[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.09,0:00:13.75,Default,,0000,0000,0000,,{\i1}33C3 preroll music{\i0}
Dialogue: 0,0:00:13.75,0:00:16.30,Default,,0000,0000,0000,,basically textbooks have been written
Dialogue: 0,0:00:16.30,0:00:19.72,Default,,0000,0000,0000,,about it countless talks have been
Dialogue: 0,0:00:19.72,0:00:22.48,Default,,0000,0000,0000,,have been Illuminating all of the errors
Dialogue: 0,0:00:22.48,0:00:26.69,Default,,0000,0000,0000,,of our ways and still all those sucky
Dialogue: 0,0:00:26.69,0:00:30.40,Default,,0000,0000,0000,,software is out there but
Dialogue: 0,0:00:30.40,0:00:33.13,Default,,0000,0000,0000,,Fefe over here the hero of our show
Dialogue: 0,0:00:33.13,0:00:36.70,Default,,0000,0000,0000,,has put out has put all of these best
Dialogue: 0,0:00:36.70,0:00:39.99,Default,,0000,0000,0000,,practices into you know into his work to
Dialogue: 0,0:00:39.99,0:00:43.48,Default,,0000,0000,0000,,try to create a secure website he's
Dialogue: 0,0:00:43.48,0:00:46.86,Default,,0000,0000,0000,,going to show us how it's done so that
Dialogue: 0,0:00:46.86,0:00:52.49,Default,,0000,0000,0000,,we can all sleep way better at night and
Dialogue: 0,0:00:52.49,0:00:55.19,Default,,0000,0000,0000,,with that template go back and
Dialogue: 0,0:00:55.19,0:00:57.30,Default,,0000,0000,0000,,and secure our own software and so with
Dialogue: 0,0:00:57.30,0:00:59.54,Default,,0000,0000,0000,,that I'm going to hand it right over to
Dialogue: 0,0:00:59.54,0:01:01.93,Default,,0000,0000,0000,,Fefe give him a round of applause
Dialogue: 0,0:01:01.93,0:01:12.41,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:01:13.37,0:01:15.15,Default,,0000,0000,0000,,thank you I have to start
Dialogue: 0,0:01:15.15,0:01:17.58,Default,,0000,0000,0000,,with an apology because I did submit
Dialogue: 0,0:01:17.58,0:01:19.84,Default,,0000,0000,0000,,this talk but it was rejected so the
Dialogue: 0,0:01:19.84,0:01:21.88,Default,,0000,0000,0000,,slides are not at the stage where they
Dialogue: 0,0:01:21.88,0:01:24.32,Default,,0000,0000,0000,,should be these are our slides for a
Dialogue: 0,0:01:24.32,0:01:26.36,Default,,0000,0000,0000,,previous version of the talk it contains
Dialogue: 0,0:01:26.36,0:01:28.18,Default,,0000,0000,0000,,all the material and I tried to update
Dialogue: 0,0:01:28.18,0:01:30.23,Default,,0000,0000,0000,,it more but that destroyed the flow so
Dialogue: 0,0:01:30.23,0:01:33.33,Default,,0000,0000,0000,,we we're stuck with it basically the
Dialogue: 0,0:01:33.08,0:01:35.72,Default,,0000,0000,0000,,difference was the the audience so while
Dialogue: 0,0:01:35.72,0:01:37.58,Default,,0000,0000,0000,,I expect more developers here the other
Dialogue: 0,0:01:37.58,0:01:39.26,Default,,0000,0000,0000,,audience was more and hackers and
Dialogue: 0,0:01:39.26,0:01:42.64,Default,,0000,0000,0000,,business people so I try to get them
Dialogue: 0,0:01:42.64,0:01:45.80,Default,,0000,0000,0000,,from where they are and the main question
Dialogue: 0,0:01:45.80,0:01:48.38,Default,,0000,0000,0000,,usually is "are we there yet?" right
Dialogue: 0,0:01:48.38,0:01:50.84,Default,,0000,0000,0000,,so about me you probably
Dialogue: 0,0:01:50.84,0:01:52.96,Default,,0000,0000,0000,,seen this before I'm a code auditor by
Dialogue: 0,0:01:52.96,0:01:55.48,Default,,0000,0000,0000,,trade I have a small company and
Dialogue: 0,0:01:55.23,0:01:57.23,Default,,0000,0000,0000,,companies show us their code and I show
Dialogue: 0,0:01:57.23,0:02:00.19,Default,,0000,0000,0000,,them bugs I find in them quite easy
Dialogue: 0,0:02:01.91,0:02:04.00,Default,,0000,0000,0000,,but before we start I have a small
Dialogue: 0,0:02:04.00,0:02:06.50,Default,,0000,0000,0000,,celebration to do this actually happened
Dialogue: 0,0:02:06.50,0:02:09.23,Default,,0000,0000,0000,,just a day before the first time I
Dialogue: 0,0:02:09.23,0:02:11.68,Default,,0000,0000,0000,,talked about this so Kaspersky
Dialogue: 0,0:02:11.68,0:02:15.44,Default,,0000,0000,0000,,message they found some malware introduced
Dialogue: 0,0:02:15.44,0:02:16.54,Default,,0000,0000,0000,,tied to libc
Dialogue: 0,0:02:16.54,0:02:18.34,Default,,0000,0000,0000,,which I have written so this is
Dialogue: 0,0:02:18.34,0:02:19.27,Default,,0000,0000,0000,,like a
Dialogue: 0,0:02:19.27,0:02:26.43,Default,,0000,0000,0000,,{\i1}Applause{\i0}
Dialogue: 0,0:02:27.26,0:02:28.100,Default,,0000,0000,0000,,some of the malware people
Dialogue: 0,0:02:28.100,0:02:31.02,Default,,0000,0000,0000,,know what's good
Dialogue: 0,0:02:31.02,0:02:33.43,Default,,0000,0000,0000,,so basically the main question when I
Dialogue: 0,0:02:33.43,0:02:35.77,Default,,0000,0000,0000,,talk to customers is we spend so much
Dialogue: 0,0:02:35.77,0:02:38.86,Default,,0000,0000,0000,,money on this why isn't it working
Dialogue: 0,0:02:38.86,0:02:42.40,Default,,0000,0000,0000,,and the answer is you're doing it wrong
Dialogue: 0,0:02:42.40,0:02:46.42,Default,,0000,0000,0000,,so I will try to show now what exactly\Nis wrong
Dialogue: 0,0:02:46.42,0:02:49.83,Default,,0000,0000,0000,,and there's a small preface here people
Dialogue: 0,0:02:49.83,0:02:51.73,Default,,0000,0000,0000,,usually say there's no time to do this
Dialogue: 0,0:02:51.73,0:02:54.23,Default,,0000,0000,0000,,right and that's just wrong you have
Dialogue: 0,0:02:54.23,0:02:56.58,Default,,0000,0000,0000,,exactly as much time per day as other
Dialogue: 0,0:02:56.58,0:02:58.64,Default,,0000,0000,0000,,people who did great things so you can
Dialogue: 0,0:02:58.64,0:03:01.78,Default,,0000,0000,0000,,do great things too you just need to do it
Dialogue: 0,0:03:02.62,0:03:05.42,Default,,0000,0000,0000,,so let's play a little warm-up game
Dialogue: 0,0:03:05.42,0:03:07.05,Default,,0000,0000,0000,,it's called how it started and how
Dialogue: 0,0:03:07.05,0:03:09.57,Default,,0000,0000,0000,,it's going so let's have a demo round
Dialogue: 0,0:03:09.57,0:03:11.42,Default,,0000,0000,0000,,IBM Watson is revolutionizing
Dialogue: 0,0:03:11.42,0:03:14.84,Default,,0000,0000,0000,,10 Industries and it's going like this
Dialogue: 0,0:03:14.84,0:03:17.22,Default,,0000,0000,0000,,whatever happened to IBM Watson that's a
Dialogue: 0,0:03:17.22,0:03:19.63,Default,,0000,0000,0000,,typical pattern in the security industry
Dialogue: 0,0:03:19.63,0:03:23.15,Default,,0000,0000,0000,,right so here's another one how it started
Dialogue: 0,0:03:23.15,0:03:25.48,Default,,0000,0000,0000,,revolutionize security with AI
Dialogue: 0,0:03:25.48,0:03:27.26,Default,,0000,0000,0000,,right we all know where this is going
Dialogue: 0,0:03:27.26,0:03:28.46,Default,,0000,0000,0000,,{\i1}Laugther{\i0}
Dialogue: 0,0:03:28.46,0:03:31.23,Default,,0000,0000,0000,,right so that's the pattern
Dialogue: 0,0:03:31.23,0:03:33.64,Default,,0000,0000,0000,,let's play IT security mine sweeper
Dialogue: 0,0:03:33.39,0:03:35.26,Default,,0000,0000,0000,,right so everybody here probably
Dialogue: 0,0:03:35.26,0:03:37.35,Default,,0000,0000,0000,,knows who Gartner is they publish
Dialogue: 0,0:03:37.35,0:03:39.38,Default,,0000,0000,0000,,recommendations and they even have a
Dialogue: 0,0:03:39.38,0:03:41.25,Default,,0000,0000,0000,,voting section where people can say
Dialogue: 0,0:03:41.25,0:03:43.16,Default,,0000,0000,0000,,this is the best product in this section
Dialogue: 0,0:03:42.91,0:03:45.25,Default,,0000,0000,0000,,right so let's look at a few of them and
Dialogue: 0,0:03:45.25,0:03:48.04,Default,,0000,0000,0000,,see what happened to people who trusted\NGartner
Dialogue: 0,0:03:48.04,0:03:51.02,Default,,0000,0000,0000,,first is a firewall right so how
Dialogue: 0,0:03:51.02,0:03:54.25,Default,,0000,0000,0000,,it started the number one recommendation
Dialogue: 0,0:03:54.25,0:03:57.18,Default,,0000,0000,0000,,is for Fortinet and they have a lot of
Dialogue: 0,0:03:57.18,0:03:59.42,Default,,0000,0000,0000,,marketing {\i1}gibberish{\i0}
Dialogue: 0,0:03:59.42,0:04:01.23,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:04:01.23,0:04:03.16,Default,,0000,0000,0000,,and if you look how it's going it's not
Dialogue: 0,0:04:03.16,0:04:05.30,Default,,0000,0000,0000,,going so good
Dialogue: 0,0:04:05.85,0:04:08.09,Default,,0000,0000,0000,,so let's extend the pattern a bit
Dialogue: 0,0:04:08.09,0:04:10.42,Default,,0000,0000,0000,,why what happened to me in this regard
Dialogue: 0,0:04:10.42,0:04:11.75,Default,,0000,0000,0000,,so I don't need a firewall
Dialogue: 0,0:04:11.75,0:04:14.27,Default,,0000,0000,0000,,I don't have any ports open that I need\Nblocking right
Dialogue: 0,0:04:14.27,0:04:16.12,Default,,0000,0000,0000,,so you don't need this
Dialogue: 0,0:04:16.12,0:04:18.56,Default,,0000,0000,0000,,strictly speaking you don't need it
Dialogue: 0,0:04:18.56,0:04:20.48,Default,,0000,0000,0000,,next discipline endpoint protection
Dialogue: 0,0:04:20.48,0:04:24.52,Default,,0000,0000,0000,,so it started with Trellix this is the
Dialogue: 0,0:04:24.52,0:04:26.77,Default,,0000,0000,0000,,number one recommendation on Gartner
Dialogue: 0,0:04:26.77,0:04:28.77,Default,,0000,0000,0000,,I hadn't heard of them there like can make
Dialogue: 0,0:04:28.77,0:04:30.43,Default,,0000,0000,0000,,a feed joint venture or something
Dialogue: 0,0:04:30.43,0:04:31.43,Default,,0000,0000,0000,,who cares
Dialogue: 0,0:04:31.43,0:04:34.54,Default,,0000,0000,0000,,they also have great marketing {\i1}gibberish{\i0}
Dialogue: 0,0:04:34.54,0:04:36.30,Default,,0000,0000,0000,,and then if you look at what happened
Dialogue: 0,0:04:36.30,0:04:39.21,Default,,0000,0000,0000,,it's like they made it worse
Dialogue: 0,0:04:39.21,0:04:42.96,Default,,0000,0000,0000,,okay so this didn't apply to me
Dialogue: 0,0:04:42.96,0:04:45.30,Default,,0000,0000,0000,,either because I don't use snake oil
Dialogue: 0,0:04:45.30,0:04:47.30,Default,,0000,0000,0000,,let's see the third one password manager
Dialogue: 0,0:04:47.30,0:04:48.53,Default,,0000,0000,0000,,also very popular
Dialogue: 0,0:04:49.73,0:04:52.32,Default,,0000,0000,0000,,how it started recommended LastPass
Dialogue: 0,0:04:52.32,0:04:54.25,Default,,0000,0000,0000,,you probably know where this is going
Dialogue: 0,0:04:54.25,0:04:55.75,Default,,0000,0000,0000,,{\i1}Laugther{\i0}
Dialogue: 0,0:04:57.13,0:04:59.71,Default,,0000,0000,0000,,yeah they got owned and then
Dialogue: 0,0:04:59.71,0:05:00.89,Default,,0000,0000,0000,,people got owned
Dialogue: 0,0:05:02.50,0:05:05.24,Default,,0000,0000,0000,,so you may notice a pattern here
Dialogue: 0,0:05:05.44,0:05:06.92,Default,,0000,0000,0000,,this didn't apply to me because
Dialogue: 0,0:05:06.92,0:05:08.92,Default,,0000,0000,0000,,I deserve a password authentication use
Dialogue: 0,0:05:08.92,0:05:10.81,Default,,0000,0000,0000,,public key which has been available for
Dialogue: 0,0:05:10.81,0:05:14.15,Default,,0000,0000,0000,,decades right so small bonus
Dialogue: 0,0:05:14.15,0:05:17.11,Default,,0000,0000,0000,,the last one 2FA
Dialogue: 0,0:05:17.61,0:05:19.79,Default,,0000,0000,0000,,Gartner recommends Duo which has
Dialogue: 0,0:05:19.79,0:05:22.04,Default,,0000,0000,0000,,been bought by Cisco but doesn't matter
Dialogue: 0,0:05:23.59,0:05:25.41,Default,,0000,0000,0000,,so if you look at what Duo does
Dialogue: 0,0:05:25.41,0:05:27.38,Default,,0000,0000,0000,,your server asks the cloud for
Dialogue: 0,0:05:27.38,0:05:29.88,Default,,0000,0000,0000,,permission the cloud goes to the telephone
Dialogue: 0,0:05:29.88,0:05:33.59,Default,,0000,0000,0000,,telephone shows a popup you click yes
Dialogue: 0,0:05:31.59,0:05:35.10,Default,,0000,0000,0000,,and then the cloud tells the server it's
Dialogue: 0,0:05:35.10,0:05:37.47,Default,,0000,0000,0000,,okay you can let them in if you look
Dialogue: 0,0:05:37.47,0:05:39.36,Default,,0000,0000,0000,,really closely you can notice the cloud
Dialogue: 0,0:05:39.36,0:05:41.52,Default,,0000,0000,0000,,doesn't have to do the popup it can just
Dialogue: 0,0:05:41.52,0:05:43.87,Default,,0000,0000,0000,,say sure so this comes pre-owned
Dialogue: 0,0:05:43.87,0:05:45.95,Default,,0000,0000,0000,,there is no need to hack anything here
Dialogue: 0,0:05:45.95,0:05:47.45,Default,,0000,0000,0000,,{\i1}Laugther{\i0}
Dialogue: 0,0:05:47.45,0:05:48.98,Default,,0000,0000,0000,,and something many people don't
Dialogue: 0,0:05:48.98,0:05:50.60,Default,,0000,0000,0000,,realize you don't need two factor
Dialogue: 0,0:05:50.60,0:05:53.41,Default,,0000,0000,0000,,if you have public key that's already the\Nsecond factor
Dialogue: 0,0:05:53.94,0:05:55.11,Default,,0000,0000,0000,,Okay, so
Dialogue: 0,0:05:55.79,0:05:57.81,Default,,0000,0000,0000,,yeah let's skip over this briefly
Dialogue: 0,0:05:57.81,0:06:00.32,Default,,0000,0000,0000,,Splunk is the the recommend option here
Dialogue: 0,0:06:00.32,0:06:02.04,Default,,0000,0000,0000,,and they make the organization
Dialogue: 0,0:06:02.04,0:06:04.44,Default,,0000,0000,0000,,more resilient unless you install it
Dialogue: 0,0:06:04.44,0:06:07.28,Default,,0000,0000,0000,,{\i1}Laughter{\i0}
Dialogue: 0,0:06:07.28,0:06:15.54,Default,,0000,0000,0000,,{\i1}Applause{\i0}
Dialogue: 0,0:06:15.54,0:06:17.81,Default,,0000,0000,0000,,okay so this one is dear to my heart
Dialogue: 0,0:06:17.81,0:06:20.71,Default,,0000,0000,0000,,because people start arguing about
Dialogue: 0,0:06:20.71,0:06:22.45,Default,,0000,0000,0000,,whether to install patches and
Dialogue: 0,0:06:22.45,0:06:25.09,Default,,0000,0000,0000,,which patch to install first and it used
Dialogue: 0,0:06:25.09,0:06:27.68,Default,,0000,0000,0000,,to be simple you look for problems
Dialogue: 0,0:06:27.68,0:06:29.44,Default,,0000,0000,0000,,then you install the patches and then
Dialogue: 0,0:06:29.44,0:06:31.53,Default,,0000,0000,0000,,it got a bit more complicated and
Dialogue: 0,0:06:31.53,0:06:33.42,Default,,0000,0000,0000,,the result is this right
Dialogue: 0,0:06:33.42,0:06:36.17,Default,,0000,0000,0000,,that's a famous podcast in Germany
Dialogue: 0,0:06:36.17,0:06:38.69,Default,,0000,0000,0000,,it's about municipality who got owned
Dialogue: 0,0:06:38.69,0:06:41.67,Default,,0000,0000,0000,,by ransomware and then had to call the
Dialogue: 0,0:06:41.67,0:06:42.94,Default,,0000,0000,0000,,army for help
Dialogue: 0,0:06:42.94,0:06:44.46,Default,,0000,0000,0000,,{\i1}inaudible chatter in crowd{\i0}
Dialogue: 0,0:06:44.46,0:06:46.51,Default,,0000,0000,0000,,and what you should do I'm having
Dialogue: 0,0:06:46.51,0:06:48.47,Default,,0000,0000,0000,,this for completeness install all patches
Dialogue: 0,0:06:48.47,0:06:50.43,Default,,0000,0000,0000,,immediately but that's a separate talk
Dialogue: 0,0:06:50.43,0:06:52.70,Default,,0000,0000,0000,,right so you may notice a pattern here
Dialogue: 0,0:06:52.70,0:06:54.45,Default,,0000,0000,0000,,the IT security industry
Dialogue: 0,0:06:54.45,0:06:55.63,Default,,0000,0000,0000,,recommends something and
Dialogue: 0,0:06:55.63,0:06:58.27,Default,,0000,0000,0000,,if you do it you're [ __ ] so don't do it
Dialogue: 0,0:06:58.27,0:07:01.00,Default,,0000,0000,0000,,in case you can't read this says snake
Dialogue: 0,0:07:01.00,0:07:03.46,Default,,0000,0000,0000,,repellent granules and then there's a
Dialogue: 0,0:07:03.46,0:07:05.06,Default,,0000,0000,0000,,snake sleeping next to it
Dialogue: 0,0:07:05.06,0:07:06.11,Default,,0000,0000,0000,,{\i1}laugther{\i0}
Dialogue: 0,0:07:06.11,0:07:07.39,Default,,0000,0000,0000,,{\i1}coughing{\i0}
Dialogue: 0,0:07:07.92,0:07:10.67,Default,,0000,0000,0000,,right so if we can't trust the
Dialogue: 0,0:07:10.67,0:07:12.91,Default,,0000,0000,0000,,recommendations of the industry what\Nshall we do
Dialogue: 0,0:07:13.45,0:07:15.05,Default,,0000,0000,0000,,and so I had a lot of
Dialogue: 0,0:07:15.05,0:07:16.93,Default,,0000,0000,0000,,time on my hands because I didn't have
Dialogue: 0,0:07:16.93,0:07:19.51,Default,,0000,0000,0000,,to clean up after crappy IT security
Dialogue: 0,0:07:19.51,0:07:21.57,Default,,0000,0000,0000,,industry recommendations so what
Dialogue: 0,0:07:21.57,0:07:23.77,Default,,0000,0000,0000,,what did I do with my time
Dialogue: 0,0:07:24.21,0:07:26.63,Default,,0000,0000,0000,,and I decided I need a Blog
Dialogue: 0,0:07:26.63,0:07:30.44,Default,,0000,0000,0000,,some time ago now and I started
Dialogue: 0,0:07:30.44,0:07:32.66,Default,,0000,0000,0000,,thinking what do I need and it's
Dialogue: 0,0:07:32.66,0:07:34.57,Default,,0000,0000,0000,,actually not that much I could have just
Dialogue: 0,0:07:34.57,0:07:37.59,Default,,0000,0000,0000,,shown basically static content a little
Dialogue: 0,0:07:37.59,0:07:39.73,Default,,0000,0000,0000,,search function would be good but it's
Dialogue: 0,0:07:39.73,0:07:42.53,Default,,0000,0000,0000,,optional um I didn't need comments for
Dialogue: 0,0:07:42.53,0:07:44.92,Default,,0000,0000,0000,,legal reasons because people start
Dialogue: 0,0:07:44.92,0:07:48.39,Default,,0000,0000,0000,,posting like links to maware or
Dialogue: 0,0:07:48.39,0:07:50.23,Default,,0000,0000,0000,,whatever I don't want that I don't
Dialogue: 0,0:07:50.23,0:07:52.16,Default,,0000,0000,0000,,need that right so the first version was
Dialogue: 0,0:07:52.16,0:07:53.95,Default,,0000,0000,0000,,actually really easy it was a small
Dialogue: 0,0:07:53.95,0:07:56.14,Default,,0000,0000,0000,,standard web server and I had the
Dialogue: 0,0:07:56.14,0:07:58.22,Default,,0000,0000,0000,,blog entries a static HTML files
Dialogue: 0,0:07:58.22,0:08:00.20,Default,,0000,0000,0000,,one file per month it was actually really
Dialogue: 0,0:08:00.20,0:08:02.09,Default,,0000,0000,0000,,easy if you want to search you just can
Dialogue: 0,0:08:02.09,0:08:04.87,Default,,0000,0000,0000,,ask Google and limit it to my site so
Dialogue: 0,0:08:04.87,0:08:07.23,Default,,0000,0000,0000,,posting was also easy had a little
Dialogue: 0,0:08:07.23,0:08:09.70,Default,,0000,0000,0000,,script that I could run on the server
Dialogue: 0,0:08:09.70,0:08:12.92,Default,,0000,0000,0000,,and I just SSH in and SSH I trust for
Dialogue: 0,0:08:12.92,0:08:14.82,Default,,0000,0000,0000,,authentication so there's no new attack
Dialogue: 0,0:08:14.82,0:08:17.44,Default,,0000,0000,0000,,surface I have that anyway and this is a
Dialogue: 0,0:08:17.44,0:08:20.07,Default,,0000,0000,0000,,great design it's secure it's simple
Dialogue: 0,0:08:20.07,0:08:22.19,Default,,0000,0000,0000,,there's low risk it's also high
Dialogue: 0,0:08:22.19,0:08:24.78,Default,,0000,0000,0000,,performance but you couldn't do a talk
Dialogue: 0,0:08:24.78,0:08:27.27,Default,,0000,0000,0000,,about it at the CCC right so
Dialogue: 0,0:08:27.27,0:08:30.13,Default,,0000,0000,0000,,it's too boring so I started to introduce
Dialogue: 0,0:08:30.13,0:08:31.20,Default,,0000,0000,0000,,risk in my setup
Dialogue: 0,0:08:31.20,0:08:33.64,Default,,0000,0000,0000,,*laughter
Dialogue: 0,0:08:34.40,0:08:36.41,Default,,0000,0000,0000,,so the first idea was I had
Dialogue: 0,0:08:36.41,0:08:38.28,Default,,0000,0000,0000,,written a small web server I could just
Dialogue: 0,0:08:38.28,0:08:40.36,Default,,0000,0000,0000,,implement the blog in the web server
Dialogue: 0,0:08:40.36,0:08:43.38,Default,,0000,0000,0000,,because you know it's my code anyway
Dialogue: 0,0:08:43.38,0:08:46.80,Default,,0000,0000,0000,,but that has downsides if the the blog
Dialogue: 0,0:08:46.80,0:08:48.94,Default,,0000,0000,0000,,is running in the web server then it can
Dialogue: 0,0:08:48.94,0:08:50.85,Default,,0000,0000,0000,,access all the memory of the web server
Dialogue: 0,0:08:50.85,0:08:52.78,Default,,0000,0000,0000,,in particular it can see the TLS private
Dialogue: 0,0:08:52.78,0:08:55.17,Default,,0000,0000,0000,,key and that I don't want people to
Dialogue: 0,0:08:55.17,0:08:57.86,Default,,0000,0000,0000,,extract right so it can't be a module
Dialogue: 0,0:08:57.86,0:09:00.06,Default,,0000,0000,0000,,in the web server
Dialogue: 0,0:09:00.48,0:09:03.03,Default,,0000,0000,0000,,and the the obvious solution is
Dialogue: 0,0:09:03.03,0:09:05.51,Default,,0000,0000,0000,,it has to run in a different user ID on
Dialogue: 0,0:09:05.51,0:09:08.09,Default,,0000,0000,0000,,on Linux I'm using Linux or but any
Dialogue: 0,0:09:08.09,0:09:09.81,Default,,0000,0000,0000,,Unix or Windows would be the same
Dialogue: 0,0:09:09.81,0:09:11.86,Default,,0000,0000,0000,,basically it runs in a different user ID
Dialogue: 0,0:09:11.86,0:09:13.94,Default,,0000,0000,0000,,and then if you if you take over the
Dialogue: 0,0:09:13.94,0:09:15.99,Default,,0000,0000,0000,,process of the blog because there's some
Dialogue: 0,0:09:15.99,0:09:18.68,Default,,0000,0000,0000,,bug in it you couldn't access the TLS
Dialogue: 0,0:09:18.68,0:09:21.77,Default,,0000,0000,0000,,key and while I did that the industry
Dialogue: 0,0:09:21.77,0:09:23.05,Default,,0000,0000,0000,,was doing this
Dialogue: 0,0:09:23.05,0:09:23.76,Default,,0000,0000,0000,,{\i1}chatter{\i0}
Dialogue: 0,0:09:23.76,0:09:25.43,Default,,0000,0000,0000,,that's like the running gag of this
Dialogue: 0,0:09:25.43,0:09:27.52,Default,,0000,0000,0000,,talk I show all kinds of interesting
Dialogue: 0,0:09:27.52,0:09:29.28,Default,,0000,0000,0000,,things the industry did and then show
Dialogue: 0,0:09:29.28,0:09:31.21,Default,,0000,0000,0000,,what I did in that time right so
Dialogue: 0,0:09:31.94,0:09:32.83,Default,,0000,0000,0000,,next question
Dialogue: 0,0:09:32.83,0:09:34.75,Default,,0000,0000,0000,,where's the content I could just have
Dialogue: 0,0:09:34.75,0:09:37.42,Default,,0000,0000,0000,,files on disk like static HTML as before
Dialogue: 0,0:09:37.42,0:09:39.82,Default,,0000,0000,0000,,but I think that's not professional enough
Dialogue: 0,0:09:39.57,0:09:41.83,Default,,0000,0000,0000,,right so for a good CCC talk you
Dialogue: 0,0:09:41.83,0:09:44.06,Default,,0000,0000,0000,,need to be more professional
Dialogue: 0,0:09:44.06,0:09:45.26,Default,,0000,0000,0000,,also for a different
Dialogue: 0,0:09:45.26,0:09:47.49,Default,,0000,0000,0000,,project I had just written an LDAP server
Dialogue: 0,0:09:47.49,0:09:50.54,Default,,0000,0000,0000,,so I decided to reuse it and
Dialogue: 0,0:09:50.54,0:09:52.40,Default,,0000,0000,0000,,while I did that the industry did this
Dialogue: 0,0:09:52.40,0:09:54.08,Default,,0000,0000,0000,,I took this photo at the airport of
Dialogue: 0,0:09:53.83,0:09:55.73,Default,,0000,0000,0000,,Jerusalem so this is an actual ad it's
Dialogue: 0,0:09:55.73,0:09:57.21,Default,,0000,0000,0000,,not photoshopped right it's for
Dialogue: 0,0:09:57.21,0:09:59.04,Default,,0000,0000,0000,,Northrop Grumman which is a
Dialogue: 0,0:09:59.04,0:10:02.76,Default,,0000,0000,0000,,military contractor and it's about full
Dialogue: 0,0:10:02.76,0:10:05.70,Default,,0000,0000,0000,,spectrum cyber across all domains
Dialogue: 0,0:10:05.70,0:10:06.93,Default,,0000,0000,0000,,{\i1}chatter{\i0}
Dialogue: 0,0:10:06.93,0:10:09.77,Default,,0000,0000,0000,,so why would I write my own LDAP server
Dialogue: 0,0:10:09.77,0:10:11.87,Default,,0000,0000,0000,,mostly because it's small and
Dialogue: 0,0:10:11.87,0:10:14.65,Default,,0000,0000,0000,,because I'm an auditor by trade I know
Dialogue: 0,0:10:14.65,0:10:17.63,Default,,0000,0000,0000,,that if you want a chance to actually
Dialogue: 0,0:10:17.63,0:10:19.57,Default,,0000,0000,0000,,audit the code it needs to be small
Dialogue: 0,0:10:19.57,0:10:22.04,Default,,0000,0000,0000,,because that's a limited resource
Dialogue: 0,0:10:22.04,0:10:24.11,Default,,0000,0000,0000,,the time you can spend on auditing code
Dialogue: 0,0:10:24.11,0:10:27.42,Default,,0000,0000,0000,,right so Postgres is a common SQL
Dialogue: 0,0:10:27.42,0:10:30.12,Default,,0000,0000,0000,,database slapped in the the open LDAP
Dialogue: 0,0:10:30.12,0:10:32.62,Default,,0000,0000,0000,,implementation of the server and tinyldap
Dialogue: 0,0:10:32.62,0:10:35.11,Default,,0000,0000,0000,,is mine and you see it's much slower
Dialogue: 0,0:10:35.11,0:10:36.63,Default,,0000,0000,0000,,and much smaller
Dialogue: 0,0:10:38.75,0:10:40.61,Default,,0000,0000,0000,,yeah so there was more to this
Dialogue: 0,0:10:40.61,0:10:43.76,Default,,0000,0000,0000,,ad campaign I collected a few funny images
Dialogue: 0,0:10:45.08,0:10:48.96,Default,,0000,0000,0000,,right so um if someone manages to
Dialogue: 0,0:10:48.71,0:10:52.07,Default,,0000,0000,0000,,hack the blog CGI or whatever module
Dialogue: 0,0:10:52.07,0:10:54.78,Default,,0000,0000,0000,,I use to to have connect the blog to the
Dialogue: 0,0:10:54.78,0:10:57.40,Default,,0000,0000,0000,,web server they can open any file that
Dialogue: 0,0:10:57.40,0:11:00.28,Default,,0000,0000,0000,,the blog can read right the UID can read
Dialogue: 0,0:11:00.28,0:11:02.82,Default,,0000,0000,0000,,so I should probably do something
Dialogue: 0,0:11:02.82,0:11:05.51,Default,,0000,0000,0000,,about that that was the next step and
Dialogue: 0,0:11:05.51,0:11:07.69,Default,,0000,0000,0000,,the industry was starting to think about
Dialogue: 0,0:11:07.69,0:11:09.18,Default,,0000,0000,0000,,vulnerability management
Dialogue: 0,0:11:11.07,0:11:13.36,Default,,0000,0000,0000,,so there is a mechanism on Unix
Dialogue: 0,0:11:13.36,0:11:15.45,Default,,0000,0000,0000,,on Linux I did a separate talk about that
Dialogue: 0,0:11:15.45,0:11:16.63,Default,,0000,0000,0000,,on the last Congress
Dialogue: 0,0:11:16.63,0:11:19.13,Default,,0000,0000,0000,,it's called Seccomp and Seccomp it's like
Dialogue: 0,0:11:19.13,0:11:21.37,Default,,0000,0000,0000,,a firewall for sys calls so I can use
Dialogue: 0,0:11:21.37,0:11:24.37,Default,,0000,0000,0000,,Seccomp to block open the open sys which
Dialogue: 0,0:11:24.37,0:11:26.81,Default,,0000,0000,0000,,is used to open files but if I have
Dialogue: 0,0:11:26.81,0:11:29.09,Default,,0000,0000,0000,,to use open myself
Dialogue: 0,0:11:29.09,0:11:31.72,Default,,0000,0000,0000,,then I can't block it right so what
Dialogue: 0,0:11:31.72,0:11:33.45,Default,,0000,0000,0000,,to do about that for example my blog
Dialogue: 0,0:11:33.45,0:11:35.67,Default,,0000,0000,0000,,calls local time which converts Unix's
Dialogue: 0,0:11:35.67,0:11:38.09,Default,,0000,0000,0000,,time into the local time zone and for
Dialogue: 0,0:11:38.09,0:11:40.37,Default,,0000,0000,0000,,that it opens a file containing the
Dialogue: 0,0:11:40.37,0:11:43.83,Default,,0000,0000,0000,,description of the system time zone
Dialogue: 0,0:11:43.83,0:11:46.65,Default,,0000,0000,0000,,and that calls open right so if
Dialogue: 0,0:11:46.65,0:11:49.33,Default,,0000,0000,0000,,I just disabled the open system call from
Dialogue: 0,0:11:49.33,0:11:51.06,Default,,0000,0000,0000,,my blog then it couldn't do the time
Dialogue: 0,0:11:51.06,0:11:54.36,Default,,0000,0000,0000,,translation and this is actually
Dialogue: 0,0:11:54.36,0:11:57.51,Default,,0000,0000,0000,,an old problem that also applies to set
Dialogue: 0,0:11:57.51,0:12:00.11,Default,,0000,0000,0000,,ID programs and has has applied to them
Dialogue: 0,0:12:00.11,0:12:03.03,Default,,0000,0000,0000,,for decades so what you can do is you
Dialogue: 0,0:12:03.03,0:12:05.82,Default,,0000,0000,0000,,can reorganize your code so before you
Dialogue: 0,0:12:05.82,0:12:08.48,Default,,0000,0000,0000,,block or before you drop privileges
Dialogue: 0,0:12:08.48,0:12:11.36,Default,,0000,0000,0000,,generally speaking you do the open
Dialogue: 0,0:12:11.36,0:12:14.16,Default,,0000,0000,0000,,calls in this in this example and
Dialogue: 0,0:12:14.16,0:12:16.60,Default,,0000,0000,0000,,then you disable open and then you look
Dialogue: 0,0:12:16.60,0:12:18.97,Default,,0000,0000,0000,,at the the data provided by the attacker
Dialogue: 0,0:12:18.97,0:12:21.08,Default,,0000,0000,0000,,because if the attacker or any untrusted
Dialogue: 0,0:12:21.08,0:12:23.59,Default,,0000,0000,0000,,source is trying to hack you it is via
Dialogue: 0,0:12:23.59,0:12:25.70,Default,,0000,0000,0000,,data it gives you right it's
Dialogue: 0,0:12:25.70,0:12:27.88,Default,,0000,0000,0000,,the environment is compromised so you look
Dialogue: 0,0:12:27.88,0:12:29.84,Default,,0000,0000,0000,,at what kind of uh elements in the
Dialogue: 0,0:12:29.84,0:12:31.76,Default,,0000,0000,0000,,environment are attacker supplied and
Dialogue: 0,0:12:31.76,0:12:33.80,Default,,0000,0000,0000,,before you look at a single byte in them
Dialogue: 0,0:12:33.80,0:12:35.92,Default,,0000,0000,0000,,you do all the dangerous stuff if you can
Dialogue: 0,0:12:35.92,0:12:38.20,Default,,0000,0000,0000,,right so in this case I call local
Dialogue: 0,0:12:38.20,0:12:42.21,Default,,0000,0000,0000,,time once before I drop the open sys call
Dialogue: 0,0:12:42.21,0:12:44.90,Default,,0000,0000,0000,,and then my libc will cache the
Dialogue: 0,0:12:44.90,0:12:47.94,Default,,0000,0000,0000,,time zone data and the next time I call it
Dialogue: 0,0:12:47.94,0:12:49.87,Default,,0000,0000,0000,,after I have looked at the attacker
Dialogue: 0,0:12:49.87,0:12:51.88,Default,,0000,0000,0000,,supplied code there is no need to call
Dialogue: 0,0:12:51.88,0:12:53.99,Default,,0000,0000,0000,,open right so that's a major advantage
Dialogue: 0,0:12:53.99,0:12:57.49,Default,,0000,0000,0000,,of Secom over similar Technologies like
Dialogue: 0,0:12:57.49,0:13:03.20,Default,,0000,0000,0000,,SELinux where all the prohibitions
Dialogue: 0,0:13:03.20,0:13:04.45,Default,,0000,0000,0000,,on sys calls are
Dialogue: 0,0:13:04.45,0:13:06.85,Default,,0000,0000,0000,,applied to the whole process so there is
Dialogue: 0,0:13:06.85,0:13:08.66,Default,,0000,0000,0000,,this is an example and you should make
Dialogue: 0,0:13:08.66,0:13:10.25,Default,,0000,0000,0000,,use of it you should look at your
Dialogue: 0,0:13:10.25,0:13:12.12,Default,,0000,0000,0000,,process and you can see if you have the
Dialogue: 0,0:13:12.12,0:13:13.94,Default,,0000,0000,0000,,source code at least you can see which
Dialogue: 0,0:13:13.94,0:13:16.25,Default,,0000,0000,0000,,parts do I need to do before I can drop
Dialogue: 0,0:13:16.25,0:13:18.69,Default,,0000,0000,0000,,privileges and you move them up right so
Dialogue: 0,0:13:18.69,0:13:19.85,Default,,0000,0000,0000,,that's what I did
Dialogue: 0,0:13:22.12,0:13:24.67,Default,,0000,0000,0000,,this is actually a mockup from
Dialogue: 0,0:13:24.67,0:13:27.45,Default,,0000,0000,0000,,the Estonian cyber security center
Dialogue: 0,0:13:28.76,0:13:29.96,Default,,0000,0000,0000,,so this is real
Dialogue: 0,0:13:30.95,0:13:31.95,Default,,0000,0000,0000,,okay so
Dialogue: 0,0:13:31.95,0:13:34.96,Default,,0000,0000,0000,,next thought so let's
Dialogue: 0,0:13:34.96,0:13:38.13,Default,,0000,0000,0000,,say someone hacks the blog module and
Dialogue: 0,0:13:38.13,0:13:40.40,Default,,0000,0000,0000,,someone else uses the same module but
Dialogue: 0,0:13:40.40,0:13:43.14,Default,,0000,0000,0000,,supplies a password right
Dialogue: 0,0:13:43.14,0:13:44.96,Default,,0000,0000,0000,,this is a common problem in website
Dialogue: 0,0:13:44.96,0:13:46.84,Default,,0000,0000,0000,,in websites there's some kind of login
Dialogue: 0,0:13:46.84,0:13:48.70,Default,,0000,0000,0000,,something you get maybe a session token
Dialogue: 0,0:13:48.70,0:13:51.51,Default,,0000,0000,0000,,or whatever and if someone manages to
Dialogue: 0,0:13:51.51,0:13:54.02,Default,,0000,0000,0000,,take over the middleware
Dialogue: 0,0:13:54.02,0:13:55.57,Default,,0000,0000,0000,,or like the server component
Dialogue: 0,0:13:55.58,0:13:58.89,Default,,0000,0000,0000,,they can see all other connections too
Dialogue: 0,0:13:58.89,0:14:00.42,Default,,0000,0000,0000,,if they are handled by the same
Dialogue: 0,0:14:00.42,0:14:03.46,Default,,0000,0000,0000,,process right that's a major problem
Dialogue: 0,0:14:03.46,0:14:06.34,Default,,0000,0000,0000,,and you can do something about it
Dialogue: 0,0:14:06.34,0:14:08.31,Default,,0000,0000,0000,,so that's the good news here
Dialogue: 0,0:14:09.68,0:14:13.02,Default,,0000,0000,0000,,and in my example it led to me using CGI
Dialogue: 0,0:14:13.02,0:14:15.60,Default,,0000,0000,0000,,instead of fast CGI which is fast CGI
Dialogue: 0,0:14:15.60,0:14:17.95,Default,,0000,0000,0000,,is a newer version of CGI
Dialogue: 0,0:14:17.95,0:14:20.91,Default,,0000,0000,0000,,and the idea with fast CGI is that you
Dialogue: 0,0:14:20.91,0:14:24.19,Default,,0000,0000,0000,,don't spawn a new process for every
Dialogue: 0,0:14:24.19,0:14:26.88,Default,,0000,0000,0000,,request but you have like a Unix domain
Dialogue: 0,0:14:26.88,0:14:29.89,Default,,0000,0000,0000,,socket or another socket to a fast CGI
Dialogue: 0,0:14:29.89,0:14:32.18,Default,,0000,0000,0000,,process and that opens maybe a threat
Dialogue: 0,0:14:32.18,0:14:35.55,Default,,0000,0000,0000,,per request or something but usually
Dialogue: 0,0:14:35.55,0:14:37.45,Default,,0000,0000,0000,,in fast CGI you try to handle the
Dialogue: 0,0:14:37.45,0:14:39.44,Default,,0000,0000,0000,,requests in the same process and then
Dialogue: 0,0:14:39.44,0:14:41.59,Default,,0000,0000,0000,,you can use that process to cach data so
Dialogue: 0,0:14:41.59,0:14:45.14,Default,,0000,0000,0000,,there's a perf advantage to using fast CGI
Dialogue: 0,0:14:45.14,0:14:47.30,Default,,0000,0000,0000,,but for security reasons I don't
Dialogue: 0,0:14:47.30,0:14:50.22,Default,,0000,0000,0000,,I don't use fast CGI so I can't do
Dialogue: 0,0:14:50.22,0:14:52.70,Default,,0000,0000,0000,,caching right so that's a major downside
Dialogue: 0,0:14:52.70,0:14:54.45,Default,,0000,0000,0000,,and you would expect the block to be
Dialogue: 0,0:14:54.45,0:14:56.79,Default,,0000,0000,0000,,really really slow in the end so
Dialogue: 0,0:14:56.79,0:14:59.14,Default,,0000,0000,0000,,first thing I need to use CGI instead of
Dialogue: 0,0:14:59.14,0:15:01.95,Default,,0000,0000,0000,,fast CGI and secondly you could still
Dialogue: 0,0:15:01.95,0:15:05.16,Default,,0000,0000,0000,,use debug APIs so if you use GDB or
Dialogue: 0,0:15:05.16,0:15:07.70,Default,,0000,0000,0000,,another debugger to to look at another
Dialogue: 0,0:15:07.70,0:15:10.20,Default,,0000,0000,0000,,process they use an API called ptrace
Dialogue: 0,0:15:10.20,0:15:12.86,Default,,0000,0000,0000,,but that's a sys call so I can use seccomp
Dialogue: 0,0:15:12.86,0:15:16.39,Default,,0000,0000,0000,,to disallow ptrace if I do those two
Dialogue: 0,0:15:16.39,0:15:20.30,Default,,0000,0000,0000,,and the attacker takes over a blog process
Dialogue: 0,0:15:20.30,0:15:22.53,Default,,0000,0000,0000,,all they can see is the data they supply
Dialogue: 0,0:15:22.53,0:15:26.84,Default,,0000,0000,0000,,themselves right that's a major advantage
Dialogue: 0,0:15:27.88,0:15:30.08,Default,,0000,0000,0000,,Okay so ENISA is actually an EU agency
Dialogue: 0,0:15:30.08,0:15:31.57,Default,,0000,0000,0000,,which I find really disturbing
Dialogue: 0,0:15:31.57,0:15:33.48,Default,,0000,0000,0000,,because they're burning lots of taxpayer
Dialogue: 0,0:15:33.48,0:15:38.30,Default,,0000,0000,0000,,money anyway so let's assume the attacker
Dialogue: 0,0:15:38.30,0:15:41.01,Default,,0000,0000,0000,,can hack my blog they can sill circumvent
Dialogue: 0,0:15:41.01,0:15:43.33,Default,,0000,0000,0000,,any access control I do in the blog
Dialogue: 0,0:15:43.33,0:15:46.30,Default,,0000,0000,0000,,so for example if I have an admin site
Dialogue: 0,0:15:46.30,0:15:49.45,Default,,0000,0000,0000,,or some login site part of the webiste
Dialogue: 0,0:15:49.45,0:15:52.13,Default,,0000,0000,0000,,and it's handled through the same program
Dialogue: 0,0:15:52.13,0:15:55.07,Default,,0000,0000,0000,,and the access control is done in the blog
Dialogue: 0,0:15:55.07,0:15:56.94,Default,,0000,0000,0000,,CGI and someone manages
Dialogue: 0,0:15:56.94,0:15:59.19,Default,,0000,0000,0000,,to hack my blog CGI they could
Dialogue: 0,0:15:59.19,0:16:03.28,Default,,0000,0000,0000,,just skip that so it's really hard
Dialogue: 0,0:16:03.28,0:16:05.64,Default,,0000,0000,0000,,to do access restrictions that can be
Dialogue: 0,0:16:05.64,0:16:07.82,Default,,0000,0000,0000,,circumvented if you do them in your own
Dialogue: 0,0:16:07.82,0:16:09.97,Default,,0000,0000,0000,,code so the solution is not do it in
Dialogue: 0,0:16:09.97,0:16:13.42,Default,,0000,0000,0000,,your own code I don't do any access
Dialogue: 0,0:16:13.42,0:16:15.70,Default,,0000,0000,0000,,restriction in the blog I do it in the
Dialogue: 0,0:16:15.70,0:16:18.43,Default,,0000,0000,0000,,LDAP server so if you connect to my blog
Dialogue: 0,0:16:18.43,0:16:20.52,Default,,0000,0000,0000,,and supply a password then the blog
Dialogue: 0,0:16:20.52,0:16:22.00,Default,,0000,0000,0000,,doesn't know if the password is
Dialogue: 0,0:16:22.00,0:16:24.40,Default,,0000,0000,0000,,right or not there's an for example
Dialogue: 0,0:16:24.40,0:16:26.22,Default,,0000,0000,0000,,there's an interface where you can add
Dialogue: 0,0:16:26.22,0:16:28.13,Default,,0000,0000,0000,,new block entries or you can edit an old
Dialogue: 0,0:16:28.13,0:16:29.74,Default,,0000,0000,0000,,one and for you need to supply
Dialogue: 0,0:16:29.74,0:16:31.74,Default,,0000,0000,0000,,credentials but the block CGI doesn't know
Dialogue: 0,0:16:31.74,0:16:33.40,Default,,0000,0000,0000,,if they are right or not it opens
Dialogue: 0,0:16:33.40,0:16:35.26,Default,,0000,0000,0000,,the connections to the LDAP server with
Dialogue: 0,0:16:35.26,0:16:37.34,Default,,0000,0000,0000,,that credential and then the LDAP server
Dialogue: 0,0:16:37.34,0:16:40.85,Default,,0000,0000,0000,,says yes or no so since we removed
Dialogue: 0,0:16:40.85,0:16:44.43,Default,,0000,0000,0000,,access to the ptraces calls and the
Dialogue: 0,0:16:44.43,0:16:46.61,Default,,0000,0000,0000,,processes are isolated from each other
Dialogue: 0,0:16:46.61,0:16:48.23,Default,,0000,0000,0000,,that means there is nothing to
Dialogue: 0,0:16:48.23,0:16:50.39,Default,,0000,0000,0000,,circumvent here so if someone hacks my
Dialogue: 0,0:16:50.39,0:16:52.73,Default,,0000,0000,0000,,blog the only advantage they get is
Dialogue: 0,0:16:52.73,0:16:54.77,Default,,0000,0000,0000,,they can do the exact same stuff they
Dialogue: 0,0:16:54.77,0:16:56.63,Default,,0000,0000,0000,,could do before basically they can just
Dialogue: 0,0:16:56.63,0:16:58.04,Default,,0000,0000,0000,,talk to the LDAP server
Dialogue: 0,0:16:59.63,0:17:01.23,Default,,0000,0000,0000,,okay so I'm starting to get into
Dialogue: 0,0:17:01.23,0:17:04.24,Default,,0000,0000,0000,,James Bond territory here right
Dialogue: 0,0:17:04.24,0:17:05.87,Default,,0000,0000,0000,,with the attacks they getting more
Dialogue: 0,0:17:05.87,0:17:08.88,Default,,0000,0000,0000,,convoluted right so the industry started
Dialogue: 0,0:17:08.88,0:17:10.65,Default,,0000,0000,0000,,doing threat intelligence feeds which
Dialogue: 0,0:17:10.65,0:17:12.63,Default,,0000,0000,0000,,are useless don't spend money on those
Dialogue: 0,0:17:13.10,0:17:15.82,Default,,0000,0000,0000,,okay so let's say the attacker hacked my
Dialogue: 0,0:17:15.82,0:17:19.07,Default,,0000,0000,0000,,blog and then went to my tinyldap and now
Dialogue: 0,0:17:19.07,0:17:21.82,Default,,0000,0000,0000,,is attacking tinyldap then they can
Dialogue: 0,0:17:21.82,0:17:24.06,Default,,0000,0000,0000,,watch other logins because tinyldap
Dialogue: 0,0:17:24.06,0:17:26.55,Default,,0000,0000,0000,,handles connections from other instances
Dialogue: 0,0:17:26.55,0:17:28.97,Default,,0000,0000,0000,,of the blog too right so the same
Dialogue: 0,0:17:28.97,0:17:30.84,Default,,0000,0000,0000,,problem we had before we just moved the
Dialogue: 0,0:17:30.84,0:17:33.12,Default,,0000,0000,0000,,goal post a little and we need to
Dialogue: 0,0:17:33.12,0:17:36.03,Default,,0000,0000,0000,,prevent this and the obvious solution
Dialogue: 0,0:17:36.03,0:17:38.12,Default,,0000,0000,0000,,is to do the same thing we did
Dialogue: 0,0:17:38.12,0:17:41.37,Default,,0000,0000,0000,,with the blog we have one process of
Dialogue: 0,0:17:41.37,0:17:44.79,Default,,0000,0000,0000,,the LDAP server per request and then we
Dialogue: 0,0:17:44.79,0:17:48.79,Default,,0000,0000,0000,,just allow ptrace right so now you
Dialogue: 0,0:17:48.79,0:17:51.35,Default,,0000,0000,0000,,can't watch even if you get code execution
Dialogue: 0,0:17:51.35,0:17:53.59,Default,,0000,0000,0000,,inside the LDAP server you can't watch
Dialogue: 0,0:17:53.59,0:17:55.52,Default,,0000,0000,0000,,what passwords other people use
Dialogue: 0,0:17:55.52,0:17:58.61,Default,,0000,0000,0000,,you can still see okay the industry
Dialogue: 0,0:17:58.61,0:18:01.15,Default,,0000,0000,0000,,does some [ __ ] again you can still see
Dialogue: 0,0:18:01.15,0:18:04.22,Default,,0000,0000,0000,,the password in the LDAP store right so
Dialogue: 0,0:18:04.22,0:18:06.20,Default,,0000,0000,0000,,the LDAP server has to have a version of
Dialogue: 0,0:18:06.20,0:18:08.28,Default,,0000,0000,0000,,the password to authenticate against and
Dialogue: 0,0:18:08.28,0:18:11.00,Default,,0000,0000,0000,,the industry practice best practice is to
Dialogue: 0,0:18:11.00,0:18:12.82,Default,,0000,0000,0000,,use salted hashes so the password is
Dialogue: 0,0:18:12.82,0:18:14.08,Default,,0000,0000,0000,,not actually in the store
Dialogue: 0,0:18:14.57,0:18:17.17,Default,,0000,0000,0000,,still if someone manages to attack
Dialogue: 0,0:18:17.17,0:18:19.75,Default,,0000,0000,0000,,tinyldap through the blog they can
Dialogue: 0,0:18:19.75,0:18:21.69,Default,,0000,0000,0000,,extract the hashes and try to crack them
Dialogue: 0,0:18:21.69,0:18:24.73,Default,,0000,0000,0000,,but since I'm the only one adding users
Dialogue: 0,0:18:24.73,0:18:27.53,Default,,0000,0000,0000,,I can control the password complexity so
Dialogue: 0,0:18:27.53,0:18:29.78,Default,,0000,0000,0000,,good luck brute forcing that right
Dialogue: 0,0:18:32.41,0:18:37.73,Default,,0000,0000,0000,,okay so this is actually a real problem
Dialogue: 0,0:18:37.73,0:18:39.40,Default,,0000,0000,0000,,not for my blog specifically
Dialogue: 0,0:18:39.40,0:18:41.60,Default,,0000,0000,0000,,but for other web services or services
Dialogue: 0,0:18:41.60,0:18:43.31,Default,,0000,0000,0000,,that are reachable from the internet
Dialogue: 0,0:18:43.31,0:18:45.26,Default,,0000,0000,0000,,what if an attacker doesn't want to steal
Dialogue: 0,0:18:45.26,0:18:47.76,Default,,0000,0000,0000,,my data but it wants to encrypt it
Dialogue: 0,0:18:47.76,0:18:50.05,Default,,0000,0000,0000,,so the ransomware what can you do
Dialogue: 0,0:18:50.05,0:18:53.87,Default,,0000,0000,0000,,about that and my idea was to make
Dialogue: 0,0:18:53.87,0:18:55.92,Default,,0000,0000,0000,,the data store read only so the
Dialogue: 0,0:18:55.92,0:18:58.08,Default,,0000,0000,0000,,LDAP server has a data store that contains
Dialogue: 0,0:18:58.08,0:19:00.56,Default,,0000,0000,0000,,all the blog entries and let's read only
Dialogue: 0,0:19:00.56,0:19:03.05,Default,,0000,0000,0000,,to the add up process you can only read
Dialogue: 0,0:19:03.05,0:19:05.13,Default,,0000,0000,0000,,from it and if you want to write to it
Dialogue: 0,0:19:05.13,0:19:08.25,Default,,0000,0000,0000,,for example to add a new entry it gets
Dialogue: 0,0:19:08.25,0:19:10.28,Default,,0000,0000,0000,,appended to a second file which I call the
Dialogue: 0,0:19:10.28,0:19:13.30,Default,,0000,0000,0000,,journal so SQL databases have a similar
Dialogue: 0,0:19:13.30,0:19:15.67,Default,,0000,0000,0000,,concept and they use it to roll back
Dialogue: 0,0:19:15.67,0:19:17.65,Default,,0000,0000,0000,,transactions I can do the same thing
Dialogue: 0,0:19:17.65,0:19:19.16,Default,,0000,0000,0000,,it's basically a log file
Dialogue: 0,0:19:19.16,0:19:23.04,Default,,0000,0000,0000,,and that means all the differences from
Dialogue: 0,0:19:23.04,0:19:25.53,Default,,0000,0000,0000,,the last time the store was created
Dialogue: 0,0:19:25.53,0:19:27.63,Default,,0000,0000,0000,,the read only store all the differences
Dialogue: 0,0:19:27.63,0:19:29.65,Default,,0000,0000,0000,,are sequentially in the log file
Dialogue: 0,0:19:29.65,0:19:32.65,Default,,0000,0000,0000,,in the journal so that the performance
Dialogue: 0,0:19:32.65,0:19:34.85,Default,,0000,0000,0000,,gets worse the bigger the journal gets
Dialogue: 0,0:19:34.85,0:19:37.33,Default,,0000,0000,0000,,so every now and then I need to combine
Dialogue: 0,0:19:37.33,0:19:39.54,Default,,0000,0000,0000,,the read only part and the journal
Dialogue: 0,0:19:39.54,0:19:41.79,Default,,0000,0000,0000,,a new bigger read only part and
Dialogue: 0,0:19:41.79,0:19:43.47,Default,,0000,0000,0000,,I do that manually
Dialogue: 0,0:19:45.73,0:19:48.47,Default,,0000,0000,0000,,because tinyldap couldn't do it because
Dialogue: 0,0:19:48.47,0:19:50.47,Default,,0000,0000,0000,,I didn't allow tinyldap to write the store
Dialogue: 0,0:19:50.47,0:19:52.45,Default,,0000,0000,0000,,right that was part of the security here
Dialogue: 0,0:19:53.01,0:19:56.51,Default,,0000,0000,0000,,and so with seccomp I can just disable
Dialogue: 0,0:19:56.51,0:19:59.00,Default,,0000,0000,0000,,sys calls I can also install filters so I
Dialogue: 0,0:19:59.00,0:20:01.14,Default,,0000,0000,0000,,can say open is allowed but only if you
Dialogue: 0,0:20:01.14,0:20:03.45,Default,,0000,0000,0000,,use O_APPEND O_APPEND in the open sys
Dialogue: 0,0:20:03.45,0:20:06.44,Default,,0000,0000,0000,,call on Unix means every right you do to
Dialogue: 0,0:20:06.44,0:20:09.13,Default,,0000,0000,0000,,this descriptor is automatically
Dialogue: 0,0:20:09.13,0:20:12.42,Default,,0000,0000,0000,,added to the end so I know if someone
Dialogue: 0,0:20:12.42,0:20:16.03,Default,,0000,0000,0000,,manages to to access the tinyldap
Dialogue: 0,0:20:16.03,0:20:18.82,Default,,0000,0000,0000,,binary and can write to my journal then
Dialogue: 0,0:20:18.82,0:20:21.05,Default,,0000,0000,0000,,the only place the changes can show up
Dialogue: 0,0:20:21.05,0:20:23.18,Default,,0000,0000,0000,,is at the end and that's actually a really
Dialogue: 0,0:20:23.18,0:20:25.32,Default,,0000,0000,0000,,good thing to have because it means
Dialogue: 0,0:20:25.32,0:20:27.76,Default,,0000,0000,0000,,if someone hacks me and adds junk to
Dialogue: 0,0:20:27.76,0:20:30.00,Default,,0000,0000,0000,,my blog I can only remove at the end
Dialogue: 0,0:20:30.00,0:20:32.64,Default,,0000,0000,0000,,and I'm good again compare that to a
Dialogue: 0,0:20:32.64,0:20:35.37,Default,,0000,0000,0000,,usual SQL database if someone wrote
Dialogue: 0,0:20:35.37,0:20:38.22,Default,,0000,0000,0000,,to the database you need to in to play
Dialogue: 0,0:20:38.22,0:20:41.18,Default,,0000,0000,0000,,a backup uh in to restore backup because
Dialogue: 0,0:20:41.18,0:20:43.15,Default,,0000,0000,0000,,they could have changed anything anywhere
Dialogue: 0,0:20:43.37,0:20:45.48,Default,,0000,0000,0000,,right so but tinyldap doesn't even have
Dialogue: 0,0:20:45.48,0:20:47.34,Default,,0000,0000,0000,,file system level permissions to change
Dialogue: 0,0:20:47.34,0:20:48.91,Default,,0000,0000,0000,,anything in the store so I can
Dialogue: 0,0:20:48.91,0:20:51.12,Default,,0000,0000,0000,,re-sleep soundly
Dialogue: 0,0:20:51.63,0:20:53.62,Default,,0000,0000,0000,,yeah the industry spent money on
Dialogue: 0,0:20:53.62,0:20:55.50,Default,,0000,0000,0000,,cyber security mesh architecture
Dialogue: 0,0:20:57.16,0:20:59.38,Default,,0000,0000,0000,,right so the journal integration has
Dialogue: 0,0:20:59.38,0:21:01.42,Default,,0000,0000,0000,,to be done by me manually out of band
Dialogue: 0,0:21:01.42,0:21:04.13,Default,,0000,0000,0000,,so it's not something an automated process
Dialogue: 0,0:21:04.13,0:21:06.10,Default,,0000,0000,0000,,does I do it manually
Dialogue: 0,0:21:06.10,0:21:07.82,Default,,0000,0000,0000,,and when I'm doing it
Dialogue: 0,0:21:08.34,0:21:10.36,Default,,0000,0000,0000,,because it's not that much data it's
Dialogue: 0,0:21:10.36,0:21:12.42,Default,,0000,0000,0000,,like for a week or two I can just read it
Dialogue: 0,0:21:12.42,0:21:14.60,Default,,0000,0000,0000,,again and see if something doesn't look
Dialogue: 0,0:21:14.60,0:21:19.12,Default,,0000,0000,0000,,right this may not be available to all
Dialogue: 0,0:21:19.12,0:21:20.99,Default,,0000,0000,0000,,other scenarios but you have to
Dialogue: 0,0:21:20.99,0:21:22.76,Default,,0000,0000,0000,,realize if you have bigger data it's
Dialogue: 0,0:21:22.76,0:21:25.12,Default,,0000,0000,0000,,usually not all the data that's big
Dialogue: 0,0:21:25.12,0:21:27.14,Default,,0000,0000,0000,,most of it is usually static and read only
Dialogue: 0,0:21:27.14,0:21:30.00,Default,,0000,0000,0000,,and then you have some logs that are
Dialogue: 0,0:21:30.00,0:21:32.75,Default,,0000,0000,0000,,you know billing data that grows and grows
Dialogue: 0,0:21:32.75,0:21:35.15,Default,,0000,0000,0000,,but usually there's part of the data and
Dialogue: 0,0:21:35.15,0:21:38.54,Default,,0000,0000,0000,,this is the part with the you know
Dialogue: 0,0:21:38.54,0:21:41.59,Default,,0000,0000,0000,,identifying information personally or
Dialogue: 0,0:21:41.59,0:21:45.52,Default,,0000,0000,0000,,billing details that stuff is usually
Dialogue: 0,0:21:45.52,0:21:48.12,Default,,0000,0000,0000,,small and mostly static and you could
Dialogue: 0,0:21:48.12,0:21:51.44,Default,,0000,0000,0000,,use this strategy for that too
Dialogue: 0,0:21:53.17,0:21:56.63,Default,,0000,0000,0000,,well yeah okay
Dialogue: 0,0:21:57.08,0:21:59.32,Default,,0000,0000,0000,,so the attacker can still write garbage
Dialogue: 0,0:21:59.32,0:22:01.39,Default,,0000,0000,0000,,to my blog that's still not good
Dialogue: 0,0:22:01.39,0:22:03.73,Default,,0000,0000,0000,,right but since all they can do is append
Dialogue: 0,0:22:03.73,0:22:06.48,Default,,0000,0000,0000,,to the journal I can use my text editor
Dialogue: 0,0:22:06.48,0:22:09.00,Default,,0000,0000,0000,,open the journal and truncate at some
Dialogue: 0,0:22:09.00,0:22:11.43,Default,,0000,0000,0000,,point and then I get all my data back
Dialogue: 0,0:22:11.43,0:22:13.78,Default,,0000,0000,0000,,till the point where they start to [???]
Dialogue: 0,0:22:13.78,0:22:16.23,Default,,0000,0000,0000,,the blog right this is still bad but
Dialogue: 0,0:22:16.23,0:22:18.62,Default,,0000,0000,0000,,it's a very good position to be in
Dialogue: 0,0:22:18.62,0:22:21.14,Default,,0000,0000,0000,,if there's an emergency because you
Dialogue: 0,0:22:21.14,0:22:23.75,Default,,0000,0000,0000,,can basically investigate calmly first
Dialogue: 0,0:22:23.75,0:22:26.24,Default,,0000,0000,0000,,you turn off right write access then you
Dialogue: 0,0:22:26.24,0:22:29.44,Default,,0000,0000,0000,,delete the vandalism and the journal
Dialogue: 0,0:22:29.44,0:22:32.60,Default,,0000,0000,0000,,and you know you haven't lost anything
Dialogue: 0,0:22:32.60,0:22:34.74,Default,,0000,0000,0000,,because if you want to delete an entry
Dialogue: 0,0:22:34.74,0:22:36.89,Default,,0000,0000,0000,,in the blog you could do that too but
Dialogue: 0,0:22:36.89,0:22:38.93,Default,,0000,0000,0000,,that means at the end of the journal you
Dialogue: 0,0:22:38.94,0:22:41.20,Default,,0000,0000,0000,,append a statement saying delete this
Dialogue: 0,0:22:41.20,0:22:43.31,Default,,0000,0000,0000,,record and I can just remove that and I
Dialogue: 0,0:22:43.31,0:22:45.73,Default,,0000,0000,0000,,get the record back right so there's no
Dialogue: 0,0:22:45.73,0:22:48.82,Default,,0000,0000,0000,,way for someone vandalizing my blog to
Dialogue: 0,0:22:48.82,0:22:50.94,Default,,0000,0000,0000,,damage any data that was in it before
Dialogue: 0,0:22:50.94,0:22:53.62,Default,,0000,0000,0000,,all they can do is append junk at the end
Dialogue: 0,0:22:53.62,0:22:56.02,Default,,0000,0000,0000,,and I can live with that right this is
Dialogue: 0,0:22:56.02,0:22:58.39,Default,,0000,0000,0000,,this is should be the guiding thought
Dialogue: 0,0:22:58.39,0:23:00.67,Default,,0000,0000,0000,,between any security you do
Dialogue: 0,0:23:00.67,0:23:03.28,Default,,0000,0000,0000,,if someone hacks you will be in a very
Dialogue: 0,0:23:03.28,0:23:05.44,Default,,0000,0000,0000,,stressful position the boss will be
Dialogue: 0,0:23:05.44,0:23:07.75,Default,,0000,0000,0000,,behind you breathing down your neck are
Dialogue: 0,0:23:07.75,0:23:09.89,Default,,0000,0000,0000,,we done yet? is it fixed? and you want to
Dialogue: 0,0:23:09.89,0:23:12.41,Default,,0000,0000,0000,,have as little to do as possible at that
Dialogue: 0,0:23:12.41,0:23:14.67,Default,,0000,0000,0000,,time you want to to move all the stress
Dialogue: 0,0:23:14.67,0:23:17.28,Default,,0000,0000,0000,,to before you get hacked because then
Dialogue: 0,0:23:17.28,0:23:18.74,Default,,0000,0000,0000,,you have more time
Dialogue: 0,0:23:19.84,0:23:22.08,Default,,0000,0000,0000,,okay the industry did other things again
Dialogue: 0,0:23:24.76,0:23:27.94,Default,,0000,0000,0000,,so what if the attacker doesn't write
Dialogue: 0,0:23:27.94,0:23:30.45,Default,,0000,0000,0000,,garbage to the journal but writes some
Dialogue: 0,0:23:30.45,0:23:33.11,Default,,0000,0000,0000,,exploit to the journal that the next
Dialogue: 0,0:23:33.11,0:23:35.31,Default,,0000,0000,0000,,tinyldap up instance that reads the
Dialogue: 0,0:23:35.31,0:23:37.98,Default,,0000,0000,0000,,journal gets compromised by it
Dialogue: 0,0:23:39.43,0:23:42.70,Default,,0000,0000,0000,,that is a possibility and that would be
Dialogue: 0,0:23:42.70,0:23:45.91,Default,,0000,0000,0000,,bad so agreed that there still a problem
Dialogue: 0,0:23:46.41,0:23:49.60,Default,,0000,0000,0000,,but realize how preposterous the scenario
Dialogue: 0,0:23:49.60,0:23:51.73,Default,,0000,0000,0000,,is so we are talking about an attacker
Dialogue: 0,0:23:51.73,0:23:54.66,Default,,0000,0000,0000,,who found stable zero day in the blog
Dialogue: 0,0:23:54.66,0:23:57.10,Default,,0000,0000,0000,,and then used that and another
Dialogue: 0,0:23:57.10,0:23:59.64,Default,,0000,0000,0000,,stable zero day in tinyldap up to write
Dialogue: 0,0:23:59.64,0:24:02.28,Default,,0000,0000,0000,,to the journal and then have the third
Dialogue: 0,0:24:03.05,0:24:06.29,Default,,0000,0000,0000,,third zero day to compromise the journal
Dialogue: 0,0:24:06.29,0:24:08.71,Default,,0000,0000,0000,,passing code so I mean
Dialogue: 0,0:24:08.71,0:24:11.27,Default,,0000,0000,0000,,yes it is still a problem but we reduced
Dialogue: 0,0:24:11.27,0:24:13.80,Default,,0000,0000,0000,,the risk significantly
Dialogue: 0,0:24:14.16,0:24:15.16,Default,,0000,0000,0000,,and that is what
Dialogue: 0,0:24:15.16,0:24:18.32,Default,,0000,0000,0000,,I'm trying to to tell you here it's not
Dialogue: 0,0:24:18.32,0:24:20.70,Default,,0000,0000,0000,,it's not all or nothing it's good enough
Dialogue: 0,0:24:20.70,0:24:24.08,Default,,0000,0000,0000,,if you can half the risk that's already
Dialogue: 0,0:24:24.08,0:24:26.04,Default,,0000,0000,0000,,very important and you should do it
Dialogue: 0,0:24:26.04,0:24:30.62,Default,,0000,0000,0000,,so as much as you can slice off the risk
Dialogue: 0,0:24:30.62,0:24:32.87,Default,,0000,0000,0000,,the better the better off you will be
Dialogue: 0,0:24:32.87,0:24:34.39,Default,,0000,0000,0000,,if something happens
Dialogue: 0,0:24:34.65,0:24:37.70,Default,,0000,0000,0000,,right because the smaller the code is
Dialogue: 0,0:24:37.70,0:24:40.29,Default,,0000,0000,0000,,that is still attackable the
Dialogue: 0,0:24:40.29,0:24:42.16,Default,,0000,0000,0000,,more you can audit it and be sure it's
Dialogue: 0,0:24:42.16,0:24:44.17,Default,,0000,0000,0000,,good you show it to your friends and
Dialogue: 0,0:24:44.17,0:24:46.68,Default,,0000,0000,0000,,they can audit it too and you
Dialogue: 0,0:24:46.68,0:24:48.71,Default,,0000,0000,0000,,need to save yourself that time because
Dialogue: 0,0:24:48.71,0:24:50.71,Default,,0000,0000,0000,,it happens every now and then that I get
Dialogue: 0,0:24:50.71,0:24:52.90,Default,,0000,0000,0000,,to get to see the whole code base and
Dialogue: 0,0:24:52.90,0:24:54.55,Default,,0000,0000,0000,,the usual code base for commercial
Dialogue: 0,0:24:54.55,0:24:57.12,Default,,0000,0000,0000,,products is like gigabytes of source code
Dialogue: 0,0:24:57.12,0:24:59.52,Default,,0000,0000,0000,,nobody can read that like
Dialogue: 0,0:24:59.52,0:25:01.21,Default,,0000,0000,0000,,I'm good I'm not that good
Dialogue: 0,0:25:02.59,0:25:05.41,Default,,0000,0000,0000,,so this is a good place to be in
Dialogue: 0,0:25:05.41,0:25:07.54,Default,,0000,0000,0000,,I think right so the industry was selling
Dialogue: 0,0:25:07.54,0:25:10.26,Default,,0000,0000,0000,,DDOS mitigation sure whatever
Dialogue: 0,0:25:10.33,0:25:11.95,Default,,0000,0000,0000,,so what happens if someone attacks
Dialogue: 0,0:25:11.95,0:25:14.90,Default,,0000,0000,0000,,the web server that is still a big
Dialogue: 0,0:25:14.90,0:25:18.26,Default,,0000,0000,0000,,problem and it's actually
Dialogue: 0,0:25:20.42,0:25:22.56,Default,,0000,0000,0000,,it's a full damage right
Dialogue: 0,0:25:22.56,0:25:24.23,Default,,0000,0000,0000,,that's the worst that can happen if
Dialogue: 0,0:25:24.23,0:25:26.15,Default,,0000,0000,0000,,someone manages to attack the web server
Dialogue: 0,0:25:26.15,0:25:28.43,Default,,0000,0000,0000,,they can see all traffic coming through
Dialogue: 0,0:25:28.43,0:25:30.42,Default,,0000,0000,0000,,they can look inside TLS secured
Dialogue: 0,0:25:30.42,0:25:32.31,Default,,0000,0000,0000,,connections and they can sniff all the
Dialogue: 0,0:25:32.31,0:25:34.72,Default,,0000,0000,0000,,passwords so that's really bad
Dialogue: 0,0:25:34.98,0:25:36.93,Default,,0000,0000,0000,,unfortunately there is not too much
Dialogue: 0,0:25:36.93,0:25:38.62,Default,,0000,0000,0000,,you can do about that
Dialogue: 0,0:25:40.92,0:25:44.26,Default,,0000,0000,0000,,you could do a separation
Dialogue: 0,0:25:44.26,0:25:46.02,Default,,0000,0000,0000,,so this is something people have been
Dialogue: 0,0:25:46.02,0:25:47.96,Default,,0000,0000,0000,,talking about for a while OpenSSL is
Dialogue: 0,0:25:47.96,0:25:49.98,Default,,0000,0000,0000,,doing this they moved the dangerous crypto
Dialogue: 0,0:25:49.98,0:25:51.91,Default,,0000,0000,0000,,stuff in a second process and use
Dialogue: 0,0:25:51.91,0:25:54.22,Default,,0000,0000,0000,,sandboxing to lock down that process
Dialogue: 0,0:25:54.43,0:25:56.29,Default,,0000,0000,0000,,that could be done but nobody has done
Dialogue: 0,0:25:56.29,0:25:58.65,Default,,0000,0000,0000,,it for OpenSSL yet so OpenSSL doesn't
Dialogue: 0,0:25:58.65,0:26:00.69,Default,,0000,0000,0000,,support that my web server
Dialogue: 0,0:26:00.69,0:26:02.93,Default,,0000,0000,0000,,also supports embed TLS they don't
Dialogue: 0,0:26:02.93,0:26:05.16,Default,,0000,0000,0000,,support that too so I I could spend time
Dialogue: 0,0:26:05.16,0:26:06.59,Default,,0000,0000,0000,,on that and I've been actually
Dialogue: 0,0:26:06.59,0:26:09.10,Default,,0000,0000,0000,,spending some time already but it's not
Dialogue: 0,0:26:09.10,0:26:10.96,Default,,0000,0000,0000,,it's not ready yet but this would be a
Dialogue: 0,0:26:10.96,0:26:13.28,Default,,0000,0000,0000,,good way to reduce the risk and you may
Dialogue: 0,0:26:13.28,0:26:15.63,Default,,0000,0000,0000,,notice that the the tools I'm using to
Dialogue: 0,0:26:15.63,0:26:17.78,Default,,0000,0000,0000,,reduce risks are actually just a handful
Dialogue: 0,0:26:17.96,0:26:20.70,Default,,0000,0000,0000,,there's not it's not you know it's not
Dialogue: 0,0:26:20.70,0:26:23.31,Default,,0000,0000,0000,,witchcraft I'm not inventing new
Dialogue: 0,0:26:23.31,0:26:25.59,Default,,0000,0000,0000,,ways to look at things I'm doing the
Dialogue: 0,0:26:25.59,0:26:27.78,Default,,0000,0000,0000,,same thing again I'm identifying the
Dialogue: 0,0:26:27.78,0:26:29.90,Default,,0000,0000,0000,,part of the code that's dangerous and
Dialogue: 0,0:26:29.90,0:26:32.52,Default,,0000,0000,0000,,then I think about how I can make that
Dialogue: 0,0:26:32.52,0:26:34.67,Default,,0000,0000,0000,,part smaller maybe put it in a different
Dialogue: 0,0:26:34.67,0:26:37.30,Default,,0000,0000,0000,,process lock it down so we need to do
Dialogue: 0,0:26:37.30,0:26:38.94,Default,,0000,0000,0000,,the same thing with the web server
Dialogue: 0,0:26:38.94,0:26:40.91,Default,,0000,0000,0000,,obviously but it's an ongoing process
Dialogue: 0,0:26:42.66,0:26:46.71,Default,,0000,0000,0000,,yeah so again whatever why
Dialogue: 0,0:26:46.71,0:26:49.40,Default,,0000,0000,0000,,haven't I done that yet uh so in my
Dialogue: 0,0:26:49.40,0:26:51.38,Default,,0000,0000,0000,,web server you can it's a build time
Dialogue: 0,0:26:51.38,0:26:53.47,Default,,0000,0000,0000,,decision if you want SSL support or not
Dialogue: 0,0:26:53.47,0:26:55.06,Default,,0000,0000,0000,,and you can see the binary is
Dialogue: 0,0:26:55.06,0:26:57.52,Default,,0000,0000,0000,,significantly bigger if you have SSL
Dialogue: 0,0:26:57.52,0:26:59.54,Default,,0000,0000,0000,,and I'm showing you this because it means
Dialogue: 0,0:26:59.54,0:27:01.80,Default,,0000,0000,0000,,the bulk of the attack surface is the SSL
Dialogue: 0,0:27:01.80,0:27:04.73,Default,,0000,0000,0000,,code it's not my code so if I if I can
Dialogue: 0,0:27:04.73,0:27:07.44,Default,,0000,0000,0000,,put the SSL code in a different process
Dialogue: 0,0:27:07.44,0:27:10.74,Default,,0000,0000,0000,,they still need to see the private key
Dialogue: 0,0:27:10.74,0:27:12.27,Default,,0000,0000,0000,,because that's what TLS needs
Dialogue: 0,0:27:12.27,0:27:13.89,Default,,0000,0000,0000,,the private key otherwise it can't
Dialogue: 0,0:27:13.89,0:27:15.93,Default,,0000,0000,0000,,do the crypto so the bug of the attack
Dialogue: 0,0:27:15.93,0:27:17.74,Default,,0000,0000,0000,,surface would still have access to the
Dialogue: 0,0:27:17.74,0:27:19.53,Default,,0000,0000,0000,,key I can still do it because there
Dialogue: 0,0:27:19.53,0:27:21.48,Default,,0000,0000,0000,,might be bugs in my code and not the
Dialogue: 0,0:27:21.48,0:27:24.93,Default,,0000,0000,0000,,SSL code but that's just 5% of the of
Dialogue: 0,0:27:24.93,0:27:27.31,Default,,0000,0000,0000,,the overall attack surface so
Dialogue: 0,0:27:27.73,0:27:29.84,Default,,0000,0000,0000,,I will probably do it at some point
Dialogue: 0,0:27:29.84,0:27:32.12,Default,,0000,0000,0000,,but it's I don't expect miracles from it
Dialogue: 0,0:27:32.12,0:27:35.02,Default,,0000,0000,0000,,bugs and open SSL will kill me
Dialogue: 0,0:27:35.02,0:27:37.24,Default,,0000,0000,0000,,there's not much I can do about that
Dialogue: 0,0:27:39.70,0:27:40.70,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:27:41.82,0:27:44.16,Default,,0000,0000,0000,,okay so I know what you're thinking
Dialogue: 0,0:27:44.22,0:27:47.39,Default,,0000,0000,0000,,{\i1}loud laughter{\i0}
Dialogue: 0,0:27:47.53,0:27:50.83,Default,,0000,0000,0000,,what about kernel bugs?
Dialogue: 0,0:27:50.83,0:27:52.46,Default,,0000,0000,0000,,so I looked at a few of the recent
Dialogue: 0,0:27:52.46,0:27:54.68,Default,,0000,0000,0000,,kernel bugs and it turns out that they
Dialogue: 0,0:27:54.68,0:27:56.99,Default,,0000,0000,0000,,usually apply to sys calls that are rarely
Dialogue: 0,0:27:56.99,0:28:00.11,Default,,0000,0000,0000,,used in regular programs and because
Dialogue: 0,0:28:00.11,0:28:01.93,Default,,0000,0000,0000,,I'm blocking all the sys calls I don't
Dialogue: 0,0:28:01.93,0:28:04.22,Default,,0000,0000,0000,,really need none of them apply to me
Dialogue: 0,0:28:04.22,0:28:07.19,Default,,0000,0000,0000,,right and this is a this is a pattern
Dialogue: 0,0:28:07.19,0:28:09.59,Default,,0000,0000,0000,,with Kernel bugs
Dialogue: 0,0:28:09.59,0:28:12.05,Default,,0000,0000,0000,,there is a project called Sandstorm
Dialogue: 0,0:28:13.06,0:28:16.88,Default,,0000,0000,0000,,that also uses ptrace and seccomp tracing
Dialogue: 0,0:28:16.88,0:28:19.05,Default,,0000,0000,0000,,to reduce the sys call
Dialogue: 0,0:28:19.34,0:28:22.27,Default,,0000,0000,0000,,surface and then puts regular services
Dialogue: 0,0:28:22.27,0:28:25.24,Default,,0000,0000,0000,,into a sandbox for web services and
Dialogue: 0,0:28:25.24,0:28:28.29,Default,,0000,0000,0000,,they evaded all kinds of of Kernel bugs
Dialogue: 0,0:28:28.29,0:28:30.31,Default,,0000,0000,0000,,just because of that so this is
Dialogue: 0,0:28:30.31,0:28:32.04,Default,,0000,0000,0000,,like a zero effort thing because
Dialogue: 0,0:28:32.04,0:28:34.74,Default,,0000,0000,0000,,obviously if you have a list of sys calls
Dialogue: 0,0:28:34.74,0:28:36.48,Default,,0000,0000,0000,,you'd use a white list and you
Dialogue: 0,0:28:36.48,0:28:38.11,Default,,0000,0000,0000,,have a list of things you are
Dialogue: 0,0:28:38.11,0:28:40.20,Default,,0000,0000,0000,,explicitly low and the rest is disabled
Dialogue: 0,0:28:40.20,0:28:42.37,Default,,0000,0000,0000,,not the other way around right
Dialogue: 0,0:28:42.48,0:28:44.48,Default,,0000,0000,0000,,so none of the usual Kernel bugs apply
Dialogue: 0,0:28:44.48,0:28:47.06,Default,,0000,0000,0000,,to me um because of the the seccomp stuff
Dialogue: 0,0:28:47.06,0:28:49.34,Default,,0000,0000,0000,,I already do so Kernel bugs aren't as big
Dialogue: 0,0:28:49.34,0:28:51.82,Default,,0000,0000,0000,,of a problem as you might think at least
Dialogue: 0,0:28:51.82,0:28:54.02,Default,,0000,0000,0000,,I still have them if I haven't patched
Dialogue: 0,0:28:54.02,0:28:56.44,Default,,0000,0000,0000,,but you can't get to them via the blog
Dialogue: 0,0:28:57.27,0:28:59.51,Default,,0000,0000,0000,,so I have a small confession to make
Dialogue: 0,0:28:59.51,0:29:01.67,Default,,0000,0000,0000,,I'm a bit of a troll and that applies
Dialogue: 0,0:29:01.67,0:29:05.01,Default,,0000,0000,0000,,to this project as well so I used the
Dialogue: 0,0:29:05.01,0:29:09.72,Default,,0000,0000,0000,,worst programming language I used C right
Dialogue: 0,0:29:09.72,0:29:11.98,Default,,0000,0000,0000,,so I'm trolling the security people
Dialogue: 0,0:29:11.98,0:29:13.75,Default,,0000,0000,0000,,and then I'm trolling the Java people
Dialogue: 0,0:29:13.75,0:29:15.41,Default,,0000,0000,0000,,who have been saying you should use
Dialogue: 0,0:29:15.41,0:29:17.27,Default,,0000,0000,0000,,multi-threading for performance and not
Dialogue: 0,0:29:17.27,0:29:18.60,Default,,0000,0000,0000,,have one process per request
Dialogue: 0,0:29:18.60,0:29:21.31,Default,,0000,0000,0000,,so I'm doing actually two fork and exec
Dialogue: 0,0:29:21.31,0:29:22.38,Default,,0000,0000,0000,,per request
Dialogue: 0,0:29:23.18,0:29:25.13,Default,,0000,0000,0000,,I'm trolling the database people
Dialogue: 0,0:29:25.13,0:29:26.44,Default,,0000,0000,0000,,I don't have any caching
Dialogue: 0,0:29:26.44,0:29:28.04,Default,,0000,0000,0000,,I don't have connection pools
Dialogue: 0,0:29:28.46,0:29:30.29,Default,,0000,0000,0000,,and the perf people too because I'm
Dialogue: 0,0:29:30.29,0:29:32.13,Default,,0000,0000,0000,,still faster than most of the regular
Dialogue: 0,0:29:32.13,0:29:34.64,Default,,0000,0000,0000,,solutions so there is no there's really
Dialogue: 0,0:29:34.64,0:29:36.87,Default,,0000,0000,0000,,no downside if you if you architect your
Dialogue: 0,0:29:36.87,0:29:38.87,Default,,0000,0000,0000,,software to use this kind of thing
Dialogue: 0,0:29:39.44,0:29:41.94,Default,,0000,0000,0000,,it will be slower than other ways to do it
Dialogue: 0,0:29:41.94,0:29:44.34,Default,,0000,0000,0000,,but most other software isn't as fast
Dialogue: 0,0:29:44.34,0:29:47.49,Default,,0000,0000,0000,,anyway so there's enough headway that
Dialogue: 0,0:29:47.49,0:29:49.72,Default,,0000,0000,0000,,you can use to do security instead of
Dialogue: 0,0:29:49.72,0:29:51.92,Default,,0000,0000,0000,,performance you will still be faster
Dialogue: 0,0:29:53.32,0:29:56.15,Default,,0000,0000,0000,,so let's recap the methodology I used
Dialogue: 0,0:29:57.28,0:29:59.55,Default,,0000,0000,0000,,first I make a list of all the attacks
Dialogue: 0,0:29:59.55,0:30:01.28,Default,,0000,0000,0000,,I can think of and this means
Dialogue: 0,0:30:01.28,0:30:03.30,Default,,0000,0000,0000,,concrete attacks so what could happen
Dialogue: 0,0:30:03.30,0:30:04.56,Default,,0000,0000,0000,,and what would what would
Dialogue: 0,0:30:04.56,0:30:06.96,Default,,0000,0000,0000,,be the problem then right and then
Dialogue: 0,0:30:06.96,0:30:09.12,Default,,0000,0000,0000,,I think for every item on the list
Dialogue: 0,0:30:09.12,0:30:11.43,Default,,0000,0000,0000,,I consider how to prevent this
Dialogue: 0,0:30:11.43,0:30:13.96,Default,,0000,0000,0000,,can I prevent this? what I need to do
Dialogue: 0,0:30:13.96,0:30:15.86,Default,,0000,0000,0000,,and then I do it right so that's easy
Dialogue: 0,0:30:15.86,0:30:17.95,Default,,0000,0000,0000,,it's like this the Feynman problem solving
Dialogue: 0,0:30:17.95,0:30:20.32,Default,,0000,0000,0000,,algorithm in spirit and this
Dialogue: 0,0:30:20.32,0:30:23.09,Default,,0000,0000,0000,,process is called threat modeling it's
Dialogue: 0,0:30:23.09,0:30:25.24,Default,,0000,0000,0000,,it's like a it's dirty word because it
Dialogue: 0,0:30:25.24,0:30:27.29,Default,,0000,0000,0000,,sounds like there's effort involved and
Dialogue: 0,0:30:27.29,0:30:29.06,Default,,0000,0000,0000,,nobody wants to do it but it's really
Dialogue: 0,0:30:29.06,0:30:30.91,Default,,0000,0000,0000,,it's easy it's just these these steps
Dialogue: 0,0:30:30.91,0:30:32.89,Default,,0000,0000,0000,,you look at your software you
Dialogue: 0,0:30:32.89,0:30:35.04,Default,,0000,0000,0000,,consider all the ways it could be attacked
Dialogue: 0,0:30:35.04,0:30:36.47,Default,,0000,0000,0000,,and then you consider what you
Dialogue: 0,0:30:36.47,0:30:38.23,Default,,0000,0000,0000,,could do to prevent the attack or in
Dialogue: 0,0:30:38.23,0:30:40.08,Default,,0000,0000,0000,,some cases you can't prevent the attack
Dialogue: 0,0:30:40.08,0:30:42.62,Default,,0000,0000,0000,,and then you say well that's a risk I have\Nlive with
Dialogue: 0,0:30:42.62,0:30:44.46,Default,,0000,0000,0000,,right so that's called threat modeling
Dialogue: 0,0:30:44.46,0:30:46.07,Default,,0000,0000,0000,,you should try it's awesome
Dialogue: 0,0:30:48.16,0:30:50.12,Default,,0000,0000,0000,,and you saw that I'm trying
Dialogue: 0,0:30:50.12,0:30:52.49,Default,,0000,0000,0000,,to optimize something here I go for a
Dialogue: 0,0:30:52.49,0:30:55.21,Default,,0000,0000,0000,,specific target in this case I want
Dialogue: 0,0:30:55.21,0:30:57.13,Default,,0000,0000,0000,,as little code as possible
Dialogue: 0,0:30:57.84,0:30:59.91,Default,,0000,0000,0000,,the more code there is the more bugs
Dialogue: 0,0:30:59.91,0:31:01.93,Default,,0000,0000,0000,,there will be that's an a very old
Dialogue: 0,0:31:02.47,0:31:04.83,Default,,0000,0000,0000,,insight from I think it was originally
Dialogue: 0,0:31:04.83,0:31:06.80,Default,,0000,0000,0000,,in IBM study and they basically found
Dialogue: 0,0:31:06.80,0:31:08.76,Default,,0000,0000,0000,,that the number of bugs in code is a
Dialogue: 0,0:31:08.76,0:31:11.12,Default,,0000,0000,0000,,function of the lines of code in the code
Dialogue: 0,0:31:11.12,0:31:12.76,Default,,0000,0000,0000,,so there's a little more to it but
Dialogue: 0,0:31:12.76,0:31:15.33,Default,,0000,0000,0000,,basically it's true so and it's not just
Dialogue: 0,0:31:15.33,0:31:17.17,Default,,0000,0000,0000,,any code I want to have less of
Dialogue: 0,0:31:17.67,0:31:19.53,Default,,0000,0000,0000,,if the code is dangerous I particularly
Dialogue: 0,0:31:19.53,0:31:22.31,Default,,0000,0000,0000,,want to have less of it and the the most
Dialogue: 0,0:31:22.31,0:31:25.05,Default,,0000,0000,0000,,important category to to make smaller is
Dialogue: 0,0:31:25.05,0:31:27.26,Default,,0000,0000,0000,,the code that enforces security
Dialogue: 0,0:31:27.26,0:31:29.50,Default,,0000,0000,0000,,guarantees so like one security
Dialogue: 0,0:31:29.50,0:31:31.47,Default,,0000,0000,0000,,guarantee would be you can't log in
Dialogue: 0,0:31:31.47,0:31:33.50,Default,,0000,0000,0000,,if you don't have the right password right
Dialogue: 0,0:31:33.50,0:31:35.51,Default,,0000,0000,0000,,so the code that checks that I want it to
Dialogue: 0,0:31:35.51,0:31:38.27,Default,,0000,0000,0000,,be as small as possible one or two
Dialogue: 0,0:31:38.27,0:31:40.52,Default,,0000,0000,0000,,lines of code if I can manage it and
Dialogue: 0,0:31:40.52,0:31:42.62,Default,,0000,0000,0000,,then it's obvious if it if it's wrong or
Dialogue: 0,0:31:42.62,0:31:45.18,Default,,0000,0000,0000,,not the more complex the code is the
Dialogue: 0,0:31:45.18,0:31:46.94,Default,,0000,0000,0000,,less easy would it be to see if
Dialogue: 0,0:31:49.08,0:31:51.04,Default,,0000,0000,0000,,it's correct or not and that's what you
Dialogue: 0,0:31:49.08,0:31:53.52,Default,,0000,0000,0000,,want in the end you want to be sure the
Dialogue: 0,0:31:51.04,0:31:55.44,Default,,0000,0000,0000,,code is correct so how far did I get
Dialogue: 0,0:31:53.52,0:31:57.28,Default,,0000,0000,0000,,it's actually pretty amazing I think um
Dialogue: 0,0:31:55.44,0:32:01.00,Default,,0000,0000,0000,,you can write an elabs server in five
Dialogue: 0,0:31:57.28,0:32:04.28,Default,,0000,0000,0000,,,000 lines of code the blog is 3.5 lines
Dialogue: 0,0:32:01.00,0:32:07.32,Default,,0000,0000,0000,,of kilo lines of code um plus the Ed
Dialogue: 0,0:32:04.28,0:32:09.16,Default,,0000,0000,0000,,client Library plus zet lip um but I'm
Dialogue: 0,0:32:07.32,0:32:11.32,Default,,0000,0000,0000,,only using zet lip to compress not to
Dialogue: 0,0:32:09.16,0:32:13.88,Default,,0000,0000,0000,,decompress so most attack scenarios
Dialogue: 0,0:32:11.32,0:32:16.28,Default,,0000,0000,0000,,doesn't don't apply to to my usage of Z
Dialogue: 0,0:32:13.88,0:32:19.00,Default,,0000,0000,0000,,Li um and the web server is also pretty
Dialogue: 0,0:32:16.28,0:32:21.32,Default,,0000,0000,0000,,slow if you only look at the HTTP code
Dialogue: 0,0:32:19.00,0:32:23.64,Default,,0000,0000,0000,,unfortunately uh it also contains the
Dialogue: 0,0:32:21.32,0:32:25.60,Default,,0000,0000,0000,,SSL Library which is orders of magnitude
Dialogue: 0,0:32:23.64,0:32:28.04,Default,,0000,0000,0000,,more than my code and that's how you
Dialogue: 0,0:32:25.60,0:32:31.84,Default,,0000,0000,0000,,want it you want the biggest risk not to
Dialogue: 0,0:32:28.04,0:32:34.52,Default,,0000,0000,0000,,be in the new code but in an old code
Dialogue: 0,0:32:31.84,0:32:36.44,Default,,0000,0000,0000,,that someone else already audited if you
Dialogue: 0,0:32:34.52,0:32:38.76,Default,,0000,0000,0000,,can manage it right so this is the
Dialogue: 0,0:32:36.44,0:32:40.84,Default,,0000,0000,0000,,optimization strategy try to have as
Dialogue: 0,0:32:38.76,0:32:42.96,Default,,0000,0000,0000,,little dangerous code as possible sounds
Dialogue: 0,0:32:40.84,0:32:44.68,Default,,0000,0000,0000,,like a no-brainer but if you look at
Dialogue: 0,0:32:42.96,0:32:47.28,Default,,0000,0000,0000,,modern software development you will
Dialogue: 0,0:32:44.68,0:32:50.12,Default,,0000,0000,0000,,find out they do the exact opposite pull
Dialogue: 0,0:32:47.28,0:32:53.16,Default,,0000,0000,0000,,in as many Frameworks as as they
Dialogue: 0,0:32:50.12,0:32:55.64,Default,,0000,0000,0000,,can so this strategy is called TCB
Dialogue: 0,0:32:53.16,0:32:57.16,Default,,0000,0000,0000,,minimization you should try it and I
Dialogue: 0,0:32:55.64,0:33:01.24,Default,,0000,0000,0000,,gave a talk about it already it's
Dialogue: 0,0:32:57.16,0:33:05.08,Default,,0000,0000,0000,,actually pretty easy so um I told you
Dialogue: 0,0:33:01.24,0:33:08.08,Default,,0000,0000,0000,,what I did to the to the blog to uh uh
Dialogue: 0,0:33:05.08,0:33:10.12,Default,,0000,0000,0000,,diminish the danger that can be done uh
Dialogue: 0,0:33:08.08,0:33:11.92,Default,,0000,0000,0000,,if someone manages to take it over and
Dialogue: 0,0:33:10.12,0:33:15.00,Default,,0000,0000,0000,,this is actually part of the TCB
Dialogue: 0,0:33:11.92,0:33:18.28,Default,,0000,0000,0000,,minimization process so the blog was a
Dialogue: 0,0:33:15.00,0:33:21.44,Default,,0000,0000,0000,,high risk area and then I took away
Dialogue: 0,0:33:18.28,0:33:24.00,Default,,0000,0000,0000,,Privileges and removed exess checks and
Dialogue: 0,0:33:21.44,0:33:26.24,Default,,0000,0000,0000,,in the end even if I give you remote
Dialogue: 0,0:33:24.00,0:33:28.20,Default,,0000,0000,0000,,code execution in the blog process you
Dialogue: 0,0:33:26.24,0:33:30.68,Default,,0000,0000,0000,,can't do anything you couldn't do before
Dialogue: 0,0:33:28.20,0:33:33.52,Default,,0000,0000,0000,,right so it's no longer part of the TCB
Dialogue: 0,0:33:30.68,0:33:35.56,Default,,0000,0000,0000,,the TCB is the part that uh enforces
Dialogue: 0,0:33:33.52,0:33:36.88,Default,,0000,0000,0000,,security guarantees which the block CGI
Dialogue: 0,0:33:35.56,0:33:39.44,Default,,0000,0000,0000,,doesn't
Dialogue: 0,0:33:36.88,0:33:41.36,Default,,0000,0000,0000,,anymore so that's what you want to do
Dialogue: 0,0:33:39.44,0:33:44.20,Default,,0000,0000,0000,,you want to end up in the smallest TCB
Dialogue: 0,0:33:41.36,0:33:47.20,Default,,0000,0000,0000,,you can possibly manage and uh every
Dialogue: 0,0:33:44.20,0:33:49.36,Default,,0000,0000,0000,,step on the way is good so no step is
Dialogue: 0,0:33:47.20,0:33:51.88,Default,,0000,0000,0000,,too small right if you can shave off
Dialogue: 0,0:33:49.36,0:33:54.64,Default,,0000,0000,0000,,even a little routine do
Dialogue: 0,0:33:51.88,0:33:56.96,Default,,0000,0000,0000,,it this is the minimization part of TCB
Dialogue: 0,0:33:54.64,0:33:59.80,Default,,0000,0000,0000,,minimization right I could I was able to
Dialogue: 0,0:33:56.96,0:34:03.64,Default,,0000,0000,0000,,remove the block from the TCB tiny El up
Dialogue: 0,0:33:59.80,0:34:05.36,Default,,0000,0000,0000,,still still has a risk so I I you saw
Dialogue: 0,0:34:03.64,0:34:07.28,Default,,0000,0000,0000,,the threat model if someone manages to
Dialogue: 0,0:34:05.36,0:34:08.64,Default,,0000,0000,0000,,take over tiny El up they can read the
Dialogue: 0,0:34:07.28,0:34:11.44,Default,,0000,0000,0000,,hashes and try to crack them that's
Dialogue: 0,0:34:08.64,0:34:14.64,Default,,0000,0000,0000,,still bad um but I can live with it
Dialogue: 0,0:34:11.44,0:34:17.40,Default,,0000,0000,0000,,right uh if they vandalize the block I
Dialogue: 0,0:34:14.64,0:34:19.96,Default,,0000,0000,0000,,can undo the damage without going to the
Dialogue: 0,0:34:17.40,0:34:22.28,Default,,0000,0000,0000,,tape Library so that's
Dialogue: 0,0:34:19.96,0:34:23.96,Default,,0000,0000,0000,,good if you compare that to the industry
Dialogue: 0,0:34:22.28,0:34:26.72,Default,,0000,0000,0000,,standard you you will find that my
Dialogue: 0,0:34:23.96,0:34:28.56,Default,,0000,0000,0000,,Approach is much better um usually in
Dialogue: 0,0:34:26.72,0:34:31.20,Default,,0000,0000,0000,,the industry you see platform decisions
Dialogue: 0,0:34:28.56,0:34:33.48,Default,,0000,0000,0000,,done by management not by the techies
Dialogue: 0,0:34:31.20,0:34:35.40,Default,,0000,0000,0000,,and um it's untroubled by expertise or
Dialogue: 0,0:34:33.48,0:34:37.80,Default,,0000,0000,0000,,risk analysis and you you get a
Dialogue: 0,0:34:35.40,0:34:39.72,Default,,0000,0000,0000,,diffusion of responsibility because if
Dialogue: 0,0:34:37.80,0:34:41.60,Default,,0000,0000,0000,,you even if you try to find out who's
Dialogue: 0,0:34:39.72,0:34:43.24,Default,,0000,0000,0000,,responsible for anything you find uh
Dialogue: 0,0:34:41.60,0:34:44.96,Default,,0000,0000,0000,,well it's that team over there but we
Dialogue: 0,0:34:43.24,0:34:47.04,Default,,0000,0000,0000,,don't really know and then you find out
Dialogue: 0,0:34:44.96,0:34:48.16,Default,,0000,0000,0000,,the team dissolved last week and it's
Dialogue: 0,0:34:47.04,0:34:50.92,Default,,0000,0000,0000,,really
Dialogue: 0,0:34:48.16,0:34:54.56,Default,,0000,0000,0000,,horrible and brand new we have ai tools
Dialogue: 0,0:34:50.92,0:34:54.56,Default,,0000,0000,0000,,which is also a diffusion of
Dialogue: 0,0:34:55.20,0:34:59.00,Default,,0000,0000,0000,,responsibility and then you get people
Dialogue: 0,0:34:57.16,0:35:00.88,Default,,0000,0000,0000,,arguing well it's so bad it can't get
Dialogue: 0,0:34:59.00,0:35:02.76,Default,,0000,0000,0000,,any worse let's go to the cloud where
Dialogue: 0,0:35:00.88,0:35:07.08,Default,,0000,0000,0000,,obviously it gets worse
Dialogue: 0,0:35:02.76,0:35:08.52,Default,,0000,0000,0000,,immediately so I prefer my way um I
Dialogue: 0,0:35:07.08,0:35:10.64,Default,,0000,0000,0000,,think in the end it's important to
Dialogue: 0,0:35:08.52,0:35:12.92,Default,,0000,0000,0000,,realize that the the lack of security
Dialogue: 0,0:35:10.64,0:35:16.44,Default,,0000,0000,0000,,you may have in your projects right now
Dialogue: 0,0:35:12.92,0:35:18.40,Default,,0000,0000,0000,,is self-imposed there is no guy with a
Dialogue: 0,0:35:16.44,0:35:20.48,Default,,0000,0000,0000,,shotgun behind you
Dialogue: 0,0:35:18.40,0:35:23.80,Default,,0000,0000,0000,,threatening you can do it you just have
Dialogue: 0,0:35:20.48,0:35:25.64,Default,,0000,0000,0000,,to start right so this is self-imposed
Dialogue: 0,0:35:23.80,0:35:28.80,Default,,0000,0000,0000,,helplessness you can actually help
Dialogue: 0,0:35:25.64,0:35:28.80,Default,,0000,0000,0000,,yourself you just have to start
Dialogue: 0,0:35:29.44,0:35:34.16,Default,,0000,0000,0000,,right how did we get here this is
Dialogue: 0,0:35:32.08,0:35:36.12,Default,,0000,0000,0000,,obviously not a good good place to be
Dialogue: 0,0:35:34.16,0:35:37.80,Default,,0000,0000,0000,,like all the software is crappy and
Dialogue: 0,0:35:36.12,0:35:40.20,Default,,0000,0000,0000,,there's a few it's not just that people
Dialogue: 0,0:35:37.80,0:35:43.44,Default,,0000,0000,0000,,are dumb there's a few reasons for that
Dialogue: 0,0:35:40.20,0:35:45.36,Default,,0000,0000,0000,,so um back in the day you used to have
Dialogue: 0,0:35:43.44,0:35:48.20,Default,,0000,0000,0000,,bespoke applications that were written
Dialogue: 0,0:35:45.36,0:35:50.08,Default,,0000,0000,0000,,for a specific purpose and they used the
Dialogue: 0,0:35:48.20,0:35:52.36,Default,,0000,0000,0000,,waterfall model and you had the
Dialogue: 0,0:35:50.08,0:35:55.56,Default,,0000,0000,0000,,requirements specification and it was
Dialogue: 0,0:35:52.36,0:35:58.08,Default,,0000,0000,0000,,lots of bureaucracy and really horrible
Dialogue: 0,0:35:55.56,0:36:00.20,Default,,0000,0000,0000,,but it also Al meant that you knew what
Dialogue: 0,0:35:58.08,0:36:02.88,Default,,0000,0000,0000,,the application had be had to be able to
Dialogue: 0,0:36:00.20,0:36:06.24,Default,,0000,0000,0000,,do so that means you can make sure
Dialogue: 0,0:36:02.88,0:36:08.08,Default,,0000,0000,0000,,anything else is forbidden if you know
Dialogue: 0,0:36:06.24,0:36:10.04,Default,,0000,0000,0000,,what the application needs to be able to
Dialogue: 0,0:36:08.08,0:36:12.40,Default,,0000,0000,0000,,do you can make sure it doesn't do any
Dialogue: 0,0:36:10.04,0:36:15.52,Default,,0000,0000,0000,,other stuff and that is security if you
Dialogue: 0,0:36:12.40,0:36:17.28,Default,,0000,0000,0000,,think about it deny everything that the
Dialogue: 0,0:36:15.52,0:36:19.28,Default,,0000,0000,0000,,application wasn't supposed to be doing
Dialogue: 0,0:36:17.28,0:36:22.20,Default,,0000,0000,0000,,and then that's what an attacker would
Dialogue: 0,0:36:19.28,0:36:24.68,Default,,0000,0000,0000,,do if they take over the machine right
Dialogue: 0,0:36:22.20,0:36:26.24,Default,,0000,0000,0000,,so if you know beforehand what you're
Dialogue: 0,0:36:24.68,0:36:28.68,Default,,0000,0000,0000,,trying to get to you can actually
Dialogue: 0,0:36:26.24,0:36:30.32,Default,,0000,0000,0000,,implement privilege even architecturally
Dialogue: 0,0:36:28.68,0:36:32.92,Default,,0000,0000,0000,,as I've shown
Dialogue: 0,0:36:30.32,0:36:35.72,Default,,0000,0000,0000,,you now we have more of an Ikea model
Dialogue: 0,0:36:32.92,0:36:37.56,Default,,0000,0000,0000,,you buy parts that are uh designed by
Dialogue: 0,0:36:35.72,0:36:39.36,Default,,0000,0000,0000,,their own teams and the teams designing
Dialogue: 0,0:36:37.56,0:36:42.44,Default,,0000,0000,0000,,the parts don't know what the final
Dialogue: 0,0:36:39.36,0:36:44.24,Default,,0000,0000,0000,,product will look like right in in some
Dialogue: 0,0:36:42.44,0:36:45.64,Default,,0000,0000,0000,,cases even you don't know what the final
Dialogue: 0,0:36:44.24,0:36:47.92,Default,,0000,0000,0000,,product will look like but it's even
Dialogue: 0,0:36:45.64,0:36:49.88,Default,,0000,0000,0000,,worse if you consider that the the the
Dialogue: 0,0:36:47.92,0:36:51.48,Default,,0000,0000,0000,,team building the part you make your
Dialogue: 0,0:36:49.88,0:36:53.76,Default,,0000,0000,0000,,software from doesn't know what it will
Dialogue: 0,0:36:51.48,0:36:56.36,Default,,0000,0000,0000,,be used for so it has to be as generic
Dialogue: 0,0:36:53.76,0:36:57.84,Default,,0000,0000,0000,,as possible Right the more it can be
Dialogue: 0,0:36:56.36,0:37:00.68,Default,,0000,0000,0000,,done with with it the better and that's
Dialogue: 0,0:36:57.84,0:37:03.12,Default,,0000,0000,0000,,the opposite of security right security
Dialogue: 0,0:37:00.68,0:37:05.36,Default,,0000,0000,0000,,means understanding what you need to do
Dialogue: 0,0:37:03.12,0:37:08.60,Default,,0000,0000,0000,,and then disallowing the rest and this
Dialogue: 0,0:37:05.36,0:37:11.44,Default,,0000,0000,0000,,means be as generic as you can the parts
Dialogue: 0,0:37:08.60,0:37:12.40,Default,,0000,0000,0000,,are optimized for genericity Gen what's
Dialogue: 0,0:37:11.44,0:37:15.60,Default,,0000,0000,0000,,the
Dialogue: 0,0:37:12.40,0:37:17.68,Default,,0000,0000,0000,,name genericism I don't know so they are
Dialogue: 0,0:37:15.60,0:37:21.32,Default,,0000,0000,0000,,optimized to be as flexible as possible
Dialogue: 0,0:37:17.68,0:37:21.32,Default,,0000,0000,0000,,and they are chosen by
Dialogue: 0,0:37:21.60,0:37:25.08,Default,,0000,0000,0000,,flexibility the developer of the part
Dialogue: 0,0:37:23.64,0:37:27.60,Default,,0000,0000,0000,,usually has no idea what it would used
Dialogue: 0,0:37:25.08,0:37:31.04,Default,,0000,0000,0000,,for uh and that means you can't do least
Dialogue: 0,0:37:27.60,0:37:33.76,Default,,0000,0000,0000,,privilege because um you don't know what
Dialogue: 0,0:37:31.04,0:37:36.32,Default,,0000,0000,0000,,the privilege will be that's least so
Dialogue: 0,0:37:33.76,0:37:38.52,Default,,0000,0000,0000,,this this is actually a big mess so if
Dialogue: 0,0:37:36.32,0:37:40.48,Default,,0000,0000,0000,,you use Parts programmed by other people
Dialogue: 0,0:37:38.52,0:37:42.68,Default,,0000,0000,0000,,you will have to invest extra effort to
Dialogue: 0,0:37:40.48,0:37:45.48,Default,,0000,0000,0000,,find out what kind of stuff you can make
Dialogue: 0,0:37:42.68,0:37:47.60,Default,,0000,0000,0000,,it not do because it will definitely be
Dialogue: 0,0:37:45.48,0:37:49.44,Default,,0000,0000,0000,,able to do more than you need and the
Dialogue: 0,0:37:47.60,0:37:52.04,Default,,0000,0000,0000,,more you can clamp down the more
Dialogue: 0,0:37:49.44,0:37:53.72,Default,,0000,0000,0000,,security you will have uh it's even
Dialogue: 0,0:37:52.04,0:37:55.08,Default,,0000,0000,0000,,worse if you do Agile development
Dialogue: 0,0:37:53.72,0:37:58.08,Default,,0000,0000,0000,,because then by definition you don't
Dialogue: 0,0:37:55.08,0:37:59.52,Default,,0000,0000,0000,,know what the end result will be so if
Dialogue: 0,0:37:58.08,0:38:00.88,Default,,0000,0000,0000,,you don't know that you can't do
Dialogue: 0,0:37:59.52,0:38:03.32,Default,,0000,0000,0000,,security
Dialogue: 0,0:38:00.88,0:38:05.64,Default,,0000,0000,0000,,lockdown so another argument why we got
Dialogue: 0,0:38:03.32,0:38:07.52,Default,,0000,0000,0000,,here is economics of scale so it used to
Dialogue: 0,0:38:05.64,0:38:10.88,Default,,0000,0000,0000,,be that if you build some kind of device
Dialogue: 0,0:38:07.52,0:38:13.28,Default,,0000,0000,0000,,that needs to do something like I don't
Dialogue: 0,0:38:10.88,0:38:17.40,Default,,0000,0000,0000,,know uh a
Dialogue: 0,0:38:13.28,0:38:19.68,Default,,0000,0000,0000,,microwave then you you find parts and
Dialogue: 0,0:38:17.40,0:38:21.36,Default,,0000,0000,0000,,you combine the parts and you solder
Dialogue: 0,0:38:19.68,0:38:24.12,Default,,0000,0000,0000,,them together and then they solve the
Dialogue: 0,0:38:21.36,0:38:27.16,Default,,0000,0000,0000,,problem but these days uh you don't
Dialogue: 0,0:38:24.12,0:38:29.68,Default,,0000,0000,0000,,solder parts anymore you assemble from
Dialogue: 0,0:38:27.16,0:38:32.28,Default,,0000,0000,0000,,pre-made parts and these are usually
Dialogue: 0,0:38:29.68,0:38:35.28,Default,,0000,0000,0000,,programmable right so a little arm chip
Dialogue: 0,0:38:32.28,0:38:37.04,Default,,0000,0000,0000,,cost like a tenth of a scent so why use
Dialogue: 0,0:38:35.28,0:38:38.80,Default,,0000,0000,0000,,a special part if you can use an arm
Dialogue: 0,0:38:37.04,0:38:40.88,Default,,0000,0000,0000,,chip and then program it but that means
Dialogue: 0,0:38:38.80,0:38:43.00,Default,,0000,0000,0000,,you still need to use software that
Dialogue: 0,0:38:40.88,0:38:44.64,Default,,0000,0000,0000,,actually solves the problem the hardware
Dialogue: 0,0:38:43.00,0:38:47.00,Default,,0000,0000,0000,,is generic and that means the hardware
Dialogue: 0,0:38:44.64,0:38:49.80,Default,,0000,0000,0000,,can be hacked and this is turning out to
Dialogue: 0,0:38:47.00,0:38:53.36,Default,,0000,0000,0000,,be a problem right if you had a break in
Dialogue: 0,0:38:49.80,0:38:54.64,Default,,0000,0000,0000,,in 20 years youo um it it breaked right
Dialogue: 0,0:38:53.36,0:38:57.04,Default,,0000,0000,0000,,but now it's
Dialogue: 0,0:38:54.64,0:38:59.04,Default,,0000,0000,0000,,programmable and people have realized
Dialogue: 0,0:38:57.04,0:39:01.20,Default,,0000,0000,0000,,how bad that is but it is bad right so
Dialogue: 0,0:38:59.04,0:39:05.48,Default,,0000,0000,0000,,that's that will bite Us in the
Dialogue: 0,0:39:01.20,0:39:07.68,Default,,0000,0000,0000,,ass oops so um the response from the
Dialogue: 0,0:39:05.48,0:39:10.44,Default,,0000,0000,0000,,industry has so far been the ostrich
Dialogue: 0,0:39:07.68,0:39:13.00,Default,,0000,0000,0000,,method basically we we install stuff
Dialogue: 0,0:39:10.44,0:39:14.88,Default,,0000,0000,0000,,that we know is untrustworthy and so we
Dialogue: 0,0:39:13.00,0:39:17.68,Default,,0000,0000,0000,,install other stuff on top of it that's
Dialogue: 0,0:39:14.88,0:39:20.72,Default,,0000,0000,0000,,also untrustworthy and then we call it
Dialogue: 0,0:39:17.68,0:39:24.12,Default,,0000,0000,0000,,Telemetry or big data and to some risk
Dialogue: 0,0:39:20.72,0:39:26.60,Default,,0000,0000,0000,,uh logging analysis in in aze or
Dialogue: 0,0:39:24.12,0:39:29.64,Default,,0000,0000,0000,,whatever uh and in the end the attack
Dialogue: 0,0:39:26.60,0:39:31.84,Default,,0000,0000,0000,,surface has mushroomed like a nuclear
Dialogue: 0,0:39:29.64,0:39:34.24,Default,,0000,0000,0000,,explosion right so that's our fault
Dialogue: 0,0:39:31.84,0:39:36.00,Default,,0000,0000,0000,,nobody has forced us to do this you
Dialogue: 0,0:39:34.24,0:39:39.08,Default,,0000,0000,0000,,don't need to do this in your own
Dialogue: 0,0:39:36.00,0:39:41.12,Default,,0000,0000,0000,,projects that's the hopeful message of
Dialogue: 0,0:39:39.08,0:39:42.64,Default,,0000,0000,0000,,this talk in conclusion if you remember
Dialogue: 0,0:39:41.12,0:39:44.08,Default,,0000,0000,0000,,nothing else from this talk remember
Dialogue: 0,0:39:42.64,0:39:46.52,Default,,0000,0000,0000,,that threat modeling is a thing and you
Dialogue: 0,0:39:44.08,0:39:48.48,Default,,0000,0000,0000,,should try it TCB minimization actually
Dialogue: 0,0:39:46.52,0:39:51.68,Default,,0000,0000,0000,,helps least privilege is another facet
Dialogue: 0,0:39:48.48,0:39:53.80,Default,,0000,0000,0000,,of the same thing and if you can uh use
Dialogue: 0,0:39:51.68,0:39:56.44,Default,,0000,0000,0000,,a pendon data storage you should
Dialogue: 0,0:39:53.80,0:39:58.36,Default,,0000,0000,0000,,consider it hm blockchain yeah not
Dialogue: 0,0:39:56.44,0:40:00.56,Default,,0000,0000,0000,,blockchain a pend only data storage it's
Dialogue: 0,0:39:58.36,0:40:00.56,Default,,0000,0000,0000,,not
Dialogue: 0,0:40:00.63,0:40:08.82,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:40:09.00,0:40:13.24,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:40:10.72,0:40:15.20,Default,,0000,0000,0000,,blockchain so two more you two more
Dialogue: 0,0:40:13.24,0:40:18.16,Default,,0000,0000,0000,,slides yeah two more slides sorry I'm an
Dialogue: 0,0:40:15.20,0:40:20.48,Default,,0000,0000,0000,,imposter no problem so the rule of thumb
Dialogue: 0,0:40:18.16,0:40:23.48,Default,,0000,0000,0000,,should be if if the blog of some
Dialogue: 0,0:40:20.48,0:40:26.16,Default,,0000,0000,0000,,unwashed hobbyist from the Internet is
Dialogue: 0,0:40:23.48,0:40:28.04,Default,,0000,0000,0000,,more secure than your it security then
Dialogue: 0,0:40:26.16,0:40:30.36,Default,,0000,0000,0000,,you should improve your it
Dialogue: 0,0:40:28.04,0:40:33.76,Default,,0000,0000,0000,,security right that shouldn't
Dialogue: 0,0:40:30.36,0:40:35.40,Default,,0000,0000,0000,,happen all right so that's all from my
Dialogue: 0,0:40:33.76,0:40:38.32,Default,,0000,0000,0000,,talk I think we still have time for
Dialogue: 0,0:40:35.40,0:40:41.56,Default,,0000,0000,0000,,questions do we yes okay awesome okay
Dialogue: 0,0:40:38.32,0:40:41.56,Default,,0000,0000,0000,,now you can put your hand
Dialogue: 0,0:40:45.04,0:40:49.60,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:40:47.28,0:40:51.28,Default,,0000,0000,0000,,together so if you want to ask a
Dialogue: 0,0:40:49.60,0:40:55.72,Default,,0000,0000,0000,,question we have four microphones in the
Dialogue: 0,0:40:51.28,0:40:56.88,Default,,0000,0000,0000,,room 1 2 3 4 and I'm going to take a a
Dialogue: 0,0:40:55.72,0:40:59.76,Default,,0000,0000,0000,,question the first first question from
Dialogue: 0,0:40:56.88,0:41:02.36,Default,,0000,0000,0000,,the internet the internet is saying you
Dialogue: 0,0:40:59.76,0:41:03.40,Default,,0000,0000,0000,,actually got hacked or can you elaborate
Dialogue: 0,0:41:02.36,0:41:05.60,Default,,0000,0000,0000,,on what
Dialogue: 0,0:41:03.40,0:41:07.12,Default,,0000,0000,0000,,happened Yes actually there was an
Dialogue: 0,0:41:05.60,0:41:08.68,Default,,0000,0000,0000,,incident where someone was able to post
Dialogue: 0,0:41:07.12,0:41:11.12,Default,,0000,0000,0000,,stuff to my blog and because I had a
Dialogue: 0,0:41:08.68,0:41:14.64,Default,,0000,0000,0000,,pend only data storage I Shrugged it off
Dialogue: 0,0:41:11.12,0:41:16.52,Default,,0000,0000,0000,,basically so use use a pendon data
Dialogue: 0,0:41:14.64,0:41:19.48,Default,,0000,0000,0000,,storage it's it will save your ass at
Dialogue: 0,0:41:16.52,0:41:22.08,Default,,0000,0000,0000,,some point the problem was a bug in my
Dialogue: 0,0:41:19.48,0:41:23.96,Default,,0000,0000,0000,,uh Access Control lists I had used some
Dialogue: 0,0:41:22.08,0:41:26.44,Default,,0000,0000,0000,,some Access Control list in my alab
Dialogue: 0,0:41:23.96,0:41:27.88,Default,,0000,0000,0000,,server and I had a line in it that I
Dialogue: 0,0:41:26.44,0:41:29.76,Default,,0000,0000,0000,,should have removed but I forgot to
Dialogue: 0,0:41:27.88,0:41:33.20,Default,,0000,0000,0000,,remove it and that meant you could post
Dialogue: 0,0:41:29.76,0:41:35.20,Default,,0000,0000,0000,,without having credentials but um it
Dialogue: 0,0:41:33.20,0:41:38.04,Default,,0000,0000,0000,,happened and it wasn't bad because my
Dialogue: 0,0:41:35.20,0:41:39.60,Default,,0000,0000,0000,,architecture prevented damage um as
Dialogue: 0,0:41:38.04,0:41:42.44,Default,,0000,0000,0000,,people are leaving the room could you
Dialogue: 0,0:41:39.60,0:41:44.76,Default,,0000,0000,0000,,leave very quietly thank you um
Dialogue: 0,0:41:42.44,0:41:47.12,Default,,0000,0000,0000,,microphone number one yeah is there a
Dialogue: 0,0:41:44.76,0:41:50.52,Default,,0000,0000,0000,,second alternative for Windows and Mac
Dialogue: 0,0:41:47.12,0:41:52.72,Default,,0000,0000,0000,,OS a secure alternative well so
Dialogue: 0,0:41:50.52,0:41:56.36,Default,,0000,0000,0000,,basically you can do the the principles
Dialogue: 0,0:41:52.72,0:42:00.00,Default,,0000,0000,0000,,I um I showed in this talk you can do on
Dialogue: 0,0:41:56.36,0:42:02.56,Default,,0000,0000,0000,,those two so usually you will not be
Dialogue: 0,0:42:00.00,0:42:05.36,Default,,0000,0000,0000,,hacked because your your Mac OS or
Dialogue: 0,0:42:02.56,0:42:07.08,Default,,0000,0000,0000,,Windows had a bug I that happens too but
Dialogue: 0,0:42:05.36,0:42:09.32,Default,,0000,0000,0000,,the bigger problem is that the software
Dialogue: 0,0:42:07.08,0:42:11.80,Default,,0000,0000,0000,,you wrote had a bug or that you the
Dialogue: 0,0:42:09.32,0:42:14.48,Default,,0000,0000,0000,,software that you use had a bug so I'm
Dialogue: 0,0:42:11.80,0:42:16.56,Default,,0000,0000,0000,,I'm trying to tell you Linux isn't uh
Dialogue: 0,0:42:14.48,0:42:18.52,Default,,0000,0000,0000,,particularly more secure than Windows
Dialogue: 0,0:42:16.56,0:42:20.60,Default,,0000,0000,0000,,it's just it's basically you can write
Dialogue: 0,0:42:18.52,0:42:22.84,Default,,0000,0000,0000,,secure software and insecure software on
Dialogue: 0,0:42:20.60,0:42:25.16,Default,,0000,0000,0000,,any operating system you should still
Dialogue: 0,0:42:22.84,0:42:26.72,Default,,0000,0000,0000,,use Linux because it has advantages but
Dialogue: 0,0:42:25.16,0:42:28.88,Default,,0000,0000,0000,,if you apply these Tech techniques to
Dialogue: 0,0:42:26.72,0:42:31.72,Default,,0000,0000,0000,,your software it will be secure on on
Dialogue: 0,0:42:28.88,0:42:34.48,Default,,0000,0000,0000,,Mac OS and windows as well right so this
Dialogue: 0,0:42:31.72,0:42:36.04,Default,,0000,0000,0000,,is not for for end users selecting the
Dialogue: 0,0:42:34.48,0:42:37.32,Default,,0000,0000,0000,,software if you select software you have
Dialogue: 0,0:42:36.04,0:42:39.52,Default,,0000,0000,0000,,to trust the
Dialogue: 0,0:42:37.32,0:42:42.20,Default,,0000,0000,0000,,vendor there's no way around that but if
Dialogue: 0,0:42:39.52,0:42:44.28,Default,,0000,0000,0000,,you write your own software then you can
Dialogue: 0,0:42:42.20,0:42:46.96,Default,,0000,0000,0000,,reduce the risk to a point where you can
Dialogue: 0,0:42:44.28,0:42:49.12,Default,,0000,0000,0000,,live with it and sleep soundly sure is
Dialogue: 0,0:42:46.96,0:42:51.36,Default,,0000,0000,0000,,there a a technical alternative or
Dialogue: 0,0:42:49.12,0:42:53.12,Default,,0000,0000,0000,,similar similarity like sa comp for
Dialogue: 0,0:42:51.36,0:42:54.76,Default,,0000,0000,0000,,Windows and Mac OS so can you drop your
Dialogue: 0,0:42:53.12,0:42:57.96,Default,,0000,0000,0000,,privileges after you have opened a file
Dialogue: 0,0:42:54.76,0:42:59.96,Default,,0000,0000,0000,,for example uh uh so for meos I'm not
Dialogue: 0,0:42:57.96,0:43:02.68,Default,,0000,0000,0000,,sure but I know that that free BSD net
Dialogue: 0,0:42:59.96,0:43:05.44,Default,,0000,0000,0000,,BSD and open BSD have an an equivalent
Dialogue: 0,0:43:02.68,0:43:08.12,Default,,0000,0000,0000,,thing I think uh Macos has it too but
Dialogue: 0,0:43:05.44,0:43:09.92,Default,,0000,0000,0000,,I'm I'm not sure about that for Windows
Dialogue: 0,0:43:08.12,0:43:11.56,Default,,0000,0000,0000,,there's are sandboxing methods you can
Dialogue: 0,0:43:09.92,0:43:13.36,Default,,0000,0000,0000,,look at the Chrome source code for
Dialogue: 0,0:43:11.56,0:43:16.44,Default,,0000,0000,0000,,example they have a Sandbox it's open
Dialogue: 0,0:43:13.36,0:43:18.96,Default,,0000,0000,0000,,source you can use that to do this kind
Dialogue: 0,0:43:16.44,0:43:21.72,Default,,0000,0000,0000,,of thing okay thanks so microphone
Dialogue: 0,0:43:18.96,0:43:23.80,Default,,0000,0000,0000,,number two except down that's gone so
Dialogue: 0,0:43:21.72,0:43:27.16,Default,,0000,0000,0000,,microphone number three in that
Dialogue: 0,0:43:23.80,0:43:29.48,Default,,0000,0000,0000,,case this is four I sorry four four yes
Dialogue: 0,0:43:27.16,0:43:31.72,Default,,0000,0000,0000,,um will your next talk be about writing
Dialogue: 0,0:43:29.48,0:43:33.56,Default,,0000,0000,0000,,software secure software in Windows and
Dialogue: 0,0:43:31.72,0:43:35.56,Default,,0000,0000,0000,,if no uh how much assets would you
Dialogue: 0,0:43:33.56,0:43:38.12,Default,,0000,0000,0000,,request to compensate for all the
Dialogue: 0,0:43:35.56,0:43:41.84,Default,,0000,0000,0000,,pain
Dialogue: 0,0:43:38.12,0:43:45.96,Default,,0000,0000,0000,,no it's not a question of
Dialogue: 0,0:43:41.84,0:43:48.36,Default,,0000,0000,0000,,money okay uh microphone one um have you
Dialogue: 0,0:43:45.96,0:43:49.44,Default,,0000,0000,0000,,tried removing unnecessary features from
Dialogue: 0,0:43:48.36,0:43:52.24,Default,,0000,0000,0000,,open
Dialogue: 0,0:43:49.44,0:43:54.68,Default,,0000,0000,0000,,SSL uh Yes actually I've I've done this
Dialogue: 0,0:43:52.24,0:43:56.68,Default,,0000,0000,0000,,pretty pretty early but it's still it's
Dialogue: 0,0:43:54.68,0:44:00.00,Default,,0000,0000,0000,,still much bigger than my code
Dialogue: 0,0:43:56.68,0:44:03.44,Default,,0000,0000,0000,,so um for example op SSL has support for
Dialogue: 0,0:44:00.00,0:44:05.12,Default,,0000,0000,0000,,UDP based TLs but there's a lot of
Dialogue: 0,0:44:03.44,0:44:06.96,Default,,0000,0000,0000,,shared cyers in there you can remove
Dialogue: 0,0:44:05.12,0:44:08.72,Default,,0000,0000,0000,,ciphers you don't need and and that
Dialogue: 0,0:44:06.96,0:44:11.88,Default,,0000,0000,0000,,helps a bit but it's still it's the
Dialogue: 0,0:44:08.72,0:44:14.72,Default,,0000,0000,0000,,biggest part of the web server by far I
Dialogue: 0,0:44:11.88,0:44:18.20,Default,,0000,0000,0000,,think there was an internet question was
Dialogue: 0,0:44:14.72,0:44:21.64,Default,,0000,0000,0000,,there no doesn't look like
Dialogue: 0,0:44:18.20,0:44:22.84,Default,,0000,0000,0000,,yes no yes no no yes okay uh then
Dialogue: 0,0:44:21.64,0:44:27.20,Default,,0000,0000,0000,,microphone
Dialogue: 0,0:44:22.84,0:44:29.64,Default,,0000,0000,0000,,four as someone who is uh connected or
Dialogue: 0,0:44:27.20,0:44:31.88,Default,,0000,0000,0000,,was connected to an industry which has
Dialogue: 0,0:44:29.64,0:44:34.20,Default,,0000,0000,0000,,programming programmable
Dialogue: 0,0:44:31.88,0:44:37.96,Default,,0000,0000,0000,,brakes
Dialogue: 0,0:44:34.20,0:44:39.48,Default,,0000,0000,0000,,um what is your opinion about things
Dialogue: 0,0:44:37.96,0:44:42.44,Default,,0000,0000,0000,,like
Dialogue: 0,0:44:39.48,0:44:44.08,Default,,0000,0000,0000,,mizra well well so there are standards
Dialogue: 0,0:44:42.44,0:44:45.24,Default,,0000,0000,0000,,in the automotive industry for example
Dialogue: 0,0:44:44.08,0:44:48.04,Default,,0000,0000,0000,,like misra
Dialogue: 0,0:44:45.24,0:44:50.36,Default,,0000,0000,0000,,to make sure you write better code and
Dialogue: 0,0:44:48.04,0:44:52.52,Default,,0000,0000,0000,,it's mostly compliance so they give you
Dialogue: 0,0:44:50.36,0:44:55.28,Default,,0000,0000,0000,,rules like um you shouldn't use
Dialogue: 0,0:44:52.52,0:44:56.96,Default,,0000,0000,0000,,recursion in your code for example and
Dialogue: 0,0:44:55.28,0:44:59.00,Default,,0000,0000,0000,,the functions should would be this big
Dialogue: 0,0:44:56.96,0:45:01.64,Default,,0000,0000,0000,,at at most and this is more I mean it
Dialogue: 0,0:44:59.00,0:45:03.44,Default,,0000,0000,0000,,will probably help a bit but it's much
Dialogue: 0,0:45:01.64,0:45:05.80,Default,,0000,0000,0000,,better to to invest in in good
Dialogue: 0,0:45:03.44,0:45:09.44,Default,,0000,0000,0000,,architecture but you may have noticed I
Dialogue: 0,0:45:05.80,0:45:11.20,Default,,0000,0000,0000,,I've said I wrote the code in C and I
Dialogue: 0,0:45:09.44,0:45:13.80,Default,,0000,0000,0000,,said nothing about what I did to make
Dialogue: 0,0:45:11.20,0:45:15.88,Default,,0000,0000,0000,,sure it's it's good code so that's
Dialogue: 0,0:45:13.80,0:45:17.56,Default,,0000,0000,0000,,that's a different dimension that's
Dialogue: 0,0:45:15.88,0:45:20.80,Default,,0000,0000,0000,,orthogonal right
Dialogue: 0,0:45:17.56,0:45:22.28,Default,,0000,0000,0000,,so follow those standards it will it
Dialogue: 0,0:45:20.80,0:45:25.04,Default,,0000,0000,0000,,will make your code a bit better
Dialogue: 0,0:45:22.28,0:45:26.64,Default,,0000,0000,0000,,probably um but it won't solve all the
Dialogue: 0,0:45:25.04,0:45:29.04,Default,,0000,0000,0000,,problems and I think personally you
Dialogue: 0,0:45:26.64,0:45:30.76,Default,,0000,0000,0000,,should do both you should make sure or
Dialogue: 0,0:45:29.04,0:45:32.52,Default,,0000,0000,0000,,try to make sure that there's as little
Dialogue: 0,0:45:30.76,0:45:34.16,Default,,0000,0000,0000,,bugs as possible in your code there's
Dialogue: 0,0:45:32.52,0:45:36.08,Default,,0000,0000,0000,,ways to do that I had to talk about that
Dialogue: 0,0:45:34.16,0:45:37.76,Default,,0000,0000,0000,,too but after you do that you should
Dialogue: 0,0:45:36.08,0:45:40.20,Default,,0000,0000,0000,,still have these kind of
Dialogue: 0,0:45:37.76,0:45:41.72,Default,,0000,0000,0000,,architectural guide guard rails that
Dialogue: 0,0:45:40.20,0:45:44.08,Default,,0000,0000,0000,,keep you on track even if someone
Dialogue: 0,0:45:41.72,0:45:46.24,Default,,0000,0000,0000,,manages to take over the
Dialogue: 0,0:45:44.08,0:45:47.28,Default,,0000,0000,0000,,process so now I think there was an
Dialogue: 0,0:45:46.24,0:45:50.60,Default,,0000,0000,0000,,internet
Dialogue: 0,0:45:47.28,0:45:53.52,Default,,0000,0000,0000,,question yes uh the internet is asking
Dialogue: 0,0:45:50.60,0:45:55.56,Default,,0000,0000,0000,,how would it work to like scale This
Dialogue: 0,0:45:53.52,0:45:58.84,Default,,0000,0000,0000,,truly impressive security architecture
Dialogue: 0,0:45:55.56,0:46:01.40,Default,,0000,0000,0000,,up for more use cases and more like
Dialogue: 0,0:45:58.84,0:46:04.88,Default,,0000,0000,0000,,larger theme or would the theme size and
Dialogue: 0,0:46:01.40,0:46:09.04,Default,,0000,0000,0000,,the feature keep ruin it yes
Dialogue: 0,0:46:04.88,0:46:09.04,Default,,0000,0000,0000,,so oh no oh
Dialogue: 0,0:46:09.07,0:46:15.84,Default,,0000,0000,0000,,[Laughter]
Dialogue: 0,0:46:12.32,0:46:15.84,Default,,0000,0000,0000,,no well I'm
Dialogue: 0,0:46:24.80,0:46:27.80,Default,,0000,0000,0000,,sorry
Dialogue: 0,0:46:28.47,0:46:36.78,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:46:37.76,0:46:40.76,Default,,0000,0000,0000,,la