.08,0:09:43.40,Default,,0000,0000,0000,,enough right so for a good CCC talk you
Dialogue: 0,0:09:41.76,0:09:45.36,Default,,0000,0000,0000,,need to be more
Dialogue: 0,0:09:43.40,0:09:46.92,Default,,0000,0000,0000,,professional also for a different
Dialogue: 0,0:09:45.36,0:09:51.00,Default,,0000,0000,0000,,project I had just written an elabs
Dialogue: 0,0:09:46.92,0:09:52.60,Default,,0000,0000,0000,,server so I decided to reuse it and uh
Dialogue: 0,0:09:51.00,0:09:54.04,Default,,0000,0000,0000,,while I did that the industry did this I
Dialogue: 0,0:09:52.60,0:09:55.84,Default,,0000,0000,0000,,I took this photo at the airport of
Dialogue: 0,0:09:54.04,0:09:57.56,Default,,0000,0000,0000,,Jerusalem so this is an actual ad it's
Dialogue: 0,0:09:55.84,0:09:59.80,Default,,0000,0000,0000,,not photoshopped right it's for north of
Dialogue: 0,0:09:57.56,0:10:02.76,Default,,0000,0000,0000,,gramman which is a um
Dialogue: 0,0:09:59.80,0:10:06.72,Default,,0000,0000,0000,,military contractor and it's about full
Dialogue: 0,0:10:02.76,0:10:06.72,Default,,0000,0000,0000,,spectrum cyber across all
Dialogue: 0,0:10:06.80,0:10:12.04,Default,,0000,0000,0000,,domains so why would I write my own elab
Dialogue: 0,0:10:09.36,0:10:14.88,Default,,0000,0000,0000,,server mostly because it's small and um
Dialogue: 0,0:10:12.04,0:10:17.64,Default,,0000,0000,0000,,because I'm an auditor by trade I know
Dialogue: 0,0:10:14.88,0:10:20.56,Default,,0000,0000,0000,,that if you want a chance to actually
Dialogue: 0,0:10:17.64,0:10:22.32,Default,,0000,0000,0000,,audit the code it needs to be small
Dialogue: 0,0:10:20.56,0:10:24.28,Default,,0000,0000,0000,,because that's a limited resource the
Dialogue: 0,0:10:22.32,0:10:27.36,Default,,0000,0000,0000,,time you can spend on auditing code
Dialogue: 0,0:10:24.28,0:10:30.40,Default,,0000,0000,0000,,right so postgress is a common SQL
Dialogue: 0,0:10:27.36,0:10:32.44,Default,,0000,0000,0000,,database uh slapd is the the open Lup
Dialogue: 0,0:10:30.40,0:10:34.84,Default,,0000,0000,0000,,implementation of the server and Tiny
Dialogue: 0,0:10:32.44,0:10:37.16,Default,,0000,0000,0000,,Lup is mine and you see it's much slower
Dialogue: 0,0:10:34.84,0:10:37.16,Default,,0000,0000,0000,,uh much
Dialogue: 0,0:10:38.44,0:10:44.24,Default,,0000,0000,0000,,smaller yeah so there was more to this
Dialogue: 0,0:10:40.52,0:10:44.24,Default,,0000,0000,0000,,ad campaign I collected a few funny
Dialogue: 0,0:10:44.32,0:10:52.36,Default,,0000,0000,0000,,images right so um if someone manages to
Dialogue: 0,0:10:48.96,0:10:54.96,Default,,0000,0000,0000,,hack the blog CGI or whatever module I
Dialogue: 0,0:10:52.36,0:10:57.40,Default,,0000,0000,0000,,use to to have connect the blog to the
Dialogue: 0,0:10:54.96,0:11:00.40,Default,,0000,0000,0000,,web server they can open any file that
Dialogue: 0,0:10:57.40,0:11:02.72,Default,,0000,0000,0000,,the blog can read right the uid can read
Dialogue: 0,0:11:00.40,0:11:05.88,Default,,0000,0000,0000,,so um I should probably do something
Dialogue: 0,0:11:02.72,0:11:07.56,Default,,0000,0000,0000,,about that that was the next step and
Dialogue: 0,0:11:05.88,0:11:08.75,Default,,0000,0000,0000,,the industry was starting to think about
Dialogue: 0,0:11:07.56,0:11:10.24,Default,,0000,0000,0000,,vulnerability
Dialogue: 0,0:11:08.75,0:11:12.52,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:11:10.24,0:11:14.44,Default,,0000,0000,0000,,management so there is a mechanism on
Dialogue: 0,0:11:12.52,0:11:16.60,Default,,0000,0000,0000,,Unix on Linux I did a separate talk
Dialogue: 0,0:11:14.44,0:11:19.12,Default,,0000,0000,0000,,about that uh on the last Congress it's
Dialogue: 0,0:11:16.60,0:11:21.00,Default,,0000,0000,0000,,called Secom and Secom can it's like a
Dialogue: 0,0:11:19.12,0:11:24.28,Default,,0000,0000,0000,,firewall for CS calls so I can use
Dialogue: 0,0:11:21.00,0:11:27.16,Default,,0000,0000,0000,,seccom to block open the open CIS which
Dialogue: 0,0:11:24.28,0:11:29.60,Default,,0000,0000,0000,,is used to open files um but if I have
Dialogue: 0,0:11:27.16,0:11:31.88,Default,,0000,0000,0000,,to use open myself
Dialogue: 0,0:11:29.60,0:11:33.48,Default,,0000,0000,0000,,then um I can't block it right so what
Dialogue: 0,0:11:31.88,0:11:35.76,Default,,0000,0000,0000,,you do about that for example my blog
Dialogue: 0,0:11:33.48,0:11:38.36,Default,,0000,0000,0000,,calls local time which converts unix's
Dialogue: 0,0:11:35.76,0:11:40.48,Default,,0000,0000,0000,,time into the local time zone and for
Dialogue: 0,0:11:38.36,0:11:44.92,Default,,0000,0000,0000,,that it opens a file containing the
Dialogue: 0,0:11:40.48,0:11:47.04,Default,,0000,0000,0000,,description of the uh system time zone
Dialogue: 0,0:11:44.92,0:11:49.36,Default,,0000,0000,0000,,and that's that calls open right so if I
Dialogue: 0,0:11:47.04,0:11:52.00,Default,,0000,0000,0000,,just disabled the open system call from
Dialogue: 0,0:11:49.36,0:11:54.72,Default,,0000,0000,0000,,my blog then it couldn't do the time
Dialogue: 0,0:11:52.00,0:11:57.64,Default,,0000,0000,0000,,translation and uh this is actually an
Dialogue: 0,0:11:54.72,0:12:00.08,Default,,0000,0000,0000,,old problem that also uh applies to set
Dialogue: 0,0:11:57.64,0:12:03.04,Default,,0000,0000,0000,,ID programs and has has applied to them
Dialogue: 0,0:12:00.08,0:12:05.96,Default,,0000,0000,0000,,for decades so what you can do is you
Dialogue: 0,0:12:03.04,0:12:08.72,Default,,0000,0000,0000,,can reorganize your code so before you
Dialogue: 0,0:12:05.96,0:12:11.68,Default,,0000,0000,0000,,block or before you drop privileges
Dialogue: 0,0:12:08.72,0:12:14.48,Default,,0000,0000,0000,,generally speaking you do uh the open
Dialogue: 0,0:12:11.68,0:12:16.76,Default,,0000,0000,0000,,calls in this in this example um and
Dialogue: 0,0:12:14.48,0:12:19.20,Default,,0000,0000,0000,,then you disable open and then you look
Dialogue: 0,0:12:16.76,0:12:21.12,Default,,0000,0000,0000,,at the the data provided by the attacker
Dialogue: 0,0:12:19.20,0:12:23.64,Default,,0000,0000,0000,,because if the attacker or any untrusted
Dialogue: 0,0:12:21.12,0:12:26.16,Default,,0000,0000,0000,,source is trying to hack you it is via
Dialogue: 0,0:12:23.64,0:12:27.68,Default,,0000,0000,0000,,data it gives you right it's the the
Dialogue: 0,0:12:26.16,0:12:29.48,Default,,0000,0000,0000,,environment is compromised so you look
Dialogue: 0,0:12:27.68,0:12:31.76,Default,,0000,0000,0000,,at what kind of uh elements in the
Dialogue: 0,0:12:29.48,0:12:33.68,Default,,0000,0000,0000,,environment are attacker supplied and
Dialogue: 0,0:12:31.76,0:12:35.72,Default,,0000,0000,0000,,before you look at a single bite in them
Dialogue: 0,0:12:33.68,0:12:38.44,Default,,0000,0000,0000,,you do all the dangerous stuff if you
Dialogue: 0,0:12:35.72,0:12:42.20,Default,,0000,0000,0000,,can right so in this case I call local
Dialogue: 0,0:12:38.44,0:12:44.96,Default,,0000,0000,0000,,time once before I drop the open CIS
Dialogue: 0,0:12:42.20,0:12:47.76,Default,,0000,0000,0000,,call and then my lipy will cach the the
Dialogue: 0,0:12:44.96,0:12:50.00,Default,,0000,0000,0000,,time zone data and the next time I call
Dialogue: 0,0:12:47.76,0:12:51.80,Default,,0000,0000,0000,,it after I have looked at the attacker
Dialogue: 0,0:12:50.00,0:12:54.28,Default,,0000,0000,0000,,supplied code there is no need to call
Dialogue: 0,0:12:51.80,0:12:57.60,Default,,0000,0000,0000,,open right so that's a major advantage
Dialogue: 0,0:12:54.28,0:13:01.56,Default,,0000,0000,0000,,of Secom over similar Technologies like
Dialogue: 0,0:12:57.60,0:13:04.36,Default,,0000,0000,0000,,SE Linux where where the all the the the
Dialogue: 0,0:13:01.56,0:13:07.44,Default,,0000,0000,0000,,the um prohibitions on CIS calls are
Dialogue: 0,0:13:04.36,0:13:08.72,Default,,0000,0000,0000,,applied to the whole process so there is
Dialogue: 0,0:13:07.44,0:13:09.84,Default,,0000,0000,0000,,this is an example and you should make
Dialogue: 0,0:13:08.72,0:13:11.84,Default,,0000,0000,0000,,use of it you should look at your
Dialogue: 0,0:13:09.84,0:13:13.68,Default,,0000,0000,0000,,process and you can see if you have the
Dialogue: 0,0:13:11.84,0:13:16.36,Default,,0000,0000,0000,,source code at least you can see which
Dialogue: 0,0:13:13.68,0:13:18.56,Default,,0000,0000,0000,,parts do I need to do before I can drop
Dialogue: 0,0:13:16.36,0:13:21.00,Default,,0000,0000,0000,,Privileges and you move them up right so
Dialogue: 0,0:13:18.56,0:13:25.04,Default,,0000,0000,0000,,that's what I
Dialogue: 0,0:13:21.00,0:13:27.52,Default,,0000,0000,0000,,did um this is actually uh a mockup from
Dialogue: 0,0:13:25.04,0:13:30.24,Default,,0000,0000,0000,,the Estonian cyber security
Dialogue: 0,0:13:27.52,0:13:34.96,Default,,0000,0000,0000,,Center so this is
Dialogue: 0,0:13:30.24,0:13:38.40,Default,,0000,0000,0000,,real okay so um next thought so let's
Dialogue: 0,0:13:34.96,0:13:40.64,Default,,0000,0000,0000,,say someone hacks the blog uh module and
Dialogue: 0,0:13:38.40,0:13:41.88,Default,,0000,0000,0000,,someone else uses the same module but
Dialogue: 0,0:13:40.64,0:13:44.04,Default,,0000,0000,0000,,supplies a
Dialogue: 0,0:13:41.88,0:13:46.16,Default,,0000,0000,0000,,password right this is a common problem
Dialogue: 0,0:13:44.04,0:13:47.80,Default,,0000,0000,0000,,in website in websites there's some kind
Dialogue: 0,0:13:46.16,0:13:50.56,Default,,0000,0000,0000,,of login something you get maybe a
Dialogue: 0,0:13:47.80,0:13:53.48,Default,,0000,0000,0000,,session token or whatever um and if
Dialogue: 0,0:13:50.56,0:13:56.04,Default,,0000,0000,0000,,someone manages to take over the the
Dialogue: 0,0:13:53.48,0:13:58.92,Default,,0000,0000,0000,,middleware or like the server component
Dialogue: 0,0:13:56.04,0:14:01.08,Default,,0000,0000,0000,,they can see uh all other connections
Dialogue: 0,0:13:58.92,0:14:03.36,Default,,0000,0000,0000,,too if they are handled by the same
Dialogue: 0,0:14:01.08,0:14:05.88,Default,,0000,0000,0000,,process right that's a that's a major
Dialogue: 0,0:14:03.36,0:14:08.88,Default,,0000,0000,0000,,problem um and you can do something
Dialogue: 0,0:14:05.88,0:14:12.20,Default,,0000,0000,0000,,about it so that's the good news
Dialogue: 0,0:14:08.88,0:14:14.56,Default,,0000,0000,0000,,here uh and in in my example it led to
Dialogue: 0,0:14:12.20,0:14:18.44,Default,,0000,0000,0000,,me using CGI instead of fast CGI which
Dialogue: 0,0:14:14.56,0:14:21.04,Default,,0000,0000,0000,,is fast CGI is a newer version of CGI
Dialogue: 0,0:14:18.44,0:14:24.44,Default,,0000,0000,0000,,and the idea with fast CGI is that you
Dialogue: 0,0:14:21.04,0:14:27.08,Default,,0000,0000,0000,,don't spawn a new process for every
Dialogue: 0,0:14:24.44,0:14:30.32,Default,,0000,0000,0000,,request but you have like a Unix domain
Dialogue: 0,0:14:27.08,0:14:32.20,Default,,0000,0000,0000,,socket or another socket to a fast CGI
Dialogue: 0,0:14:30.32,0:14:35.68,Default,,0000,0000,0000,,process and that opens maybe a threat
Dialogue: 0,0:14:32.20,0:14:37.60,Default,,0000,0000,0000,,per request or something but um usually
Dialogue: 0,0:14:35.68,0:14:39.36,Default,,0000,0000,0000,,in fast CGI you try to handle the
Dialogue: 0,0:14:37.60,0:14:42.44,Default,,0000,0000,0000,,requests in the same process and then
Dialogue: 0,0:14:39.36,0:14:44.72,Default,,0000,0000,0000,,you can use that process to cach data so
Dialogue: 0,0:14:42.44,0:14:47.72,Default,,0000,0000,0000,,there's a perf advantage to using fast
Dialogue: 0,0:14:44.72,0:14:50.68,Default,,0000,0000,0000,,CGI but for security reasons um I don't
Dialogue: 0,0:14:47.72,0:14:53.04,Default,,0000,0000,0000,,I don't use fast CGI so I can't do
Dialogue: 0,0:14:50.68,0:14:54.36,Default,,0000,0000,0000,,caching right so that's a major downside
Dialogue: 0,0:14:53.04,0:14:57.00,Default,,0000,0000,0000,,and you would expect the block to be
Dialogue: 0,0:14:54.36,0:14:59.04,Default,,0000,0000,0000,,really really slow in the end um so
Dialogue: 0,0:14:57.00,0:15:02.08,Default,,0000,0000,0000,,first thing I need to use CGI instead of
Dialogue: 0,0:14:59.04,0:15:05.52,Default,,0000,0000,0000,,fast CGI and secondly you could still
Dialogue: 0,0:15:02.08,0:15:07.76,Default,,0000,0000,0000,,use debug apis so if you use GDB or
Dialogue: 0,0:15:05.52,0:15:10.68,Default,,0000,0000,0000,,another debugger to to look at another
Dialogue: 0,0:15:07.76,0:15:12.52,Default,,0000,0000,0000,,process they use an API called p trce u
Dialogue: 0,0:15:10.68,0:15:17.00,Default,,0000,0000,0000,,but that's a CIS call so I can use set
Dialogue: 0,0:15:12.52,0:15:19.92,Default,,0000,0000,0000,,comp to disallow pce if I do those two
Dialogue: 0,0:15:17.00,0:15:21.84,Default,,0000,0000,0000,,and the attacker takes over a Blog
Dialogue: 0,0:15:19.92,0:15:24.32,Default,,0000,0000,0000,,process all they can see is the data
Dialogue: 0,0:15:21.84,0:15:26.92,Default,,0000,0000,0000,,they Supply themselves right that's a
Dialogue: 0,0:15:24.32,0:15:26.92,Default,,0000,0000,0000,,major
Dialogue: 0,0:15:27.28,0:15:31.52,Default,,0000,0000,0000,,advantage Okay so Ina is actually in U
Dialogue: 0,0:15:29.80,0:15:33.60,Default,,0000,0000,0000,,agency which I find really disturbing
Dialogue: 0,0:15:31.52,0:15:38.04,Default,,0000,0000,0000,,because they're burning lots of taxpayer
Dialogue: 0,0:15:33.60,0:15:40.40,Default,,0000,0000,0000,,money anyway so let's assume um the
Dialogue: 0,0:15:38.04,0:15:42.72,Default,,0000,0000,0000,,attacker can hack my blog they can still
Dialogue: 0,0:15:40.40,0:15:45.04,Default,,0000,0000,0000,,circumvent any access control I do in
Dialogue: 0,0:15:42.72,0:15:49.08,Default,,0000,0000,0000,,the blog so for example if I have an
Dialogue: 0,0:15:45.04,0:15:51.36,Default,,0000,0000,0000,,admin site or some login site part of
Dialogue: 0,0:15:49.08,0:15:54.00,Default,,0000,0000,0000,,the website um and it's handled through
Dialogue: 0,0:15:51.36,0:15:56.40,Default,,0000,0000,0000,,the same program and the access control
Dialogue: 0,0:15:54.00,0:15:59.00,Default,,0000,0000,0000,,is done in the blog CGI and someone
Dialogue: 0,0:15:56.40,0:16:03.60,Default,,0000,0000,0000,,manages to hack my blog CGI they could
Dialogue: 0,0:15:59.00,0:16:06.00,Default,,0000,0000,0000,,just skip that so um it's really hard to
Dialogue: 0,0:16:03.60,0:16:07.88,Default,,0000,0000,0000,,do access restrictions that can be
Dialogue: 0,0:16:06.00,0:16:09.76,Default,,0000,0000,0000,,circumvented if you do them in your own
Dialogue: 0,0:16:07.88,0:16:13.44,Default,,0000,0000,0000,,code so the solution is not do it in
Dialogue: 0,0:16:09.76,0:16:15.64,Default,,0000,0000,0000,,your own code um I don't do any access
Dialogue: 0,0:16:13.44,0:16:18.88,Default,,0000,0000,0000,,restriction in the blog I do it in the
Dialogue: 0,0:16:15.64,0:16:20.64,Default,,0000,0000,0000,,elab server so if you connect to my blog
Dialogue: 0,0:16:18.88,0:16:22.16,Default,,0000,0000,0000,,and Supply a password then the blog
Dialogue: 0,0:16:20.64,0:16:24.44,Default,,0000,0000,0000,,doesn't know if the password is right or
Dialogue: 0,0:16:22.16,0:16:25.68,Default,,0000,0000,0000,,not right there's an an an for example
Dialogue: 0,0:16:24.44,0:16:27.56,Default,,0000,0000,0000,,there's an interface where you can add
Dialogue: 0,0:16:25.68,0:16:29.28,Default,,0000,0000,0000,,new block entries or you can edit an old
Dialogue: 0,0:16:27.56,0:16:31.04,Default,,0000,0000,0000,,one and for you need to supply
Dialogue: 0,0:16:29.28,0:16:33.00,Default,,0000,0000,0000,,credentials but the block CGI doesn't
Dialogue: 0,0:16:31.04,0:16:34.68,Default,,0000,0000,0000,,know if they are right or not it opens
Dialogue: 0,0:16:33.00,0:16:36.92,Default,,0000,0000,0000,,the connections to the elab server with
Dialogue: 0,0:16:34.68,0:16:40.88,Default,,0000,0000,0000,,that credential and then the elab server
Dialogue: 0,0:16:36.92,0:16:44.76,Default,,0000,0000,0000,,says yes or no so since we uh removed
Dialogue: 0,0:16:40.88,0:16:46.80,Default,,0000,0000,0000,,access to the P SS uh and the the
Dialogue: 0,0:16:44.76,0:16:48.08,Default,,0000,0000,0000,,processes are isolated from each other
Dialogue: 0,0:16:46.80,0:16:50.04,Default,,0000,0000,0000,,that means there is nothing to
Dialogue: 0,0:16:48.08,0:16:52.68,Default,,0000,0000,0000,,circumvent here so if someone hacks my
Dialogue: 0,0:16:50.04,0:16:54.64,Default,,0000,0000,0000,,blog the only Advantage uh they get is
Dialogue: 0,0:16:52.68,0:16:56.24,Default,,0000,0000,0000,,they can do the exact same stuff they
Dialogue: 0,0:16:54.64,0:16:59.64,Default,,0000,0000,0000,,could do before basically they can just
Dialogue: 0,0:16:56.24,0:17:02.40,Default,,0000,0000,0000,,talk to the L server
Dialogue: 0,0:16:59.64,0:17:04.36,Default,,0000,0000,0000,,okay so I'm starting to get into uh
Dialogue: 0,0:17:02.40,0:17:06.84,Default,,0000,0000,0000,,James Bond territory here right with the
Dialogue: 0,0:17:04.36,0:17:09.00,Default,,0000,0000,0000,,attacks they getting more
Dialogue: 0,0:17:06.84,0:17:10.52,Default,,0000,0000,0000,,convoluted right so the industry started
Dialogue: 0,0:17:09.00,0:17:13.20,Default,,0000,0000,0000,,doing threat intelligence feeds which
Dialogue: 0,0:17:10.52,0:17:15.76,Default,,0000,0000,0000,,are useless don't spend money on those
Dialogue: 0,0:17:13.20,0:17:19.28,Default,,0000,0000,0000,,okay so let's say the attacker hacked my
Dialogue: 0,0:17:15.76,0:17:22.00,Default,,0000,0000,0000,,blog and then went to my tiny UB and now
Dialogue: 0,0:17:19.28,0:17:24.12,Default,,0000,0000,0000,,is attacking tiny elab then they can
Dialogue: 0,0:17:22.00,0:17:26.36,Default,,0000,0000,0000,,watch other logins because tiny Elder
Dialogue: 0,0:17:24.12,0:17:29.08,Default,,0000,0000,0000,,handles connections from other instances
Dialogue: 0,0:17:26.36,0:17:30.68,Default,,0000,0000,0000,,of the blog too right so the same
Dialogue: 0,0:17:29.08,0:17:33.20,Default,,0000,0000,0000,,problem we had before we just moved the
Dialogue: 0,0:17:30.68,0:17:35.68,Default,,0000,0000,0000,,gold post a little and we need to
Dialogue: 0,0:17:33.20,0:17:37.84,Default,,0000,0000,0000,,prevent this and the the obvious
Dialogue: 0,0:17:35.68,0:17:41.80,Default,,0000,0000,0000,,solution is to do the same thing we did
Dialogue: 0,0:17:37.84,0:17:44.84,Default,,0000,0000,0000,,with the blog um we have one process of
Dialogue: 0,0:17:41.80,0:17:48.80,Default,,0000,0000,0000,,the elab server per request and then we
Dialogue: 0,0:17:44.84,0:17:50.84,Default,,0000,0000,0000,,just allow P Trace right so now you
Dialogue: 0,0:17:48.80,0:17:52.56,Default,,0000,0000,0000,,can't watch even if you get code
Dialogue: 0,0:17:50.84,0:17:54.88,Default,,0000,0000,0000,,execution inside the elab server you
Dialogue: 0,0:17:52.56,0:17:58.96,Default,,0000,0000,0000,,can't watch what passwords other people
Dialogue: 0,0:17:54.88,0:18:01.24,Default,,0000,0000,0000,,use you can still see okay does some
Dialogue: 0,0:17:58.96,0:18:04.36,Default,,0000,0000,0000,,[ __ ] again you can still see the
Dialogue: 0,0:18:01.24,0:18:06.48,Default,,0000,0000,0000,,password in the UB store right so the
Dialogue: 0,0:18:04.36,0:18:08.36,Default,,0000,0000,0000,,elab server has to has a version of the
Dialogue: 0,0:18:06.48,0:18:10.76,Default,,0000,0000,0000,,password to authenticate against and the
Dialogue: 0,0:18:08.36,0:18:12.84,Default,,0000,0000,0000,,industry practice best practice is to
Dialogue: 0,0:18:10.76,0:18:14.36,Default,,0000,0000,0000,,use salted hashers so the password is
Dialogue: 0,0:18:12.84,0:18:17.08,Default,,0000,0000,0000,,not actually in the
Dialogue: 0,0:18:14.36,0:18:19.60,Default,,0000,0000,0000,,store still if someone manages to attack
Dialogue: 0,0:18:17.08,0:18:22.08,Default,,0000,0000,0000,,tiny elab through the blog they can
Dialogue: 0,0:18:19.60,0:18:24.88,Default,,0000,0000,0000,,extract the hashes and try to crack them
Dialogue: 0,0:18:22.08,0:18:27.92,Default,,0000,0000,0000,,but since I'm the only one adding users
Dialogue: 0,0:18:24.88,0:18:31.64,Default,,0000,0000,0000,,I can control the password complexity so
Dialogue: 0,0:18:27.92,0:18:34.64,Default,,0000,0000,0000,,good luck frood forcing that
Dialogue: 0,0:18:31.64,0:18:34.64,Default,,0000,0000,0000,,right
Dialogue: 0,0:18:34.76,0:18:39.40,Default,,0000,0000,0000,,okay so uh this is actually a real
Dialogue: 0,0:18:37.56,0:18:41.68,Default,,0000,0000,0000,,problem not not for my blog specifically
Dialogue: 0,0:18:39.40,0:18:43.32,Default,,0000,0000,0000,,but for other web services or services
Dialogue: 0,0:18:41.68,0:18:44.76,Default,,0000,0000,0000,,that are reachable from the internet
Dialogue: 0,0:18:43.32,0:18:46.80,Default,,0000,0000,0000,,what if an attacker doesn't want to
Dialogue: 0,0:18:44.76,0:18:50.24,Default,,0000,0000,0000,,steal my data but it wants to encrypt
Dialogue: 0,0:18:46.80,0:18:54.08,Default,,0000,0000,0000,,them so the ransomware what can you do
Dialogue: 0,0:18:50.24,0:18:56.40,Default,,0000,0000,0000,,about that and um my idea was to make
Dialogue: 0,0:18:54.08,0:18:58.00,Default,,0000,0000,0000,,the data store read only so the UB
Dialogue: 0,0:18:56.40,0:19:00.68,Default,,0000,0000,0000,,server has a data store that contains
Dialogue: 0,0:18:58.00,0:19:03.16,Default,,0000,0000,0000,,all the blog entries and let's read only
Dialogue: 0,0:19:00.68,0:19:05.44,Default,,0000,0000,0000,,to the add up process you can only read
Dialogue: 0,0:19:03.16,0:19:08.20,Default,,0000,0000,0000,,from it and if you want to write to it
Dialogue: 0,0:19:05.44,0:19:10.04,Default,,0000,0000,0000,,for example to add a new entry it gets
Dialogue: 0,0:19:08.20,0:19:10.92,Default,,0000,0000,0000,,appended to a second file which I call
Dialogue: 0,0:19:10.04,0:19:13.56,Default,,0000,0000,0000,,the
Dialogue: 0,0:19:10.92,0:19:15.88,Default,,0000,0000,0000,,journal so SQL databases have a similar
Dialogue: 0,0:19:13.56,0:19:17.76,Default,,0000,0000,0000,,concept and they use it to to roll back
Dialogue: 0,0:19:15.88,0:19:19.32,Default,,0000,0000,0000,,transactions I can do the same thing
Dialogue: 0,0:19:17.76,0:19:22.20,Default,,0000,0000,0000,,it's basically a log
Dialogue: 0,0:19:19.32,0:19:25.16,Default,,0000,0000,0000,,file and that means um all the
Dialogue: 0,0:19:22.20,0:19:27.36,Default,,0000,0000,0000,,differences from the last time the store
Dialogue: 0,0:19:25.16,0:19:29.40,Default,,0000,0000,0000,,was created the Ron store all the
Dialogue: 0,0:19:27.36,0:19:32.24,Default,,0000,0000,0000,,differences are sequentially in the log
Dialogue: 0,0:19:29.40,0:19:34.32,Default,,0000,0000,0000,,file in the journal so that that the
Dialogue: 0,0:19:32.24,0:19:36.48,Default,,0000,0000,0000,,performance gets worse the bigger the
Dialogue: 0,0:19:34.32,0:19:39.48,Default,,0000,0000,0000,,journal gets so every now and then I
Dialogue: 0,0:19:36.48,0:19:41.60,Default,,0000,0000,0000,,need to combine the readon part and the
Dialogue: 0,0:19:39.48,0:19:44.12,Default,,0000,0000,0000,,journal to a new bigger readon part and
Dialogue: 0,0:19:41.60,0:19:44.12,Default,,0000,0000,0000,,I do that
Dialogue: 0,0:19:44.68,0:19:49.64,Default,,0000,0000,0000,,manually um because tiny elab couldn't
Dialogue: 0,0:19:47.88,0:19:51.04,Default,,0000,0000,0000,,do it because I didn't allow tiny elab
Dialogue: 0,0:19:49.64,0:19:54.96,Default,,0000,0000,0000,,to write the store right that was part
Dialogue: 0,0:19:51.04,0:19:57.12,Default,,0000,0000,0000,,of the security here and uh so um with
Dialogue: 0,0:19:54.96,0:19:59.00,Default,,0000,0000,0000,,set comp I can just disable whole CIS
Dialogue: 0,0:19:57.12,0:20:00.88,Default,,0000,0000,0000,,calls I can also install filters so I
Dialogue: 0,0:19:59.00,0:20:03.68,Default,,0000,0000,0000,,can say open is allowed but only if you
Dialogue: 0,0:20:00.88,0:20:06.44,Default,,0000,0000,0000,,use o append o append in the open sis
Dialogue: 0,0:20:03.68,0:20:09.28,Default,,0000,0000,0000,,call on Unix means every right you do to
Dialogue: 0,0:20:06.44,0:20:12.60,Default,,0000,0000,0000,,this uh descriptor is automatically
Dialogue: 0,0:20:09.28,0:20:16.16,Default,,0000,0000,0000,,added to the end so I know if someone
Dialogue: 0,0:20:12.60,0:20:18.84,Default,,0000,0000,0000,,manages to to access the tiny Elda
Dialogue: 0,0:20:16.16,0:20:20.80,Default,,0000,0000,0000,,binary and can write to my journal then
Dialogue: 0,0:20:18.84,0:20:22.32,Default,,0000,0000,0000,,the only place the changes can show up
Dialogue: 0,0:20:20.80,0:20:24.60,Default,,0000,0000,0000,,is at the end and that's actually a
Dialogue: 0,0:20:22.32,0:20:27.20,Default,,0000,0000,0000,,really good good thing to have because
Dialogue: 0,0:20:24.60,0:20:29.84,Default,,0000,0000,0000,,it means if someone hacks me and adds
Dialogue: 0,0:20:27.20,0:20:32.72,Default,,0000,0000,0000,,junk to my blog I can only remove at the
Dialogue: 0,0:20:29.84,0:20:35.36,Default,,0000,0000,0000,,end and I'm good again compare that to a
Dialogue: 0,0:20:32.72,0:20:38.32,Default,,0000,0000,0000,,usual SQL database um if someone wrote
Dialogue: 0,0:20:35.36,0:20:40.92,Default,,0000,0000,0000,,to the database you need to in to to
Dialogue: 0,0:20:38.32,0:20:42.76,Default,,0000,0000,0000,,play a backup uh in to restore backup
Dialogue: 0,0:20:40.92,0:20:45.60,Default,,0000,0000,0000,,because they could have changed anything
Dialogue: 0,0:20:42.76,0:20:47.00,Default,,0000,0000,0000,,anywhere right so but tiny adup doesn't
Dialogue: 0,0:20:45.60,0:20:48.84,Default,,0000,0000,0000,,even have file system level permissions
Dialogue: 0,0:20:47.00,0:20:50.88,Default,,0000,0000,0000,,to change anything in the store so I can
Dialogue: 0,0:20:48.84,0:20:53.32,Default,,0000,0000,0000,,re re uh sleep
Dialogue: 0,0:20:50.88,0:20:56.44,Default,,0000,0000,0000,,soundly yeah the industry spent money on
Dialogue: 0,0:20:53.32,0:20:56.44,Default,,0000,0000,0000,,cyber security mesh
Dialogue: 0,0:20:56.48,0:21:00.48,Default,,0000,0000,0000,,architecture right so the journal
Dialogue: 0,0:20:58.88,0:21:02.28,Default,,0000,0000,0000,,integration has to be done by me
Dialogue: 0,0:21:00.48,0:21:05.44,Default,,0000,0000,0000,,manually out of band so it's not
Dialogue: 0,0:21:02.28,0:21:08.88,Default,,0000,0000,0000,,something an automated process does um I
Dialogue: 0,0:21:05.44,0:21:10.36,Default,,0000,0000,0000,,do it manually and when I'm doing it um
Dialogue: 0,0:21:08.88,0:21:12.52,Default,,0000,0000,0000,,because it's not that much data it's
Dialogue: 0,0:21:10.36,0:21:14.60,Default,,0000,0000,0000,,like for a week or two I can just read
Dialogue: 0,0:21:12.52,0:21:16.48,Default,,0000,0000,0000,,it again and see if something doesn't
Dialogue: 0,0:21:14.60,0:21:19.12,Default,,0000,0000,0000,,look
Dialogue: 0,0:21:16.48,0:21:21.08,Default,,0000,0000,0000,,right this may not be available to all
Dialogue: 0,0:21:19.12,0:21:22.76,Default,,0000,0000,0000,,other scenarios but uh you have to
Dialogue: 0,0:21:21.08,0:21:25.20,Default,,0000,0000,0000,,realize if you have bigger data it's
Dialogue: 0,0:21:22.76,0:21:27.04,Default,,0000,0000,0000,,usually not all the data that's big most
Dialogue: 0,0:21:25.20,0:21:29.96,Default,,0000,0000,0000,,of it is usually static and readon and
Dialogue: 0,0:21:27.04,0:21:32.84,Default,,0000,0000,0000,,then you have some logs that are or you
Dialogue: 0,0:21:29.96,0:21:35.40,Default,,0000,0000,0000,,know billing data that grows and grows
Dialogue: 0,0:21:32.84,0:21:37.80,Default,,0000,0000,0000,,but usually there's part of the data and
Dialogue: 0,0:21:35.40,0:21:40.60,Default,,0000,0000,0000,,this is the the part with the you know
Dialogue: 0,0:21:37.80,0:21:43.68,Default,,0000,0000,0000,,um uh identifying information personally
Dialogue: 0,0:21:40.60,0:21:46.12,Default,,0000,0000,0000,,identifying information or you know Bill
Dialogue: 0,0:21:43.68,0:21:48.12,Default,,0000,0000,0000,,billing details that stuff is usually
Dialogue: 0,0:21:46.12,0:21:51.44,Default,,0000,0000,0000,,small and mostly static and you could
Dialogue: 0,0:21:48.12,0:21:51.44,Default,,0000,0000,0000,,use this strategy for that
Dialogue: 0,0:21:52.76,0:21:58.80,Default,,0000,0000,0000,,too well yeah
Dialogue: 0,0:21:56.16,0:22:01.60,Default,,0000,0000,0000,,okay so the attack can still write
Dialogue: 0,0:21:58.80,0:22:03.92,Default,,0000,0000,0000,,garbage to my blog that's still not good
Dialogue: 0,0:22:01.60,0:22:06.76,Default,,0000,0000,0000,,right but since all they can do is a pen
Dialogue: 0,0:22:03.92,0:22:09.24,Default,,0000,0000,0000,,to the journal I can use my text editor
Dialogue: 0,0:22:06.76,0:22:11.76,Default,,0000,0000,0000,,open the journal and truncate at some
Dialogue: 0,0:22:09.24,0:22:13.84,Default,,0000,0000,0000,,point and then I get all my data back
Dialogue: 0,0:22:11.76,0:22:16.36,Default,,0000,0000,0000,,till the point where they started puting
Dialogue: 0,0:22:13.84,0:22:18.72,Default,,0000,0000,0000,,the blog right this is still bad but
Dialogue: 0,0:22:16.36,0:22:21.40,Default,,0000,0000,0000,,it's it's a very good position to be in
Dialogue: 0,0:22:18.72,0:22:23.92,Default,,0000,0000,0000,,if there's an uh emergency because you
Dialogue: 0,0:22:21.40,0:22:26.08,Default,,0000,0000,0000,,can basically investigate calmly first
Dialogue: 0,0:22:23.92,0:22:30.00,Default,,0000,0000,0000,,you turn off right AIS then you you
Dialogue: 0,0:22:26.08,0:22:32.92,Default,,0000,0000,0000,,delete the vandalism and the journal and
Dialogue: 0,0:22:30.00,0:22:34.68,Default,,0000,0000,0000,,um you know you haven't lost anything
Dialogue: 0,0:22:32.92,0:22:37.12,Default,,0000,0000,0000,,because if you want to delete an entry
Dialogue: 0,0:22:34.68,0:22:39.36,Default,,0000,0000,0000,,in the blog you could do that too but
Dialogue: 0,0:22:37.12,0:22:41.20,Default,,0000,0000,0000,,that means at the end of the journal you
Dialogue: 0,0:22:39.36,0:22:43.24,Default,,0000,0000,0000,,append a statement saying delete this
Dialogue: 0,0:22:41.20,0:22:45.80,Default,,0000,0000,0000,,record and I can just remove that and I
Dialogue: 0,0:22:43.24,0:22:48.96,Default,,0000,0000,0000,,get the record back right so there's no
Dialogue: 0,0:22:45.80,0:22:51.12,Default,,0000,0000,0000,,way for someone vandalizing my blog to U
Dialogue: 0,0:22:48.96,0:22:53.32,Default,,0000,0000,0000,,damage any data that was in it before
Dialogue: 0,0:22:51.12,0:22:56.00,Default,,0000,0000,0000,,all they can do is a pen junk at the end
Dialogue: 0,0:22:53.32,0:22:58.40,Default,,0000,0000,0000,,and I can live with that right this is
Dialogue: 0,0:22:56.00,0:23:01.20,Default,,0000,0000,0000,,this is should be the guiding thought
Dialogue: 0,0:22:58.40,0:23:03.48,Default,,0000,0000,0000,,between any security you do um if
Dialogue: 0,0:23:01.20,0:23:05.56,Default,,0000,0000,0000,,someone hacks you you will be in a very
Dialogue: 0,0:23:03.48,0:23:07.72,Default,,0000,0000,0000,,stressful position the boss will be
Dialogue: 0,0:23:05.56,0:23:10.28,Default,,0000,0000,0000,,behind you breathing down your neck are
Dialogue: 0,0:23:07.72,0:23:12.56,Default,,0000,0000,0000,,We Done Yet is it fixed and you want to
Dialogue: 0,0:23:10.28,0:23:14.60,Default,,0000,0000,0000,,have as little to do as possible at that
Dialogue: 0,0:23:12.56,0:23:17.28,Default,,0000,0000,0000,,time you want to to move all the stress
Dialogue: 0,0:23:14.60,0:23:19.12,Default,,0000,0000,0000,,to before you get hacked because then
Dialogue: 0,0:23:17.28,0:23:22.52,Default,,0000,0000,0000,,you have more
Dialogue: 0,0:23:19.12,0:23:24.76,Default,,0000,0000,0000,,time okay the industry did other things
Dialogue: 0,0:23:22.52,0:23:28.04,Default,,0000,0000,0000,,again
Dialogue: 0,0:23:24.76,0:23:30.88,Default,,0000,0000,0000,,um so what if the attacker doesn't write
Dialogue: 0,0:23:28.04,0:23:33.36,Default,,0000,0000,0000,,garbage to the journal but writes some
Dialogue: 0,0:23:30.88,0:23:35.28,Default,,0000,0000,0000,,exploit to the journal that the next
Dialogue: 0,0:23:33.36,0:23:38.52,Default,,0000,0000,0000,,tiny El up instance that reads the
Dialogue: 0,0:23:35.28,0:23:41.12,Default,,0000,0000,0000,,journal gets compromised
Dialogue: 0,0:23:38.52,0:23:43.48,Default,,0000,0000,0000,,by that is a
Dialogue: 0,0:23:41.12,0:23:46.80,Default,,0000,0000,0000,,possibility and that would be
Dialogue: 0,0:23:43.48,0:23:49.28,Default,,0000,0000,0000,,bad so agreed that there still a problem
Dialogue: 0,0:23:46.80,0:23:51.20,Default,,0000,0000,0000,,but uh realize how Preposterous the
Dialogue: 0,0:23:49.28,0:23:54.04,Default,,0000,0000,0000,,scenario is so we are talking about an
Dialogue: 0,0:23:51.20,0:23:57.00,Default,,0000,0000,0000,,attacker who found stable zero day in
Dialogue: 0,0:23:54.04,0:23:59.60,Default,,0000,0000,0000,,the blog and then used that and another
Dialogue: 0,0:23:57.00,0:24:01.68,Default,,0000,0000,0000,,stable zero day in tiny ad up to write
Dialogue: 0,0:23:59.60,0:24:05.60,Default,,0000,0000,0000,,to the journal and then have the
Dialogue: 0,0:24:01.68,0:24:09.36,Default,,0000,0000,0000,,third uh third zero day to compromise
Dialogue: 0,0:24:05.60,0:24:11.44,Default,,0000,0000,0000,,the the journal passing code so I mean
Dialogue: 0,0:24:09.36,0:24:13.44,Default,,0000,0000,0000,,yes it is still a problem but we reduced
Dialogue: 0,0:24:11.44,0:24:15.32,Default,,0000,0000,0000,,the risk
Dialogue: 0,0:24:13.44,0:24:18.32,Default,,0000,0000,0000,,significantly uh and that is what I'm
Dialogue: 0,0:24:15.32,0:24:20.64,Default,,0000,0000,0000,,trying to to tell you here uh it's not
Dialogue: 0,0:24:18.32,0:24:22.60,Default,,0000,0000,0000,,it's not all or nothing it's good enough
Dialogue: 0,0:24:20.64,0:24:25.44,Default,,0000,0000,0000,,if you can half the
Dialogue: 0,0:24:22.60,0:24:28.76,Default,,0000,0000,0000,,risk that's already very important and
Dialogue: 0,0:24:25.44,0:24:32.20,Default,,0000,0000,0000,,you should do it so as much as you can
Dialogue: 0,0:24:28.76,0:24:34.04,Default,,0000,0000,0000,,uh slice off the risk the better the
Dialogue: 0,0:24:32.20,0:24:37.32,Default,,0000,0000,0000,,better off you will be if something
Dialogue: 0,0:24:34.04,0:24:40.32,Default,,0000,0000,0000,,happens right because the smaller the
Dialogue: 0,0:24:37.32,0:24:42.20,Default,,0000,0000,0000,,code is that is still attackable the
Dialogue: 0,0:24:40.32,0:24:44.00,Default,,0000,0000,0000,,more you can audit it and be sure it's
Dialogue: 0,0:24:42.20,0:24:46.80,Default,,0000,0000,0000,,good you show it to your friends and
Dialogue: 0,0:24:44.00,0:24:48.92,Default,,0000,0000,0000,,they can audit it too uh and and you
Dialogue: 0,0:24:46.80,0:24:50.48,Default,,0000,0000,0000,,need to save yourself that time because
Dialogue: 0,0:24:48.92,0:24:52.88,Default,,0000,0000,0000,,it happens every now and then that I get
Dialogue: 0,0:24:50.48,0:24:54.64,Default,,0000,0000,0000,,to get to see the whole code base and
Dialogue: 0,0:24:52.88,0:24:56.48,Default,,0000,0000,0000,,the usual code base for commercial
Dialogue: 0,0:24:54.64,0:24:59.80,Default,,0000,0000,0000,,products is like gigabytes of source
Dialogue: 0,0:24:56.48,0:25:02.04,Default,,0000,0000,0000,,code nobody can read that like I'm I'm
Dialogue: 0,0:24:59.80,0:25:05.44,Default,,0000,0000,0000,,good I'm not that
Dialogue: 0,0:25:02.04,0:25:07.00,Default,,0000,0000,0000,,good so um this is a good place to be in
Dialogue: 0,0:25:05.44,0:25:10.76,Default,,0000,0000,0000,,I think right so the industry was
Dialogue: 0,0:25:07.00,0:25:13.24,Default,,0000,0000,0000,,selling dos mitigation sure whatever so
Dialogue: 0,0:25:10.76,0:25:15.76,Default,,0000,0000,0000,,what happens if someone attacks the web
Dialogue: 0,0:25:13.24,0:25:18.76,Default,,0000,0000,0000,,server that is still a big
Dialogue: 0,0:25:15.76,0:25:22.80,Default,,0000,0000,0000,,problem um and it's
Dialogue: 0,0:25:18.76,0:25:24.20,Default,,0000,0000,0000,,actually uh it it's a full damage right
Dialogue: 0,0:25:22.80,0:25:25.92,Default,,0000,0000,0000,,that's the worst that can happen if
Dialogue: 0,0:25:24.20,0:25:28.40,Default,,0000,0000,0000,,someone manages to attack the web server
Dialogue: 0,0:25:25.92,0:25:30.68,Default,,0000,0000,0000,,they can see all traffic coming through
Dialogue: 0,0:25:28.40,0:25:32.40,Default,,0000,0000,0000,,they can look inside TLS secured
Dialogue: 0,0:25:30.68,0:25:34.40,Default,,0000,0000,0000,,connections and they can sniff all the
Dialogue: 0,0:25:32.40,0:25:37.04,Default,,0000,0000,0000,,passwords so that's really
Dialogue: 0,0:25:34.40,0:25:40.20,Default,,0000,0000,0000,,bad unfortunately there is not too much
Dialogue: 0,0:25:37.04,0:25:44.68,Default,,0000,0000,0000,,you can do about that
Dialogue: 0,0:25:40.20,0:25:45.84,Default,,0000,0000,0000,,um you could do uh um a separation so
Dialogue: 0,0:25:44.68,0:25:47.92,Default,,0000,0000,0000,,this is something people have been
Dialogue: 0,0:25:45.84,0:25:49.48,Default,,0000,0000,0000,,talking about for a while open S AG is
Dialogue: 0,0:25:47.92,0:25:51.92,Default,,0000,0000,0000,,doing this they moved the dangerous
Dialogue: 0,0:25:49.48,0:25:54.84,Default,,0000,0000,0000,,crypto stuff in a second process and use
Dialogue: 0,0:25:51.92,0:25:56.40,Default,,0000,0000,0000,,sandboxing to lock down that process uh
Dialogue: 0,0:25:54.84,0:25:58.44,Default,,0000,0000,0000,,that could be done but nobody has done
Dialogue: 0,0:25:56.40,0:26:00.96,Default,,0000,0000,0000,,it for open SSL yet so so open SSL
Dialogue: 0,0:25:58.44,0:26:02.96,Default,,0000,0000,0000,,doesn't support that um my web server
Dialogue: 0,0:26:00.96,0:26:05.20,Default,,0000,0000,0000,,also supports embed TLS they don't
Dialogue: 0,0:26:02.96,0:26:07.40,Default,,0000,0000,0000,,support that too so I I could spend time
Dialogue: 0,0:26:05.20,0:26:09.20,Default,,0000,0000,0000,,on that and I've been actually um
Dialogue: 0,0:26:07.40,0:26:11.00,Default,,0000,0000,0000,,spending some time already but it's not
Dialogue: 0,0:26:09.20,0:26:13.32,Default,,0000,0000,0000,,it's not ready yet but this would be a
Dialogue: 0,0:26:11.00,0:26:15.60,Default,,0000,0000,0000,,good way to reduce the risk and you may
Dialogue: 0,0:26:13.32,0:26:18.60,Default,,0000,0000,0000,,notice that the the tools I'm using to
Dialogue: 0,0:26:15.60,0:26:20.84,Default,,0000,0000,0000,,reduce risks are actually just a handful
Dialogue: 0,0:26:18.60,0:26:23.44,Default,,0000,0000,0000,,there's not it's not you know it's not
Dialogue: 0,0:26:20.84,0:26:25.76,Default,,0000,0000,0000,,witchcraft I'm I'm not inventing new
Dialogue: 0,0:26:23.44,0:26:28.04,Default,,0000,0000,0000,,ways to look at things I'm doing the
Dialogue: 0,0:26:25.76,0:26:30.00,Default,,0000,0000,0000,,same thing again I'm identifying the
Dialogue: 0,0:26:28.04,0:26:32.68,Default,,0000,0000,0000,,part of the code that's dangerous and
Dialogue: 0,0:26:30.00,0:26:34.64,Default,,0000,0000,0000,,then I think about how I can make that
Dialogue: 0,0:26:32.68,0:26:37.44,Default,,0000,0000,0000,,part smaller maybe put it in a different
Dialogue: 0,0:26:34.64,0:26:38.68,Default,,0000,0000,0000,,process lock it down so we need to do
Dialogue: 0,0:26:37.44,0:26:42.00,Default,,0000,0000,0000,,the same thing with the web server
Dialogue: 0,0:26:38.68,0:26:46.64,Default,,0000,0000,0000,,obviously um but it's an ongoing
Dialogue: 0,0:26:42.00,0:26:49.60,Default,,0000,0000,0000,,process yeah so again whatever um why
Dialogue: 0,0:26:46.64,0:26:51.40,Default,,0000,0000,0000,,haven't I done that yet uh so in my web
Dialogue: 0,0:26:49.60,0:26:53.36,Default,,0000,0000,0000,,server you can it's a build time
Dialogue: 0,0:26:51.40,0:26:55.16,Default,,0000,0000,0000,,decision if you want SSL support or not
Dialogue: 0,0:26:53.36,0:26:57.60,Default,,0000,0000,0000,,and you can see the binary is
Dialogue: 0,0:26:55.16,0:26:59.36,Default,,0000,0000,0000,,significantly bigger if you have SSL and
Dialogue: 0,0:26:57.60,0:27:01.32,Default,,0000,0000,0000,,I'm showing you this because it means
Dialogue: 0,0:26:59.36,0:27:04.52,Default,,0000,0000,0000,,the the bulk of the attack surface is
Dialogue: 0,0:27:01.32,0:27:06.84,Default,,0000,0000,0000,,the SSL code it's not my code so if I if
Dialogue: 0,0:27:04.52,0:27:10.32,Default,,0000,0000,0000,,I can put the SSL code in a different
Dialogue: 0,0:27:06.84,0:27:11.88,Default,,0000,0000,0000,,process they still need to see the the
Dialogue: 0,0:27:10.32,0:27:13.68,Default,,0000,0000,0000,,private key because that's what TLS
Dialogue: 0,0:27:11.88,0:27:16.00,Default,,0000,0000,0000,,needs the private key otherwise it can't
Dialogue: 0,0:27:13.68,0:27:17.68,Default,,0000,0000,0000,,do the crypto so the bug of the attack
Dialogue: 0,0:27:16.00,0:27:19.92,Default,,0000,0000,0000,,surface would still have access to the
Dialogue: 0,0:27:17.68,0:27:21.48,Default,,0000,0000,0000,,key I can still do it because there
Dialogue: 0,0:27:19.92,0:27:24.84,Default,,0000,0000,0000,,might be bucks in my code and not the
Dialogue: 0,0:27:21.48,0:27:28.04,Default,,0000,0000,0000,,SSL code but that's just 5% of the of
Dialogue: 0,0:27:24.84,0:27:30.00,Default,,0000,0000,0000,,the overall attack surface so um
Dialogue: 0,0:27:28.04,0:27:32.48,Default,,0000,0000,0000,,it I will probably do it at some point
Dialogue: 0,0:27:30.00,0:27:35.80,Default,,0000,0000,0000,,but it's I don't expect miracles from it
Dialogue: 0,0:27:32.48,0:27:38.92,Default,,0000,0000,0000,,bugs and open SSL will kill kill me
Dialogue: 0,0:27:35.80,0:27:38.92,Default,,0000,0000,0000,,there's not much I can do about
Dialogue: 0,0:27:41.48,0:27:45.64,Default,,0000,0000,0000,,that okay so I know what you're
Dialogue: 0,0:27:46.96,0:27:52.40,Default,,0000,0000,0000,,thinking what about colel
Dialogue: 0,0:27:50.04,0:27:54.68,Default,,0000,0000,0000,,bugs so I looked at a few of the recent
Dialogue: 0,0:27:52.40,0:27:57.04,Default,,0000,0000,0000,,kernel bugs and it turns out that they
Dialogue: 0,0:27:54.68,0:28:00.16,Default,,0000,0000,0000,,usually apply to SSS that are rarely
Dialogue: 0,0:27:57.04,0:28:01.92,Default,,0000,0000,0000,,used in regular programs and uh because
Dialogue: 0,0:28:00.16,0:28:05.20,Default,,0000,0000,0000,,I'm blocking all the CIS calls I don't
Dialogue: 0,0:28:01.92,0:28:07.28,Default,,0000,0000,0000,,really need none of them apply to me
Dialogue: 0,0:28:05.20,0:28:10.72,Default,,0000,0000,0000,,right and this is a this is a pattern
Dialogue: 0,0:28:07.28,0:28:11.96,Default,,0000,0000,0000,,with Colonel bugs um uh there is a a
Dialogue: 0,0:28:10.72,0:28:15.60,Default,,0000,0000,0000,,project called
Dialogue: 0,0:28:11.96,0:28:19.52,Default,,0000,0000,0000,,Sandstorm um that also uses p trce and
Dialogue: 0,0:28:15.60,0:28:22.68,Default,,0000,0000,0000,,and Secom tracing to reduce the csol U
Dialogue: 0,0:28:19.52,0:28:25.24,Default,,0000,0000,0000,,surface and then puts regular Services
Dialogue: 0,0:28:22.68,0:28:28.20,Default,,0000,0000,0000,,into a Sandbox for for web services and
Dialogue: 0,0:28:25.24,0:28:30.36,Default,,0000,0000,0000,,they uh evaded all kinds of of Kernel
Dialogue: 0,0:28:28.20,0:28:32.52,Default,,0000,0000,0000,,bucks just because of that so this is
Dialogue: 0,0:28:30.36,0:28:34.32,Default,,0000,0000,0000,,like a zero effort thing because
Dialogue: 0,0:28:32.52,0:28:36.76,Default,,0000,0000,0000,,obviously if you have a list of CIS
Dialogue: 0,0:28:34.32,0:28:37.84,Default,,0000,0000,0000,,calls you'd use a white list and you you
Dialogue: 0,0:28:36.76,0:28:39.60,Default,,0000,0000,0000,,have a list of things you are
Dialogue: 0,0:28:37.84,0:28:42.52,Default,,0000,0000,0000,,explicitely low and the rest is is
Dialogue: 0,0:28:39.60,0:28:44.60,Default,,0000,0000,0000,,disabled not the other way around right
Dialogue: 0,0:28:42.52,0:28:47.48,Default,,0000,0000,0000,,so none of the usual kernel bugs apply
Dialogue: 0,0:28:44.60,0:28:49.52,Default,,0000,0000,0000,,to me um because of the the seom stuff I
Dialogue: 0,0:28:47.48,0:28:51.96,Default,,0000,0000,0000,,already do so kernel bugs aren't as big
Dialogue: 0,0:28:49.52,0:28:54.20,Default,,0000,0000,0000,,of a problem as you might think at least
Dialogue: 0,0:28:51.96,0:28:56.40,Default,,0000,0000,0000,,I still have them if I haven't patched
Dialogue: 0,0:28:54.20,0:28:58.96,Default,,0000,0000,0000,,but you can't get to them via the
Dialogue: 0,0:28:56.40,0:29:01.04,Default,,0000,0000,0000,,blog so I have a small confession to
Dialogue: 0,0:28:58.96,0:29:04.68,Default,,0000,0000,0000,,make uh I'm a bit of a troll and that
Dialogue: 0,0:29:01.04,0:29:06.96,Default,,0000,0000,0000,,applies to this project as well so um I
Dialogue: 0,0:29:04.68,0:29:10.80,Default,,0000,0000,0000,,use the worst programming
Dialogue: 0,0:29:06.96,0:29:12.68,Default,,0000,0000,0000,,language I used C right so I'm trolling
Dialogue: 0,0:29:10.80,0:29:14.40,Default,,0000,0000,0000,,the security people and then I'm
Dialogue: 0,0:29:12.68,0:29:15.76,Default,,0000,0000,0000,,trolling the Java people who have been
Dialogue: 0,0:29:14.40,0:29:17.44,Default,,0000,0000,0000,,saying you should use multi-threading
Dialogue: 0,0:29:15.76,0:29:20.40,Default,,0000,0000,0000,,for performance and not have one process
Dialogue: 0,0:29:17.44,0:29:24.36,Default,,0000,0000,0000,,per request so I'm doing actually two
Dialogue: 0,0:29:20.40,0:29:25.96,Default,,0000,0000,0000,,fork and xx per request um I'm trolling
Dialogue: 0,0:29:24.36,0:29:28.68,Default,,0000,0000,0000,,the database people I don't have any
Dialogue: 0,0:29:25.96,0:29:30.28,Default,,0000,0000,0000,,caching I don't have connection pool TOs
Dialogue: 0,0:29:28.68,0:29:32.32,Default,,0000,0000,0000,,and the perf people too because I'm
Dialogue: 0,0:29:30.28,0:29:34.64,Default,,0000,0000,0000,,still faster than most of the regular
Dialogue: 0,0:29:32.32,0:29:36.68,Default,,0000,0000,0000,,Solutions so there is no there's really
Dialogue: 0,0:29:34.64,0:29:39.80,Default,,0000,0000,0000,,no downside if you if you architect your
Dialogue: 0,0:29:36.68,0:29:42.12,Default,,0000,0000,0000,,software to use this kind of thing um it
Dialogue: 0,0:29:39.80,0:29:44.40,Default,,0000,0000,0000,,will be slower than other ways to do it
Dialogue: 0,0:29:42.12,0:29:47.56,Default,,0000,0000,0000,,but most other software isn't as fast
Dialogue: 0,0:29:44.40,0:29:49.60,Default,,0000,0000,0000,,anyway so there's enough Headway that
Dialogue: 0,0:29:47.56,0:29:52.32,Default,,0000,0000,0000,,you can use to do security instead of
Dialogue: 0,0:29:49.60,0:29:54.68,Default,,0000,0000,0000,,performance you will still be
Dialogue: 0,0:29:52.32,0:29:58.24,Default,,0000,0000,0000,,faster so let's recap the the
Dialogue: 0,0:29:54.68,0:30:00.68,Default,,0000,0000,0000,,methodology I used um first I make a
Dialogue: 0,0:29:58.24,0:30:02.68,Default,,0000,0000,0000,,list of all the attacks I can think of
Dialogue: 0,0:30:00.68,0:30:04.36,Default,,0000,0000,0000,,and this means concrete attacks so what
Dialogue: 0,0:30:02.68,0:30:07.00,Default,,0000,0000,0000,,could happen and what would what would
Dialogue: 0,0:30:04.36,0:30:09.48,Default,,0000,0000,0000,,be the problem then right and then I
Dialogue: 0,0:30:07.00,0:30:11.88,Default,,0000,0000,0000,,think for every item on the list I
Dialogue: 0,0:30:09.48,0:30:14.00,Default,,0000,0000,0000,,consider how to prevent this can I
Dialogue: 0,0:30:11.88,0:30:16.04,Default,,0000,0000,0000,,prevent this uh what what I need to do
Dialogue: 0,0:30:14.00,0:30:17.64,Default,,0000,0000,0000,,and then I do it right so that's easy
Dialogue: 0,0:30:16.04,0:30:20.36,Default,,0000,0000,0000,,it's like this the fine man problem
Dialogue: 0,0:30:17.64,0:30:23.20,Default,,0000,0000,0000,,solving algorithm in spirit and this
Dialogue: 0,0:30:20.36,0:30:25.52,Default,,0000,0000,0000,,process is called threat modeling it's
Dialogue: 0,0:30:23.20,0:30:27.32,Default,,0000,0000,0000,,it's like a it's dirty word because it
Dialogue: 0,0:30:25.52,0:30:28.76,Default,,0000,0000,0000,,sounds like there's effort involved and
Dialogue: 0,0:30:27.32,0:30:31.48,Default,,0000,0000,0000,,nobody wants to do it but it's really
Dialogue: 0,0:30:28.76,0:30:32.88,Default,,0000,0000,0000,,it's easy it's just these these steps
Dialogue: 0,0:30:31.48,0:30:34.36,Default,,0000,0000,0000,,you you look at your software you
Dialogue: 0,0:30:32.88,0:30:36.28,Default,,0000,0000,0000,,consider all the ways it could be
Dialogue: 0,0:30:34.36,0:30:38.24,Default,,0000,0000,0000,,attacked and then you consider what you
Dialogue: 0,0:30:36.28,0:30:39.96,Default,,0000,0000,0000,,could do to prevent the attack or in
Dialogue: 0,0:30:38.24,0:30:41.32,Default,,0000,0000,0000,,some cases you can't prevent the attack
Dialogue: 0,0:30:39.96,0:30:43.72,Default,,0000,0000,0000,,and then you say well that's the risk I
Dialogue: 0,0:30:41.32,0:30:47.24,Default,,0000,0000,0000,,have to live with right so that's called
Dialogue: 0,0:30:43.72,0:30:50.36,Default,,0000,0000,0000,,threat moding you should try it it's
Dialogue: 0,0:30:47.24,0:30:52.52,Default,,0000,0000,0000,,awesome and um you saw that I'm trying
Dialogue: 0,0:30:50.36,0:30:55.32,Default,,0000,0000,0000,,to optimize something here I go for a
Dialogue: 0,0:30:52.52,0:30:57.92,Default,,0000,0000,0000,,specific Target in this case I want as
Dialogue: 0,0:30:55.32,0:30:59.84,Default,,0000,0000,0000,,little code as possible
Dialogue: 0,0:30:57.92,0:31:02.84,Default,,0000,0000,0000,,um the more code there is the more bugs
Dialogue: 0,0:30:59.84,0:31:04.64,Default,,0000,0000,0000,,there will be that's an a very old uh
Dialogue: 0,0:31:02.84,0:31:07.00,Default,,0000,0000,0000,,Insight from I think it was originally
Dialogue: 0,0:31:04.64,0:31:08.88,Default,,0000,0000,0000,,in IBM study and they basically found
Dialogue: 0,0:31:07.00,0:31:10.48,Default,,0000,0000,0000,,that the number of bugs in code is a
Dialogue: 0,0:31:08.88,0:31:12.64,Default,,0000,0000,0000,,function of the lines of code in the
Dialogue: 0,0:31:10.48,0:31:15.40,Default,,0000,0000,0000,,code so there's a little more to it but
Dialogue: 0,0:31:12.64,0:31:17.68,Default,,0000,0000,0000,,basically it's true so and it's not just
Dialogue: 0,0:31:15.40,0:31:19.52,Default,,0000,0000,0000,,any code I want to have less of um if
Dialogue: 0,0:31:17.68,0:31:22.16,Default,,0000,0000,0000,,the code is dangerous I particularly
Dialogue: 0,0:31:19.52,0:31:25.16,Default,,0000,0000,0000,,want to have less of it and the the most
Dialogue: 0,0:31:22.16,0:31:27.36,Default,,0000,0000,0000,,important category to to make smaller is
Dialogue: 0,0:31:25.16,0:31:29.88,Default,,0000,0000,0000,,the the code that enforces security
Dialogue: 0,0:31:27.36,0:31:31.72,Default,,0000,0000,0000,,guarantees so like one security
Dialogue: 0,0:31:29.88,0:31:33.32,Default,,0000,0000,0000,,guarantee would be you can't log in if
Dialogue: 0,0:31:31.72,0:31:35.32,Default,,0000,0000,0000,,you don't have the right password right
Dialogue: 0,0:31:33.32,0:31:38.56,Default,,0000,0000,0000,,so the code that checks that I wanted to
Dialogue: 0,0:31:35.32,0:31:40.72,Default,,0000,0000,0000,,be as small as possible um one or two
Dialogue: 0,0:31:38.56,0:31:42.80,Default,,0000,0000,0000,,lines of code if if I can manage it and
Dialogue: 0,0:31:40.72,0:31:45.36,Default,,0000,0000,0000,,then it's obvious if it if it's wrong or
Dialogue: 0,0:31:42.80,0:31:47.72,Default,,0000,0000,0000,,not the more complex the code is the
Dialogue: 0,0:31:45.36,0:31:49.08,Default,,0000,0000,0000,,less less easy would it be to see if
Dialogue: 0,0:31:47.72,0:31:51.04,Default,,0000,0000,0000,,it's correct or not and that's what you
Dialogue: 0,0:31:49.08,0:31:53.52,Default,,0000,0000,0000,,want in the end you want to be sure the
Dialogue: 0,0:31:51.04,0:31:55.44,Default,,0000,0000,0000,,code is correct so how far did I get
Dialogue: 0,0:31:53.52,0:31:57.28,Default,,0000,0000,0000,,it's actually pretty amazing I think um
Dialogue: 0,0:31:55.44,0:32:01.00,Default,,0000,0000,0000,,you can write an elabs server in five
Dialogue: 0,0:31:57.28,0:32:04.28,Default,,0000,0000,0000,,,000 lines of code the blog is 3.5 lines
Dialogue: 0,0:32:01.00,0:32:07.32,Default,,0000,0000,0000,,of kilo lines of code um plus the Ed
Dialogue: 0,0:32:04.28,0:32:09.16,Default,,0000,0000,0000,,client Library plus zet lip um but I'm
Dialogue: 0,0:32:07.32,0:32:11.32,Default,,0000,0000,0000,,only using zet lip to compress not to
Dialogue: 0,0:32:09.16,0:32:13.88,Default,,0000,0000,0000,,decompress so most attack scenarios
Dialogue: 0,0:32:11.32,0:32:16.28,Default,,0000,0000,0000,,doesn't don't apply to to my usage of Z
Dialogue: 0,0:32:13.88,0:32:19.00,Default,,0000,0000,0000,,Li um and the web server is also pretty
Dialogue: 0,0:32:16.28,0:32:21.32,Default,,0000,0000,0000,,slow if you only look at the HTTP code
Dialogue: 0,0:32:19.00,0:32:23.64,Default,,0000,0000,0000,,unfortunately uh it also contains the
Dialogue: 0,0:32:21.32,0:32:25.60,Default,,0000,0000,0000,,SSL Library which is orders of magnitude
Dialogue: 0,0:32:23.64,0:32:28.04,Default,,0000,0000,0000,,more than my code and that's how you
Dialogue: 0,0:32:25.60,0:32:31.84,Default,,0000,0000,0000,,want it you want the biggest risk not to
Dialogue: 0,0:32:28.04,0:32:34.52,Default,,0000,0000,0000,,be in the new code but in an old code
Dialogue: 0,0:32:31.84,0:32:36.44,Default,,0000,0000,0000,,that someone else already audited if you
Dialogue: 0,0:32:34.52,0:32:38.76,Default,,0000,0000,0000,,can manage it right so this is the
Dialogue: 0,0:32:36.44,0:32:40.84,Default,,0000,0000,0000,,optimization strategy try to have as
Dialogue: 0,0:32:38.76,0:32:42.96,Default,,0000,0000,0000,,little dangerous code as possible sounds
Dialogue: 0,0:32:40.84,0:32:44.68,Default,,0000,0000,0000,,like a no-brainer but if you look at
Dialogue: 0,0:32:42.96,0:32:47.28,Default,,0000,0000,0000,,modern software development you will
Dialogue: 0,0:32:44.68,0:32:50.12,Default,,0000,0000,0000,,find out they do the exact opposite pull
Dialogue: 0,0:32:47.28,0:32:53.16,Default,,0000,0000,0000,,in as many Frameworks as as they
Dialogue: 0,0:32:50.12,0:32:55.64,Default,,0000,0000,0000,,can so this strategy is called TCB
Dialogue: 0,0:32:53.16,0:32:57.16,Default,,0000,0000,0000,,minimization you should try it and I
Dialogue: 0,0:32:55.64,0:33:01.24,Default,,0000,0000,0000,,gave a talk about it already it's
Dialogue: 0,0:32:57.16,0:33:05.08,Default,,0000,0000,0000,,actually pretty easy so um I told you
Dialogue: 0,0:33:01.24,0:33:08.08,Default,,0000,0000,0000,,what I did to the to the blog to uh uh
Dialogue: 0,0:33:05.08,0:33:10.12,Default,,0000,0000,0000,,diminish the danger that can be done uh
Dialogue: 0,0:33:08.08,0:33:11.92,Default,,0000,0000,0000,,if someone manages to take it over and
Dialogue: 0,0:33:10.12,0:33:15.00,Default,,0000,0000,0000,,this is actually part of the TCB
Dialogue: 0,0:33:11.92,0:33:18.28,Default,,0000,0000,0000,,minimization process so the blog was a
Dialogue: 0,0:33:15.00,0:33:21.44,Default,,0000,0000,0000,,high risk area and then I took away
Dialogue: 0,0:33:18.28,0:33:24.00,Default,,0000,0000,0000,,Privileges and removed exess checks and
Dialogue: 0,0:33:21.44,0:33:26.24,Default,,0000,0000,0000,,in the end even if I give you remote
Dialogue: 0,0:33:24.00,0:33:28.20,Default,,0000,0000,0000,,code execution in the blog process you
Dialogue: 0,0:33:26.24,0:33:30.68,Default,,0000,0000,0000,,can't do anything you couldn't do before
Dialogue: 0,0:33:28.20,0:33:33.52,Default,,0000,0000,0000,,right so it's no longer part of the TCB
Dialogue: 0,0:33:30.68,0:33:35.56,Default,,0000,0000,0000,,the TCB is the part that uh enforces
Dialogue: 0,0:33:33.52,0:33:36.88,Default,,0000,0000,0000,,security guarantees which the block CGI
Dialogue: 0,0:33:35.56,0:33:39.44,Default,,0000,0000,0000,,doesn't
Dialogue: 0,0:33:36.88,0:33:41.36,Default,,0000,0000,0000,,anymore so that's what you want to do
Dialogue: 0,0:33:39.44,0:33:44.20,Default,,0000,0000,0000,,you want to end up in the smallest TCB
Dialogue: 0,0:33:41.36,0:33:47.20,Default,,0000,0000,0000,,you can possibly manage and uh every
Dialogue: 0,0:33:44.20,0:33:49.36,Default,,0000,0000,0000,,step on the way is good so no step is
Dialogue: 0,0:33:47.20,0:33:51.88,Default,,0000,0000,0000,,too small right if you can shave off
Dialogue: 0,0:33:49.36,0:33:54.64,Default,,0000,0000,0000,,even a little routine do
Dialogue: 0,0:33:51.88,0:33:56.96,Default,,0000,0000,0000,,it this is the minimization part of TCB
Dialogue: 0,0:33:54.64,0:33:59.80,Default,,0000,0000,0000,,minimization right I could I was able to
Dialogue: 0,0:33:56.96,0:34:03.64,Default,,0000,0000,0000,,remove the block from the TCB tiny El up
Dialogue: 0,0:33:59.80,0:34:05.36,Default,,0000,0000,0000,,still still has a risk so I I you saw
Dialogue: 0,0:34:03.64,0:34:07.28,Default,,0000,0000,0000,,the threat model if someone manages to
Dialogue: 0,0:34:05.36,0:34:08.64,Default,,0000,0000,0000,,take over tiny El up they can read the
Dialogue: 0,0:34:07.28,0:34:11.44,Default,,0000,0000,0000,,hashes and try to crack them that's
Dialogue: 0,0:34:08.64,0:34:14.64,Default,,0000,0000,0000,,still bad um but I can live with it
Dialogue: 0,0:34:11.44,0:34:17.40,Default,,0000,0000,0000,,right uh if they vandalize the block I
Dialogue: 0,0:34:14.64,0:34:19.96,Default,,0000,0000,0000,,can undo the damage without going to the
Dialogue: 0,0:34:17.40,0:34:22.28,Default,,0000,0000,0000,,tape Library so that's
Dialogue: 0,0:34:19.96,0:34:23.96,Default,,0000,0000,0000,,good if you compare that to the industry
Dialogue: 0,0:34:22.28,0:34:26.72,Default,,0000,0000,0000,,standard you you will find that my
Dialogue: 0,0:34:23.96,0:34:28.56,Default,,0000,0000,0000,,Approach is much better um usually in
Dialogue: 0,0:34:26.72,0:34:31.20,Default,,0000,0000,0000,,the industry you see platform decisions
Dialogue: 0,0:34:28.56,0:34:33.48,Default,,0000,0000,0000,,done by management not by the techies
Dialogue: 0,0:34:31.20,0:34:35.40,Default,,0000,0000,0000,,and um it's untroubled by expertise or
Dialogue: 0,0:34:33.48,0:34:37.80,Default,,0000,0000,0000,,risk analysis and you you get a
Dialogue: 0,0:34:35.40,0:34:39.72,Default,,0000,0000,0000,,diffusion of responsibility because if
Dialogue: 0,0:34:37.80,0:34:41.60,Default,,0000,0000,0000,,you even if you try to find out who's
Dialogue: 0,0:34:39.72,0:34:43.24,Default,,0000,0000,0000,,responsible for anything you find uh
Dialogue: 0,0:34:41.60,0:34:44.96,Default,,0000,0000,0000,,well it's that team over there but we
Dialogue: 0,0:34:43.24,0:34:47.04,Default,,0000,0000,0000,,don't really know and then you find out
Dialogue: 0,0:34:44.96,0:34:48.16,Default,,0000,0000,0000,,the team dissolved last week and it's
Dialogue: 0,0:34:47.04,0:34:50.92,Default,,0000,0000,0000,,really
Dialogue: 0,0:34:48.16,0:34:54.56,Default,,0000,0000,0000,,horrible and brand new we have ai tools
Dialogue: 0,0:34:50.92,0:34:54.56,Default,,0000,0000,0000,,which is also a diffusion of
Dialogue: 0,0:34:55.20,0:34:59.00,Default,,0000,0000,0000,,responsibility and then you get people
Dialogue: 0,0:34:57.16,0:35:00.88,Default,,0000,0000,0000,,arguing well it's so bad it can't get
Dialogue: 0,0:34:59.00,0:35:02.76,Default,,0000,0000,0000,,any worse let's go to the cloud where
Dialogue: 0,0:35:00.88,0:35:07.08,Default,,0000,0000,0000,,obviously it gets worse
Dialogue: 0,0:35:02.76,0:35:08.52,Default,,0000,0000,0000,,immediately so I prefer my way um I
Dialogue: 0,0:35:07.08,0:35:10.64,Default,,0000,0000,0000,,think in the end it's important to
Dialogue: 0,0:35:08.52,0:35:12.92,Default,,0000,0000,0000,,realize that the the lack of security
Dialogue: 0,0:35:10.64,0:35:16.44,Default,,0000,0000,0000,,you may have in your projects right now
Dialogue: 0,0:35:12.92,0:35:18.40,Default,,0000,0000,0000,,is self-imposed there is no guy with a
Dialogue: 0,0:35:16.44,0:35:20.48,Default,,0000,0000,0000,,shotgun behind you
Dialogue: 0,0:35:18.40,0:35:23.80,Default,,0000,0000,0000,,threatening you can do it you just have
Dialogue: 0,0:35:20.48,0:35:25.64,Default,,0000,0000,0000,,to start right so this is self-imposed
Dialogue: 0,0:35:23.80,0:35:28.80,Default,,0000,0000,0000,,helplessness you can actually help
Dialogue: 0,0:35:25.64,0:35:28.80,Default,,0000,0000,0000,,yourself you just have to start
Dialogue: 0,0:35:29.44,0:35:34.16,Default,,0000,0000,0000,,right how did we get here this is
Dialogue: 0,0:35:32.08,0:35:36.12,Default,,0000,0000,0000,,obviously not a good good place to be
Dialogue: 0,0:35:34.16,0:35:37.80,Default,,0000,0000,0000,,like all the software is crappy and
Dialogue: 0,0:35:36.12,0:35:40.20,Default,,0000,0000,0000,,there's a few it's not just that people
Dialogue: 0,0:35:37.80,0:35:43.44,Default,,0000,0000,0000,,are dumb there's a few reasons for that
Dialogue: 0,0:35:40.20,0:35:45.36,Default,,0000,0000,0000,,so um back in the day you used to have
Dialogue: 0,0:35:43.44,0:35:48.20,Default,,0000,0000,0000,,bespoke applications that were written
Dialogue: 0,0:35:45.36,0:35:50.08,Default,,0000,0000,0000,,for a specific purpose and they used the
Dialogue: 0,0:35:48.20,0:35:52.36,Default,,0000,0000,0000,,waterfall model and you had the
Dialogue: 0,0:35:50.08,0:35:55.56,Default,,0000,0000,0000,,requirements specification and it was
Dialogue: 0,0:35:52.36,0:35:58.08,Default,,0000,0000,0000,,lots of bureaucracy and really horrible
Dialogue: 0,0:35:55.56,0:36:00.20,Default,,0000,0000,0000,,but it also Al meant that you knew what
Dialogue: 0,0:35:58.08,0:36:02.88,Default,,0000,0000,0000,,the application had be had to be able to
Dialogue: 0,0:36:00.20,0:36:06.24,Default,,0000,0000,0000,,do so that means you can make sure
Dialogue: 0,0:36:02.88,0:36:08.08,Default,,0000,0000,0000,,anything else is forbidden if you know
Dialogue: 0,0:36:06.24,0:36:10.04,Default,,0000,0000,0000,,what the application needs to be able to
Dialogue: 0,0:36:08.08,0:36:12.40,Default,,0000,0000,0000,,do you can make sure it doesn't do any
Dialogue: 0,0:36:10.04,0:36:15.52,Default,,0000,0000,0000,,other stuff and that is security if you
Dialogue: 0,0:36:12.40,0:36:17.28,Default,,0000,0000,0000,,think about it deny everything that the
Dialogue: 0,0:36:15.52,0:36:19.28,Default,,0000,0000,0000,,application wasn't supposed to be doing
Dialogue: 0,0:36:17.28,0:36:22.20,Default,,0000,0000,0000,,and then that's what an attacker would
Dialogue: 0,0:36:19.28,0:36:24.68,Default,,0000,0000,0000,,do if they take over the machine right
Dialogue: 0,0:36:22.20,0:36:26.24,Default,,0000,0000,0000,,so if you know beforehand what you're
Dialogue: 0,0:36:24.68,0:36:28.68,Default,,0000,0000,0000,,trying to get to you can actually
Dialogue: 0,0:36:26.24,0:36:30.32,Default,,0000,0000,0000,,implement privilege even architecturally
Dialogue: 0,0:36:28.68,0:36:32.92,Default,,0000,0000,0000,,as I've shown
Dialogue: 0,0:36:30.32,0:36:35.72,Default,,0000,0000,0000,,you now we have more of an Ikea model
Dialogue: 0,0:36:32.92,0:36:37.56,Default,,0000,0000,0000,,you buy parts that are uh designed by
Dialogue: 0,0:36:35.72,0:36:39.36,Default,,0000,0000,0000,,their own teams and the teams designing
Dialogue: 0,0:36:37.56,0:36:42.44,Default,,0000,0000,0000,,the parts don't know what the final
Dialogue: 0,0:36:39.36,0:36:44.24,Default,,0000,0000,0000,,product will look like right in in some
Dialogue: 0,0:36:42.44,0:36:45.64,Default,,0000,0000,0000,,cases even you don't know what the final
Dialogue: 0,0:36:44.24,0:36:47.92,Default,,0000,0000,0000,,product will look like but it's even
Dialogue: 0,0:36:45.64,0:36:49.88,Default,,0000,0000,0000,,worse if you consider that the the the
Dialogue: 0,0:36:47.92,0:36:51.48,Default,,0000,0000,0000,,team building the part you make your
Dialogue: 0,0:36:49.88,0:36:53.76,Default,,0000,0000,0000,,software from doesn't know what it will
Dialogue: 0,0:36:51.48,0:36:56.36,Default,,0000,0000,0000,,be used for so it has to be as generic
Dialogue: 0,0:36:53.76,0:36:57.84,Default,,0000,0000,0000,,as possible Right the more it can be
Dialogue: 0,0:36:56.36,0:37:00.68,Default,,0000,0000,0000,,done with with it the better and that's
Dialogue: 0,0:36:57.84,0:37:03.12,Default,,0000,0000,0000,,the opposite of security right security
Dialogue: 0,0:37:00.68,0:37:05.36,Default,,0000,0000,0000,,means understanding what you need to do
Dialogue: 0,0:37:03.12,0:37:08.60,Default,,0000,0000,0000,,and then disallowing the rest and this
Dialogue: 0,0:37:05.36,0:37:11.44,Default,,0000,0000,0000,,means be as generic as you can the parts
Dialogue: 0,0:37:08.60,0:37:12.40,Default,,0000,0000,0000,,are optimized for genericity Gen what's
Dialogue: 0,0:37:11.44,0:37:15.60,Default,,0000,0000,0000,,the
Dialogue: 0,0:37:12.40,0:37:17.68,Default,,0000,0000,0000,,name genericism I don't know so they are
Dialogue: 0,0:37:15.60,0:37:21.32,Default,,0000,0000,0000,,optimized to be as flexible as possible
Dialogue: 0,0:37:17.68,0:37:21.32,Default,,0000,0000,0000,,and they are chosen by
Dialogue: 0,0:37:21.60,0:37:25.08,Default,,0000,0000,0000,,flexibility the developer of the part
Dialogue: 0,0:37:23.64,0:37:27.60,Default,,0000,0000,0000,,usually has no idea what it would used
Dialogue: 0,0:37:25.08,0:37:31.04,Default,,0000,0000,0000,,for uh and that means you can't do least
Dialogue: 0,0:37:27.60,0:37:33.76,Default,,0000,0000,0000,,privilege because um you don't know what
Dialogue: 0,0:37:31.04,0:37:36.32,Default,,0000,0000,0000,,the privilege will be that's least so
Dialogue: 0,0:37:33.76,0:37:38.52,Default,,0000,0000,0000,,this this is actually a big mess so if
Dialogue: 0,0:37:36.32,0:37:40.48,Default,,0000,0000,0000,,you use Parts programmed by other people
Dialogue: 0,0:37:38.52,0:37:42.68,Default,,0000,0000,0000,,you will have to invest extra effort to
Dialogue: 0,0:37:40.48,0:37:45.48,Default,,0000,0000,0000,,find out what kind of stuff you can make
Dialogue: 0,0:37:42.68,0:37:47.60,Default,,0000,0000,0000,,it not do because it will definitely be
Dialogue: 0,0:37:45.48,0:37:49.44,Default,,0000,0000,0000,,able to do more than you need and the
Dialogue: 0,0:37:47.60,0:37:52.04,Default,,0000,0000,0000,,more you can clamp down the more
Dialogue: 0,0:37:49.44,0:37:53.72,Default,,0000,0000,0000,,security you will have uh it's even
Dialogue: 0,0:37:52.04,0:37:55.08,Default,,0000,0000,0000,,worse if you do Agile development
Dialogue: 0,0:37:53.72,0:37:58.08,Default,,0000,0000,0000,,because then by definition you don't
Dialogue: 0,0:37:55.08,0:37:59.52,Default,,0000,0000,0000,,know what the end result will be so if
Dialogue: 0,0:37:58.08,0:38:00.88,Default,,0000,0000,0000,,you don't know that you can't do
Dialogue: 0,0:37:59.52,0:38:03.32,Default,,0000,0000,0000,,security
Dialogue: 0,0:38:00.88,0:38:05.64,Default,,0000,0000,0000,,lockdown so another argument why we got
Dialogue: 0,0:38:03.32,0:38:07.52,Default,,0000,0000,0000,,here is economics of scale so it used to
Dialogue: 0,0:38:05.64,0:38:10.88,Default,,0000,0000,0000,,be that if you build some kind of device
Dialogue: 0,0:38:07.52,0:38:13.28,Default,,0000,0000,0000,,that needs to do something like I don't
Dialogue: 0,0:38:10.88,0:38:17.40,Default,,0000,0000,0000,,know uh a
Dialogue: 0,0:38:13.28,0:38:19.68,Default,,0000,0000,0000,,microwave then you you find parts and
Dialogue: 0,0:38:17.40,0:38:21.36,Default,,0000,0000,0000,,you combine the parts and you solder
Dialogue: 0,0:38:19.68,0:38:24.12,Default,,0000,0000,0000,,them together and then they solve the
Dialogue: 0,0:38:21.36,0:38:27.16,Default,,0000,0000,0000,,problem but these days uh you don't
Dialogue: 0,0:38:24.12,0:38:29.68,Default,,0000,0000,0000,,solder parts anymore you assemble from
Dialogue: 0,0:38:27.16,0:38:32.28,Default,,0000,0000,0000,,pre-made parts and these are usually
Dialogue: 0,0:38:29.68,0:38:35.28,Default,,0000,0000,0000,,programmable right so a little arm chip
Dialogue: 0,0:38:32.28,0:38:37.04,Default,,0000,0000,0000,,cost like a tenth of a scent so why use
Dialogue: 0,0:38:35.28,0:38:38.80,Default,,0000,0000,0000,,a special part if you can use an arm
Dialogue: 0,0:38:37.04,0:38:40.88,Default,,0000,0000,0000,,chip and then program it but that means
Dialogue: 0,0:38:38.80,0:38:43.00,Default,,0000,0000,0000,,you still need to use software that
Dialogue: 0,0:38:40.88,0:38:44.64,Default,,0000,0000,0000,,actually solves the problem the hardware
Dialogue: 0,0:38:43.00,0:38:47.00,Default,,0000,0000,0000,,is generic and that means the hardware
Dialogue: 0,0:38:44.64,0:38:49.80,Default,,0000,0000,0000,,can be hacked and this is turning out to
Dialogue: 0,0:38:47.00,0:38:53.36,Default,,0000,0000,0000,,be a problem right if you had a break in
Dialogue: 0,0:38:49.80,0:38:54.64,Default,,0000,0000,0000,,in 20 years youo um it it breaked right
Dialogue: 0,0:38:53.36,0:38:57.04,Default,,0000,0000,0000,,but now it's
Dialogue: 0,0:38:54.64,0:38:59.04,Default,,0000,0000,0000,,programmable and people have realized
Dialogue: 0,0:38:57.04,0:39:01.20,Default,,0000,0000,0000,,how bad that is but it is bad right so
Dialogue: 0,0:38:59.04,0:39:05.48,Default,,0000,0000,0000,,that's that will bite Us in the
Dialogue: 0,0:39:01.20,0:39:07.68,Default,,0000,0000,0000,,ass oops so um the response from the
Dialogue: 0,0:39:05.48,0:39:10.44,Default,,0000,0000,0000,,industry has so far been the ostrich
Dialogue: 0,0:39:07.68,0:39:13.00,Default,,0000,0000,0000,,method basically we we install stuff
Dialogue: 0,0:39:10.44,0:39:14.88,Default,,0000,0000,0000,,that we know is untrustworthy and so we
Dialogue: 0,0:39:13.00,0:39:17.68,Default,,0000,0000,0000,,install other stuff on top of it that's
Dialogue: 0,0:39:14.88,0:39:20.72,Default,,0000,0000,0000,,also untrustworthy and then we call it
Dialogue: 0,0:39:17.68,0:39:24.12,Default,,0000,0000,0000,,Telemetry or big data and to some risk
Dialogue: 0,0:39:20.72,0:39:26.60,Default,,0000,0000,0000,,uh logging analysis in in aze or
Dialogue: 0,0:39:24.12,0:39:29.64,Default,,0000,0000,0000,,whatever uh and in the end the attack
Dialogue: 0,0:39:26.60,0:39:31.84,Default,,0000,0000,0000,,surface has mushroomed like a nuclear
Dialogue: 0,0:39:29.64,0:39:34.24,Default,,0000,0000,0000,,explosion right so that's our fault
Dialogue: 0,0:39:31.84,0:39:36.00,Default,,0000,0000,0000,,nobody has forced us to do this you
Dialogue: 0,0:39:34.24,0:39:39.08,Default,,0000,0000,0000,,don't need to do this in your own
Dialogue: 0,0:39:36.00,0:39:41.12,Default,,0000,0000,0000,,projects that's the hopeful message of
Dialogue: 0,0:39:39.08,0:39:42.64,Default,,0000,0000,0000,,this talk in conclusion if you remember
Dialogue: 0,0:39:41.12,0:39:44.08,Default,,0000,0000,0000,,nothing else from this talk remember
Dialogue: 0,0:39:42.64,0:39:46.52,Default,,0000,0000,0000,,that threat modeling is a thing and you
Dialogue: 0,0:39:44.08,0:39:48.48,Default,,0000,0000,0000,,should try it TCB minimization actually
Dialogue: 0,0:39:46.52,0:39:51.68,Default,,0000,0000,0000,,helps least privilege is another facet
Dialogue: 0,0:39:48.48,0:39:53.80,Default,,0000,0000,0000,,of the same thing and if you can uh use
Dialogue: 0,0:39:51.68,0:39:56.44,Default,,0000,0000,0000,,a pendon data storage you should
Dialogue: 0,0:39:53.80,0:39:58.36,Default,,0000,0000,0000,,consider it hm blockchain yeah not
Dialogue: 0,0:39:56.44,0:40:00.56,Default,,0000,0000,0000,,blockchain a pend only data storage it's
Dialogue: 0,0:39:58.36,0:40:00.56,Default,,0000,0000,0000,,not
Dialogue: 0,0:40:00.63,0:40:08.82,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:40:09.00,0:40:13.24,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:40:10.72,0:40:15.20,Default,,0000,0000,0000,,blockchain so two more you two more
Dialogue: 0,0:40:13.24,0:40:18.16,Default,,0000,0000,0000,,slides yeah two more slides sorry I'm an
Dialogue: 0,0:40:15.20,0:40:20.48,Default,,0000,0000,0000,,imposter no problem so the rule of thumb
Dialogue: 0,0:40:18.16,0:40:23.48,Default,,0000,0000,0000,,should be if if the blog of some
Dialogue: 0,0:40:20.48,0:40:26.16,Default,,0000,0000,0000,,unwashed hobbyist from the Internet is
Dialogue: 0,0:40:23.48,0:40:28.04,Default,,0000,0000,0000,,more secure than your it security then
Dialogue: 0,0:40:26.16,0:40:30.36,Default,,0000,0000,0000,,you should improve your it
Dialogue: 0,0:40:28.04,0:40:33.76,Default,,0000,0000,0000,,security right that shouldn't
Dialogue: 0,0:40:30.36,0:40:35.40,Default,,0000,0000,0000,,happen all right so that's all from my
Dialogue: 0,0:40:33.76,0:40:38.32,Default,,0000,0000,0000,,talk I think we still have time for
Dialogue: 0,0:40:35.40,0:40:41.56,Default,,0000,0000,0000,,questions do we yes okay awesome okay
Dialogue: 0,0:40:38.32,0:40:41.56,Default,,0000,0000,0000,,now you can put your hand
Dialogue: 0,0:40:45.04,0:40:49.60,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:40:47.28,0:40:51.28,Default,,0000,0000,0000,,together so if you want to ask a
Dialogue: 0,0:40:49.60,0:40:55.72,Default,,0000,0000,0000,,question we have four microphones in the
Dialogue: 0,0:40:51.28,0:40:56.88,Default,,0000,0000,0000,,room 1 2 3 4 and I'm going to take a a
Dialogue: 0,0:40:55.72,0:40:59.76,Default,,0000,0000,0000,,question the first first question from
Dialogue: 0,0:40:56.88,0:41:02.36,Default,,0000,0000,0000,,the internet the internet is saying you
Dialogue: 0,0:40:59.76,0:41:03.40,Default,,0000,0000,0000,,actually got hacked or can you elaborate
Dialogue: 0,0:41:02.36,0:41:05.60,Default,,0000,0000,0000,,on what
Dialogue: 0,0:41:03.40,0:41:07.12,Default,,0000,0000,0000,,happened Yes actually there was an
Dialogue: 0,0:41:05.60,0:41:08.68,Default,,0000,0000,0000,,incident where someone was able to post
Dialogue: 0,0:41:07.12,0:41:11.12,Default,,0000,0000,0000,,stuff to my blog and because I had a
Dialogue: 0,0:41:08.68,0:41:14.64,Default,,0000,0000,0000,,pend only data storage I Shrugged it off
Dialogue: 0,0:41:11.12,0:41:16.52,Default,,0000,0000,0000,,basically so use use a pendon data
Dialogue: 0,0:41:14.64,0:41:19.48,Default,,0000,0000,0000,,storage it's it will save your ass at
Dialogue: 0,0:41:16.52,0:41:22.08,Default,,0000,0000,0000,,some point the problem was a bug in my
Dialogue: 0,0:41:19.48,0:41:23.96,Default,,0000,0000,0000,,uh Access Control lists I had used some
Dialogue: 0,0:41:22.08,0:41:26.44,Default,,0000,0000,0000,,some Access Control list in my alab
Dialogue: 0,0:41:23.96,0:41:27.88,Default,,0000,0000,0000,,server and I had a line in it that I
Dialogue: 0,0:41:26.44,0:41:29.76,Default,,0000,0000,0000,,should have removed but I forgot to
Dialogue: 0,0:41:27.88,0:41:33.20,Default,,0000,0000,0000,,remove it and that meant you could post
Dialogue: 0,0:41:29.76,0:41:35.20,Default,,0000,0000,0000,,without having credentials but um it
Dialogue: 0,0:41:33.20,0:41:38.04,Default,,0000,0000,0000,,happened and it wasn't bad because my
Dialogue: 0,0:41:35.20,0:41:39.60,Default,,0000,0000,0000,,architecture prevented damage um as
Dialogue: 0,0:41:38.04,0:41:42.44,Default,,0000,0000,0000,,people are leaving the room could you
Dialogue: 0,0:41:39.60,0:41:44.76,Default,,0000,0000,0000,,leave very quietly thank you um
Dialogue: 0,0:41:42.44,0:41:47.12,Default,,0000,0000,0000,,microphone number one yeah is there a
Dialogue: 0,0:41:44.76,0:41:50.52,Default,,0000,0000,0000,,second alternative for Windows and Mac
Dialogue: 0,0:41:47.12,0:41:52.72,Default,,0000,0000,0000,,OS a secure alternative well so
Dialogue: 0,0:41:50.52,0:41:56.36,Default,,0000,0000,0000,,basically you can do the the principles
Dialogue: 0,0:41:52.72,0:42:00.00,Default,,0000,0000,0000,,I um I showed in this talk you can do on
Dialogue: 0,0:41:56.36,0:42:02.56,Default,,0000,0000,0000,,those two so usually you will not be
Dialogue: 0,0:42:00.00,0:42:05.36,Default,,0000,0000,0000,,hacked because your your Mac OS or
Dialogue: 0,0:42:02.56,0:42:07.08,Default,,0000,0000,0000,,Windows had a bug I that happens too but
Dialogue: 0,0:42:05.36,0:42:09.32,Default,,0000,0000,0000,,the bigger problem is that the software
Dialogue: 0,0:42:07.08,0:42:11.80,Default,,0000,0000,0000,,you wrote had a bug or that you the
Dialogue: 0,0:42:09.32,0:42:14.48,Default,,0000,0000,0000,,software that you use had a bug so I'm
Dialogue: 0,0:42:11.80,0:42:16.56,Default,,0000,0000,0000,,I'm trying to tell you Linux isn't uh
Dialogue: 0,0:42:14.48,0:42:18.52,Default,,0000,0000,0000,,particularly more secure than Windows
Dialogue: 0,0:42:16.56,0:42:20.60,Default,,0000,0000,0000,,it's just it's basically you can write
Dialogue: 0,0:42:18.52,0:42:22.84,Default,,0000,0000,0000,,secure software and insecure software on
Dialogue: 0,0:42:20.60,0:42:25.16,Default,,0000,0000,0000,,any operating system you should still
Dialogue: 0,0:42:22.84,0:42:26.72,Default,,0000,0000,0000,,use Linux because it has advantages but
Dialogue: 0,0:42:25.16,0:42:28.88,Default,,0000,0000,0000,,if you apply these Tech techniques to
Dialogue: 0,0:42:26.72,0:42:31.72,Default,,0000,0000,0000,,your software it will be secure on on
Dialogue: 0,0:42:28.88,0:42:34.48,Default,,0000,0000,0000,,Mac OS and windows as well right so this
Dialogue: 0,0:42:31.72,0:42:36.04,Default,,0000,0000,0000,,is not for for end users selecting the
Dialogue: 0,0:42:34.48,0:42:37.32,Default,,0000,0000,0000,,software if you select software you have
Dialogue: 0,0:42:36.04,0:42:39.52,Default,,0000,0000,0000,,to trust the
Dialogue: 0,0:42:37.32,0:42:42.20,Default,,0000,0000,0000,,vendor there's no way around that but if
Dialogue: 0,0:42:39.52,0:42:44.28,Default,,0000,0000,0000,,you write your own software then you can
Dialogue: 0,0:42:42.20,0:42:46.96,Default,,0000,0000,0000,,reduce the risk to a point where you can
Dialogue: 0,0:42:44.28,0:42:49.12,Default,,0000,0000,0000,,live with it and sleep soundly sure is
Dialogue: 0,0:42:46.96,0:42:51.36,Default,,0000,0000,0000,,there a a technical alternative or
Dialogue: 0,0:42:49.12,0:42:53.12,Default,,0000,0000,0000,,similar similarity like sa comp for
Dialogue: 0,0:42:51.36,0:42:54.76,Default,,0000,0000,0000,,Windows and Mac OS so can you drop your
Dialogue: 0,0:42:53.12,0:42:57.96,Default,,0000,0000,0000,,privileges after you have opened a file
Dialogue: 0,0:42:54.76,0:42:59.96,Default,,0000,0000,0000,,for example uh uh so for meos I'm not
Dialogue: 0,0:42:57.96,0:43:02.68,Default,,0000,0000,0000,,sure but I know that that free BSD net
Dialogue: 0,0:42:59.96,0:43:05.44,Default,,0000,0000,0000,,BSD and open BSD have an an equivalent
Dialogue: 0,0:43:02.68,0:43:08.12,Default,,0000,0000,0000,,thing I think uh Macos has it too but
Dialogue: 0,0:43:05.44,0:43:09.92,Default,,0000,0000,0000,,I'm I'm not sure about that for Windows
Dialogue: 0,0:43:08.12,0:43:11.56,Default,,0000,0000,0000,,there's are sandboxing methods you can
Dialogue: 0,0:43:09.92,0:43:13.36,Default,,0000,0000,0000,,look at the Chrome source code for
Dialogue: 0,0:43:11.56,0:43:16.44,Default,,0000,0000,0000,,example they have a Sandbox it's open
Dialogue: 0,0:43:13.36,0:43:18.96,Default,,0000,0000,0000,,source you can use that to do this kind
Dialogue: 0,0:43:16.44,0:43:21.72,Default,,0000,0000,0000,,of thing okay thanks so microphone
Dialogue: 0,0:43:18.96,0:43:23.80,Default,,0000,0000,0000,,number two except down that's gone so
Dialogue: 0,0:43:21.72,0:43:27.16,Default,,0000,0000,0000,,microphone number three in that
Dialogue: 0,0:43:23.80,0:43:29.48,Default,,0000,0000,0000,,case this is four I sorry four four yes
Dialogue: 0,0:43:27.16,0:43:31.72,Default,,0000,0000,0000,,um will your next talk be about writing
Dialogue: 0,0:43:29.48,0:43:33.56,Default,,0000,0000,0000,,software secure software in Windows and
Dialogue: 0,0:43:31.72,0:43:35.56,Default,,0000,0000,0000,,if no uh how much assets would you
Dialogue: 0,0:43:33.56,0:43:38.12,Default,,0000,0000,0000,,request to compensate for all the
Dialogue: 0,0:43:35.56,0:43:41.84,Default,,0000,0000,0000,,pain
Dialogue: 0,0:43:38.12,0:43:45.96,Default,,0000,0000,0000,,no it's not a question of
Dialogue: 0,0:43:41.84,0:43:48.36,Default,,0000,0000,0000,,money okay uh microphone one um have you
Dialogue: 0,0:43:45.96,0:43:49.44,Default,,0000,0000,0000,,tried removing unnecessary features from
Dialogue: 0,0:43:48.36,0:43:52.24,Default,,0000,0000,0000,,open
Dialogue: 0,0:43:49.44,0:43:54.68,Default,,0000,0000,0000,,SSL uh Yes actually I've I've done this
Dialogue: 0,0:43:52.24,0:43:56.68,Default,,0000,0000,0000,,pretty pretty early but it's still it's
Dialogue: 0,0:43:54.68,0:44:00.00,Default,,0000,0000,0000,,still much bigger than my code
Dialogue: 0,0:43:56.68,0:44:03.44,Default,,0000,0000,0000,,so um for example op SSL has support for
Dialogue: 0,0:44:00.00,0:44:05.12,Default,,0000,0000,0000,,UDP based TLs but there's a lot of
Dialogue: 0,0:44:03.44,0:44:06.96,Default,,0000,0000,0000,,shared cyers in there you can remove
Dialogue: 0,0:44:05.12,0:44:08.72,Default,,0000,0000,0000,,ciphers you don't need and and that
Dialogue: 0,0:44:06.96,0:44:11.88,Default,,0000,0000,0000,,helps a bit but it's still it's the
Dialogue: 0,0:44:08.72,0:44:14.72,Default,,0000,0000,0000,,biggest part of the web server by far I
Dialogue: 0,0:44:11.88,0:44:18.20,Default,,0000,0000,0000,,think there was an internet question was
Dialogue: 0,0:44:14.72,0:44:21.64,Default,,0000,0000,0000,,there no doesn't look like
Dialogue: 0,0:44:18.20,0:44:22.84,Default,,0000,0000,0000,,yes no yes no no yes okay uh then
Dialogue: 0,0:44:21.64,0:44:27.20,Default,,0000,0000,0000,,microphone
Dialogue: 0,0:44:22.84,0:44:29.64,Default,,0000,0000,0000,,four as someone who is uh connected or
Dialogue: 0,0:44:27.20,0:44:31.88,Default,,0000,0000,0000,,was connected to an industry which has
Dialogue: 0,0:44:29.64,0:44:34.20,Default,,0000,0000,0000,,programming programmable
Dialogue: 0,0:44:31.88,0:44:37.96,Default,,0000,0000,0000,,brakes
Dialogue: 0,0:44:34.20,0:44:39.48,Default,,0000,0000,0000,,um what is your opinion about things
Dialogue: 0,0:44:37.96,0:44:42.44,Default,,0000,0000,0000,,like
Dialogue: 0,0:44:39.48,0:44:44.08,Default,,0000,0000,0000,,mizra well well so there are standards
Dialogue: 0,0:44:42.44,0:44:45.24,Default,,0000,0000,0000,,in the automotive industry for example
Dialogue: 0,0:44:44.08,0:44:48.04,Default,,0000,0000,0000,,like misra
Dialogue: 0,0:44:45.24,0:44:50.36,Default,,0000,0000,0000,,to make sure you write better code and
Dialogue: 0,0:44:48.04,0:44:52.52,Default,,0000,0000,0000,,it's mostly compliance so they give you
Dialogue: 0,0:44:50.36,0:44:55.28,Default,,0000,0000,0000,,rules like um you shouldn't use
Dialogue: 0,0:44:52.52,0:44:56.96,Default,,0000,0000,0000,,recursion in your code for example and
Dialogue: 0,0:44:55.28,0:44:59.00,Default,,0000,0000,0000,,the functions should would be this big
Dialogue: 0,0:44:56.96,0:45:01.64,Default,,0000,0000,0000,,at at most and this is more I mean it
Dialogue: 0,0:44:59.00,0:45:03.44,Default,,0000,0000,0000,,will probably help a bit but it's much
Dialogue: 0,0:45:01.64,0:45:05.80,Default,,0000,0000,0000,,better to to invest in in good
Dialogue: 0,0:45:03.44,0:45:09.44,Default,,0000,0000,0000,,architecture but you may have noticed I
Dialogue: 0,0:45:05.80,0:45:11.20,Default,,0000,0000,0000,,I've said I wrote the code in C and I
Dialogue: 0,0:45:09.44,0:45:13.80,Default,,0000,0000,0000,,said nothing about what I did to make
Dialogue: 0,0:45:11.20,0:45:15.88,Default,,0000,0000,0000,,sure it's it's good code so that's
Dialogue: 0,0:45:13.80,0:45:17.56,Default,,0000,0000,0000,,that's a different dimension that's
Dialogue: 0,0:45:15.88,0:45:20.80,Default,,0000,0000,0000,,orthogonal right
Dialogue: 0,0:45:17.56,0:45:22.28,Default,,0000,0000,0000,,so follow those standards it will it
Dialogue: 0,0:45:20.80,0:45:25.04,Default,,0000,0000,0000,,will make your code a bit better
Dialogue: 0,0:45:22.28,0:45:26.64,Default,,0000,0000,0000,,probably um but it won't solve all the
Dialogue: 0,0:45:25.04,0:45:29.04,Default,,0000,0000,0000,,problems and I think personally you
Dialogue: 0,0:45:26.64,0:45:30.76,Default,,0000,0000,0000,,should do both you should make sure or
Dialogue: 0,0:45:29.04,0:45:32.52,Default,,0000,0000,0000,,try to make sure that there's as little
Dialogue: 0,0:45:30.76,0:45:34.16,Default,,0000,0000,0000,,bugs as possible in your code there's
Dialogue: 0,0:45:32.52,0:45:36.08,Default,,0000,0000,0000,,ways to do that I had to talk about that
Dialogue: 0,0:45:34.16,0:45:37.76,Default,,0000,0000,0000,,too but after you do that you should
Dialogue: 0,0:45:36.08,0:45:40.20,Default,,0000,0000,0000,,still have these kind of
Dialogue: 0,0:45:37.76,0:45:41.72,Default,,0000,0000,0000,,architectural guide guard rails that
Dialogue: 0,0:45:40.20,0:45:44.08,Default,,0000,0000,0000,,keep you on track even if someone
Dialogue: 0,0:45:41.72,0:45:46.24,Default,,0000,0000,0000,,manages to take over the
Dialogue: 0,0:45:44.08,0:45:47.28,Default,,0000,0000,0000,,process so now I think there was an
Dialogue: 0,0:45:46.24,0:45:50.60,Default,,0000,0000,0000,,internet
Dialogue: 0,0:45:47.28,0:45:53.52,Default,,0000,0000,0000,,question yes uh the internet is asking
Dialogue: 0,0:45:50.60,0:45:55.56,Default,,0000,0000,0000,,how would it work to like scale This
Dialogue: 0,0:45:53.52,0:45:58.84,Default,,0000,0000,0000,,truly impressive security architecture
Dialogue: 0,0:45:55.56,0:46:01.40,Default,,0000,0000,0000,,up for more use cases and more like
Dialogue: 0,0:45:58.84,0:46:04.88,Default,,0000,0000,0000,,larger theme or would the theme size and
Dialogue: 0,0:46:01.40,0:46:09.04,Default,,0000,0000,0000,,the feature keep ruin it yes
Dialogue: 0,0:46:04.88,0:46:09.04,Default,,0000,0000,0000,,so oh no oh
Dialogue: 0,0:46:09.07,0:46:15.84,Default,,0000,0000,0000,,[Laughter]
Dialogue: 0,0:46:12.32,0:46:15.84,Default,,0000,0000,0000,,no well I'm
Dialogue: 0,0:46:24.80,0:46:27.80,Default,,0000,0000,0000,,sorry
Dialogue: 0,0:46:28.47,0:46:36.78,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:46:37.76,0:46:40.76,Default,,0000,0000,0000,,la